last executing test programs:

6.243312465s ago: executing program 3 (id=1572):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000080)=""/122, 0x7a}], 0x1, 0x4, 0x2c6)
syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x14c0e, &(0x7f0000000b40)=ANY=[], 0xfd, 0x6b1, &(0x7f0000001f80)="$eJzs3V1vG1kdx/Hf2E7iZFFVAapWVbc5bVkpFcW1nW2qqFzsMBknA7bHmnEgkZBWhSarqk6Btkg0NyU3PEjLG+Bub7jgRazE9b4LuAJpBXcgJDRoZjx+iB9St0m6D99P1Ho8c+ac/5zj+t+JPWcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkORvlcsVS3Wtu75jJnI3Ab2RP8hrZntY2p5vpws1pbc7F7UpW/EfFot5OV7/9zX6RS/Ff13UlfXZFxfihqMO3Ll28941CLtt/SsCvQrNW+PT54aP7nc7ek5com9fM1b9Jyr1EoU236YW+17A3XeOFvllfWyvf3qqFpubV3XA3bLsN4wRuru0HZsW5aSrr66vGLe36283NDbvuZivvfqdaLq+Z7y+kAy2pFDpbXr3uNTeTMvHmuMxd89GP0wKu3TBm/2Fnb3Ugnhfj+jguVDnpSOJC1ZMKVcvVaqVSrVbW7qzfuVsuF0ZWlGNWuUcjJU79RYsvmNN9AwdeQy7O/3+1pLqKampbOzJjfxxtKJCvxoTtXVn+f/e2O7XdwfyfZfm5/ubLSvL/1fTZ1Un5f0IsRibZYdwWa8L62X7mkoiMnuq5DvVI99VRR3t6cgp1G5nlU6nlHH425aopT6F8eWrITtaY7hqjda1pTWV9oC3VFMqoJk91uQq1q1BtufEraj4eLVe22vIVyGhFjm7KqKJ1rWtVRq5K2pWvbTW1qQ3Z+ncURft6mPT7aj+m/PGRV1aoMuEgFlTIXnd7qk452kn5/ycv0r27+b9M/v+qSl8HC+nDp9PKAJ8DUff8f0bLZxMNAAAAAAA4C1by23cr+VT+HUmRal7dLb/psAAAAAAAwCmyFC3oiqz0W/l6Rxbn/wAAAAAAfNlYyTV2lqSl5Ev9Vv9yqZf5JUD+HEIEAAAAAACvKbny/+q8FCWTVizLmun8HwAAAAAAfAH8bmCO/UI2x26Ufayfk7T8twXrk38uKJizjlo737IO7HiLfdAtM/INgHbtsnWhO1Fv8jAvKXnmuFesbmvdSTB78w5+tn/SXP9WcCyA+fxgBRMCsOKW1wrdZ/pI19JdrnXnmX9wmFOyJW1lqebV3ZLj1+9VZNsXcm13p/3Lxw9/JQW949x/2Nkr/fRnnQdJLEfxqqODuNIXQ+HkxndGP5ZnyXwLyTUX4454UbWsyd83G0tW0m45O/687IPcYEPTBqDf5m90PR2z61FadumwN+O+JS0nkz9USsmQDR19MGf1o6gcP/JxAzEhimISxY20zI2VG+lDFl9cT84qfjsvVUujYzAURXUwipP7wvrXSF9Mi0JWMe6L1TiKv8QVHYviR5+kO6/OFsXIiADAm7Lfz0LJJOYjeTdLD9mb2ivlnZOz+/vD2f3ZH6M0Q+WlQveziamtFBW/o69YSR6aTyd0L1we845eLv0niiL7QlGD7+j/i1K9HPty2e0oiqLjx/rn/j2QumGPRPHfKIruVZJM8odjWfXjeIePJ7Yb1qv5uAtvPzv4eTIBfuzDvQ/3Hlerq2vl98rlO1XNJf9V6D7kRe4BAIw4+R47SYnclBLWe7qW1nHtwT/eTZeGMt7Xu18pyHT0QLeyWwgsj691aeBrCLfSs1bp+lL6uHRoLl28tygNlLUKyR1ebk08q0ty6UC91V7Z7L5Dx88A+2VXz3IIAAA4d9cn5GFpKP9rOP8Xh/L/La2kJVYujz3vHs7l3bPj3in9pLKVk4N//5Q7AwCArwg3+Mxaav/WCgKv9UFlfb1it7dcE/jOD0zgbWy6xmu23cDZspubrmkFftt3/LppBVrwFt3QhNutlh+0Tc0PTMsPvZ3kzu+me+v30G3YzbbnhK26a4eucfxm23baZsMLHdPa/l7dC7fcINk5bLmOV/Mcu+35TRP624HjlowJXXegoLfhNttezYsXm6YVeA072DU/9OvbDddsuKETeK22n1aYteU1a37QSKotKZr5RocAAHwZPX1++Oh+p7P35PjCYnxqnq450oQyowvzYypkjiAAAD5n+ul6hp2KZxgQAAAAAAAAAAAAAAAAAAAAAAAYcfIlfTMuzI27WFDqrfnFhe4a/Vr9SwxH6rF02oHNspCbda/skojDR59OKbzYW5N1/2CZo1ka1UXplQ/w71+T3krWKF1TOP0+XJwyuGex8N39tEcn95gm9NhCbywKp//PIV54/KcJm6IoiqbvvjDch/PTDnB4oSDpyfxrDMH5vxcBOF//DwAA//9wiz37")
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000080)=ANY=[@ANYBLOB="1600000002000000"], 0x0)

6.242388026s ago: executing program 3 (id=1573):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x88}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000380)=ANY=[@ANYBLOB='+rdma'], 0x6)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000fcffffff000000010000000085000000bc0000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x4, 0x1000000, {0x0, 0x0, 0x12, 0x0, {0x0, 0x300}, {0x6, 0xffff}, {0x0, 0x4}}, [@TCA_RATE={0x6, 0x5, {0x5}}]}, 0x2c}, 0x1, 0x7a00, 0x0, 0x4000081}, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r7, 0xc0603d0f, &(0x7f0000000000)={0x7fffffff, 0xf})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getrusage(0x0, &(0x7f00000008c0))
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x185201, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4, 0x70bd2a, 0xf7ffffff, {0x0, 0x0, 0x0, r11, {0x0, 0x3}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001880)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r11, {0x0, 0x6}, {}, {0x7}}, [@TCA_RATE={0x6, 0x5, {0x93, 0x1}}]}, 0x2c}}, 0x0)

6.192940646s ago: executing program 3 (id=1574):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x2000, 0x0)
write$tun(r0, &(0x7f00000003c0)=ANY=[], 0x15)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
r2 = syz_io_uring_setup(0x2cf9, &(0x7f0000002200)={0x0, 0xfffffffd, 0x10100, 0x3, 0x206}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000800)=<r4=>0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x3, @multicast1}}, 0x80, &(0x7f00000000c0)}, 0x0, 0x80840})
io_uring_enter(r2, 0x11d30, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ip_vti0\x00', 0x400})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xfffffffd}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000080), 0x4, 0xba6, &(0x7f0000000c00)="$eJzs3M1rXFUUAPDzXj7bRicVEeumEZEWxGlaSbFFsJWKGxeCboWGdFJCph8kkZo0i4n+A6KuBTeCWpQu7LobBbdutG4tLoQisVEQ0cibjyQ2M0naTvJq8vvBzbt3zpvcc/KYeffCTALYsQayH2nEvog4nUQU6o+nEdFd7fVGVGrnLczPjvwxPzuSxOLi678mkUTE7fnZkcbvSurHPfVBb0R891ISj7y7et7J6Znx4XK5NFEfH5o6d/HQ5PTMs2Pnhs+WzpbOHz76/NCRoaODx4baVuufP5249vuTr/xc+euzv6/89sEnSZyIvnpsZR3tMhADS3+TlTojYrjdk+Wko17PyjqTznWelG5yUgAAtJSuWMM9FoXoiOXFWyG+/j7X5AAAAIC2WOyIWAQAAAC2ucT+HwAAALa5xucAbs/PjjRavp9I2Fq3TkZEf63+hXqrRTqjUj32RldE7L6dxMqvtSa1p923gYi4+eOxL7MWm/Q95LVU5iLi8WbXP6nW31/9Fvfq+tOIGGzD/AN3jP9P9Z9ow/x51w/AznT9ZO1Gtvr+ly6tf6LJ/a+zyb3rXuR9/2us/xZWrf+W6+9osf57bYNzXP70o0utYln9L1x7+YtGy+bPjvdV1F24NRfxRGez+pOl+pMW9Z/e4ByFfy6VWsXyrn/x44gD0bz+hmTt/090aHSsXBqs/Ww6x9y3Q5+3mj/v+rPrv7tF/etd/4sbnOPNU6eutoqtX3/6S3fyRrXXXX/k7eGpqYnDEd3Jq6sfP7J2Lo1zGr8jq//gU2u//pvVn70nVOp/h2wvMFc/ZuN37pjzxSuXv1qr/mzvl+f1P3OP1/+9Dc7x9DfvH2wVW7n/zVo2/82kthcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIY0IvoiSYtL/TQtFiP2RMSjsTstX5icemb0wlvnz2SxiP7oSkfHyqXBiCjUxkk2PlztL4+P3DF+LiL2RsSHhV3VcXHkQvlM3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwZE9E9EWSFiMijYiFQpoWi3lnBQAAALRdf94JAAAAAJvO/h8AAAC2P/t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANtne/ddvJBFROb6r2jLd9VhXrpkBmy3NOwEgNx15JwDkpjPvBIDc3OUe33IBtqFknXhvy0hP23MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MF1YN/1G0lEVI7vqrZMdz3W1fQZ+7cwO2AzpXknAOSmY61g59blAWw9L3HYuZrv8YGdJFkn3rt8TuW/kZ5NywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAB09ftSVpMSLSaj9Ni8WIhyKiP7qS0bFyaTAiHo6IHwpdPdm4J++kAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLvJ6Znx4XK5NKGjo5NvJ3kw0qh18n5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD5PTM+PD5XJpYjLvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC8TU7PjA+Xy6WJDXSu3s3JKzp51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DQAA//+LYA3r")
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x201000, 0x0)
r5 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xd, 0x0, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f0, &(0x7f0000000080))
preadv2(r5, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

6.078585038s ago: executing program 3 (id=1576):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000200)={[{@i_version}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@data_err_abort}], [{@seclabel}]}, 0x1, 0x43d, &(0x7f0000000900)="$eJzs281vG0UbAPBn7SR9+/FSU5WPpgUCBRHxkTRpKT1wAYHEASQkOJRjSNIq1G1QEyRaRRAQKkdUiTviiMRfwAkuCDghcYU7qlShXFrgYrTZ3cR27LQOTlzw7ydtMrM7zszj3bFnZ7IB9K2R9EcSsS8ifomI/Vm2scBI9uvmytL0HytL00nUaq//nqyWu7GyNF0ULV63t8gMRJQ+TuJwi3oXLl0+N1Wtzl7M8+OL598ZX7h0+em581NnZ8/OXpg8derE8YlnT04+05U407huDL8/f+TQy29efXX69NW3fvgqKeJviqNLRjY7+Fit1uXqeuv/delkoIcNoSPlrJvG4Gr/3x/lWD95++Olj3raOGBb1Wq12r3tDy/XgP+wJHrdAqA3ii/69P632HZo6HFHuP58dgOUxn0z37IjA1HKyww23d9200hEnF7+8/N0i+2ZhwAAaPBNOv55Kh//NSz8lKJ+XuiufA2lEhF3R8SBiDgZEQcj4p6I1bL3RcT9HdbfvEiycfxTutbhn+xIOv57Ll/bahz/FaO/qJQj/iqGy5UYTM7MVWeP5e/JaAzuSvMTm9Tx7Ys/f9ruWP34L93S+ouxYN6OawO7Gl8zM7U49U9irnf9w4jhgVbxJ2srAellcSgihrdYx9wTXx5pd+zW8Tcaqs90YZ2p9kXE49n5X46m+AvJ5uuT4/+L6uyx8eKq2OjHn6681q7+TuPvtvT872l5/a/FX0nq12sXOq/jyq+ftL2n2er1P5S80bDvvanFxYsTEUPJK1mj6/dPNpWbXC+fxj96tHX/PxDr78ThiEgv4gci4sGIeChv+8MR8UhEHN0k/u9fePTtxj1JB/FvrzT+mY7O/3piKJr3tE6Uz333dUOllegg/vT8n1hNjeZ7bufz73batbWrGQAAAP59ShGxL5LS2Fq6VBoby/6H/2DsKVXnFxafPDP/7oWZ7BmBSgyWipmubD44mw+dyG/ri/xkU/54Pm/8WXn3an5ser460+vgoc/tbdP/U7+Ve906YNt5Xgv6l/4P/Uv/h/6l/0P/atH/d/eiHcDOa/X9/0EP2gHsvKb+b9kP+oj7f+hf+j/0L/0f+tLC7rj1Q/ISEhsSUbojmiGxTYlefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0x98BAAD///1B6is=")
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3f0, 0x3d8, 0x3d8, 0x3f0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2e0, 0x4001, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4001, 0x1, 0x3, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='mm_page_alloc\x00', r5}, 0x10)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)

5.951264801s ago: executing program 3 (id=1577):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x9, 0x4, 0x3c56, 0x1, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='hugepage_set_pmd\x00', r1, 0x0, 0x3}, 0x18)
r3 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
unshare(0x2040400)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.current\x00', 0x275a, 0x0)
flistxattr(r5, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000000)={0x0, 0x2, "ec9fe427e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028642b17832b10b386a6f7379156a126a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d26ff199ee1ff379742c3f0b46caa357570ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a497883414d0eeebaa50c7740bbe6e1c1fd400cfdfe756bcb7d08e36655c00"})
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f00000001c0)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0xfffffbff, 0x20, 0x0, 0x0, 0x8, 0x1, 0x0, 0x5, 0x3, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf79d}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'vcan0\x00', <r6=>0x0})
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x8c, 0x8c, 0xa, [@const={0x6, 0x0, 0x0, 0xa, 0x1}, @float={0xa, 0x0, 0x0, 0x10, 0x10}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x8}]}, @type_tag={0xf, 0x0, 0x0, 0x12, 0x2}, @const={0x6, 0x0, 0x0, 0xa, 0x5}, @float={0x1, 0x0, 0x0, 0x10, 0x10}, @enum={0x10, 0x6, 0x0, 0x6, 0x4, [{0x10, 0x4}, {0x10, 0x2}, {0x9, 0xa}, {0xb, 0x8}, {0x5, 0x2}, {0x10, 0x6}]}]}, {0x0, [0x30, 0x5f, 0x30, 0x30, 0x61, 0x30, 0x5f, 0x0]}}, &(0x7f0000000700)=""/83, 0xae, 0x53, 0x0, 0x558, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@bloom_filter={0x1e, 0xfff, 0x0, 0x4, 0x400, r2, 0x51d, '\x00', r6, r7, 0x1, 0x2, 0x5, 0x5, @void, @value, @void, @value}, 0x50)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000200)={'ip6gre0\x00', <r9=>0x0, 0x4, 0xf7, 0xdc, 0x2, 0x28, @private2, @ipv4={'\x00', '\xff\xff', @local}, 0x8000, 0x80, 0xb000, 0x4}})
sendmsg$TCPDIAG_GETSOCK(r8, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000280)={0x20c, 0x12, 0x300, 0x70bd27, 0x25dfdbfc, {0x28, 0x9, 0x48, 0xc, {0x4e23, 0x4e24, [0x6, 0x6, 0xad1e, 0x1], [0xe, 0x3b6d, 0x2], r9, [0x6, 0x9]}, 0xf, 0x6}, [@INET_DIAG_REQ_BYTECODE={0xcb, 0x1, "e7fb61288401a660ccc354b2624a122778d9d180695f7bdb28b1a846e4fbc84afa287894aab5942d54f3b55423a309601c9a802a3453c5bb84cd196cc035c931486e57ba48b87c6265b2007a0c6f76f5d373edcf914bd2173522c5acff0e21334481ed1c0c746cdb7f89febe696fb654f4369aa8716c959e98d81384d63c6798efd24fe82fb3f23b617a2e43ad6b76176cfba0ec80c17a5151ae0b332999826eab5979e80be8c3fc9b21bbe938fbac4d7eb65ab18c21afdd2b0edd8a317e7ee0e7550d1b805bb1"}, @INET_DIAG_REQ_BYTECODE={0xdc, 0x1, "865dabae6fa17f3505b78e7f9829982f22bf7e4931a82a6c1470eaf7a91eee4f881a45c452e7034330c06f2823993dd67e7bfea0cbc9d5a0904aee4052b256a824e4cd1de0865e00f4b0489ee8671120e6c90f608fd17db47c0dd53c87947f30329ac0f3580bae06ecdf5f05a0f498012546d264e77003af33e9c35ae7679b4d1713a17449291a6ff3224a9fe036ae3361dffd6c4034018b2c449d009089850c690ea624f43288f7c83bd2c3397dc55313f412a384ab9072c8b1b17901316debff70d7474fae81fdb40a804d611e5a2f71c25d820b160505"}, @INET_DIAG_REQ_BYTECODE={0x16, 0x1, "c4eb86d66ba6e06fd85dc313d089d241737d"}]}, 0x20c}, 0x1, 0x0, 0x0, 0x40000}, 0x80)

