last executing test programs:

1m41.362260558s ago: executing program 3 (id=1275):
close(0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x6, 0x6}, 0x4c58, 0x5, 0x0, 0x1, 0x2, 0x20002, 0x10, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

1m40.62249904s ago: executing program 3 (id=1287):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

1m40.443199823s ago: executing program 3 (id=1289):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x890}, 0x0)

1m40.389081094s ago: executing program 3 (id=1290):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x28}, 0x1c)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
shmdt(r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040), 0xfe, 0x4f2, &(0x7f0000000b00)="$eJzs3d9rHFsdAPDvTHbvbdpcN1d9uF6wLbaSFO0maWwbfKgKok8Ftb7XmGxDyCZbkk3bhKIp/gGCiAq+6JMvgn+AIP0TRCjou6gooq0++FAd2d3ZmKa7+UE3u97s5wMnc8782O85GebsnJlhJ4ChdTEiJiMiy7LsSkSU8vlpnmKnlRrrvXj+eKGRksiyO39LIsnntT/r7Xx6Lt/sTER87csR30xej7uxtb0yX61W1vPyVH01eZll21eXV+eXKkuVtdnZmRtzN+euz033pJ3jEXHri3/6wXd/9qVbv/r0w9/f/cvkt1oNbNnbjl5qNb3Y/F+0FSJi/SSCDUih2cKW6wOuCwAAB2uc7384Ij4REVeiFCPNszkAAADgNMk+NxYvk9b9PwAAAOB0SiNiLJK0nD/vOxZpWi63nuH9aJxNq7WN+qey0u71gvEopveWq5Xp/NmB8SgmjfJM/oxtu3xtX3k2It6NiO+XRpvl8kKtujjQKx8AAAAwPM7tG///s9Qa/wMAAACnzPigKwAAAACcOON/AAAAOP2M/wEAAOBU+8rt242Utd9/vfhga3Ol9uDqYmVjpby6uVBeqK3fLy/VakvN3+xbPezzqrXa/c/E2uajqXploz61sbV9d7W2uVa/u/zKK7ABAACAPnr3wtPfJRGx89nRNCKyZM+yYkQ2snflQv/rB5yc9Dgr//Hk6gH038igKwAMjFN6GF7FQVcAGLjD+oGuD+/8uvd1AQAATsbEx3bv/zdTw1v5smSgNQNOWn7/P3Gsw/Bx/x+Gl/t/MLyKB50BGBTAqZce4VB/8/v/WXasSgEAAD031kxJWs7HAWORpuVyxDvN1wIUk3vL1cp0RHwoIn5bKr7dKM80t0xcHgAAAAAAAAAAAAAAAAAAAAAAAACAI8qyJLIuRnfXAQAAAD7IItI/J/n7vyZKl8f2Xx94K/lXqTmNiIc/vvPDR/P1+vpMY/7fd+fXf5TPv9bvqxcAAABAJ+1xenscDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99OL544V26mfcv34hIsY7xS/Emeb0TBQj4uw/kijs2S6JiJEexN95EhHvdYqfNKoV43kt9sdPI2J0wPHP9SA+DLOnjf7n852OvzQuNqedj79Cnt5U9/4v3e3/Rrr0f+90+sD09VnvP/vFVNf4TyLeL3Tuf9rxky7xLx2xjd/4+vZ2t2XZTyMmOn7/JK/EmkoK96c2travLq/OL1WWKmuzszM35m7OXZ+bnrq3XK3kfzvG+N7Hf/mfg9p/tkv88UPaf/mI7f/3s0fPP9LKFvctKsZPsmzyUuf9/16X+O3vvk/mu7tRnmjnd1r5vc7//DfnLxzQ/sUu7T9s/08esf1XvvqdPxxxVQCgDza2tlfmq9XK+vEyScTOG2wuM1yZ0ehj0Pk4aJ32SWwf6vPtPNT/xS44dmZwfRIAAHAy/nfSP+iaAAAAAAAAAAAAAAAAAAAAwPA67GfAogc/J7Y/5s5gmgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKD/BgAA//+6ychX")
sendto$inet(r1, &(0x7f0000000340)='\x00', 0x1, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ustat(0x0, 0x0)
memfd_secret(0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_getnetconf={0x14, 0x52, 0x311}, 0x14}}, 0x20000804)