5.210442603s ago: executing program 3 (id=1591):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = getpgrp(0xffffffffffffffff)
perf_event_open(0x0, r0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
preadv(r1, &(0x7f00000005c0)=[{&(0x7f0000000080)=""/122, 0x7a}], 0x1, 0x4, 0x2c6)
syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x14c0e, &(0x7f0000000b40)=ANY=[], 0xfd, 0x6b1, &(0x7f0000001f80)="$eJzs3V1vG1kdx/Hf2E7iZFFVAapWVbc5bVkpFcW1nW2qqFzsMBknA7bHmnEgkZBWhSarqk6Btkg0NyU3PEjLG+Bub7jgRazE9b4LuAJpBXcgJDRoZjx+iB9St0m6D99P1Ho8c+ac/5zj+t+JPWcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkORvlcsVS3Wtu75jJnI3Ab2RP8hrZntY2p5vpws1pbc7F7UpW/EfFot5OV7/9zX6RS/Ff13UlfXZFxfihqMO3Ll28941CLtt/SsCvQrNW+PT54aP7nc7ek5com9fM1b9Jyr1EoU236YW+17A3XeOFvllfWyvf3qqFpubV3XA3bLsN4wRuru0HZsW5aSrr66vGLe36283NDbvuZivvfqdaLq+Z7y+kAy2pFDpbXr3uNTeTMvHmuMxd89GP0wKu3TBm/2Fnb3Ugnhfj+jguVDnpSOJC1ZMKVcvVaqVSrVbW7qzfuVsuF0ZWlGNWuUcjJU79RYsvmNN9AwdeQy7O/3+1pLqKampbOzJjfxxtKJCvxoTtXVn+f/e2O7XdwfyfZfm5/ubLSvL/1fTZ1Un5f0IsRibZYdwWa8L62X7mkoiMnuq5DvVI99VRR3t6cgp1G5nlU6nlHH425aopT6F8eWrITtaY7hqjda1pTWV9oC3VFMqoJk91uQq1q1BtufEraj4eLVe22vIVyGhFjm7KqKJ1rWtVRq5K2pWvbTW1qQ3Z+ncURft6mPT7aj+m/PGRV1aoMuEgFlTIXnd7qk452kn5/ycv0r27+b9M/v+qSl8HC+nDp9PKAJ8DUff8f0bLZxMNAAAAAAA4C1by23cr+VT+HUmRal7dLb/psAAAAAAAwCmyFC3oiqz0W/l6Rxbn/wAAAAAAfNlYyTV2lqSl5Ev9Vv9yqZf5JUD+HEIEAAAAAACvKbny/+q8FCWTVizLmun8HwAAAAAAfAH8bmCO/UI2x26Ufayfk7T8twXrk38uKJizjlo737IO7HiLfdAtM/INgHbtsnWhO1Fv8jAvKXnmuFesbmvdSTB78w5+tn/SXP9WcCyA+fxgBRMCsOKW1wrdZ/pI19JdrnXnmX9wmFOyJW1lqebV3ZLj1+9VZNsXcm13p/3Lxw9/JQW949x/2Nkr/fRnnQdJLEfxqqODuNIXQ+HkxndGP5ZnyXwLyTUX4454UbWsyd83G0tW0m45O/687IPcYEPTBqDf5m90PR2z61FadumwN+O+JS0nkz9USsmQDR19MGf1o6gcP/JxAzEhimISxY20zI2VG+lDFl9cT84qfjsvVUujYzAURXUwipP7wvrXSF9Mi0JWMe6L1TiKv8QVHYviR5+kO6/OFsXIiADAm7Lfz0LJJOYjeTdLD9mb2ivlnZOz+/vD2f3ZH6M0Q+WlQveziamtFBW/o69YSR6aTyd0L1we845eLv0niiL7QlGD7+j/i1K9HPty2e0oiqLjx/rn/j2QumGPRPHfKIruVZJM8odjWfXjeIePJ7Yb1qv5uAtvPzv4eTIBfuzDvQ/3Hlerq2vl98rlO1XNJf9V6D7kRe4BAIw4+R47SYnclBLWe7qW1nHtwT/eTZeGMt7Xu18pyHT0QLeyWwgsj691aeBrCLfSs1bp+lL6uHRoLl28tygNlLUKyR1ebk08q0ty6UC91V7Z7L5Dx88A+2VXz3IIAAA4d9cn5GFpKP9rOP8Xh/L/La2kJVYujz3vHs7l3bPj3in9pLKVk4N//5Q7AwCArwg3+Mxaav/WCgKv9UFlfb1it7dcE/jOD0zgbWy6xmu23cDZspubrmkFftt3/LppBVrwFt3QhNutlh+0Tc0PTMsPvZ3kzu+me+v30G3YzbbnhK26a4eucfxm23baZsMLHdPa/l7dC7fcINk5bLmOV/Mcu+35TRP624HjlowJXXegoLfhNttezYsXm6YVeA072DU/9OvbDddsuKETeK22n1aYteU1a37QSKotKZr5RocAAHwZPX1++Oh+p7P35PjCYnxqnq450oQyowvzYypkjiAAAD5n+ul6hp2KZxgQAAAAAAAAAAAAAAAAAAAAAAAYcfIlfTMuzI27WFDqrfnFhe4a/Vr9SwxH6rF02oHNspCbda/skojDR59OKbzYW5N1/2CZo1ka1UXplQ/w71+T3krWKF1TOP0+XJwyuGex8N39tEcn95gm9NhCbywKp//PIV54/KcJm6IoiqbvvjDch/PTDnB4oSDpyfxrDMH5vxcBOF//DwAA//9wiz37")
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x1, 0x0, 0x0, 0x2, 0x0, 0x100, 0x18020, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, @perf_config_ext={0xffffffffffffffe0}, 0x0, 0x1000000001, 0x0, 0x0, 0x7fffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18)
open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000080)=ANY=[@ANYBLOB="1600000002000000"], 0x0)

5.202890693s ago: executing program 32 (id=1591):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = getpgrp(0xffffffffffffffff)
perf_event_open(0x0, r0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
preadv(r1, &(0x7f00000005c0)=[{&(0x7f0000000080)=""/122, 0x7a}], 0x1, 0x4, 0x2c6)
syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x14c0e, &(0x7f0000000b40)=ANY=[], 0xfd, 0x6b1, &(0x7f0000001f80)="$eJzs3V1vG1kdx/Hf2E7iZFFVAapWVbc5bVkpFcW1nW2qqFzsMBknA7bHmnEgkZBWhSarqk6Btkg0NyU3PEjLG+Bub7jgRazE9b4LuAJpBXcgJDRoZjx+iB9St0m6D99P1Ho8c+ac/5zj+t+JPWcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkORvlcsVS3Wtu75jJnI3Ab2RP8hrZntY2p5vpws1pbc7F7UpW/EfFot5OV7/9zX6RS/Ff13UlfXZFxfihqMO3Ll28941CLtt/SsCvQrNW+PT54aP7nc7ek5com9fM1b9Jyr1EoU236YW+17A3XeOFvllfWyvf3qqFpubV3XA3bLsN4wRuru0HZsW5aSrr66vGLe36283NDbvuZivvfqdaLq+Z7y+kAy2pFDpbXr3uNTeTMvHmuMxd89GP0wKu3TBm/2Fnb3Ugnhfj+jguVDnpSOJC1ZMKVcvVaqVSrVbW7qzfuVsuF0ZWlGNWuUcjJU79RYsvmNN9AwdeQy7O/3+1pLqKampbOzJjfxxtKJCvxoTtXVn+f/e2O7XdwfyfZfm5/ubLSvL/1fTZ1Un5f0IsRibZYdwWa8L62X7mkoiMnuq5DvVI99VRR3t6cgp1G5nlU6nlHH425aopT6F8eWrITtaY7hqjda1pTWV9oC3VFMqoJk91uQq1q1BtufEraj4eLVe22vIVyGhFjm7KqKJ1rWtVRq5K2pWvbTW1qQ3Z+ncURft6mPT7aj+m/PGRV1aoMuEgFlTIXnd7qk452kn5/ycv0r27+b9M/v+qSl8HC+nDp9PKAJ8DUff8f0bLZxMNAAAAAAA4C1by23cr+VT+HUmRal7dLb/psAAAAAAAwCmyFC3oiqz0W/l6Rxbn/wAAAAAAfNlYyTV2lqSl5Ev9Vv9yqZf5JUD+HEIEAAAAAACvKbny/+q8FCWTVizLmun8HwAAAAAAfAH8bmCO/UI2x26Ufayfk7T8twXrk38uKJizjlo737IO7HiLfdAtM/INgHbtsnWhO1Fv8jAvKXnmuFesbmvdSTB78w5+tn/SXP9WcCyA+fxgBRMCsOKW1wrdZ/pI19JdrnXnmX9wmFOyJW1lqebV3ZLj1+9VZNsXcm13p/3Lxw9/JQW949x/2Nkr/fRnnQdJLEfxqqODuNIXQ+HkxndGP5ZnyXwLyTUX4454UbWsyd83G0tW0m45O/687IPcYEPTBqDf5m90PR2z61FadumwN+O+JS0nkz9USsmQDR19MGf1o6gcP/JxAzEhimISxY20zI2VG+lDFl9cT84qfjsvVUujYzAURXUwipP7wvrXSF9Mi0JWMe6L1TiKv8QVHYviR5+kO6/OFsXIiADAm7Lfz0LJJOYjeTdLD9mb2ivlnZOz+/vD2f3ZH6M0Q+WlQveziamtFBW/o69YSR6aTyd0L1we845eLv0niiL7QlGD7+j/i1K9HPty2e0oiqLjx/rn/j2QumGPRPHfKIruVZJM8odjWfXjeIePJ7Yb1qv5uAtvPzv4eTIBfuzDvQ/3Hlerq2vl98rlO1XNJf9V6D7kRe4BAIw4+R47SYnclBLWe7qW1nHtwT/eTZeGMt7Xu18pyHT0QLeyWwgsj691aeBrCLfSs1bp+lL6uHRoLl28tygNlLUKyR1ebk08q0ty6UC91V7Z7L5Dx88A+2VXz3IIAAA4d9cn5GFpKP9rOP8Xh/L/La2kJVYujz3vHs7l3bPj3in9pLKVk4N//5Q7AwCArwg3+Mxaav/WCgKv9UFlfb1it7dcE/jOD0zgbWy6xmu23cDZspubrmkFftt3/LppBVrwFt3QhNutlh+0Tc0PTMsPvZ3kzu+me+v30G3YzbbnhK26a4eucfxm23baZsMLHdPa/l7dC7fcINk5bLmOV/Mcu+35TRP624HjlowJXXegoLfhNttezYsXm6YVeA072DU/9OvbDddsuKETeK22n1aYteU1a37QSKotKZr5RocAAHwZPX1++Oh+p7P35PjCYnxqnq450oQyowvzYypkjiAAAD5n+ul6hp2KZxgQAAAAAAAAAAAAAAAAAAAAAAAYcfIlfTMuzI27WFDqrfnFhe4a/Vr9SwxH6rF02oHNspCbda/skojDR59OKbzYW5N1/2CZo1ka1UXplQ/w71+T3krWKF1TOP0+XJwyuGex8N39tEcn95gm9NhCbywKp//PIV54/KcJm6IoiqbvvjDch/PTDnB4oSDpyfxrDMH5vxcBOF//DwAA//9wiz37")
perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x1, 0x0, 0x0, 0x2, 0x0, 0x100, 0x18020, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, @perf_config_ext={0xffffffffffffffe0}, 0x0, 0x1000000001, 0x0, 0x0, 0x7fffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r2}, 0x18)
open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000080)=ANY=[@ANYBLOB="1600000002000000"], 0x0)

1.570768344s ago: executing program 0 (id=1667):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, @void, @value}, 0x94)
syz_io_uring_setup(0xd, &(0x7f00000000c0)={0x0, 0x2030, 0x2, 0x0, 0x19c}, &(0x7f0000000180), 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x600803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b000000000000000000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
close(r0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r3, 0x2000009)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r4, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1d7)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{}, 0x0, 0x0}, 0x20)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000540)=ANY=[], 0x53)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c8)
sendfile(r5, r5, 0x0, 0xfffe80)

1.512122985s ago: executing program 2 (id=1669):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
socket$inet6(0xa, 0x3, 0xf)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000009f910000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x42)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
socket(0x1e, 0x805, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2802480, &(0x7f0000000200)={[{@abort}, {@inlinecrypt}, {@errors_continue}]}, 0x0, 0x762, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2Ch4oHESwU9GxdNttQs8mW7KY0IaAighdBxYOgl579UW/exB9X/S88SEvVtFjxIJHZzKbbZrfJpkmWup8PTPt9M7N5892Zee/tzrATQM8aTf/JRRyOiA+TiOFsfhIRA/WoP+Lk2no3V5aL6ZTE6uqrfyT1dW6sLBej6TWpg1nh0Yj48b2II7mN9VYXl2YK5XJpPiuP12bPj1cXl46emy1Ml6ZLc8cnJiePnXjmxPGdy/WvX5YOXf3opSe/PvnPu49c/uCnJE7GoWxZcx47ZTRGs/dkIH0Lb/PiTlfWZUm3N4BtSU/NvrWzPA7HcPTVIwDg/+ytiFgFAHpMov8HgB7T+B7gxspysTF19xuJvXXthYjYv5Z/4/rm2pL+7Jrd/vp10KEbyW1XRpKIGNmB+kcj4vNvX/8ynWKXrkMCtPL2d1mwof1PNtyz0KmntrDO6B1l7R/sne/T8c+zrcZ/ufXxT7QY/wy2OHe3Y/PzP3dlB6ppKx3/Pd90b9vNpvwzI31Z6YH6mG8gOXuuXErbtgcjYiwGBtPyxF3qGLv+7/V2y5rHf39+/OYXaf3p/7fWyF3pH7z9NVOFWuFecm527Z2Ix/pb5Z+s7/+kzfj39BbrePm59z9rtyzNP823MW3Mf3etXop4ouX+v3VHW3LX+xPH64fDeOOgaOGbXz8dald/8/5Pp7T+xmeBvZDu/6G75z+SNN+vWe28jp8vDf/Qbtnm+bc+/vclr9Xjfdm8i4VabX4iYl/yysb5x269tlFurJ/mP/Z4Pf8D2Sob2r9Wx3/6mfCNzRLPNqL/6u9fbT//3ZXmP9XR/u88uHxzpq9d/Vvb/5P1aCybs5X2b6sbeC/vHQAAAAAAAAAAAAAAAAAAAAAAAABsVS4iDkWSy6/HuVw+v/YM74djKFeuVGtHzlYW5qai/qzskRjINX7qcrjp91Anst/Db5SP3VF+OiIeiohPBg/Uy/lipTzV7eQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIHOwzfP/U78NdnvrAIBds7/bGwAA7Dn9PwD0nk77f+MFALj/6c8BoPfo/wGg9+j/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2GWnT51Kp9W/V5aLaXnqwuLCTOXC0alSdSY/u1DMFyvz5/PTlcp0uZQvVmY3+3vlSuX8ZMwtXByvlaq18eri0pnZysJc7cy52cJ06UxpYE+yAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDOVBeXZgrlcmleIBAI1oNut0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA94f/AgAA///tuiN0")
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r5, 0x7041, 0x0)
r6 = memfd_create(&(0x7f0000000600)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;X\x14\x97\xabh\xd1/\x84\x8a\x91$GY\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2\x02\x00\x00\x00\x00\x00\x00\x006\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KF\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\x00\x00\x00\x00h\xaa\x15\x9a\xf7\x03\x00%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x9b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\xb35\x00\xfb\xac8wAph\xb4\x9d\x14\xf6\xec+f\'\xa3\xb9\xaf\x87X\xec\x13\x9c\xc5\x84\xde\x1b\x11\xe8\\}\xf81\xe6U3\xf9~\xdfD[\x1a\x02\x1f\xd2\x1as-\x9c\x01\x86\xa7\xb8\xc5\xeeOg\x99j\xedu\xafO@\x8e\xf24w\xad\x130Z&\xcb\x81\xfc', 0xe)
fchmod(r6, 0x180)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2400c042)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r9, 0x408c5333, &(0x7f0000000580)={0x0, 0x0, 0x0, 'queue0\x00'})

1.449611376s ago: executing program 1 (id=1671):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x1e, 0x805, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]})
r3 = socket$inet(0x2, 0x3, 0x8)
r4 = socket$inet(0x2, 0x6000000000000003, 0x6)
dup3(r3, r4, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x2}}, 0x10)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x2a801400, 0x0, 0x0, 0x0, 0x0, 0x0)
close(0x3)
connect$tipc(r1, &(0x7f0000000000)=@id, 0x10)
close(r1)

1.433360236s ago: executing program 2 (id=1672):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095868adc467071ce4388875688290962136ea6c2a655e2a9f42ce2096e04eab22b6c6b6c371d14da9aee2a7a3cb506fff0973b920c82b974888271f68843f4c19f370f6c17d449d9e53015d5b7c066d923e58d"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000480)='mm_page_alloc\x00', r2}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x11, @loopback, 0x0, 0x0, 'lblcr\x00', 0x3b, 0x0, 0x37}, 0x2c)
r4 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ffffff, 0x0, @perf_config_ext={0xd, 0x800000000003}, 0x1320, 0xffffffff, 0x3, 0x6, 0x0, 0x1, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0xb)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b702000000090001db120a000000000007000000000000009500000000000a6682f0a61b01e4c027d252f602901b7cbbd5b9097bb8334a5541cf9e345af317e35f2ad53d857708f974879196ac07622b10548ccd2028eaf7610ae297a58e413b22d81494fcb1dbd1e9cb784c590ddd3d400ac1949839f92232e7684f2305d906ee929a27a5dedf301650960d8ae1cf339f6bda65bf6594c2839dcea6e419c9b8b7d17b9e49f392c832ffa41c17b82700789b163bbc8507f171b46d2c569e75810e60a06b6f69ef41ca39a2e8c2f369545d761d74"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xd3, &(0x7f0000000c40)=""/211, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
capget(&(0x7f00000003c0)={0x19980330}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'batadv_slave_0\x00', <r6=>0x0})
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000200)={[{@journal_async_commit}, {@grpquota}, {@debug}, {@discard}]}, 0xee, 0x498, &(0x7f0000001b40)="$eJzs3E1sFFUcAPD/bL/5kIr4AYJW8YOotLR8yMGLRhMPmpjoAeOplkKQQg2tiZBG0QMeDYl349HEu4knvRj1YEy86t2QENML6GnMzM4s23a3n0sX3N8v2e17M7N97z9vXuf1vd0NoGMNZU9JxLaI+CMidlSzCw8Yqv64OT838c/83EQSafrm30l+3I35uYny0PJ1W6uZNI3oy5J9Dcq98k7E+NTU5IUiPzJ77v2RmYuXDp45N3568vTk+bHjx48c3td7bOxovj9dZ3yV4mcW1409H03v3f3q21dfnzhx9d2fv8nqu63YXx/HuqRLazhUPbuLPZo9Pbmhwu4ov2ZP2+s2JN3NDx7ehAqxel0RkTVXT55LoisGavt2xCuftrFqwG2Wpmna6P4cdfftFPifSvRv6FDlvT77/7d8bM7I485w/cWIOFhk5ucmbtbi767NHfQs+v+2lYYi4sTlf7/MHtGKeQgAgBV8n41/nms0/qvEA3XH3VOsoQxGxL0RsTMi7ouIXRFxf0R+7IMR5x5aY/mLV0iWjn8q19YV2Cpl478XirWtmwvGf+XoLwa7itz2PP6e5NSZqclDxTk5ED19WX50mTJ+ePn3z8t0/6J99eO/7JGVX44Fi3pc6140QXdyfHY8T6Rp+vHGwo/rn0Ts6W4UfxLlMk4SEbsjYs86yzjzzNd7m+1bOf5lLLPOtFrpVxFPV9v/8sLx/62mSurXJwciorY+Ofr8sbGjI/0xNXlopLwqlvrltytvNCt/Q/G3QNb+Wxpe/7VV4MGkP2Lm4qWz+XrtzNrLuPLnZ3V9esHqchZ/5duINV//vclbebq32Pbh+OzshdGI3uS1pdvHbr22zJfHZ/Ef2N+4/++sq/HDEZFdxPsi4pFiETdru8ci4vGI2L9M/D+99MR7zfY1b/9ms/Ktdb04Ucu2f9S3/9oTXWd//K5Z+UPFGmQU56Fx+x/JUweKLbW/f8tYbQXXddIAAADgLlPJ3wOfVIZr6UpleLj6Hv5dsaUyNT0z++yp6Q/On6y+V34weirlTNeOuvnQ0WJuuMyPLcofLuaNv+gayPPDE9NTJ9sdPHS4rU36f+avrnbXDrjtWrCOBtyl9H/oXPo/dC79HzqX/g+dq1H/3+gHC4C7g/s/dK68/z91ud3VANrA/R86l/4PHanpZ+MrG/rIf9NE0upf2DBRfnfCZpS1cqL8LopNL31g3S/vX/nURaW9Z7VjEt1L2iK6W1pEX8NdbfyjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EL/BQAA///5etKr")
socket$nl_generic(0x10, 0x3, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x1b, 0x28, &(0x7f0000000e00)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xc}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff1113}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @generic={0x7, 0x4, 0xb, 0x1, 0x9}, @generic={0x0, 0xc, 0xf, 0x6, 0x10}, @tail_call, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000440)='GPL\x00', 0x40000, 0x38, &(0x7f00000004c0)=""/56, 0x41000, 0x33, '\x00', r6, @fallback=0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x2, 0x8, 0x8, 0x7}, 0x10, 0x0, r1, 0x0, &(0x7f0000000980)=[r7, r0, r0], 0x0, 0x10, 0xa51, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)