1m39.360695991s ago: executing program 3 (id=1298):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x80, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x54, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'wlan0\x00'}, {0x14, 0x1, 'wlan0\x00'}]}]}]}], {0x14, 0x10}}, 0xc8}, 0x1, 0x0, 0x0, 0x890}, 0x0)

1m36.502291398s ago: executing program 3 (id=1344):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=@ipv4_getroute={0x1c, 0x1a, 0x134, 0x70bd2d, 0x25dfdbfb, {0x2, 0x14, 0x0, 0x8, 0xfd, 0x2, 0xfe, 0x3, 0x2000}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x5)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000000000070000001812", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000a25b63677aed69d7de830d93493d5ff70c173fad9a72c783879cb4897beb33a69f066737a7a6ec5840cf3b"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x200)
syz_mount_image$ext4(&(0x7f0000000200)='ext3\x00', &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)={[{@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@dioread_lock}, {@discard}, {@grpquota}], [{@seclabel}]}, 0x1, 0x44a, &(0x7f0000000880)="$eJzs28tvG0UYAPBv7SR9Qk1VHn0AgYKIeCRNWkoPXEAgcQAJCQ7lGJK0CnUb1ASJVhEEhMoRVeKOOCLxF3CCCwJOSFzLHVWqUC4pcDHaeDexXSetg5MN9e8nbTKzO87M592xZ2eyAfSswfRHErE3Iq5FxL56trnAYP3XzcX5ib8W5yeSqNXe+jNZLre0OD+RF81ftyfP9EWUPkvicJt6Zy9dPjderU5dzPIjc+ffH5m9dPm56fPjZ6fOTl0YO3XqxPHRF06OPd+VONO4lg59NHPk4GvvXH1j4vTVd3/+Nsnjb4mjSwbXO/hkrdbl6op1T0M66SuwIXSkXO+m0b/c//dFOVZP3r549dNCGwdsqlqtVntg7cMLNeAulkTRLQCKkX/Rp/e/+bZFQ49t4cZL9RugNO6b2VY/0helrEx/y/1tNw1GxOmFv79Kt9iceQgAgCbfp+OfZ7PxX9PCTyka54XuzdZQKhFxX0Tsj4iTEXEgIu6PWC77YEQ81GH9rYskt45/Stc7/JMdScd/L2ZrW83jv3z0F5VyxD/5cLkS/cmZ6erUsew9GYr+HWl+dJ06fnjlty/y9LWl5mON4790S+vPx4JZO6737Wh+zeT43Ph/Djxz45OIQ33t4k9WVgLSy+JgRBzaYB3TT39zZK1jt4+/2UBjpgvrTLWvI56qn/+FaIk/l6y/PjmyM6pTx0byq+JWv/x65c08uaflWKfxd1t6/ne3vf5X4q8kjeu1s53XceX3z9e8p9no9T+QvN2078PxubmLoxEDyev1RjfuH2spN7ZaPo1/6Gj7/r8/Vt+JwxGRXsQPR8QjEfFo1vbHIuLxiDi6Tvw/vfzEe817kg7i31xp/JMdnf/VxEC07mmfKJ/78bumSivRQfzp+T+xnBrK9tzJ59+dtGtjVzMAAAD8/5QiYm8kpeGVdKk0PFz/H/4DsbtUnZmde+bMzAcXJuvPCFSiv5TPdNXng+vzoaPZbX2eH2vJH8/mjb8s71rOD0/MVCeLDh563J41+n/qj3LRrQM2nee1oHfp/9C79H/oXfo/9K42/X9XEe0Atl677/+PC2gHsPVa+r9lP+gh7v+hd+n/0Lv0f+hJs7vi9g/Jb9fEzu3RjN5MRKm42vMZqsLfhLs4UfAHEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJf8GwAA///y2ej8")

1m36.501899767s ago: executing program 32 (id=1344):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=@ipv4_getroute={0x1c, 0x1a, 0x134, 0x70bd2d, 0x25dfdbfb, {0x2, 0x14, 0x0, 0x8, 0xfd, 0x2, 0xfe, 0x3, 0x2000}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x5)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000000000070000001812", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000a25b63677aed69d7de830d93493d5ff70c173fad9a72c783879cb4897beb33a69f066737a7a6ec5840cf3b"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x200)
syz_mount_image$ext4(&(0x7f0000000200)='ext3\x00', &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000240)={[{@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@dioread_lock}, {@discard}, {@grpquota}], [{@seclabel}]}, 0x1, 0x44a, &(0x7f0000000880)="$eJzs28tvG0UYAPBv7SR9Qk1VHn0AgYKIeCRNWkoPXEAgcQAJCQ7lGJK0CnUb1ASJVhEEhMoRVeKOOCLxF3CCCwJOSFzLHVWqUC4pcDHaeDexXSetg5MN9e8nbTKzO87M592xZ2eyAfSswfRHErE3Iq5FxL56trnAYP3XzcX5ib8W5yeSqNXe+jNZLre0OD+RF81ftyfP9EWUPkvicJt6Zy9dPjderU5dzPIjc+ffH5m9dPm56fPjZ6fOTl0YO3XqxPHRF06OPd+VONO4lg59NHPk4GvvXH1j4vTVd3/+Nsnjb4mjSwbXO/hkrdbl6op1T0M66SuwIXSkXO+m0b/c//dFOVZP3r549dNCGwdsqlqtVntg7cMLNeAulkTRLQCKkX/Rp/e/+bZFQ49t4cZL9RugNO6b2VY/0helrEx/y/1tNw1GxOmFv79Kt9iceQgAgCbfp+OfZ7PxX9PCTyka54XuzdZQKhFxX0Tsj4iTEXEgIu6PWC77YEQ81GH9rYskt45/Stc7/JMdScd/L2ZrW83jv3z0F5VyxD/5cLkS/cmZ6erUsew9GYr+HWl+dJ06fnjlty/y9LWl5mON4790S+vPx4JZO6737Wh+zeT43Ph/Djxz45OIQ33t4k9WVgLSy+JgRBzaYB3TT39zZK1jt4+/2UBjpgvrTLWvI56qn/+FaIk/l6y/PjmyM6pTx0byq+JWv/x65c08uaflWKfxd1t6/ne3vf5X4q8kjeu1s53XceX3z9e8p9no9T+QvN2078PxubmLoxEDyev1RjfuH2spN7ZaPo1/6Gj7/r8/Vt+JwxGRXsQPR8QjEfFo1vbHIuLxiDi6Tvw/vfzEe817kg7i31xp/JMdnf/VxEC07mmfKJ/78bumSivRQfzp+T+xnBrK9tzJ59+dtGtjVzMAAAD8/5QiYm8kpeGVdKk0PFz/H/4DsbtUnZmde+bMzAcXJuvPCFSiv5TPdNXng+vzoaPZbX2eH2vJH8/mjb8s71rOD0/MVCeLDh563J41+n/qj3LRrQM2nee1oHfp/9C79H/oXfo/9K42/X9XEe0Atl677/+PC2gHsPVa+r9lP+gh7v+hd+n/0Lv0f+hJs7vi9g/Jb9fEzu3RjN5MRKm42vMZqsLfhLs4UfAHEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJf8GwAA///y2ej8")

2.467726649s ago: executing program 0 (id=3087):
sigaltstack(0x0, 0x0)
sigaltstack(&(0x7f00000000c0)={&(0x7f0000000000)=""/189, 0x3, 0xbd}, &(0x7f0000000140)={&(0x7f0000000100)})
sigaltstack(&(0x7f0000000100)={&(0x7f0000000180)=""/222, 0x80000000, 0xde}, &(0x7f0000000300)={&(0x7f0000000280)=""/92, 0x0, 0x5c})

2.467411429s ago: executing program 0 (id=3088):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x27923244}, 0x9)
r2 = open(&(0x7f0000000280)='.\x00', 0xc8180, 0x0)
fcntl$notify(r2, 0x402, 0x8000003d)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x36)
openat$cgroup_ro(r3, &(0x7f0000000240)='freezer.state\x00', 0x275a, 0x0)

2.46664016s ago: executing program 0 (id=3089):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
r1 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd736, 0x8, 0x3, 0xbffffffa}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000800018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x40)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80, 0x6000})
io_uring_enter(r1, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)