1.325401518s ago: executing program 0 (id=1673):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket(0x1, 0x3, 0x0)
r3 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f00000003c0)={[{@grpid}, {@nodelalloc}]}, 0xff, 0x49b, &(0x7f0000001040)="$eJzs3MtvVNUfAPDvnbY8fjzaHyIKglbQSHy0tKCycKFGExeamOgCl7UtiAzU0JoIabQYg0tD4t64NPEvcOfGqAtj4lYTl4aEaGNCcTXmvugwnSltaTvS+XyS6ZxzH3PO9957Zs69p/cG0LH60z9JxPaI+DUievPsrQv0529zs9OjN2anR5Oo1d74M8mWuz47PVouWq63rcgcrkRUPkni+WRhuZMXLp4ZqVbHzxf5wamz7w1OXrj41OmzI6fGT42fGz5+/NjRoWefGX56VeJM47q+78OJ/XtfeevKa6Mnrrz9w9dptfYcyOfXx3FbN5oE1ER/utX+qmUa5z26jLrfDXbUpZPuNlaEZemKiHR39WTtvze6Yn7n9cbLH7dec/P6VBBYM+lv0yIteaYGbGBJtLsGQHuUP/Tp+W/5Wqeux3/CtRciNhXpudnp0bmb8XdHpZjes4bl90fEiZl/vkhfsdzrEAAAK5D1bZ5s1v+rxJ7sPR/r2FmMofRFxP8jYldE3BMRuyPi3ohs2fsi4v585VrvEsvvb8gv7P9Urjat8ypJ+3/P1fX95uriL976uorcjiz+nuTk6er4kWKbHI6ezWl+aJEyvn3pl89azavv/6WvtPyyL1hU4Gp3wwW6sZGpkdXaCNcuRezrbhZ/cnMkID0C9kbEvuV99M4ycfrxr/a3Wuj28S9iFcaZal9GPJbv/5loiL+ULD4+ObglquNHBsujYqEff778eqvy7yj+VXDt4AN5Yn7/NyzR+3eSj9f2RLU6fn5y+WVc/u3Tluc0Kz3+NyVvZmPWP72TT/tgZGrq/FDEpuTVLF+e02XTh+fXLfPl8unxf/hQ8/a/q1gnjT/dSulBfCAiHoyIh4q6PxwRByPi0CLxf//iI+8uEn8SSbRv/1+KGGv6/Xfz+O9L6sfrV5DoOvPdN61GzOv3fy1ptf+PxUz2XZvLvv9uY6kVvMPNBwAAAHeFSkRsj6QykKf7t0elMjCQ/w//7vhfpToxOfXEyYn3z43l9wj0RU+lvNLVW3c9dCiZKT4xzw8X14rL+UeL68afd23N8gOjE9WxNscOnW7bre0/yvaf+qOr3bUD1pz7taBzNbb/SpvqAay/pfz+OxeAjenW9r8l/bO1XXUB1pfzf+hczdr/Rw15/X/YmBY+AOj3Jo+sAzYi/X/oXNo/dC7tHzpSfif8lVjJff0rT5Q3C6z8c7Ys+Q7/TkmUT7xYy7K2xvyUqLQ95A5KpC1mfQudf4YKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3ezfAAAA//+5XeWQ")
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095445577b2c217439259f36fb517f1c7368b08", @ANYRESDEC=r2, @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000002c0)=ANY=[@ANYRES32=r2])
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x20000c0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f62726964676500140001007767320000"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
mq_unlink(&(0x7f0000000000)='\x00')
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000180)='./file2\x00', 0x71283578ac7c5cd)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.279502059s ago: executing program 2 (id=1675):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x58, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x1f, 0x1f}}, @IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x25, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
r8 = socket(0x10, 0x80003, 0x0)
write(r8, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
close_range(r8, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r2, @ANYRES32=r0, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$peeksig(0x4209, r9, &(0x7f0000000000)={0x2005}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r10=>r1, {0x80}}, './file0\x00'})
connect$pppoe(r10, &(0x7f0000000180)={0x18, 0x0, {0x4, @random="7b1609c3d1a0", 'batadv_slave_0\x00'}}, 0x1e)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getneigh={0x14, 0x1e, 0x1, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r12}, 0x10)
creat(&(0x7f00000000c0)='./file0\x00', 0x101)
lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='trusted.overlay.nlink\x00')

1.21298401s ago: executing program 2 (id=1676):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180), 0x111, 0x1}}, 0x20)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = gettid()
r6 = epoll_create1(0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x40000, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000200)={0xa000000a})
finit_module(r7, 0x0, 0x0)
tkill(r5, 0x7)
sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, 0x0, 0x8040)
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000d00)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x401, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
r9 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r9, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
r10 = socket$netlink(0x10, 0x3, 0x0)
writev(r10, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r10, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r9, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
write(r0, &(0x7f00000003c0)="6898269cd4e0d38c7dcf89cea9cdb759371ddf1aeae98b8d535de95d3f250d84e94d77bfd8708c5ccca7ec815702a579426ff1979487d7949281101c39703722c960bafa024fc0b2c21efa45fad31256b57206cb83d6f59d415ba1ebadcae749b18ca5", 0x63)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newqdisc={0x30, 0x24, 0xd0f, 0x0, 0x4, {0x60, 0x0, 0x0, r11, {0x0, 0x5}, {0xc, 0xa}, {0x1, 0xfff3}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x4000)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r12, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x2b)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x1f, 0x0, &(0x7f00000004c0)="b9ff0307b6b46325419cf5b7236844268cb89e14f088a847e0886411000500", 0x0, 0x10003, 0x60000000, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50)

1.21256871s ago: executing program 1 (id=1677):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000009f", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = memfd_create(&(0x7f0000000600)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;X\x14\x97\xabh\xd1/\x84\x8a\x91$GY\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2\x02\x00\x00\x00\x00\x00\x00\x006\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KF\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\x00\x00\x00\x00h\xaa\x15\x9a\xf7\x03\x00%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x9b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\xb35\x00\xfb\xac8wAph\xb4\x9d\x14\xf6\xec+f\'\xa3\xb9\xaf\x87X\xec\x13\x9c\xc5\x84\xde\x1b\x11\xe8\\}\xf81\xe6U3\xf9~\xdfD[\x1a\x02\x1f\xd2\x1as-\x9c\x01\x86\xa7\xb8\xc5\xeeOg\x99j\xedu\xafO@\x8e\xf24w\xad\x130Z&\xcb\x81\xfc', 0xe)
fchmod(r1, 0x180)

1.21228138s ago: executing program 1 (id=1678):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x66, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60f4adf700082c00fe8000000000000000"], 0x0)

1.150789851s ago: executing program 5 (id=1679):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2802480, &(0x7f0000000200)={[{@abort}, {@inlinecrypt}, {@errors_continue}]}, 0x0, 0x762, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2Ch4oHESwU9GxdNttQs8mW7KY0IaAighdBxYOgl579UW/exB9X/S88SEvVtFjxIJHZzKbbZrfJpkmWup8PTPt9M7N5892Zee/tzrATQM8aTf/JRRyOiA+TiOFsfhIRA/WoP+Lk2no3V5aL6ZTE6uqrfyT1dW6sLBej6TWpg1nh0Yj48b2II7mN9VYXl2YK5XJpPiuP12bPj1cXl46emy1Ml6ZLc8cnJiePnXjmxPGdy/WvX5YOXf3opSe/PvnPu49c/uCnJE7GoWxZcx47ZTRGs/dkIH0Lb/PiTlfWZUm3N4BtSU/NvrWzPA7HcPTVIwDg/+ytiFgFAHpMov8HgB7T+B7gxspysTF19xuJvXXthYjYv5Z/4/rm2pL+7Jrd/vp10KEbyW1XRpKIGNmB+kcj4vNvX/8ynWKXrkMCtPL2d1mwof1PNtyz0KmntrDO6B1l7R/sne/T8c+zrcZ/ufXxT7QY/wy2OHe3Y/PzP3dlB6ppKx3/Pd90b9vNpvwzI31Z6YH6mG8gOXuuXErbtgcjYiwGBtPyxF3qGLv+7/V2y5rHf39+/OYXaf3p/7fWyF3pH7z9NVOFWuFecm527Z2Ix/pb5Z+s7/+kzfj39BbrePm59z9rtyzNP823MW3Mf3etXop4ouX+v3VHW3LX+xPH64fDeOOgaOGbXz8dald/8/5Pp7T+xmeBvZDu/6G75z+SNN+vWe28jp8vDf/Qbtnm+bc+/vclr9Xjfdm8i4VabX4iYl/yysb5x269tlFurJ/mP/Z4Pf8D2Sob2r9Wx3/6mfCNzRLPNqL/6u9fbT//3ZXmP9XR/u88uHxzpq9d/Vvb/5P1aCybs5X2b6sbeC/vHQAAAAAAAAAAAAAAAAAAAAAAAABsVS4iDkWSy6/HuVw+v/YM74djKFeuVGtHzlYW5qai/qzskRjINX7qcrjp91Anst/Db5SP3VF+OiIeiohPBg/Uy/lipTzV7eQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIHOwzfP/U78NdnvrAIBds7/bGwAA7Dn9PwD0nk77f+MFALj/6c8BoPfo/wGg9+j/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2GWnT51Kp9W/V5aLaXnqwuLCTOXC0alSdSY/u1DMFyvz5/PTlcp0uZQvVmY3+3vlSuX8ZMwtXByvlaq18eri0pnZysJc7cy52cJ06UxpYE+yAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDOVBeXZgrlcmleIBAI1oNut0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA94f/AgAA///tuiN0")

1.126153392s ago: executing program 5 (id=1680):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$inet6(0xa, 0x803, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x40}}, 0x0)
sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r1, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, 0x0, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
listen(r6, 0x6)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

942.988894ms ago: executing program 1 (id=1682):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10)
socket$inet6(0xa, 0x3, 0xf)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000009f910000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x42)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
socket(0x1e, 0x805, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x2802480, &(0x7f0000000200)={[{@abort}, {@inlinecrypt}, {@errors_continue}]}, 0x0, 0x762, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2Ch4oHESwU9GxdNttQs8mW7KY0IaAighdBxYOgl579UW/exB9X/S88SEvVtFjxIJHZzKbbZrfJpkmWup8PTPt9M7N5892Zee/tzrATQM8aTf/JRRyOiA+TiOFsfhIRA/WoP+Lk2no3V5aL6ZTE6uqrfyT1dW6sLBej6TWpg1nh0Yj48b2II7mN9VYXl2YK5XJpPiuP12bPj1cXl46emy1Ml6ZLc8cnJiePnXjmxPGdy/WvX5YOXf3opSe/PvnPu49c/uCnJE7GoWxZcx47ZTRGs/dkIH0Lb/PiTlfWZUm3N4BtSU/NvrWzPA7HcPTVIwDg/+ytiFgFAHpMov8HgB7T+B7gxspysTF19xuJvXXthYjYv5Z/4/rm2pL+7Jrd/vp10KEbyW1XRpKIGNmB+kcj4vNvX/8ynWKXrkMCtPL2d1mwof1PNtyz0KmntrDO6B1l7R/sne/T8c+zrcZ/ufXxT7QY/wy2OHe3Y/PzP3dlB6ppKx3/Pd90b9vNpvwzI31Z6YH6mG8gOXuuXErbtgcjYiwGBtPyxF3qGLv+7/V2y5rHf39+/OYXaf3p/7fWyF3pH7z9NVOFWuFecm527Z2Ix/pb5Z+s7/+kzfj39BbrePm59z9rtyzNP823MW3Mf3etXop4ouX+v3VHW3LX+xPH64fDeOOgaOGbXz8dald/8/5Pp7T+xmeBvZDu/6G75z+SNN+vWe28jp8vDf/Qbtnm+bc+/vclr9Xjfdm8i4VabX4iYl/yysb5x269tlFurJ/mP/Z4Pf8D2Sob2r9Wx3/6mfCNzRLPNqL/6u9fbT//3ZXmP9XR/u88uHxzpq9d/Vvb/5P1aCybs5X2b6sbeC/vHQAAAAAAAAAAAAAAAAAAAAAAAABsVS4iDkWSy6/HuVw+v/YM74djKFeuVGtHzlYW5qai/qzskRjINX7qcrjp91Anst/Db5SP3VF+OiIeiohPBg/Uy/lipTzV7eQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIHOwzfP/U78NdnvrAIBds7/bGwAA7Dn9PwD0nk77f+MFALj/6c8BoPfo/wGg9+j/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2GWnT51Kp9W/V5aLaXnqwuLCTOXC0alSdSY/u1DMFyvz5/PTlcp0uZQvVmY3+3vlSuX8ZMwtXByvlaq18eri0pnZysJc7cy52cJ06UxpYE+yAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDOVBeXZgrlcmleIBAI1oNut0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA94f/AgAA///tuiN0")
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r5, 0x7041, 0x0)
r6 = memfd_create(&(0x7f0000000600)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;X\x14\x97\xabh\xd1/\x84\x8a\x91$GY\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2\x02\x00\x00\x00\x00\x00\x00\x006\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KF\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\x00\x00\x00\x00h\xaa\x15\x9a\xf7\x03\x00%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x9b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\xb35\x00\xfb\xac8wAph\xb4\x9d\x14\xf6\xec+f\'\xa3\xb9\xaf\x87X\xec\x13\x9c\xc5\x84\xde\x1b\x11\xe8\\}\xf81\xe6U3\xf9~\xdfD[\x1a\x02\x1f\xd2\x1as-\x9c\x01\x86\xa7\xb8\xc5\xeeOg\x99j\xedu\xafO@\x8e\xf24w\xad\x130Z&\xcb\x81\xfc', 0xe)
fchmod(r6, 0x180)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2400c042)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r9, 0x408c5333, &(0x7f0000000580)={0x0, 0x0, 0x0, 'queue0\x00'})

939.535425ms ago: executing program 2 (id=1683):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, @void, @value}, 0x94)
syz_io_uring_setup(0xd, &(0x7f00000000c0)={0x0, 0x2030, 0x2, 0x0, 0x19c}, &(0x7f0000000180), 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x600803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b000000000000000000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
close(r0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r3, 0x2000009)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r4, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1d7)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{}, 0x0, 0x0}, 0x20)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000540)=ANY=[], 0x53)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c8)
sendfile(r5, r5, 0x0, 0xfffe80)

938.937794ms ago: executing program 5 (id=1684):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
prctl$PR_SET_SECCOMP(0x4c, 0x1, &(0x7f0000000080)={0x0, 0x0})
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000180)={0x3, 0x1, "ff6df7", 0xe, 0x6d})
ioctl$sock_bt_hci(r0, 0x400448c8, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3000000001040504800000ff000000000a00000705000100010000000a000200ffffdd0ee5b0"], 0x30}, 0x1, 0x0, 0x0, 0x200080c0}, 0x8000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xd, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000080000000000000000000000180900002020702500000000002020207b1af8ff00000000bda004000000000027000000f8ffffffb702000008000000b7030000000004002500f8ff0600000095"], &(0x7f0000000040)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r4=>0x0, <r5=>0x0})
close_range(r2, r2, 0x0)
ppoll(&(0x7f0000000080)=[{r2, 0xa056}, {r0, 0x4010}, {r3, 0x5c0}], 0x3, &(0x7f0000000100)={r4, r5+10000000}, &(0x7f0000000140)={[0x890]}, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x8, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$rds(0x15, 0x5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@generic={0xd7, 0xa, 0x0, 0x0, 0x40}]}, &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$EXT4_IOC_SETFSUUID(r6, 0x4008662c, &(0x7f00000007c0)={0x0, 0x0, "d15dcbbe41d4013f534cbc65e5e59ab6"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r6, 0x0, 0xfffffffffffffffd}, 0x18)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet6(0x10, 0x3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r7}, 0x10)

761.011797ms ago: executing program 1 (id=1686):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x9, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x4, [{0x7, 0x2}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x1, 0x401}}]}, {0x0, [0x0, 0x30, 0x0, 0x0, 0x2e, 0x0, 0x5f]}}, &(0x7f00000001c0)=""/2, 0x51, 0x2, 0x1, 0x0, 0x0, @void, @value}, 0x28)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x1c, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)

714.749458ms ago: executing program 5 (id=1687):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
close(r0)

686.594559ms ago: executing program 5 (id=1689):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
unshare(0x2040400)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
flistxattr(r2, 0x0, 0x0)

664.158089ms ago: executing program 1 (id=1690):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$inet6(0xa, 0x803, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x40}}, 0x0)
sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r1, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, 0x0, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
listen(r6, 0x6)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
accept(r5, 0x0, 0x0)

556.089311ms ago: executing program 5 (id=1691):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000000), 0xa, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000003c64be4d5272dd10eebc788be2850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002500)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb030000f1000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc52"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
r2 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x5, 0xc, &(0x7f0000000740)=ANY=[@ANYRES32=r4, @ANYRESHEX=r1, @ANYRES64=r0], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x0, 0x800000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r6}, 0x18)
unshare(0x42000600)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r7, 0x0, 0x61, &(0x7f0000000180)={'filter\x00', 0x4}, 0x68)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095", @ANYRESOCT=r8, @ANYRES16=r0, @ANYRES64=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x8, &(0x7f000001b500)=""/102393, &(0x7f0000000380)=0x18ff9)

555.577931ms ago: executing program 4 (id=1692):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x66, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60f4adf700082c00fe8000000000000000"], 0x0)

536.939541ms ago: executing program 4 (id=1693):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000280)}], 0x1)

510.550262ms ago: executing program 4 (id=1694):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000140)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x2, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0], <r1=>0x0, 0xa1, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x94, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
pipe(&(0x7f00000001c0))
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000640)={0x150, 0x1403, 0x2, 0x70bd29, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan1\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'team0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'batadv0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_batadv\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wlan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'tunl0\x00'}}]}, 0x150}, 0x1, 0x0, 0x0, 0x40000}, 0x48001)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)

386.585524ms ago: executing program 0 (id=1695):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$inet6(0xa, 0x803, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x40}}, 0x0)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r1, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, 0x0, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r5, 0x6)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

386.030124ms ago: executing program 4 (id=1696):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000300), 0x9, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r3=>0x0})
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000200)={&(0x7f0000000340)={0x1d, r3, 0x3f420f00}, 0x10, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r2, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0)