2.40371445s ago: executing program 0 (id=3090):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)
sendmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{0x0}], 0x1}}], 0x1, 0x4004808)
recvmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x19, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=<r5=>r4, @ANYBLOB="0d030000000000000000130000001c000980080002"], 0x30}}, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYRES8=r5, @ANYRESHEX=r4], 0x48)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x19, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70400000800000085000000950000009700000000100000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
perf_event_open(&(0x7f00000004c0)={0x8, 0x80, 0x0, 0xc, 0x0, 0x0, 0x82, 0x200000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x18204, 0x0, 0x3, 0x0, 0x6, 0x5338c7af, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, 0x0, 0x20001c15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="94000000e2c347e0003ed6650d9618af046bc0eca15dbc8d944ec24a3ab85f59e7cb822f590484f286de1e18c36e465bf9f5f4a9cb1eae78e1a2f0a2ef7ef0b4a487b803c9da195317836fbd813589842e8564d4f02bf166c4b3fe0cb865cdd60c3fcebe519fcfa950958360ae3efd2a9a3881e063b84055101fe8fe18d5f67052237b9afd8b65efda08b59b8ac890c4dfc53c3b34980997c47b402fb68352a5d7188ac943c3", @ANYRES16=r2, @ANYBLOB="5953fdfffffffddbdf256b00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900ffffffff750000006c001d806800008054000d805000028018000100480448160201186004300918280b030b361b16091400050005000df5001004000000020000000600050007000000000005000600000000000500040001000000050006000100000005000a000100000005000b0001000000"], 0x94}}, 0x20000000)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x5, 0xd, 0x3, 0x4, 0x13, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x2, 0x2, 0x8001, 0xe}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_LINK={0x8, 0x3, 0x80000000}]}}]}, 0x7c}}, 0x24040084)
ioctl$SIOCX25CALLACCPTAPPRV(r7, 0x89e8)

1.85178592s ago: executing program 0 (id=3108):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x100}, 0x18)
setreuid(0xee01, 0xee01)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB], &(0x7f0000000280)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

1.734909801s ago: executing program 0 (id=3112):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x2, 0x64, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x5, 0x2, 0x0, 0x70bd2d, 0x25dfdbfe}, 0x10}}, 0x4)

1.664650763s ago: executing program 5 (id=3117):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)
sendmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{0x0}], 0x1}}], 0x1, 0x4004808)
recvmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x19, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=<r5=>r4, @ANYBLOB="0d030000000000000000130000001c000980080002"], 0x30}}, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYRES8=r5, @ANYRESHEX=r4], 0x48)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x19, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70400000800000085000000950000009700000000100000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
perf_event_open(&(0x7f00000004c0)={0x8, 0x80, 0x0, 0xc, 0x0, 0x0, 0x82, 0x200000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x18204, 0x0, 0x3, 0x0, 0x6, 0x5338c7af, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, 0x0, 0x20001c15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="94000000e2c347e0003ed6650d9618af046bc0eca15dbc8d944ec24a3ab85f59e7cb822f590484f286de1e18c36e465bf9f5f4a9cb1eae78e1a2f0a2ef7ef0b4a487b803c9da195317836fbd813589842e8564d4f02bf166c4b3fe0cb865cdd60c3fcebe519fcfa950958360ae3efd2a9a3881e063b84055101fe8fe18d5f67052237b9afd8b65efda08b59b8ac890c4dfc53c3b34980997c47b402fb68352a5d7188ac943c3", @ANYRES16=r2, @ANYBLOB="5953fdfffffffddbdf256b00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900ffffffff750000006c001d806800008054000d805000028018000100480448160201186004300918280b030b361b16091400050005000df5001004000000020000000600050007000000000005000600000000000500040001000000050006000100000005000a000100000005000b0001000000"], 0x94}}, 0x20000000)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x5, 0xd, 0x3, 0x4, 0x13, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x2, 0x2, 0x8001, 0xe}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_LINK={0x8, 0x3, 0x80000000}]}}]}, 0x7c}}, 0x24040084)
ioctl$SIOCX25CALLACCPTAPPRV(r7, 0x89e8)

1.551348445s ago: executing program 4 (id=3119):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x0, 0x0)