346.276614ms ago: executing program 4 (id=1697):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000001000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000e00000000000000000000000000200000000000000000"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x3c1, 0x3, 0x520, 0x0, 0x9403, 0x0, 0x340, 0x2c0, 0x450, 0x3d8, 0x3d8, 0x450, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@hashlimit3={{0x158}, {'syz_tun\x00', {0xffffffffffffffff, 0x7, 0xa, 0x0, 0x0, 0x1, 0x6}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580)

315.657115ms ago: executing program 4 (id=1698):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, @void, @value}, 0x94)
syz_io_uring_setup(0xd, &(0x7f00000000c0)={0x0, 0x2030, 0x2, 0x0, 0x19c}, &(0x7f0000000180), 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x600803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b000000000000000000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
close(r0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r3, 0x2000009)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r4, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1d7)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{}, 0x0, 0x0}, 0x20)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000540)=ANY=[], 0x53)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c8)
sendfile(r5, r5, 0x0, 0xfffe80)

114.014468ms ago: executing program 0 (id=1699):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x88}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000380)=ANY=[@ANYBLOB='+rdma'], 0x6)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000fcffffff000000010000000085000000bc0000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x4, 0x1000000, {0x0, 0x0, 0x12, 0x0, {0x0, 0x300}, {0x6, 0xffff}, {0x0, 0x4}}, [@TCA_RATE={0x6, 0x5, {0x5}}]}, 0x2c}, 0x1, 0x7a00, 0x0, 0x4000081}, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r7, 0xc0603d0f, &(0x7f0000000000)={0x7fffffff, 0xf})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getrusage(0x0, &(0x7f00000008c0))
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x185201, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001880)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r11, {0x0, 0x6}, {}, {0x7}}, [@TCA_RATE={0x6, 0x5, {0x93, 0x1}}]}, 0x2c}}, 0x0)

39.053579ms ago: executing program 0 (id=1700):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x9, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x4, [{0x7, 0x2}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x1, 0x401}}]}, {0x0, [0x0, 0x30, 0x0, 0x0, 0x2e, 0x0, 0x5f]}}, &(0x7f00000001c0)=""/2, 0x51, 0x2, 0x1, 0x0, 0x0, @void, @value}, 0x28)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x1c, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)

24.06823ms ago: executing program 2 (id=1701):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$inet6(0xa, 0x803, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x40}}, 0x0)
sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r1, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, 0x0, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
listen(r6, 0x6)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

0s ago: executing program 0 (id=1702):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000009f910000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x42)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))

kernel console output (not intermixed with test programs):