1.334147078s ago: executing program 4 (id=3124):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x27923244}, 0x9)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x36)
openat$cgroup_ro(r2, &(0x7f0000000240)='freezer.state\x00', 0x275a, 0x0)

1.261013269s ago: executing program 4 (id=3126):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x2004000, &(0x7f0000000040)=ANY=[@ANYRES64=0x0], 0xfe, 0x1227, &(0x7f00000024c0)="$eJzs3M9rHGUYB/DHTdrUxPxQa7WC9MVe9DIkOXhRkCApSBeUthFaQZiajS4Zd0NmCayI0ZNXL/4BXsWjN0G86SUe/Bu85eLRgzrSnbY2djVotRPD53PZh33nC8+7s7zwLvvO/gsfv7O5UWYb+SBaD7wYra2IyV9SpGjFLR/Es89/8+1Tl69eu7jSbq9eSunCypWl51JKc+e+ev29z5/+ejDz2hdzX07F3sIb+z8u/7B3Zu/s/q9X3u6WqVumXn+Q8nS93x/k14tOWu+Wm1lKrxadvOykbq/sbB8Y3yj6W1vDlPfWZ6e3tjtlmfLeMG12hmnQT4PtYcrfyru9lGVZmp0O7sXaZz9VVRVRVSfiZFRVVT0Y09GKh2I25mI+FuLheCQejdPxWJyJx+OJODu6qum+AQAAAAAAAAAAAAAAAAAA4HgZd/5/5q7z/59EjDv/f67h5gEAAAAAAAAAAAAAAAAAAOCYuHz12sWVdnv1UkqnIoqPdtZ21urXenxlI7pRRCcWYz5+jtHp/1pdn4z26mIaWYgPi92b+d2dtYmD+aXR4wTuyl94ub26VOfTwfxUTN+ZX475OD0+v/yH/PlR/lQ8c/6OfBbz8f2b0Y8i1uNG9vf8+0spvfRK+3b+u7167usN3hcAAAD4N2XptrH79yz7s/E6f9jvAzf214tj9/eT8eRks3Mnohy+u5kXRWe78eJWR/U7uxFxRBr7x0UrIo5AG39RnDj0mpkGGvt0JuIe4hMHvkhH4nP+PxaHrRwT/+m6xP1x86ZPNd0HAAAAAAAAAAAAf8/9+Dth03MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dd24FgAAAAAQJi/dRodGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAQAA//+siMjP")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
lseek(r0, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000005e00010026bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="020000007ecd2b22c86cec560e31811ab0eb6e44700ada1daa0e77084a0e3572360715285a237be2b5481c0fd664e822a9775ec9351dd755e41ef2e974a521f04f6d943572f53cc9a2caf928d18ec0802d4c6c5faca53cecbf6e356bc3ed28e89df2c614fe07c1ec385cda45e497108e5ecb654ccf523c73f2ade1f7af78cd0797028fb6c687fa86dec8b2984cf37098f1e61c84f201a829df8fd51c41e94f503cbbc10dafecd34ec6796d6aeafdea780d10"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x90)
getdents(r0, 0x0, 0x58)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001400)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000ff0f00000000000000000000850000004f0000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ff5d52cd161de0e0a8f0e6492e49ffffb70200000800779f2c0000b703000000000000"], &(0x7f0000000980)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x25}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x505000, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r4=>0x0})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000200)={'sit0\x00', &(0x7f00000001c0)={'ip_vti0\x00', r4, 0x8000, 0x7, 0x9, 0x1d, {{0x5, 0x4, 0x2, 0x5, 0x14, 0x68, 0x0, 0x9, 0x29, 0x0, @loopback, @private=0xa010101}}}})