e [syz0] on syz1
[   82.934882][ T5962] loop3: detected capacity change from 0 to 2048
[   83.009391][ T5969] loop1: detected capacity change from 0 to 2048
[   83.020153][ T5967] loop0: detected capacity change from 0 to 164
[   83.030404][ T5967] ISOFS: unable to read i-node block
[   83.037004][ T5967] netlink: 'syz.0.857': attribute type 4 has an invalid length.
[   83.057477][ T5962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'.
[   83.083149][ T5969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.858'.
[   83.139539][   T29] kauditd_printk_skb: 585 callbacks suppressed
[   83.139571][   T29] audit: type=1326 audit(1742945685.103:4969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd22c3dbc1f code=0x7ffc0000
[   83.192703][   T29] audit: type=1326 audit(1742945685.153:4970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fd22c3dd1f7 code=0x7ffc0000
[   83.216889][ T5977] loop0: detected capacity change from 0 to 8192
[   83.218571][ T5980] loop1: detected capacity change from 0 to 2048
[   83.255545][   T29] audit: type=1326 audit(1742945685.183:4971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd22c3dbad0 code=0x7ffc0000
[   83.278997][   T29] audit: type=1326 audit(1742945685.183:4972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd22c3dcd6b code=0x7ffc0000
[   83.302273][   T29] audit: type=1326 audit(1742945685.183:4973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd22c3dbdca code=0x7ffc0000
[   83.325516][   T29] audit: type=1326 audit(1742945685.183:4974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd22c3dbdca code=0x7ffc0000
[   83.348708][   T29] audit: type=1326 audit(1742945685.183:4975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd22c3db9d7 code=0x7ffc0000
[   83.372248][   T29] audit: type=1326 audit(1742945685.183:4976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fd22c3de90a code=0x7ffc0000
[   83.395596][   T29] audit: type=1326 audit(1742945685.203:4977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd22c3dbad0 code=0x7ffc0000
[   83.419047][   T29] audit: type=1326 audit(1742945685.203:4978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5976 comm="syz.0.859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fd22c3dbeb7 code=0x7ffc0000
[   83.449968][ T5992] usb usb1: usbfs: process 5992 (syz.1.863) did not claim interface 0 before use
[   83.495628][ T5995] loop1: detected capacity change from 0 to 512
[   83.519387][ T5997] FAULT_INJECTION: forcing a failure.
[   83.519387][ T5997] name failslab, interval 1, probability 0, space 0, times 0
[   83.532150][ T5997] CPU: 1 UID: 0 PID: 5997 Comm: syz.3.867 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[   83.532183][ T5997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   83.532198][ T5997] Call Trace:
[   83.532205][ T5997]  <TASK>
[   83.532250][ T5997]  dump_stack_lvl+0xf6/0x150
[   83.532292][ T5997]  dump_stack+0x15/0x1a
[   83.532306][ T5997]  should_fail_ex+0x261/0x270
[   83.532331][ T5997]  should_failslab+0x8f/0xb0
[   83.532354][ T5997]  __kmalloc_node_track_caller_noprof+0xaa/0x410
[   83.532389][ T5997]  ? sidtab_sid2str_get+0xb8/0x140
[   83.532445][ T5997]  ? vsnprintf+0x84d/0x8a0
[   83.532489][ T5997]  kmemdup_noprof+0x2b/0x70
[   83.532530][ T5997]  sidtab_sid2str_get+0xb8/0x140
[   83.532559][ T5997]  security_sid_to_context_core+0x1eb/0x2f0
[   83.532648][ T5997]  security_sid_to_context+0x27/0x30
[   83.532668][ T5997]  selinux_lsmprop_to_secctx+0x6c/0xf0
[   83.532722][ T5997]  security_lsmprop_to_secctx+0x40/0x80
[   83.532831][ T5997]  audit_log_task_context+0x7a/0x180
[   83.532861][ T5997]  audit_log_task+0xfb/0x250
[   83.532895][ T5997]  audit_seccomp+0x68/0x130
[   83.532923][ T5997]  __seccomp_filter+0x694/0x10e0
[   83.532974][ T5997]  ? vfs_write+0x669/0x950
[   83.533022][ T5997]  __secure_computing+0x7e/0x160
[   83.533069][ T5997]  syscall_trace_enter+0xcf/0x1f0
[   83.533097][ T5997]  do_syscall_64+0xaa/0x1c0
[   83.533148][ T5997]  ? clear_bhb_loop+0x25/0x80
[   83.533221][ T5997]  ? clear_bhb_loop+0x25/0x80
[   83.533311][ T5997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.533331][ T5997] RIP: 0033:0x7f5735bdd169
[   83.533346][ T5997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.533448][ T5997] RSP: 002b:00007f5734247038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3
[   83.533472][ T5997] RAX: ffffffffffffffda RBX: 00007f5735df5fa0 RCX: 00007f5735bdd169
[   83.533487][ T5997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   83.533509][ T5997] RBP: 00007f5734247090 R08: 0000000000000000 R09: 0000000000000000
[   83.533524][ T5997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   83.533538][ T5997] R13: 0000000000000000 R14: 00007f5735df5fa0 R15: 00007ffda4254288
[   83.533560][ T5997]  </TASK>
[   83.539182][ T5995] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   83.575897][ T5999] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   83.598639][ T5995] EXT4-fs (loop1): 1 truncate cleaned up
[   83.619707][ T6002] loop3: detected capacity change from 0 to 1024
[   83.681505][ T6006] netlink: 12 bytes leftover after parsing attributes in process `syz.4.869'.
[   83.783317][ T6004] loop2: detected capacity change from 0 to 2048
[   83.792242][ T6002] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   83.822411][ T6002] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   83.842460][ T6002] JBD2: no valid journal superblock found
[   83.848269][ T6002] EXT4-fs (loop3): Could not load journal inode
[   83.870736][ T6011] smc: net device bond0 applied user defined pnetid SYZ0
[   83.889323][ T6011] smc: net device bond0 erased user defined pnetid SYZ0
[   83.896774][ T6014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.870'.
[   83.970968][ T6016] loop1: detected capacity change from 0 to 164
[   84.007029][ T6016] ISOFS: unable to read i-node block
[   84.101129][ T6024] loop2: detected capacity change from 0 to 512
[   84.112341][ T6026] loop0: detected capacity change from 0 to 164
[   84.156512][ T6024] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   84.170438][ T6026] ISOFS: unable to read i-node block
[   84.198959][ T6024] EXT4-fs (loop2): 1 truncate cleaned up
[   84.467622][ T6037] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   84.547476][ T6039] loop1: detected capacity change from 0 to 512
[   84.564819][ T6039] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   84.584140][ T6039] EXT4-fs (loop1): 1 truncate cleaned up
[   84.727397][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.734912][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.742366][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.749882][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.757333][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.761299][ T6042] loop4: detected capacity change from 0 to 1024
[   84.764735][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.778681][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.786118][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.793513][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.800936][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.808347][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.814061][ T6042] EXT4-fs: Mount option(s) incompatible with ext2
[   84.815815][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.829820][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.837262][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.844820][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.846686][ T6047] smc: net device bond0 applied user defined pnetid SYZ0
[   84.852378][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.861558][ T6047] smc: net device bond0 erased user defined pnetid SYZ0
[   84.866723][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.866759][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.888517][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.895928][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.903403][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.910860][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   84.924156][   T36] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[   84.992466][ T6051] netlink: 16 bytes leftover after parsing attributes in process `syz.0.885'.
[   85.051390][ T6055] loop4: detected capacity change from 0 to 164
[   85.120518][ T6055] ISOFS: unable to read i-node block
[   85.136516][ T6055] netlink: 'syz.4.887': attribute type 4 has an invalid length.
[   85.147512][ T6063] loop3: detected capacity change from 0 to 2048
[   85.252588][ T6077] loop0: detected capacity change from 0 to 2048
[   85.265788][ T6081] loop3: detected capacity change from 0 to 2048
[   85.271912][ T6077] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   85.301300][ T6083] loop1: detected capacity change from 0 to 512
[   85.310614][ T6083] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   85.324216][ T6088] smc: net device bond0 applied user defined pnetid SYZ0
[   85.331041][ T6077] ext4 filesystem being mounted at /155/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.332139][ T6088] smc: net device bond0 erased user defined pnetid SYZ0
[   85.343192][ T6083] EXT4-fs (loop1): 1 truncate cleaned up
[   85.438412][ T6092] netlink: 16 bytes leftover after parsing attributes in process `kfree'.
[   85.551180][ T6109] smc: net device bond0 applied user defined pnetid SYZ0
[   85.558662][ T6109] smc: net device bond0 erased user defined pnetid SYZ0
[   85.591882][ T6110] loop1: detected capacity change from 0 to 1024
[   85.599760][ T6110] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   85.610758][ T6110] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   85.620951][ T6110] JBD2: no valid journal superblock found
[   85.626813][ T6110] EXT4-fs (loop1): Could not load journal inode
[   85.915857][ T6125] usb usb8: usbfs: process 6125 (syz.4.915) did not claim interface 0 before use
[   85.956374][ T6127] loop4: detected capacity change from 0 to 2048
[   85.991705][ T6127] netlink: 4 bytes leftover after parsing attributes in process `syz.4.916'.
[   86.046302][ T6135] smc: net device bond0 applied user defined pnetid SYZ0
[   86.053723][ T6135] smc: net device bond0 erased user defined pnetid SYZ0
[   86.123402][ T6139] syzkaller0: entered promiscuous mode
[   86.128989][ T6139] syzkaller0: entered allmulticast mode
[   86.138937][ T6139] 9pnet_fd: Insufficient options for proto=fd
[   86.269325][ T6150] loop2: detected capacity change from 0 to 2048
[   86.276470][ T6150] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   86.296970][ T6150] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.358548][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.366150][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.373583][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.381110][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.383549][ T6156] loop2: detected capacity change from 0 to 1024
[   86.388597][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388626][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388689][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388716][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388817][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388838][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388864][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388885][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388925][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388952][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.388977][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.389000][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.389023][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.389060][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.389091][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.389114][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.389140][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.389163][ T1115] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   86.398702][ T1115] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[   86.470065][ T6156] EXT4-fs: Mount option(s) incompatible with ext2
[   86.516502][ T6161] loop4: detected capacity change from 0 to 164
[   86.561835][ T6163] netlink: 12 bytes leftover after parsing attributes in process `syz.1.930'.
[   86.603649][ T6166] loop3: detected capacity change from 0 to 512
[   86.612478][ T6161] ISOFS: unable to read i-node block
[   86.624170][ T6166] EXT4-fs: Ignoring removed nomblk_io_submit option
[   86.633065][ T6166] EXT4-fs: Ignoring removed mblk_io_submit option
[   86.640380][ T6168] bond1: entered promiscuous mode
[   86.645477][ T6168] bond1: entered allmulticast mode
[   86.650789][ T6168] 8021q: adding VLAN 0 to HW filter on device bond1
[   86.671294][ T6174] loop4: detected capacity change from 0 to 164
[   86.680705][ T6166] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   86.685279][ T6168] bond1 (unregistering): Released all slaves
[   86.699595][ T6166] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[   86.717632][ T6166] EXT4-fs (loop3): 1 truncate cleaned up
[   86.726570][ T6166] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   86.740356][ T6174] ISOFS: unable to read i-node block
[   86.851846][ T6191] 9pnet_fd: Insufficient options for proto=fd
[   86.903765][ T6201] smc: net device bond0 applied user defined pnetid SYZ0
[   86.923456][ T6201] smc: net device bond0 erased user defined pnetid SYZ0
[   86.998424][ T6208] loop3: detected capacity change from 0 to 2048
[   87.011710][ T6210] bond1: entered promiscuous mode
[   87.017535][ T6210] bond1: entered allmulticast mode
[   87.029241][ T6210] 8021q: adding VLAN 0 to HW filter on device bond1
[   87.051326][ T6210] bond1 (unregistering): Released all slaves
[   87.077738][ T6214] loop3: detected capacity change from 0 to 2048
[   87.139346][ T6218] syz.1.951: attempt to access beyond end of device
[   87.139346][ T6218] loop1: rw=0, sector=64, nr_sectors = 2 limit=0
[   87.152579][ T6218] isofs_fill_super: bread failed, dev=loop1, iso_blknum=16, block=32
[   87.172812][ T6218] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[   87.179427][ T6218] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   87.186997][ T6218] vhci_hcd vhci_hcd.0: Device attached
[   87.193895][ T6222] syzkaller0: entered promiscuous mode
[   87.200255][ T6222] syzkaller0: entered allmulticast mode
[   87.201506][ T6223] vhci_hcd: connection closed
[   87.206884][  T295] vhci_hcd: stop threads
[   87.215859][  T295] vhci_hcd: release socket
[   87.219188][ T6222] 9pnet_fd: Insufficient options for proto=fd
[   87.220286][  T295] vhci_hcd: disconnect device
[   87.231728][ T6226] loop3: detected capacity change from 0 to 164
[   87.240690][ T6226] ISOFS: unable to read i-node block
[   87.249883][ T6226] netlink: 'syz.3.954': attribute type 4 has an invalid length.
[   87.293356][ T6228] usb usb1: usbfs: process 6228 (syz.2.955) did not claim interface 0 before use
[   87.338731][ T6232] loop2: detected capacity change from 0 to 512
[   87.346253][ T6232] EXT4-fs: Ignoring removed nomblk_io_submit option
[   87.353067][ T6232] EXT4-fs: Ignoring removed mblk_io_submit option
[   87.362126][ T6232] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[   87.370287][ T6232] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[   87.379539][ T6232] EXT4-fs (loop2): 1 truncate cleaned up
[   87.393507][ T6232] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   87.511628][ T6237] loop2: detected capacity change from 0 to 2048
[   87.541704][ T6239] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   87.589859][ T6241] loop2: detected capacity change from 0 to 2048
[   87.623307][ T6243] bond1: entered promiscuous mode
[   87.628419][ T6243] bond1: entered allmulticast mode
[   87.633849][ T6243] 8021q: adding VLAN 0 to HW filter on device bond1
[   87.644804][ T6243] bond1 (unregistering): Released all slaves
[   87.723756][ T6250] FAULT_INJECTION: forcing a failure.
[   87.723756][ T6250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.737629][ T6250] CPU: 0 UID: 0 PID: 6250 Comm: syz.2.965 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[   87.737696][ T6250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   87.737708][ T6250] Call Trace:
[   87.737713][ T6250]  <TASK>
[   87.737719][ T6250]  dump_stack_lvl+0xf6/0x150
[   87.737760][ T6250]  dump_stack+0x15/0x1a
[   87.737779][ T6250]  should_fail_ex+0x261/0x270
[   87.737806][ T6250]  should_fail+0xb/0x10
[   87.737824][ T6250]  should_fail_usercopy+0x1a/0x20
[   87.737850][ T6250]  _copy_from_user+0x1c/0xa0
[   87.737960][ T6250]  ucma_write+0xdc/0x250
[   87.737985][ T6250]  ? __pfx_ucma_write+0x10/0x10
[   87.738104][ T6250]  vfs_write+0x295/0x950
[   87.738133][ T6250]  ? putname+0xe1/0x100
[   87.738170][ T6250]  ? __fget_files+0x186/0x1c0
[   87.738192][ T6250]  ksys_write+0xeb/0x1b0
[   87.738222][ T6250]  __x64_sys_write+0x42/0x50
[   87.738305][ T6250]  x64_sys_call+0x2a45/0x2e10
[   87.738329][ T6250]  do_syscall_64+0xc9/0x1c0
[   87.738353][ T6250]  ? clear_bhb_loop+0x25/0x80
[   87.738372][ T6250]  ? clear_bhb_loop+0x25/0x80
[   87.738407][ T6250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.738432][ T6250] RIP: 0033:0x7ff51d29d169
[   87.738472][ T6250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.738494][ T6250] RSP: 002b:00007ff51b907038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   87.738516][ T6250] RAX: ffffffffffffffda RBX: 00007ff51d4b5fa0 RCX: 00007ff51d29d169
[   87.738535][ T6250] RDX: 0000000000000018 RSI: 00002000000000c0 RDI: 0000000000000003
[   87.738549][ T6250] RBP: 00007ff51b907090 R08: 0000000000000000 R09: 0000000000000000
[   87.738596][ T6250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.738607][ T6250] R13: 0000000000000000 R14: 00007ff51d4b5fa0 R15: 00007ffcbbcd7038
[   87.738624][ T6250]  </TASK>
[   87.942581][ T6256] netlink: 12 bytes leftover after parsing attributes in process `syz.4.967'.
[   87.975263][ T6254] syzkaller0: entered promiscuous mode
[   87.980816][ T6254] syzkaller0: entered allmulticast mode
[   87.993232][ T6254] 9pnet_fd: Insufficient options for proto=fd
[   88.035863][ T6266] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[   88.091189][ T6268] loop4: detected capacity change from 0 to 2048
[   88.161584][ T6276] bond1: entered promiscuous mode
[   88.167535][ T6276] bond1: entered allmulticast mode
[   88.173053][ T6276] 8021q: adding VLAN 0 to HW filter on device bond1
[   88.184844][ T6276] bond1 (unregistering): Released all slaves
[   88.195932][ T6281] smc: net device bond0 applied user defined pnetid SYZ0
[   88.208882][ T6281] smc: net device bond0 erased user defined pnetid SYZ0
[   88.253263][   T29] kauditd_printk_skb: 963 callbacks suppressed
[   88.253281][   T29] audit: type=1326 audit(1742945690.213:5941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.289435][   T29] audit: type=1326 audit(1742945690.243:5942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.312836][   T29] audit: type=1326 audit(1742945690.243:5943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.336161][   T29] audit: type=1326 audit(1742945690.243:5944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.359531][   T29] audit: type=1326 audit(1742945690.243:5945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.382952][   T29] audit: type=1326 audit(1742945690.243:5946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.407456][   T29] audit: type=1326 audit(1742945690.263:5947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.430816][   T29] audit: type=1326 audit(1742945690.303:5948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f014886d1a3 code=0x7ffc0000
[   88.454017][   T29] audit: type=1326 audit(1742945690.303:5949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f014886d1a3 code=0x7ffc0000
[   88.477309][   T29] audit: type=1326 audit(1742945690.303:5950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6286 comm="syz.4.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[   88.540465][ T6295] syzkaller0: entered promiscuous mode
[   88.546026][ T6295] syzkaller0: entered allmulticast mode
[   88.556830][ T6295] 9pnet_fd: Insufficient options for proto=fd
[   88.611750][ T6304] loop2: detected capacity change from 0 to 512
[   88.622673][ T6304] EXT4-fs: Ignoring removed nomblk_io_submit option
[   88.632145][ T6304] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.641371][ T6304] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[   88.671424][ T6302] loop1: detected capacity change from 0 to 2048
[   88.674226][ T6304] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[   88.699710][ T6304] EXT4-fs (loop2): 1 truncate cleaned up
[   88.726657][ T6304] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   88.787172][ T6324] loop4: detected capacity change from 0 to 2048
[   88.826523][ T6322] ------------[ cut here ]------------
[   88.832210][ T6322] WARNING: CPU: 0 PID: 6322 at mm/page_alloc.c:4716 __alloc_frozen_pages_noprof+0x71/0x340
[   88.834480][ T6328] loop1: detected capacity change from 0 to 164
[   88.842412][ T6322] Modules linked in:
[   88.852624][ T6322] CPU: 0 UID: 0 PID: 6322 Comm: syz.0.996 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[   88.865405][ T6322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   88.872904][ T6328] ISOFS: unable to read i-node block
[   88.875514][ T6322] RIP: 0010:__alloc_frozen_pages_noprof+0x71/0x340
[   88.887334][ T6322] Code: 00 20 00 00 75 0f 41 83 fd 0b 72 09 f6 05 47 6d 50 05 01 74 0d 41 83 fd 0a 76 18 31 ed e9 85 01 00 00 c6 05 31 6d 50 05 01 90 <0f> 0b 90 41 83 fd 0a 77 e8 23 1d f0 63 54 05 65 4c 8b 24 25 08 50
[   88.907802][ T6322] RSP: 0018:ffffc9001166ba10 EFLAGS: 00010246
[   88.914022][ T6322] RAX: 63a4e1f62cafe600 RBX: 0000000000040dc0 RCX: ffffffff88db5020
[   88.914063][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.4.995'.
[   88.922066][ T6322] RDX: 0000000000000000 RSI: 0000000000000016 RDI: 0000000000040dc0
[   88.922085][ T6322] RBP: 0000000000040dc0 R08: ffffffff81ce423e R09: 0000000000000000
[   88.922100][ T6322] R10: ffff888116d8ae08 R11: 0001888116d8ae18 R12: ffffffff88db5020
[   88.922114][ T6322] R13: 0000000000000016 R14: 0000000000000000 R15: 0000000000000000
[   88.922182][ T6322] FS:  00007fd22aa476c0(0000) GS:ffff8882aee5f000(0000) knlGS:0000000000000000
[   88.922198][ T6322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.922211][ T6322] CR2: 0000200000001040 CR3: 0000000128046000 CR4: 00000000003506f0
[   88.922229][ T6322] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   88.996553][ T6322] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   89.004538][ T6322] Call Trace:
[   89.007889][ T6322]  <TASK>
[   89.010827][ T6322]  ? __warn+0x141/0x350
[   89.015038][ T6322]  ? report_bug+0x318/0x420
[   89.019619][ T6322]  ? __alloc_frozen_pages_noprof+0x71/0x340
[   89.026329][ T6322]  ? __alloc_frozen_pages_noprof+0x71/0x340
[   89.032315][ T6322]  ? __alloc_frozen_pages_noprof+0x73/0x340
[   89.038446][ T6322]  ? handle_bug+0x89/0x170
[   89.042900][ T6322]  ? exc_invalid_op+0x1a/0x50
[   89.047869][ T6322]  ? asm_exc_invalid_op+0x1a/0x20
[   89.052932][ T6322]  ? hashtab_init+0x4e/0xf0
[   89.058220][ T6322]  ? __alloc_frozen_pages_noprof+0x71/0x340
[   89.064170][ T6322]  ? should_fail_ex+0x31/0x270
[   89.069028][ T6322]  __alloc_pages_noprof+0x9/0x20
[   89.074002][ T6322]  ___kmalloc_large_node+0x83/0x130
[   89.079270][ T6322]  __kmalloc_large_node_noprof+0x17/0xa0
[   89.084982][ T6322]  __kmalloc_noprof+0x2bb/0x410
[   89.090576][ T6322]  ? hashtab_init+0x82/0xf0
[   89.095085][ T6322]  hashtab_init+0x82/0xf0
[   89.099488][ T6322]  symtab_init+0x2a/0x40
[   89.103746][ T6322]  common_read+0x10f/0x2f0
[   89.108301][ T6322]  ? __pfx_common_read+0x10/0x10
[   89.113258][ T6322]  policydb_read+0x64d/0x1350
[   89.118627][ T6322]  security_load_policy+0xc1/0x8d0
[   89.123808][ T6322]  ? _raw_spin_unlock+0x26/0x50
[   89.128767][ T6322]  ? find_vmap_area+0x1ae/0x1c0
[   89.133688][ T6322]  ? should_fail_ex+0x31/0x270
[   89.138524][ T6322]  sel_write_load+0x1f7/0x3c0
[   89.143234][ T6322]  ? __pfx_sel_write_load+0x10/0x10
[   89.149093][ T6322]  vfs_write+0x295/0x950
[   89.153430][ T6322]  ? __fget_files+0x186/0x1c0
[   89.158160][ T6322]  ksys_write+0xeb/0x1b0
[   89.162433][ T6322]  __x64_sys_write+0x42/0x50
[   89.167139][ T6322]  x64_sys_call+0x2a45/0x2e10
[   89.171849][ T6322]  do_syscall_64+0xc9/0x1c0
[   89.177001][ T6322]  ? clear_bhb_loop+0x25/0x80
[   89.181722][ T6322]  ? clear_bhb_loop+0x25/0x80
[   89.186497][ T6322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.192423][ T6322] RIP: 0033:0x7fd22c3dd169
[   89.196873][ T6322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.217270][ T6322] RSP: 002b:00007fd22aa47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   89.225717][ T6322] RAX: ffffffffffffffda RBX: 00007fd22c5f5fa0 RCX: 00007fd22c3dd169
[   89.233702][ T6322] RDX: 0000000000002000 RSI: 0000200000000000 RDI: 0000000000000003
[   89.241725][ T6322] RBP: 00007fd22c45e2a0 R08: 0000000000000000 R09: 0000000000000000
[   89.250316][ T6322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.258326][ T6322] R13: 0000000000000000 R14: 00007fd22c5f5fa0 R15: 00007ffff4c84eb8
[   89.266422][ T6322]  </TASK>
[   89.269434][ T6322] ---[ end trace 0000000000000000 ]---
[   89.275121][ T6322] SELinux: failed to load policy
[   89.338857][ T6339] syzkaller0: entered promiscuous mode
[   89.344423][ T6339] syzkaller0: entered allmulticast mode
[   89.356101][ T6339] 9pnet_fd: Insufficient options for proto=fd
[   89.424553][ T6349] loop4: detected capacity change from 0 to 2048
[   89.436365][ T6353] loop2: detected capacity change from 0 to 164
[   89.487159][ T6357] smc: net device bond0 applied user defined pnetid SYZ0
[   89.496791][ T6357] smc: net device bond0 erased user defined pnetid SYZ0
[   89.539716][ T6359] usb usb1: usbfs: process 6359 (syz.4.1010) did not claim interface 0 before use
[   89.624471][ T6368] loop4: detected capacity change from 0 to 512
[   89.632451][ T6368] EXT4-fs: Ignoring removed nomblk_io_submit option
[   89.640757][ T6368] EXT4-fs: Ignoring removed mblk_io_submit option
[   89.651282][ T6368] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[   89.659961][ T6368] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2
[   89.669311][ T6368] EXT4-fs (loop4): 1 truncate cleaned up
[   89.684964][ T6368] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   89.703818][ T6371] loop1: detected capacity change from 0 to 512
[   89.715631][ T6371] EXT4-fs: Ignoring removed nomblk_io_submit option
[   89.722962][ T6371] EXT4-fs: Ignoring removed mblk_io_submit option
[   89.732100][ T6371] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   89.741606][ T6371] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[   89.756600][ T6371] EXT4-fs (loop1): 1 truncate cleaned up
[   89.801144][ T6371] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   89.863740][ T6387] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1020'.
[   89.901214][ T6391] usb usb1: usbfs: process 6391 (syz.4.1022) did not claim interface 0 before use
[   89.947213][ T6397] loop1: detected capacity change from 0 to 512
[   89.964906][ T6397] EXT4-fs: Ignoring removed nomblk_io_submit option
[   89.967905][ T6399] loop4: detected capacity change from 0 to 164
[   89.971741][ T6397] EXT4-fs: Ignoring removed mblk_io_submit option
[   90.000300][ T6397] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   90.000644][ T6401] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   90.010220][ T6397] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[   90.041945][ T6397] EXT4-fs (loop1): 1 truncate cleaned up
[   90.069878][ T6397] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   90.164358][ T6414] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1030'.
[   90.174702][ T6415] loop4: detected capacity change from 0 to 1024
[   90.184140][ T6415] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   90.195177][ T6415] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   90.209159][ T6415] JBD2: no valid journal superblock found
[   90.215012][ T6415] EXT4-fs (loop4): Could not load journal inode
[   90.234953][ T6420] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1034'.
[   90.263368][ T6422] loop1: detected capacity change from 0 to 512
[   90.270527][ T6422] EXT4-fs: Ignoring removed nomblk_io_submit option
[   90.277568][ T6422] EXT4-fs: Ignoring removed mblk_io_submit option
[   90.287641][ T6422] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   90.296425][ T6422] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[   90.309385][ T6422] EXT4-fs (loop1): 1 truncate cleaned up
[   90.331316][ T6427] smc: net device bond0 applied user defined pnetid SYZ0
[   90.338784][ T6427] smc: net device bond0 erased user defined pnetid SYZ0
[   90.398483][ T6422] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   90.593733][ T6443] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'.
[   90.975635][ T6463] smc: net device bond0 applied user defined pnetid SYZ0
[   90.983026][ T6463] smc: net device bond0 erased user defined pnetid SYZ0
[   91.407600][ T6472] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   91.422919][ T6473] loop1: detected capacity change from 0 to 2048
[   91.480719][ T6473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1054'.
[   91.516284][ T6482] bridge0: entered promiscuous mode
[   91.523149][ T6482] bridge0: port 4(macsec1) entered blocking state
[   91.530329][ T6482] bridge0: port 4(macsec1) entered disabled state
[   91.597700][ T6482] macsec1: entered allmulticast mode
[   91.603052][ T6482] bridge0: entered allmulticast mode
[   91.618516][ T6482] macsec1: left allmulticast mode
[   91.623598][ T6482] bridge0: left allmulticast mode
[   91.630973][ T6482] bridge0: left promiscuous mode
[   91.774320][ T6489] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   91.844235][ T6482] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1057'.
[   92.024538][ T6499] loop1: detected capacity change from 0 to 8192
[   92.454896][ T6519] loop2: detected capacity change from 0 to 2048
[   92.503033][ T6519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1068'.
[   92.514781][ T6521] loop4: detected capacity change from 0 to 8192
[   93.360820][   T29] kauditd_printk_skb: 772 callbacks suppressed
[   93.360837][   T29] audit: type=1326 audit(2000000004.820:6723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="syz.3.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.391267][   T29] audit: type=1326 audit(2000000004.820:6724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="syz.3.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.416587][   T29] audit: type=1326 audit(2000000004.870:6725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="syz.3.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.440090][   T29] audit: type=1326 audit(2000000004.870:6726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.463874][   T29] audit: type=1326 audit(2000000004.870:6727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.513600][ T6548] loop1: detected capacity change from 0 to 2048
[   93.557083][   T29] audit: type=1326 audit(2000000004.920:6728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.580841][   T29] audit: type=1326 audit(2000000004.920:6729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.591010][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.603851][   T29] audit: type=1326 audit(2000000004.920:6730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   93.611218][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611242][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611264][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611288][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611311][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611359][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611385][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611410][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611432][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611458][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611560][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611587][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611611][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611638][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611663][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611690][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611716][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611766][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611792][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611814][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.611840][ T1115] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[   93.643134][ T6553] loop2: detected capacity change from 0 to 1024
[   93.650556][   T29] audit: type=1326 audit(2000000005.000:6731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5735bdbad0 code=0x7ffc0000
[   93.668515][ T1115] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[   93.673528][   T29] audit: type=1326 audit(2000000005.000:6732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6544 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f5735bde997 code=0x7ffc0000
[   93.682653][ T6553] EXT4-fs: Mount option(s) incompatible with ext2
[   93.860073][ T6560] netlink: 'syz.0.1084': attribute type 4 has an invalid length.
[   93.883349][ T6546] loop3: detected capacity change from 0 to 1024
[   93.928600][ T6546] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   93.939665][ T6546] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   93.977804][ T6546] JBD2: no valid journal superblock found
[   93.983570][ T6546] EXT4-fs (loop3): Could not load journal inode
[   94.190354][ T6574] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[   94.229582][ T6576] smc: net device bond0 applied user defined pnetid SYZ0
[   94.236892][ T6576] smc: net device bond0 erased user defined pnetid SYZ0
[   94.399317][ T6585] loop3: detected capacity change from 0 to 512
[   94.408953][ T6585] EXT4-fs: Ignoring removed nomblk_io_submit option
[   94.415922][ T6585] EXT4-fs: Ignoring removed mblk_io_submit option
[   94.437285][ T6585] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   94.445469][ T6585] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[   94.454102][ T6585] EXT4-fs (loop3): 1 truncate cleaned up
[   94.477820][ T6585] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   94.560092][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.567601][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.574998][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.583176][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.590607][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.598038][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.606118][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.613516][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.621081][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.628580][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.636682][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.644088][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.651598][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.659024][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.667099][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.674568][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.682020][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.689449][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.697583][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.705016][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.712458][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.719920][ T3377] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   94.735257][ T3377] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[   94.836713][ T6602] loop3: detected capacity change from 0 to 164
[   94.857922][ T6605] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[   94.886567][ T6602] ISOFS: unable to read i-node block
[   94.925162][ T6613] bond1: entered promiscuous mode
[   94.930236][ T6613] bond1: entered allmulticast mode
[   94.937129][ T6618] loop2: detected capacity change from 0 to 2048
[   94.947522][ T6613] 8021q: adding VLAN 0 to HW filter on device bond1
[   94.970479][ T6613] bond1 (unregistering): Released all slaves
[   95.020435][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.028030][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.035582][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.042989][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.050585][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.058154][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.065599][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.072997][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.080552][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.080696][ T6618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1107'.
[   95.087958][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.087985][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088053][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088079][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088103][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088123][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088148][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088172][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088196][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088271][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088292][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088317][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.088383][   T36] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[   95.089017][   T36] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[   95.128600][ T6620] loop1: detected capacity change from 0 to 8192
[   95.217614][ T6634] loop3: detected capacity change from 0 to 164
[   95.236942][ T6634] ISOFS: unable to read i-node block
[   95.385000][ T6649] bond1: entered promiscuous mode
[   95.390208][ T6649] bond1: entered allmulticast mode
[   95.395863][ T6649] 8021q: adding VLAN 0 to HW filter on device bond1
[   95.414109][ T6649] bond1 (unregistering): Released all slaves
[   95.712393][ T6660] loop3: detected capacity change from 0 to 2048
[   95.728857][ T6662] loop4: detected capacity change from 0 to 164
[   95.769420][ T6662] ISOFS: unable to read i-node block
[   95.818255][ T6660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1125'.
[   95.835059][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.842584][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.850140][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.857597][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.865012][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.872526][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.879499][ T6673] loop4: detected capacity change from 0 to 512
[   95.879947][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.893863][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.901332][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.909096][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.916618][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.924208][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.931776][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.939365][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.940991][ T6673] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   95.946786][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.964682][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.966353][ T6673] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   95.972138][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   95.993961][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   96.001430][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   96.008865][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   96.016337][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   96.023743][ T1115] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[   96.070848][ T1115] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[   96.093927][ T6683] usb usb1: usbfs: process 6683 (syz.0.1131) did not claim interface 0 before use
[   96.231525][ T6689] netlink: 16 bytes leftover after parsing attributes in process `kfree'.
[   96.326067][ T6701] loop3: detected capacity change from 0 to 2048
[   96.383884][ T6703] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1139'.
[   96.479074][ T6711] loop3: detected capacity change from 0 to 1024
[   96.496132][ T6711] EXT4-fs: Mount option(s) incompatible with ext2
[   96.566556][ T6715] loop3: detected capacity change from 0 to 512
[   96.573085][ T6715] EXT4-fs: Ignoring removed nomblk_io_submit option
[   96.580711][ T6715] EXT4-fs: Ignoring removed mblk_io_submit option
[   96.588719][ T6715] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   96.597448][ T6715] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[   96.606091][ T6715] EXT4-fs (loop3): 1 truncate cleaned up
[   96.622967][ T6715] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   96.995434][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1146'.
[   97.026536][ T6726] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1147'.
[   97.110252][ T6731] loop4: detected capacity change from 0 to 164
[   97.121837][ T6733] loop2: detected capacity change from 0 to 512
[   97.134421][ T6731] ISOFS: unable to read i-node block
[   97.152420][ T6733] EXT4-fs (loop2): 1 orphan inode deleted
[   97.160331][ T6733] EXT4-fs mount: 57 callbacks suppressed
[   97.160347][ T6733] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.179992][   T51] EXT4-fs error (device loop2): ext4_release_dquot:6950: comm kworker/u8:3: Failed to release dquot type 1
[   97.195078][ T6733] ext4 filesystem being mounted at /245/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.224265][ T6745] loop1: detected capacity change from 0 to 2048
[   97.235646][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.266576][ T6747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1154'.
[   97.267647][ T6745] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.289395][ T6742] loop4: detected capacity change from 0 to 8192
[   97.363850][ T6754] netlink: 16 bytes leftover after parsing attributes in process `kfree'.
[   97.372610][ T6745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1153'.
[   97.444896][ T6762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1156'.
[   97.456360][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.526380][ T6763] loop2: detected capacity change from 0 to 8192
[   97.669181][ T6768] loop1: detected capacity change from 0 to 1024
[   97.681629][ T6768] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   97.692592][ T6768] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   97.711515][ T6768] JBD2: no valid journal superblock found
[   97.717327][ T6768] EXT4-fs (loop1): Could not load journal inode
[   97.828364][ T6775] netlink: 'syz.3.1161': attribute type 2 has an invalid length.
[   97.860378][ T6777] loop1: detected capacity change from 0 to 1024
[   97.871034][ T6777] EXT4-fs: Mount option(s) incompatible with ext2
[   97.988069][ T6786] usb usb1: usbfs: process 6786 (syz.3.1165) did not claim interface 0 before use
[   98.021958][ T6788] FAULT_INJECTION: forcing a failure.
[   98.021958][ T6788] name fail_futex, interval 1, probability 0, space 0, times 1
[   98.035633][ T6788] CPU: 0 UID: 0 PID: 6788 Comm: syz.3.1166 Tainted: G        W          6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[   98.035670][ T6788] Tainted: [W]=WARN
[   98.035678][ T6788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   98.035693][ T6788] Call Trace:
[   98.035699][ T6788]  <TASK>
[   98.035708][ T6788]  dump_stack_lvl+0xf6/0x150
[   98.035730][ T6788]  dump_stack+0x15/0x1a
[   98.035747][ T6788]  should_fail_ex+0x261/0x270
[   98.035775][ T6788]  should_fail+0xb/0x10
[   98.035819][ T6788]  get_futex_key+0x10d/0x750
[   98.035853][ T6788]  futex_wake_op+0xa8/0xa50
[   98.035871][ T6788]  ? kstrtouint_from_user+0xbf/0x100
[   98.035963][ T6788]  ? 0xffffffff81000000
[   98.035978][ T6788]  ? __rcu_read_unlock+0x4e/0x70
[   98.036030][ T6788]  do_futex+0x32f/0x370
[   98.036110][ T6788]  __se_sys_futex+0x23f/0x370
[   98.036142][ T6788]  __x64_sys_futex+0x78/0x90
[   98.036225][ T6788]  x64_sys_call+0x126a/0x2e10
[   98.036337][ T6788]  do_syscall_64+0xc9/0x1c0
[   98.036369][ T6788]  ? clear_bhb_loop+0x25/0x80
[   98.036396][ T6788]  ? clear_bhb_loop+0x25/0x80
[   98.036423][ T6788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.036473][ T6788] RIP: 0033:0x7f5735bdd169
[   98.036489][ T6788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.036511][ T6788] RSP: 002b:00007f5734247038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   98.036528][ T6788] RAX: ffffffffffffffda RBX: 00007f5735df5fa0 RCX: 00007f5735bdd169
[   98.036550][ T6788] RDX: 0000000000000000 RSI: 0000000000000085 RDI: 0000000000000000
[   98.036562][ T6788] RBP: 00007f5734247090 R08: 0000000000000000 R09: 00000000c5fffffd
[   98.036573][ T6788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.036588][ T6788] R13: 0000000000000000 R14: 00007f5735df5fa0 R15: 00007ffda4254288
[   98.036612][ T6788]  </TASK>
[   98.297127][ T6790] loop3: detected capacity change from 0 to 2048
[   98.307482][ T6783] loop1: detected capacity change from 0 to 8192
[   98.353482][ T6790] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.372933][   T29] kauditd_printk_skb: 690 callbacks suppressed
[   98.372947][   T29] audit: type=1326 audit(2000000009.830:7422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6782 comm="syz.1.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[   98.414468][ T6796] bond1: entered promiscuous mode
[   98.419624][ T6796] bond1: entered allmulticast mode
[   98.424976][   T29] audit: type=1326 audit(2000000009.860:7423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6782 comm="syz.1.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[   98.449095][   T29] audit: type=1326 audit(2000000009.860:7424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6782 comm="syz.1.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[   98.472721][ T6796] 8021q: adding VLAN 0 to HW filter on device bond1
[   98.480546][   T29] audit: type=1326 audit(2000000009.940:7425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6782 comm="syz.1.1164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[   98.514595][ T6796] bond1 (unregistering): Released all slaves
[   98.543068][ T6802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.588822][ T6802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.589163][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.619307][ T6808] loop4: detected capacity change from 0 to 164
[   98.634182][ T6808] ISOFS: unable to read i-node block
[   98.641338][ T6808] netlink: 'syz.4.1174': attribute type 4 has an invalid length.
[   98.753997][   T29] audit: type=1326 audit(2000000010.210:7426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff51d29d169 code=0x7ffc0000
[   98.795339][   T29] audit: type=1326 audit(2000000010.210:7427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff51d29d169 code=0x7ffc0000
[   98.819475][   T29] audit: type=1326 audit(2000000010.210:7428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6817 comm="syz.3.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5735bdd169 code=0x7ffc0000
[   98.842971][   T29] audit: type=1326 audit(2000000010.210:7429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff51d29d169 code=0x7ffc0000
[   98.867131][   T29] audit: type=1326 audit(2000000010.210:7430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff51d29d169 code=0x7ffc0000
[   98.891129][   T29] audit: type=1326 audit(2000000010.210:7431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff51d29d169 code=0x7ffc0000
[   98.926594][ T6818] loop3: detected capacity change from 0 to 8192
[   99.170109][ T6831] loop2: detected capacity change from 0 to 2048
[   99.199336][ T6835] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   99.210139][ T6831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.313029][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.496132][ T6849] loop4: detected capacity change from 0 to 2048
[   99.527676][ T6849] EXT4-fs: Ignoring removed oldalloc option
[   99.576895][ T6849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.702635][ T6859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.741822][ T6859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.757566][ T6863] loop2: detected capacity change from 0 to 2048
[   99.784338][ T6859] @: renamed from macsec0 (while UP)
[   99.787084][ T6863] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.859792][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.921780][ T6873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.954170][ T6873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.968220][ T6885] loop2: detected capacity change from 0 to 164
[   99.999476][ T6885] ISOFS: unable to read i-node block
[  100.011484][ T6885] netlink: 'syz.2.1199': attribute type 4 has an invalid length.
[  100.123681][ T6897] usb usb1: usbfs: process 6897 (syz.0.1203) did not claim interface 0 before use
[  100.195919][ T6908] blktrace: Concurrent blktraces are not allowed on sg0
[  100.261473][ T1115] IPVS: starting estimator thread 0...
[  100.320037][ T6914] __nla_validate_parse: 7 callbacks suppressed
[  100.320054][ T6914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1210'.
[  100.356111][ T6910] IPVS: using max 2064 ests per chain, 103200 per kthread
[  100.423771][ T6920] syzkaller0: entered promiscuous mode
[  100.428082][ T6918] blktrace: Concurrent blktraces are not allowed on sg0
[  100.429360][ T6920] syzkaller0: entered allmulticast mode
[  100.447077][ T6918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1211'.
[  100.562509][ T6924] loop3: detected capacity change from 0 to 164
[  100.575448][ T6924] ISOFS: unable to read i-node block
[  100.594688][ T6925] loop1: detected capacity change from 0 to 2048
[  100.628395][ T6929] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  100.861077][ T6942] loop2: detected capacity change from 0 to 2048
[  100.879308][ T6942] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.908442][ T6948] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'.
[  100.922763][ T6942] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1221'.
[  100.943891][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.053874][ T6961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1227'.
[  101.087980][ T6966] bond1: entered promiscuous mode
[  101.093147][ T6966] bond1: entered allmulticast mode
[  101.098748][ T6966] 8021q: adding VLAN 0 to HW filter on device bond1
[  101.108590][ T6966] bond1 (unregistering): Released all slaves
[  101.133739][ T6955] loop2: detected capacity change from 0 to 256
[  101.141329][ T6955] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  101.204430][ T6973] loop2: detected capacity change from 0 to 164
[  101.213026][ T6973] ISOFS: unable to read i-node block
[  101.219427][ T6973] netlink: 'syz.2.1231': attribute type 4 has an invalid length.
[  101.601834][ T6976] loop1: detected capacity change from 0 to 256
[  101.619075][ T6976] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  101.633535][ T6979] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1233'.
[  101.667658][ T6982] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  101.736658][ T6988] loop3: detected capacity change from 0 to 2048
[  101.774602][ T6992] loop1: detected capacity change from 0 to 2048
[  101.789538][ T6992] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.850569][ T6992] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1239'.
[  101.873320][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.875809][ T7006] loop3: detected capacity change from 0 to 1024
[  101.890339][ T7006] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  101.901379][ T7006] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  101.911965][ T7006] JBD2: no valid journal superblock found
[  101.917870][ T7006] EXT4-fs (loop3): Could not load journal inode
[  101.930462][ T7008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1245'.
[  101.967615][ T7012] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  101.974476][ T7013] smc: net device bond0 applied user defined pnetid SYZ0
[  101.990076][ T7013] smc: net device bond0 erased user defined pnetid SYZ0
[  102.120113][ T7024] loop1: detected capacity change from 0 to 764
[  102.141531][ T7024] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  102.156117][ T7024] syz.1.1252: attempt to access beyond end of device
[  102.156117][ T7024] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  102.169659][ T7034] xt_hashlimit: max too large, truncated to 1048576
[  102.186260][ T7029] loop2: detected capacity change from 0 to 128
[  102.204470][ T7029] netlink: 500 bytes leftover after parsing attributes in process `+}[@'.
[  102.218985][ T7029] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  102.236747][ T7036] loop1: detected capacity change from 0 to 1024
[  102.250604][ T7036] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  102.261573][ T7036] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  102.271472][ T7036] JBD2: no valid journal superblock found