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0x2, 0x4}, 0x6)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x6, 0x6, 0xfffffffc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd28, 0x4, {0x0, 0x0, 0x0, r10, {0xe, 0xfff1}, {}, {0x7}}, [@filter_kind_options=@f_bpf={{0x1c}, {0x20, 0x2, [@TCA_BPF_FLAGS_GEN={0x0, 0x9, 0x8896}, @TCA_BPF_FD={0x8}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003700)=@ipv6_delroute={0x1090, 0x19, 0x400, 0x70bd2d, 0x25dfdbfc, {0xa, 0x10, 0xa4, 0x9, 0x0, 0x0, 0xfd, 0xb, 0x2000}, [@RTA_ENCAP={0x70, 0x16, 0x0, 0x1, @SEG6_LOCAL_SRH={0x6c, 0x2, {0x7d, 0xc, 0x4, 0x6, 0x5, 0x40, 0xc9, [@remote, @mcast2, @private0, @mcast2, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @dev={0xfe, 0x80, '\x00', 0x3c}]}}}, @RTA_METRICS={0x1004, 0x8, 0x0, 0x1, "c3b5e700f2b36fa8db09aa243d47047c2b3abde658d179d9c2946eb7ff0c0466de480bf3d997e0203aa38abc548d04d066927ae4ffa1d2c09b4b16a847e5aa49b52eb79e7ceec3bcdc273dac58585949ba55b682a99e447932c4504c1049c8b8cf80e99c497b9f6b61b72fff72798cdab59a0c45cf18340c371a41d390f9f9912fa8ca206f3a1b3d25df48ad875a2b09714a4faac53bf260a0a7d4f4e15ff698fb9f9959eef07d3058f17ae5fb54cd5dca7f72e742f7f87e83e0595dfd1ac8229c37bbb6a6b698ff9de7bfb367fb9a3ab347240a69928ccbc2aaa8b461b463cd529a1b073ac4b3cbeaa9ba9d0410ffb8d7f65374c51b2d4b59509b6e308eec4466b42ec98a6b9f7825aa19c31dcab15c6c3ec3d4f0dccd065f1c605f6df0a278fee09604d3cc9fab21ccec2eb8faecaf9625bb5b499ed4a754b8de0f07d6dee47bc4ca2a5c8cda2cabeac7f68c6e49d18ef4506983371eb71a0693cb29f5f512c9b51f3d18a1f7a7c0d8a14b05b75108f34ae061523a671006d1af0c73191a9f938a94a6a0f6fd4502a80dc70a3c21b2db96c8355c67955b22fd41b71bc3973f2ba607dbd5566008da7a8a43e34ee645e97ac7bb19d0566a9ae9050a6ee2cc8be95cc747ed25ec3dd6265931fa25a7a5bcebe1e726d6f1e700759f14e0bf27c380c929dd5e3d082bde96df1e21e4ea8f3495461fa10cf0a07891436c50e0e630fb9116ecab65a173b5457aa9a4fb78a5cd2bbe49264301e4de7e9b052c326287a3e94416617f1fc573ec6b172e4cd6f521bf7a5ba175b024e4197f3c44d30d0a2bd705abb9a8a7d7cce7920b1a23933def548cedf93f3ad772a8efb482d3cb0d8775f5431df2dff9c1c52bd0122d72204c869b780f927bb93b2e8fa058091d2f51fe3db9f9335aa2b3918e049977e980310e6e944872b79891195154adb585d7e0933544231f24728260a9990f750c5195e129b17919d093cd2ac79b8dab06b6c6d3171036b83cb722cae97783fbbd8126f5a296602132235718faea2af4b6d64e860b5021421317c64923276f0bc8980ed074ee19519da9d2b28ac07e187de62fcdef34101f3d4991f2773fc01e3db0af6e7958e4a4e425530ea277c46d1d14dc88e16500be439fcc9e320200c66c15cfc7f3ada8ed4ae2701ca1cdcb911928903dc7b51f54419ace9eb7834d448be5007f4bcac6e7f301286855c29a0767faf21e1e165998b75f828c6c0c7f3330384b4b4ae520eaf83e15212598c1b5a67001e38b6f44ae3d9c85285d489a44b8b3550c5a8657cedaaf5a92a196da785c6545fb38cb20229f6382580fdec3f68714cc31fdb87c41d73e78152bd38f0587d607b41e415271c1906c6e76cc52deb4f900a6346a4b9ec84389d2d75c919d9a500cbb9c428d5d6735cb65e005264ba7926d16bb68b8b79d351408013fea064af33f15ac49457a5977245df66e0f645e6761f6880905678ad83396fce5228daa270d76b5667ed0e1ba4cad3f9d9d6b12d900be70083bf1a644146bb312c1288aeddff8a552ebb11828794f3ac3b2b6214ebed65c69c110f5b92c120b086333748777176cf630685aa846a211fabe12ad3526b167445a5b7d96de1d91993fe1bbd3219061ab6540b06c2b813853e497abc82f7c3e2de5f4d321b60465a21ba84ee48b5ab7132fffa5a696ed9dbcb96eb64bbad1e9310b5afa120c710d92b28e040e8ac1741bab5b3b9803a4e63d010126d35ca32c2dd3ce2afcbffb0eced66f0e05f83e602d9da5407cd517d671d47a1ecb5e7b4fe4b544f5f84e1dba8dbaac238725a25bde87dc291f96bea211b4f758e0d469c62563150d26a2ebf8831a161b243a7807bfc1421eaca21c0e80e1df0ed11caf0d1688b1f339d346986991544260600b0e914a4f096d8e3792221e89c198be53e7bfa3885aebdb0410b9db309c501bad0b6d88fe5a87aca351cb26a1e424f5f070509a148daeb7e91ad567dc2789be071667039dfa4935101f915facf68a9b153e0998af222188cc4f04e4febf3b05f7315e82268fa1c06d88b2e6a78d4f63d6257efa2300cd0eecb038c32169a86ad8e842cac3ba7c9e787e8cc5e2c65059d4a79506a39a51b9283ca7f3a77127b6e81370dc106bb0251d44a9128e23631152c5b7fb78559b0e76adb0e931df63c79746700754a777505efb7d8441c0f0b9235ad7205f1ba235c19131163bcd5f94f3aa199624a67a9519b74b61ce101ccb6ee3525d8a85a87f79799f1e7b2f1b8cb9f29b73efe6bf9eb34cbeb538e6af771b74c749e7841e758f777d28687d00ae6a9c2c39fc007e48d272201e3a97fe47a4b610d412d78d1ea8897358d1c8f29bab57ef207ccfd95bf686b7417ab527482e105259a9e20fb4e822e1b9ea9ad583406729bab1d89c71c39002bb054c7d126260f36e77e0bbb3cb76ebe65b2e0467cfcd55e655cb477020e76f4a70568f59d11d429d475998992f12be6d81b5e8e0ba800cd5b610c5d3f27c213e9e6fa1a4f415f865af3221b48bc05f516173afbdc966f4b7a11feb89ac33671e9f7d9a35b0c951ca0266b4e95df0ad0c89504ab22e3e05325cf71e461bff92323c0f2a02c0217de8c1216675a3e78dbb70d3085b2b9c81f89e075bc055eb4e1a3c478e96dc9da7df68e734dc5941066bd9c00c51d2fafba372071bdc17a02b7580495169759000424723a36941558d36395ed2764e637852f3bf79a92c296a5267a2e5a2a9c1dfa014b5a320f360170b83db163257c05aa162167047470a406b7b8358286b000ab2159cb4a0817c6c335756682b1dcfe8f2c8ff8c5e05979d8dcb8023f5d720676a730382308af64f4b71fa1497703920e098908fa8b9c1726a640c50fd1ec418bcf8d7999223f7601ffed97499d552981ff451f38f3c3ea707dfb1d785e3486117b76f2ed839e4f6888748e7721df39314847e042d68eab58fd3d9a91f59c344a9ccadb14782c3f23aa464c5121631fd8e53714783ba4dfa1cded3e55b20e398f94e3a15d26e06d47ffaa00f26dd4ca5fc87e03892d7d6c6482bc9792faca91a5bbe143ddc6e49b76742e0dd45148f2724e8c1b9bc218cb75b465629415aa1c103d89b3ef323cc47e682832e9e944434ce86d354576cb2154ff2325231a71e094226818c00bec533a9e87c32c3c5973a07b393e58612a19aa6cb559d0ce22da4fbc9551d35e778f06e55bd1ccf4cc641e4394d5e79b64137c901994242a7c293cac3a74578cb9b7b5c04398f9164477eca9494485c2225b2666c7cecd7f9c9c110ffaf04bf0528250335e418a752392fb6e3ffe04ebfa82f67de17a2b9906091db6e1c18343f26583744bbb9649f6598fbba9280a3c3a30290a94