[  102.277879][ T7036] EXT4-fs (loop1): Could not load journal inode
[  102.323040][ T7042] loop1: detected capacity change from 0 to 164
[  102.337776][ T7042] ISOFS: unable to read i-node block
[  102.343574][ T7042] netlink: 'syz.1.1260': attribute type 4 has an invalid length.
[  102.482303][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.609557][ T7065] can: request_module (can-proto-0) failed.
[  102.704528][ T7077] bond1: entered promiscuous mode
[  102.709787][ T7077] bond1: entered allmulticast mode
[  102.715574][ T7077] 8021q: adding VLAN 0 to HW filter on device bond1
[  102.729825][ T7077] bond1 (unregistering): Released all slaves
[  102.797669][ T7081] netlink: 'syz.0.1275': attribute type 1 has an invalid length.
[  102.825810][ T7081] 8021q: adding VLAN 0 to HW filter on device bond1
[  102.853584][ T7084] loop3: detected capacity change from 0 to 2048
[  102.891587][ T7084] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.933482][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.955204][ T7094] usb usb1: usbfs: process 7094 (syz.3.1279) did not claim interface 0 before use
[  103.007682][ T7099] loop3: detected capacity change from 0 to 164
[  103.021168][ T7099] ISOFS: unable to read i-node block
[  103.089829][ T7103] loop3: detected capacity change from 0 to 512
[  103.104665][ T7103] EXT4-fs: Ignoring removed nomblk_io_submit option
[  103.112392][ T7103] EXT4-fs: Ignoring removed mblk_io_submit option
[  103.121146][ T7103] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  103.130936][ T7103] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[  103.139571][ T7103] EXT4-fs (loop3): 1 truncate cleaned up
[  103.147295][ T7103] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.189464][ T7103] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  103.335827][ T7111] loop2: detected capacity change from 0 to 164
[  103.343977][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.415067][ T7111] ISOFS: unable to read i-node block
[  103.555297][ T7121] usb usb1: usbfs: process 7121 (syz.1.1290) did not claim interface 0 before use
[  103.572850][ T7126] loop4: detected capacity change from 0 to 164
[  103.598108][ T7126] ISOFS: unable to read i-node block
[  103.609133][ T7124] loop2: detected capacity change from 0 to 2048
[  103.643434][   T29] kauditd_printk_skb: 707 callbacks suppressed
[  103.643452][   T29] audit: type=1326 audit(2000000015.100:8139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.673969][   T29] audit: type=1326 audit(2000000015.100:8140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.698110][   T29] audit: type=1326 audit(2000000015.100:8141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.722499][   T29] audit: type=1326 audit(2000000015.160:8142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.722565][   T29] audit: type=1326 audit(2000000015.160:8143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.722590][   T29] audit: type=1326 audit(2000000015.160:8144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.722642][   T29] audit: type=1326 audit(2000000015.160:8145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.722768][   T29] audit: type=1326 audit(2000000015.160:8146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.759888][   T29] audit: type=1326 audit(2000000015.180:8147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.759957][   T29] audit: type=1326 audit(2000000015.180:8148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7128 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5dff1d169 code=0x7ffc0000
[  103.775514][ T7127] loop3: detected capacity change from 0 to 512
[  103.810999][ T7129] loop1: detected capacity change from 0 to 2048
[  103.851502][ T7138] loop2: detected capacity change from 0 to 1024
[  103.852271][ T7138] EXT4-fs: Mount option(s) incompatible with ext2
[  103.864611][ T7127] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  103.880448][ T7142] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  103.894845][ T7127] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  103.895045][ T7127] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  103.896711][ T7127] EXT4-fs (loop3): 1 truncate cleaned up
[  103.897179][ T7127] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.087080][ T7153] usb usb1: usbfs: process 7153 (syz.1.1304) did not claim interface 0 before use
[  104.238879][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.268928][ T7146] loop2: detected capacity change from 0 to 256
[  104.291584][ T7164] loop1: detected capacity change from 0 to 2048
[  104.293238][ T7146] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  104.361914][ T7170] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  104.413409][ T7172] loop1: detected capacity change from 0 to 1024
[  104.422034][ T7172] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  104.433730][ T7172] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  104.461232][ T7172] JBD2: no valid journal superblock found
[  104.467128][ T7172] EXT4-fs (loop1): Could not load journal inode
[  104.557327][ T7186] usb usb1: usbfs: process 7186 (syz.0.1318) did not claim interface 0 before use
[  104.713874][ T7209] loop2: detected capacity change from 0 to 1024
[  104.721752][ T7209] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  104.732767][ T7209] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  104.751895][ T7209] JBD2: no valid journal superblock found
[  104.757756][ T7209] EXT4-fs (loop2): Could not load journal inode
[  104.770395][ T7212] loop3: detected capacity change from 0 to 164
[  104.783995][ T7212] ISOFS: unable to read i-node block
[  104.810217][ T7218] usb usb1: usbfs: process 7218 (syz.0.1330) did not claim interface 0 before use
[  104.879299][ T7222] loop2: detected capacity change from 0 to 2048
[  104.887975][ T7220] loop4: detected capacity change from 0 to 2048
[  104.918131][ T7222] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.970305][ T7231] syzkaller0: entered promiscuous mode
[  104.975869][ T7231] syzkaller0: entered allmulticast mode
[  104.995984][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.005417][ T7231] 9pnet: Could not find request transport: fd0x0000000000000004
[  105.044174][ T7239] loop2: detected capacity change from 0 to 164
[  105.052702][ T7239] ISOFS: unable to read i-node block
[  105.108013][ T7245] loop2: detected capacity change from 0 to 164
[  105.118492][ T7245] ISOFS: unable to read i-node block
[  105.199428][ T7249] loop2: detected capacity change from 0 to 2048
[  105.329418][ T7269] netlink: 'syz.4.1352': attribute type 3 has an invalid length.
[  105.338473][ T7269] syzkaller1: entered allmulticast mode
[  105.369627][ T7269] SELinux: security policydb version 17 (MLS) not backwards compatible
[  105.378278][ T7273] loop2: detected capacity change from 0 to 512
[  105.384909][ T7273] EXT4-fs: Ignoring removed nomblk_io_submit option
[  105.392120][ T7273] EXT4-fs: Ignoring removed mblk_io_submit option
[  105.398652][ T7269] SELinux: failed to load policy
[  105.402981][ T7273] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  105.412149][ T7273] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  105.429577][ T7273] EXT4-fs (loop2): 1 truncate cleaned up
[  105.440343][ T7273] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.485393][ T7273] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  105.495498][ T7285] bond1: entered promiscuous mode
[  105.500881][ T7285] bond1: entered allmulticast mode
[  105.513667][ T7285] 8021q: adding VLAN 0 to HW filter on device bond1
[  105.524205][ T7285] bond1 (unregistering): Released all slaves
[  105.533450][ T7289] smc: net device bond0 applied user defined pnetid SYZ0
[  105.540907][ T7289] smc: net device bond0 erased user defined pnetid SYZ0
[  105.572134][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.611325][ T7293] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  105.689866][ T7297] __nla_validate_parse: 5 callbacks suppressed
[  105.689880][ T7297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1364'.
[  105.714081][ T7303] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1367'.
[  105.723401][ T7300] loop3: detected capacity change from 0 to 2048
[  105.753044][ T7306] usb usb1: usbfs: process 7306 (syz.4.1368) did not claim interface 0 before use
[  105.806868][ T7308] loop1: detected capacity change from 0 to 2048
[  105.846667][ T7313] loop3: detected capacity change from 0 to 2048
[  105.857150][ T7322] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  105.871586][ T7319] smc: net device bond0 applied user defined pnetid SYZ0
[  105.879269][ T7308] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.891980][ T7319] smc: net device bond0 erased user defined pnetid SYZ0
[  105.906036][ T7313] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.923289][ T7329] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  105.954790][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1372'.
[  105.965372][ T7308] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1369'.
[  106.017988][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.030545][ T7321] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  106.042188][ T7334] loop2: detected capacity change from 0 to 8192
[  106.066204][ T7321] EXT4-fs (loop1): Remounting filesystem read-only
[  106.102139][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.121904][ T7343] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1382'.
[  106.273799][ T7352] loop4: detected capacity change from 0 to 2048
[  106.362525][ T7363] loop4: detected capacity change from 0 to 2048
[  106.381396][ T7363] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.410803][ T7363] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1388'.
[  106.423573][ T7361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1387'.
[  106.441194][ T7369] loop1: detected capacity change from 0 to 2048
[  106.474035][ T7372] bond2: entered promiscuous mode
[  106.479143][ T7372] bond2: entered allmulticast mode
[  106.484621][ T7372] 8021q: adding VLAN 0 to HW filter on device bond2
[  106.496814][ T7372] bond2 (unregistering): Released all slaves
[  106.503504][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.513701][ T7369] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.555102][ T7378] loop4: detected capacity change from 0 to 1024
[  106.584159][ T7378] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  106.595869][ T7378] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  106.608805][ T7382] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1389'.
[  106.627854][ T7378] JBD2: no valid journal superblock found
[  106.633748][ T7378] EXT4-fs (loop4): Could not load journal inode
[  106.643097][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.758319][ T7394] usb usb1: usbfs: process 7394 (syz.4.1397) did not claim interface 0 before use
[  106.808976][ T7396] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1398'.
[  106.829734][ T7398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1400'.
[  106.848164][ T7400] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  106.904727][ T7402] loop1: detected capacity change from 0 to 2048
[  106.928203][ T7406] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  106.968202][ T7402] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.988815][ T7413] netlink: 'syz.0.1403': attribute type 4 has an invalid length.
[  107.009998][ T7404] netlink: 'syz.0.1403': attribute type 4 has an invalid length.
[  107.028955][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.118097][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.125689][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.133121][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.141310][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.148746][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.156179][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.159258][ T7435] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  107.163628][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.183024][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.190488][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.192674][ T7431] loop1: detected capacity change from 0 to 2048
[  107.197910][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.212255][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.219803][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.227237][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.234755][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.242951][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.247294][ T7439] loop4: detected capacity change from 0 to 512
[  107.250374][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.257110][ T7439] EXT4-fs: Ignoring removed nomblk_io_submit option
[  107.263973][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.278714][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.281816][ T7441] usb usb1: usbfs: process 7441 (syz.1.1419) did not claim interface 0 before use
[  107.286140][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.286240][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.303592][ T7442] loop2: detected capacity change from 0 to 1024
[  107.311043][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.311066][ T3375] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  107.334316][ T7439] EXT4-fs: Ignoring removed mblk_io_submit option
[  107.364869][ T7447] loop3: detected capacity change from 0 to 164
[  107.372278][ T7439] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  107.380553][ T7442] EXT4-fs: Mount option(s) incompatible with ext2
[  107.381123][ T7439] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2
[  107.414957][ T7439] EXT4-fs (loop4): 1 truncate cleaned up
[  107.425198][ T7447] ISOFS: unable to read i-node block
[  107.428773][ T7439] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.451406][ T3375] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[  107.489383][ T7456] erspan0: entered promiscuous mode
[  107.503490][ T7456] macvtap1: entered promiscuous mode
[  107.509696][ T7456] macvtap1: entered allmulticast mode
[  107.515078][ T7456] erspan0: entered allmulticast mode
[  107.537351][ T7437] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  107.551612][ T7461] erspan0: left allmulticast mode
[  107.556973][ T7461] erspan0: left promiscuous mode
[  107.597625][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.754996][ T7479] loop4: detected capacity change from 0 to 164
[  107.789871][ T7485] process 'syz.0.1435' launched '/dev/fd/6' with NULL argv: empty string added
[  107.803632][ T7479] netlink: 'syz.4.1433': attribute type 4 has an invalid length.
[  107.836198][ T7487] loop2: detected capacity change from 0 to 2048
[  107.856018][ T7489] smc: net device bond0 applied user defined pnetid SYZ0
[  107.863481][ T7489] smc: net device bond0 erased user defined pnetid SYZ0
[  107.872549][ T7487] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.959410][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.054244][ T7502] netlink: 'syz.0.1441': attribute type 3 has an invalid length.
[  108.144111][ T7509] usb usb1: usbfs: process 7509 (syz.3.1444) did not claim interface 0 before use
[  108.226310][ T7517] netlink: 'syz.3.1448': attribute type 8 has an invalid length.
[  108.352819][ T7524] FAULT_INJECTION: forcing a failure.
[  108.352819][ T7524] name failslab, interval 1, probability 0, space 0, times 0
[  108.365539][ T7524] CPU: 0 UID: 0 PID: 7524 Comm: syz.2.1447 Tainted: G        W          6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[  108.365575][ T7524] Tainted: [W]=WARN
[  108.365583][ T7524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  108.365608][ T7524] Call Trace:
[  108.365615][ T7524]  <TASK>
[  108.365624][ T7524]  dump_stack_lvl+0xf6/0x150
[  108.365658][ T7524]  dump_stack+0x15/0x1a
[  108.365672][ T7524]  should_fail_ex+0x261/0x270
[  108.365693][ T7524]  should_failslab+0x8f/0xb0
[  108.365715][ T7524]  kmem_cache_alloc_node_noprof+0x5c/0x340
[  108.365796][ T7524]  ? dup_task_struct+0x73/0x710
[  108.365820][ T7524]  dup_task_struct+0x73/0x710
[  108.365845][ T7524]  ? kstrtoull+0x115/0x140
[  108.365868][ T7524]  copy_process+0x39e/0x1f60
[  108.365947][ T7524]  ? __rcu_read_unlock+0x4e/0x70
[  108.365972][ T7524]  kernel_clone+0x168/0x5d0
[  108.365996][ T7524]  __x64_sys_clone+0xe9/0x120
[  108.366028][ T7524]  x64_sys_call+0x2dc9/0x2e10
[  108.366052][ T7524]  do_syscall_64+0xc9/0x1c0
[  108.366114][ T7524]  ? clear_bhb_loop+0x25/0x80
[  108.366139][ T7524]  ? clear_bhb_loop+0x25/0x80
[  108.366163][ T7524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.366186][ T7524] RIP: 0033:0x7ff51d29d169
[  108.366249][ T7524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.366268][ T7524] RSP: 002b:00007ff51b8e5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  108.366288][ T7524] RAX: ffffffffffffffda RBX: 00007ff51d4b6080 RCX: 00007ff51d29d169
[  108.366301][ T7524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[  108.366314][ T7524] RBP: 00007ff51b8e6090 R08: 0000000000000000 R09: 0000000000000000
[  108.366335][ T7524] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  108.366347][ T7524] R13: 0000000000000000 R14: 00007ff51d4b6080 R15: 00007ffcbbcd7038
[  108.366367][ T7524]  </TASK>
[  108.591331][ T7527] smc: net device bond0 applied user defined pnetid SYZ0
[  108.615334][ T7527] smc: net device bond0 erased user defined pnetid SYZ0
[  108.636328][ T7531] FAULT_INJECTION: forcing a failure.
[  108.636328][ T7531] name failslab, interval 1, probability 0, space 0, times 0
[  108.649069][ T7531] CPU: 0 UID: 0 PID: 7531 Comm: syz.4.1454 Tainted: G        W          6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[  108.649108][ T7531] Tainted: [W]=WARN
[  108.649117][ T7531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  108.649131][ T7531] Call Trace:
[  108.649140][ T7531]  <TASK>
[  108.649223][ T7531]  dump_stack_lvl+0xf6/0x150
[  108.649246][ T7531]  dump_stack+0x15/0x1a
[  108.649266][ T7531]  should_fail_ex+0x261/0x270
[  108.649292][ T7531]  should_failslab+0x8f/0xb0
[  108.649309][ T7531]  __kmalloc_cache_noprof+0x55/0x320
[  108.649376][ T7531]  ? wakeup_source_sysfs_add+0x37/0x1a0
[  108.649415][ T7531]  wakeup_source_sysfs_add+0x37/0x1a0
[  108.649454][ T7531]  wakeup_source_register+0x106/0x250
[  108.649479][ T7531]  ep_insert+0x7e6/0xcf0
[  108.649508][ T7531]  do_epoll_ctl+0x604/0x920
[  108.649582][ T7531]  __x64_sys_epoll_ctl+0xcb/0xf0
[  108.649611][ T7531]  x64_sys_call+0x2789/0x2e10
[  108.649637][ T7531]  do_syscall_64+0xc9/0x1c0
[  108.649662][ T7531]  ? clear_bhb_loop+0x25/0x80
[  108.649736][ T7531]  ? clear_bhb_loop+0x25/0x80
[  108.649761][ T7531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.649781][ T7531] RIP: 0033:0x7f014886d169
[  108.649796][ T7531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.649858][ T7531] RSP: 002b:00007f0146ed7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  108.649882][ T7531] RAX: ffffffffffffffda RBX: 00007f0148a85fa0 RCX: 00007f014886d169
[  108.649897][ T7531] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000003
[  108.649912][ T7531] RBP: 00007f0146ed7090 R08: 0000000000000000 R09: 0000000000000000
[  108.649926][ T7531] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  108.649941][ T7531] R13: 0000000000000000 R14: 00007f0148a85fa0 R15: 00007ffe3a18e2e8
[  108.649962][ T7531]  </TASK>
[  108.657439][ T7533] smc: net device bond0 applied user defined pnetid SYZ0
[  108.732384][   T29] kauditd_printk_skb: 837 callbacks suppressed
[  108.732406][   T29] audit: type=1326 audit(2000000020.150:8986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  108.746423][ T7533] smc: net device bond0 erased user defined pnetid SYZ0
[  108.747667][   T29] audit: type=1326 audit(2000000020.150:8987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  108.768259][ T7535] loop4: detected capacity change from 0 to 8192
[  108.772444][   T29] audit: type=1326 audit(2000000020.150:8988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  108.944371][   T29] audit: type=1326 audit(2000000020.150:8989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  108.968499][   T29] audit: type=1326 audit(2000000020.150:8990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  108.992111][   T29] audit: type=1326 audit(2000000020.150:8991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  109.016516][   T29] audit: type=1326 audit(2000000020.150:8992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  109.040005][   T29] audit: type=1326 audit(2000000020.150:8993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  109.064080][   T29] audit: type=1326 audit(2000000020.150:8994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  109.088184][   T29] audit: type=1326 audit(2000000020.150:8995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7534 comm="syz.4.1455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f014886d1a3 code=0x7ffc0000
[  109.166959][ T7544] smc: net device bond0 applied user defined pnetid SYZ0
[  109.170266][ T7542] usb usb1: usbfs: process 7542 (syz.0.1456) did not claim interface 0 before use
[  109.198855][ T7544] smc: net device bond0 erased user defined pnetid SYZ0
[  109.279700][ T7548] bond1: entered promiscuous mode
[  109.284853][ T7548] bond1: entered allmulticast mode
[  109.290309][ T7548] 8021q: adding VLAN 0 to HW filter on device bond1
[  109.302405][ T7548] bond1 (unregistering): Released all slaves
[  109.350145][ T7553] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  109.407335][ T7556] loop2: detected capacity change from 0 to 2048
[  109.427303][ T7556] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.482591][ T7563] loop3: detected capacity change from 0 to 1024
[  109.491202][ T7563] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  109.491564][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.502115][ T7563] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  109.514813][ T7563] JBD2: no valid journal superblock found
[  109.526675][ T7563] EXT4-fs (loop3): Could not load journal inode
[  109.577647][ T7568] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  109.670479][ T7576] bond0: (slave bond_slave_0): Releasing backup interface
[  109.694671][ T7579] loop1: detected capacity change from 0 to 2048
[  109.701293][ T7581] loop2: detected capacity change from 0 to 2048
[  109.730655][ T7581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.769184][ T7589] smc: net device bond0 applied user defined pnetid SYZ0
[  109.788867][ T7591] netlink: 'syz.3.1474': attribute type 4 has an invalid length.
[  109.806037][ T7589] smc: net device bond0 erased user defined pnetid SYZ0
[  109.844714][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.870139][ T7596] loop4: detected capacity change from 0 to 8192
[  109.910203][ T7602] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  109.974256][ T7604] loop2: detected capacity change from 0 to 1024
[  110.016405][ T7613] loop1: detected capacity change from 0 to 512
[  110.025824][ T7613] EXT4-fs (loop1): external journal device major/minor numbers have changed
[  110.050558][ T7604] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  110.061500][ T7604] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  110.078924][ T7614] loop3: detected capacity change from 0 to 2048
[  110.085804][ T7613] EXT4-fs (loop1): failed to open journal device unknown-block(1,255) -6
[  110.125867][ T7604] JBD2: no valid journal superblock found
[  110.131647][ T7604] EXT4-fs (loop2): Could not load journal inode
[  110.142100][ T7618] netlink: 'syz.0.1484': attribute type 4 has an invalid length.
[  110.155473][ T7613] netlink: 'syz.1.1483': attribute type 30 has an invalid length.
[  110.169142][ T7613] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  110.177991][ T7613] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  110.186743][ T7613] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  110.195471][ T7613] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  110.213801][ T7613] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  110.222844][ T7613] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  110.232633][ T7613] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  110.241669][ T7613] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  110.288561][ T7625] smc: net device bond0 applied user defined pnetid SYZ0
[  110.296080][ T7625] smc: net device bond0 erased user defined pnetid SYZ0
[  110.405451][ T7635] loop2: detected capacity change from 0 to 512
[  110.412641][ T7635] EXT4-fs: Mount option(s) incompatible with ext3
[  110.434037][ T7639] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  110.509607][ T7646] loop3: detected capacity change from 0 to 512
[  110.520058][ T7643] loop2: detected capacity change from 0 to 512
[  110.536853][ T7643] EXT4-fs: Ignoring removed mblk_io_submit option
[  110.544695][ T7647] loop1: detected capacity change from 0 to 2048
[  110.552652][ T7643] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  110.564313][ T7646] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.577397][ T7646] ext4 filesystem being mounted at /285/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.583549][ T7643] EXT4-fs (loop2): 1 truncate cleaned up
[  110.613641][ T7643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  110.627891][ T7643] SELinux:  Context system_u:object_r:usbmon_device_t:s0 is not valid (left unmapped).
[  110.634710][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.675891][ T7654] loop3: detected capacity change from 0 to 1024
[  110.692812][ T7656] smc: net device bond0 applied user defined pnetid SYZ0
[  110.700414][ T7656] smc: net device bond0 erased user defined pnetid SYZ0
[  110.714093][ T7654] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  110.725210][ T7654] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  110.739234][ T7654] JBD2: no valid journal superblock found
[  110.745183][ T7654] EXT4-fs (loop3): Could not load journal inode
[  110.756256][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.869210][ T7673] __nla_validate_parse: 7 callbacks suppressed
[  110.869225][ T7673] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1507'.
[  110.901215][ T7675] loop2: detected capacity change from 0 to 2048
[  110.926567][ T7675] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.969419][ T7688] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  110.990685][ T7691] smc: net device bond0 applied user defined pnetid SYZ0
[  111.009673][ T7691] smc: net device bond0 erased user defined pnetid SYZ0
[  111.019379][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.069538][ T7698] bond1: entered promiscuous mode
[  111.074620][ T7698] bond1: entered allmulticast mode
[  111.092209][ T7698] 8021q: adding VLAN 0 to HW filter on device bond1
[  111.120767][ T7698] bond1 (unregistering): Released all slaves
[  111.131171][ T7702] loop4: detected capacity change from 0 to 1024
[  111.159082][ T7706] loop2: detected capacity change from 0 to 164
[  111.168077][ T7702] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  111.174201][ T7708] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  111.179013][ T7702] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  111.216219][ T7706] ISOFS: unable to read i-node block
[  111.251691][ T7716] loop3: detected capacity change from 0 to 164
[  111.253556][ T7702] JBD2: no valid journal superblock found
[  111.263874][ T7702] EXT4-fs (loop4): Could not load journal inode
[  111.302392][ T7722] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  111.320701][ T7716] ISOFS: unable to read i-node block
[  111.326917][ T7716] netlink: 'syz.3.1522': attribute type 4 has an invalid length.
[  111.415533][ T7734] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  111.423167][ T7725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1526'.
[  111.497359][ T7741] loop1: detected capacity change from 0 to 2048
[  111.514152][ T7742] bond1: entered promiscuous mode
[  111.520044][ T7742] bond1: entered allmulticast mode
[  111.532473][ T7742] 8021q: adding VLAN 0 to HW filter on device bond1
[  111.561532][ T7742] bond1 (unregistering): Released all slaves
[  111.571729][ T7751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1536'.
[  111.583289][ T7751] FAULT_INJECTION: forcing a failure.
[  111.583289][ T7751] name failslab, interval 1, probability 0, space 0, times 0
[  111.596113][ T7751] CPU: 1 UID: 0 PID: 7751 Comm: syz.1.1536 Tainted: G        W          6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[  111.596142][ T7751] Tainted: [W]=WARN
[  111.596148][ T7751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  111.596162][ T7751] Call Trace:
[  111.596170][ T7751]  <TASK>
[  111.596178][ T7751]  dump_stack_lvl+0xf6/0x150
[  111.596205][ T7751]  dump_stack+0x15/0x1a
[  111.596222][ T7751]  should_fail_ex+0x261/0x270
[  111.596307][ T7751]  should_failslab+0x8f/0xb0
[  111.596357][ T7751]  __kmalloc_node_track_caller_noprof+0xaa/0x410
[  111.596382][ T7751]  ? sidtab_sid2str_get+0xb8/0x140
[  111.596403][ T7751]  ? vsnprintf+0x84d/0x8a0
[  111.596506][ T7751]  kmemdup_noprof+0x2b/0x70
[  111.596579][ T7751]  sidtab_sid2str_get+0xb8/0x140
[  111.596600][ T7751]  security_sid_to_context_core+0x1eb/0x2f0
[  111.596629][ T7751]  security_sid_to_context+0x27/0x30
[  111.596717][ T7751]  selinux_lsmprop_to_secctx+0x6c/0xf0
[  111.596759][ T7751]  security_lsmprop_to_secctx+0x40/0x80
[  111.596788][ T7751]  audit_log_task_context+0x7a/0x180
[  111.596810][ T7751]  audit_log_task+0xfb/0x250
[  111.596929][ T7751]  audit_seccomp+0x68/0x130
[  111.596964][ T7751]  __seccomp_filter+0x694/0x10e0
[  111.596999][ T7751]  ? vfs_write+0x669/0x950
[  111.597048][ T7751]  ? putname+0xe1/0x100
[  111.597075][ T7751]  __secure_computing+0x7e/0x160
[  111.597140][ T7751]  syscall_trace_enter+0xcf/0x1f0
[  111.597172][ T7751]  ? fpregs_assert_state_consistent+0x83/0xa0
[  111.597210][ T7751]  do_syscall_64+0xaa/0x1c0
[  111.597240][ T7751]  ? clear_bhb_loop+0x25/0x80
[  111.597264][ T7751]  ? clear_bhb_loop+0x25/0x80
[  111.597304][ T7751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.597323][ T7751] RIP: 0033:0x7ff5dff1d169
[  111.597405][ T7751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.597426][ T7751] RSP: 002b:00007ff5de587038 EFLAGS: 00000246 ORIG_RAX: 000000000000000d
[  111.597447][ T7751] RAX: ffffffffffffffda RBX: 00007ff5e0135fa0 RCX: 00007ff5dff1d169
[  111.597461][ T7751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000019
[  111.597474][ T7751] RBP: 00007ff5de587090 R08: 0000000000000000 R09: 0000000000000000
[  111.597485][ T7751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.597495][ T7751] R13: 0000000000000000 R14: 00007ff5e0135fa0 R15: 00007ffeeebf1078
[  111.597513][ T7751]  </TASK>
[  111.892167][ T7759] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  111.922628][ T3357] IPVS: starting estimator thread 0...
[  111.928430][ T7761] loop4: detected capacity change from 0 to 512
[  111.936098][ T7761] EXT4-fs: Mount option(s) incompatible with ext3
[  111.968413][ T7764] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1541'.
[  112.015280][ T7762] IPVS: using max 2112 ests per chain, 105600 per kthread
[  112.048850][ T7768] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  112.122979][ T7772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1545'.
[  112.205611][ T7784] bond1: entered promiscuous mode
[  112.210752][ T7784] bond1: entered allmulticast mode
[  112.216106][ T7784] 8021q: adding VLAN 0 to HW filter on device bond1
[  112.239299][ T7784] bond1 (unregistering): Released all slaves
[  112.281771][ T7795] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1554'.
[  112.298981][ T7797] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  112.322506][ T7800] loop1: detected capacity change from 0 to 2048
[  112.356171][ T7800]  loop1: p3 p4 < >
[  112.373546][ T7804] loop3: detected capacity change from 0 to 1024
[  112.382430][ T7806] smc: net device bond0 applied user defined pnetid SYZ0
[  112.389940][ T7806] smc: net device bond0 erased user defined pnetid SYZ0
[  112.402974][ T7804] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  112.414160][ T7804] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  112.427531][ T7804] JBD2: no valid journal superblock found
[  112.433321][ T7804] EXT4-fs (loop3): Could not load journal inode
[  112.472185][ T7811] loop4: detected capacity change from 0 to 164
[  112.483850][ T7811] ISOFS: unable to read i-node block
[  112.557098][ T7813] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ'
[  112.578513][ T7815] loop3: detected capacity change from 0 to 164
[  112.591697][ T7815] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  112.603693][ T7815] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  112.633918][ T7821] netlink: 'syz.4.1563': attribute type 3 has an invalid length.
[  112.663662][ T7824] loop3: detected capacity change from 0 to 164
[  112.687773][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1564'.
[  112.696791][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1564'.
[  112.712144][ T7824] ISOFS: unable to read i-node block
[  112.747472][ T7832] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  112.776532][ T7833] bond1: entered promiscuous mode
[  112.781700][ T7833] bond1: entered allmulticast mode
[  112.797792][ T7833] 8021q: adding VLAN 0 to HW filter on device bond1
[  112.809196][ T7840] loop3: detected capacity change from 0 to 164
[  112.817557][ T7840] ISOFS: unable to read i-node block
[  112.827159][ T7833] bond1 (unregistering): Released all slaves
[  112.847427][ T7838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1570'.
[  112.906976][ T7847] loop3: detected capacity change from 0 to 4096
[  112.918257][ T7847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.953718][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.980682][ T7854] loop3: detected capacity change from 0 to 512
[  112.987342][ T7854] EXT4-fs: Ignoring removed i_version option
[  112.993421][ T7854] EXT4-fs: Ignoring removed mblk_io_submit option
[  113.004062][ T7854] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  113.015653][ T7854] EXT4-fs (loop3): 1 truncate cleaned up
[  113.021733][ T7854] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.127413][ T3305] EXT4-fs error (device loop3): ext4_readdir:261: inode #11: block 54: comm syz-executor: path /301/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  113.199688][ T3305] EXT4-fs error (device loop3): ext4_empty_dir:3135: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  113.226450][ T3305] EXT4-fs error (device loop3): ext4_readdir:261: inode #11: block 54: comm syz-executor: path /301/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  113.249382][ T3305] EXT4-fs error (device loop3): ext4_empty_dir:3135: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  113.274573][ T3305] EXT4-fs error (device loop3): ext4_readdir:261: inode #11: block 54: comm syz-executor: path /301/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  113.293283][ T7862] loop4: detected capacity change from 0 to 164
[  113.308027][ T3305] EXT4-fs error (device loop3): ext4_empty_dir:3135: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  113.328770][ T3305] EXT4-fs error (device loop3): ext4_readdir:261: inode #11: block 54: comm syz-executor: path /301/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  113.329380][ T7862] ISOFS: unable to read i-node block
[  113.351994][ T3305] EXT4-fs error (device loop3): ext4_empty_dir:3135: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  113.390651][ T3305] EXT4-fs error (device loop3): ext4_readdir:261: inode #11: block 54: comm syz-executor: path /301/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  113.399198][ T7864] loop1: detected capacity change from 0 to 512
[  113.413438][ T3305] EXT4-fs error (device loop3): ext4_empty_dir:3135: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[  113.447127][ T7864] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  113.473950][ T7864] EXT4-fs (loop1): 1 truncate cleaned up
[  113.521421][ T7864] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.629070][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.666497][ T3305] bridge0: port 3(syz_tun) entered disabled state
[  113.677498][ T7877] netlink: 'syz.1.1586': attribute type 3 has an invalid length.
[  113.692650][ T3305] syz_tun (unregistering): left allmulticast mode
[  113.699132][ T3305] syz_tun (unregistering): left promiscuous mode
[  113.705641][ T3305] bridge0: port 3(syz_tun) entered disabled state
[  113.761033][ T7884] loop1: detected capacity change from 0 to 512
[  113.778113][ T7884] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  113.787509][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.787916][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.836623][ T7884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.855412][ T7884] ext4 filesystem being mounted at /348/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  113.878599][   T29] kauditd_printk_skb: 607 callbacks suppressed
[  113.878616][   T29] audit: type=1400 audit(2000000025.340:9602): avc:  denied  { connect } for  pid=7881 comm="syz.1.1587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  113.898206][ T7884] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1587'.
[  113.916066][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.980732][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.003908][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.022911][   T29] audit: type=1400 audit(2000000025.480:9603): avc:  denied  { mounton } for  pid=7897 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  114.071776][   T29] audit: type=1326 audit(2000000025.530:9604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.095440][   T29] audit: type=1326 audit(2000000025.530:9605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.118867][   T29] audit: type=1326 audit(2000000025.530:9606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.142407][   T29] audit: type=1326 audit(2000000025.530:9607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.166019][   T29] audit: type=1326 audit(2000000025.530:9608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.199386][   T29] audit: type=1326 audit(2000000025.540:9609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.222947][   T29] audit: type=1326 audit(2000000025.540:9610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.246444][   T29] audit: type=1326 audit(2000000025.540:9611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7899 comm="syz.4.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f014886d169 code=0x7ffc0000
[  114.274962][ T7908] netlink: 'syz.1.1597': attribute type 3 has an invalid length.
[  114.285812][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.336388][ T7916] loop1: detected capacity change from 0 to 164
[  114.358198][ T7903] loop4: detected capacity change from 0 to 8192
[  114.401992][   T12] bridge_slave_1: left allmulticast mode
[  114.407704][   T12] bridge_slave_1: left promiscuous mode
[  114.413382][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.433752][   T12] bridge_slave_0: left allmulticast mode
[  114.439505][   T12] bridge_slave_0: left promiscuous mode
[  114.445240][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.610379][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  114.623471][   T12] bond0 (unregistering): Released all slaves
[  114.687492][ T7938] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  114.743399][   T12] veth1_macvtap: left promiscuous mode
[  114.751417][   T12] veth0_macvtap: left promiscuous mode
[  114.774103][   T12] veth1_vlan: left promiscuous mode
[  114.796015][   T12] veth0_vlan: left promiscuous mode
[  114.927619][ T7958] FAULT_INJECTION: forcing a failure.
[  114.927619][ T7958] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  114.940758][ T7958] CPU: 0 UID: 0 PID: 7958 Comm: syz.0.1611 Tainted: G        W          6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[  114.940931][ T7958] Tainted: [W]=WARN
[  114.940941][ T7958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  114.940953][ T7958] Call Trace:
[  114.940959][ T7958]  <TASK>
[  114.940967][ T7958]  dump_stack_lvl+0xf6/0x150
[  114.940992][ T7958]  dump_stack+0x15/0x1a
[  114.941012][ T7958]  should_fail_ex+0x261/0x270
[  114.941082][ T7958]  should_fail+0xb/0x10
[  114.941108][ T7958]  should_fail_usercopy+0x1a/0x20
[  114.941140][ T7958]  _copy_to_user+0x20/0xa0
[  114.941221][ T7958]  simple_read_from_buffer+0xb2/0x130
[  114.941317][ T7958]  proc_fail_nth_read+0x103/0x140
[  114.941388][ T7958]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  114.941425][ T7958]  vfs_read+0x1b2/0x710
[  114.941462][ T7958]  ? __cond_resched+0x53/0x90
[  114.941503][ T7958]  ksys_read+0xeb/0x1b0
[  114.941588][ T7958]  __x64_sys_read+0x42/0x50
[  114.941623][ T7958]  x64_sys_call+0x2a3b/0x2e10
[  114.941716][ T7958]  do_syscall_64+0xc9/0x1c0
[  114.941745][ T7958]  ? clear_bhb_loop+0x25/0x80
[  114.941781][ T7958]  ? clear_bhb_loop+0x25/0x80
[  114.941807][ T7958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.941832][ T7958] RIP: 0033:0x7fd22c3dbb7c
[  114.941909][ T7958] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  114.941927][ T7958] RSP: 002b:00007fd22aa47030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  114.941945][ T7958] RAX: ffffffffffffffda RBX: 00007fd22c5f5fa0 RCX: 00007fd22c3dbb7c
[  114.941961][ T7958] RDX: 000000000000000f RSI: 00007fd22aa470a0 RDI: 0000000000000006
[  114.941976][ T7958] RBP: 00007fd22aa47090 R08: 0000000000000000 R09: 0000000000000000
[  114.941991][ T7958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  114.942006][ T7958] R13: 0000000000000000 R14: 00007fd22c5f5fa0 R15: 00007ffff4c84eb8
[  114.942028][ T7958]  </TASK>
[  115.193254][ T7897] chnl_net:caif_netlink_parms(): no params data found
[  115.330088][ T7897] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.337266][ T7897] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.345770][ T7897] bridge_slave_0: entered allmulticast mode
[  115.352934][ T7897] bridge_slave_0: entered promiscuous mode
[  115.361783][ T7897] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.369048][ T7897] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.393597][ T7897] bridge_slave_1: entered allmulticast mode
[  115.401761][ T7897] bridge_slave_1: entered promiscuous mode
[  115.492929][ T7999] loop1: detected capacity change from 0 to 512
[  115.526140][ T7999] EXT4-fs: Ignoring removed nomblk_io_submit option
[  115.537126][ T7897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.556981][ T7999] EXT4-fs: Ignoring removed mblk_io_submit option
[  115.557988][ T7897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.581003][ T8003] loop4: detected capacity change from 0 to 2048
[  115.589479][ T7999] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  115.601309][ T7999] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  115.616847][ T8003] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.646434][ T7897] team0: Port device team_slave_0 added
[  115.660914][ T7897] team0: Port device team_slave_1 added
[  115.690666][ T7999] EXT4-fs (loop1): 1 truncate cleaned up
[  115.696907][ T7999] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.719619][ T7999] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  115.732999][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.735842][ T7897] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.749083][ T7897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.775058][ T7897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.829905][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.854199][ T8029] loop4: detected capacity change from 0 to 512
[  115.866549][ T7897] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.873538][ T7897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.877267][ T8029] EXT4-fs: Mount option(s) incompatible with ext3
[  115.899531][ T7897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.928449][ T8035] loop2: detected capacity change from 0 to 1024
[  115.966727][ T8040] __nla_validate_parse: 5 callbacks suppressed
[  115.966803][ T8040] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1627'.
[  116.014482][ T8041] loop1: detected capacity change from 0 to 512
[  116.027073][ T7897] hsr_slave_0: entered promiscuous mode
[  116.034024][ T8041] EXT4-fs: Ignoring removed nomblk_io_submit option
[  116.043179][ T7897] hsr_slave_1: entered promiscuous mode
[  116.049392][ T8041] EXT4-fs: Ignoring removed mblk_io_submit option
[  116.085646][ T8051] netlink: 'syz.4.1631': attribute type 3 has an invalid length.
[  116.098961][ T8041] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  116.115026][ T8041] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  116.148494][ T8041] EXT4-fs (loop1): 1 truncate cleaned up
[  116.154840][ T8041] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  116.206115][ T8041] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  116.253532][ T7897] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  116.281366][ T7897] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  116.293841][ T7897] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  116.302966][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.314117][ T7897] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  116.442856][   T36] IPVS: starting estimator thread 0...
[  116.454590][ T8096] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  116.456942][ T8085] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  116.513152][ T7897] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.545547][ T8094] IPVS: using max 2400 ests per chain, 120000 per kthread
[  116.554628][ T8088] loop1: detected capacity change from 0 to 8192
[  116.564531][ T8099] netlink: 'syz.2.1642': attribute type 4 has an invalid length.
[  116.569438][ T7897] 8021q: adding VLAN 0 to HW filter on device team0
[  116.572501][ T8099] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1642'.
[  116.606126][ T8099] : renamed from bond0
[  116.617556][  T383] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.624617][  T383] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.655271][ T8110] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1644'.
[  116.672558][  T383] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.679696][  T383] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.779027][ T7897] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.904960][ T8140] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1649'.
[  116.974931][ T8147] netlink: 'syz.2.1652': attribute type 3 has an invalid length.
[  116.993798][ T7897] veth0_vlan: entered promiscuous mode
[  117.033450][ T8149] smc: net device bond0 applied user defined pnetid SYZ0
[  117.034580][ T8151] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1655'.
[  117.056859][ T7897] veth1_vlan: entered promiscuous mode
[  117.071784][ T7897] veth0_macvtap: entered promiscuous mode
[  117.079134][ T7897] veth1_macvtap: entered promiscuous mode
[  117.088986][ T7897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.099522][ T7897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.109390][ T7897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  117.119829][ T7897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.132044][ T7897] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.140400][ T7897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  117.150876][ T7897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.160720][ T7897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  117.171213][ T7897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  117.220248][ T8158] loop4: detected capacity change from 0 to 128
[  117.235560][ T8158] FAT-fs (loop4): bogus number of reserved sectors
[  117.242125][ T8158] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  117.248366][ T7897] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.251457][ T8158] FAT-fs (loop4): Can't find a valid FAT filesystem
[  117.266120][ T8149] smc: net device bond0 erased user defined pnetid SYZ0
[  117.267931][ T7897] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.281844][ T7897] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.290677][ T7897] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.299410][ T7897] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.367280][ T8163] loop1: detected capacity change from 0 to 164
[  117.410288][ T8165] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1660'.
[  117.431690][ T8163] ISOFS: unable to read i-node block
[  117.450040][ T8173] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  117.531770][ T8179] bond1: entered promiscuous mode
[  117.536948][ T8179] bond1: entered allmulticast mode
[  117.543217][ T8179] 8021q: adding VLAN 0 to HW filter on device bond1
[  117.556680][ T8179] bond1 (unregistering): Released all slaves
[  117.586332][ T8188] loop2: detected capacity change from 0 to 2048
[  117.716451][ T8196] loop2: detected capacity change from 0 to 512
[  117.723163][ T8185] hub 6-0:1.0: USB hub found
[  117.728315][ T8185] hub 6-0:1.0: 8 ports detected
[  117.741593][ T8196] EXT4-fs: Mount option(s) incompatible with ext3
[  117.884638][ T8206] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[  117.893082][ T8206] netlink: 'syz.2.1676': attribute type 4 has an invalid length.
[  117.921086][ T8210] loop5: detected capacity change from 0 to 2048
[  117.947028][ T8206] netlink: 'syz.2.1676': attribute type 4 has an invalid length.
[  117.958234][ T8214] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  117.969304][ T8216] smc: net device bond0 applied user defined pnetid SYZ0
[  117.980388][ T8216] smc: net device bond0 erased user defined pnetid SYZ0
[  118.157755][ T8228] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1684'.
[  118.182581][ T8223] loop1: detected capacity change from 0 to 2048
[  118.296697][ T8227] loop2: detected capacity change from 0 to 8192
[  118.338190][ T8233] netlink: 'syz.1.1686': attribute type 3 has an invalid length.
[  118.426713][ T8245] smc: net device bond0 applied user defined pnetid SYZ0
[  118.434078][ T8245] smc: net device bond0 erased user defined pnetid SYZ0
[  118.446729][ T8240] loop4: detected capacity change from 0 to 256
[  118.508362][ T8249] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  118.516427][ T8247] loop5: detected capacity change from 0 to 4096
[  118.733667][ T8259] smc: net device bond0 applied user defined pnetid SYZ0
[  118.738397][ T8263] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  118.741295][ T8259] smc: net device bond0 erased user defined pnetid SYZ0
[  118.820424][ T8265] loop4: detected capacity change from 0 to 8192
[  119.054556][ T8275] netlink: 'syz.0.1700': attribute type 3 has an invalid length.
[  119.108367][ T8269] ==================================================================
[  119.116501][ T8269] BUG: KCSAN: data-race in dio_bio_end_io / dio_new_bio
[  119.123472][ T8269] 
[  119.125821][ T8269] read-write to 0xffff88811896d958 of 8 bytes by interrupt on cpu 0:
[  119.133900][ T8269]  dio_bio_end_io+0x53/0xd0
[  119.138426][ T8269]  bio_endio+0x369/0x410
[  119.142689][ T8269]  blk_update_request+0x368/0x870
[  119.147728][ T8269]  blk_mq_end_request+0x26/0x50
[  119.152601][ T8269]  lo_complete_rq+0xce/0x180
[  119.157216][ T8269]  blk_done_softirq+0x74/0xb0
[  119.161922][ T8269]  handle_softirqs+0xbf/0x280
[  119.166613][ T8269]  run_ksoftirqd+0x1c/0x30
[  119.171048][ T8269]  smpboot_thread_fn+0x31c/0x4c0
[  119.176094][ T8269]  kthread+0x4ae/0x520
[  119.180175][ T8269]  ret_from_fork+0x4b/0x60
[  119.184605][ T8269]  ret_from_fork_asm+0x1a/0x30
[  119.189391][ T8269] 
[  119.191723][ T8269] read to 0xffff88811896d958 of 8 bytes by task 8269 on cpu 1:
[  119.199280][ T8269]  dio_new_bio+0x249/0x460
[  119.203717][ T8269]  dio_send_cur_page+0x1f2/0x7a0
[  119.208682][ T8269]  submit_page_section+0x1a3/0x5b0
[  119.213830][ T8269]  __blockdev_direct_IO+0x1375/0x1ed0
[  119.219235][ T8269]  fat_direct_IO+0x10a/0x1d0
[  119.223850][ T8269]  generic_file_read_iter+0x227/0x330
[  119.229247][ T8269]  copy_splice_read+0x390/0x5d0
[  119.234114][ T8269]  splice_direct_to_actor+0x28e/0x680
[  119.239504][ T8269]  do_splice_direct+0xd9/0x150
[  119.244282][ T8269]  do_sendfile+0x40a/0x690
[  119.248705][ T8269]  __x64_sys_sendfile64+0x113/0x160
[  119.253921][ T8269]  x64_sys_call+0xfc3/0x2e10
[  119.258523][ T8269]  do_syscall_64+0xc9/0x1c0
[  119.263030][ T8269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.268946][ T8269] 
[  119.271268][ T8269] value changed: 0xffff88811977ff00 -> 0xffff888108653780
[  119.278375][ T8269] 
[  119.280698][ T8269] Reported by Kernel Concurrency Sanitizer on:
[  119.286854][ T8269] CPU: 1 UID: 0 PID: 8269 Comm: syz.4.1698 Tainted: G        W          6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(voluntary) 
[  119.300425][ T8269] Tainted: [W]=WARN
[  119.304242][ T8269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  119.314311][ T8269] ==================================================================
[  119.352919][ T8279] smc: net device bond0 applied user defined pnetid SYZ0
[  119.368027][   T29] kauditd_printk_skb: 1051 callbacks suppressed
[  119.368042][   T29] audit: type=1400 audit(2000000030.830:10663): avc:  denied  { unmount } for  pid=7897 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  119.408749][ T8279] smc: net device bond0 erased user defined pnetid SYZ0