608ba280e96adc17526d2431a9f5c908d91afc2159a3a193ac4c205d52474fc94d5bfef2f16a7623bca968385e35099767ba86eb2dc7652dd5b58dc007cf3766de39e669277e9454e375da4af48272f4eb154dddb9a600a335c93de71e7832e11190b3c3c249db6bab0ad98731dee0ffe84252ba2c17c4a415ea4a0e93ab4f23ae5a754c5da812b56fd27db9fd8d4049dccec6f5a8097ba43ff495e52cb57103a60c5902b665599dc6d52d9cd4dbba517cc99020263f6e133ee8d820c07f6df5d62fa926ef994664834cad98e580abcd4a809a6e2bb8a0f8b0e0956a3b5f08359daf0c7baa3a3ba662f6a450ef4a161f3ae12f2b040296bfec5d2f5b191bc4395b8d728b82190d35324a39b24c3016a1edfde0dc02d8bfeb4046310eb217f0d671375f7232c52a94712fea6fb5eacbce307f2b383449b26676932803914b6294295d46bb35ca9240425dd1cce3b21583b80f9cf6321cb5a8dd2f1aa9ecc27fb14aad23876d5e89a2006ca99b3f0e1233d37f757e139ac7eee4d88845fbc48b8892e31ce46fd8091871ecced58507d94d07ffa377beac243e4131fb493fb1e2a2ede278d305e5833f8372216a5384ddb3fd9f40ac5faec29ee33d904ef1d40edf74873b70c448a776d33ac53b6b6f07212202892cc76ac274ccf476c7335235f5ae08a374bdd85df2cc1f68246110bae9f2826b6089edcf018dfe5ac7dd8f53aa43556d5857b03d0b176916e710d95f6d3271c1fa782b6251bb046c94d8b2f7e56f5d9a8ced02d3b02740a8b35ee5663260e65ae26da10518a96d1a6d6633cc45f9d9852445eb2b83e9ca858d9705971e3a7343a04ae173ba5a7e9811f5fe46761f6a8076610e240815f160b49fa5cb58cc36ce7d3b0ee225fe20b9fbe27ec76f8fc27266d899be84885d00d67af55bf33319de4abbd505eece0facd6a4bc6eb776ee68caf6430117b41b7cefcba2a6ddc83bc022791688b8f8c1694fd29665ef44a15312e62b0a7da9ccc4d22de2d3e721c741579888ecbd512d4968e6aa92a58ba74ee6c4ea1032574aae7444839c12c464fe5b7e297c8df751f494d9e22450e65b9521d5e37b95d6bb9b3fa387d0c063e3858397b5c37bf3ef99d7567edf359cdba8b183be9ff59e689d52257470326609cbb6458dfb9490ccaad412671b03e16d62051c9947681f4dbdf9b77c43073728f49936dcab17d119259ea95b3ef29bbd0ec5c95816a5f49420d4520c9034740036935f10f9745e470012dc808c3c801bb9013255a35345d8907fd6be4d07eebafaa6a09af03517a0509221dd99854089d504154e25483cafcc9088ba4026b703d49ad7abfbde36cec569a23b53f17aebb32d70f2c89915926c985df4ca396eba2f76adae19ef562202c096b96b66da4ebbb13f91916e9a1ff2ce70bfe79aa52f1f0d82f91861644283de26372689f54d380430f1690ff028cc4819a79621f036f7e4c0a8826ed3770a9d03a26755579f6449dc3f3c96a6c91af5465daff1481608602c56335cea053fc0a45b7a1e4b098e799e9380b7a408e11bf4cd411d865cddfbe2ebaad5666a159b890b26965c94715c4973e7b270e7f03667f8b861746da786e13ba9d1aa6129099759e20f821e8d23a622d110b5070a5ef832c2ed22eb0e26a2377e4cc0603606a3a30446d163ef4081dc1ed9ff9d3de7a7c8ebc3f8843a2fe589087fc6c4c1c28edf305f91478a45a90bb401dfa783550f7d8420384958ee3c6318b6c9df9e5f1725645a0bd110f8006c32923c67088dc5e2acae80b899679645706f6e46f6978adf775e790dfa15509400cc8ce1324f80dd14feb5c56fb11ac9ba61c16978aede8f96ead34359ee1fdb262c2ba859287fe799892c98f6fcc2c8ec9db3f021f1afd9033b9896fccd4a3c889aa798898444406e3e834964fca31b218819989dbafe192e37792b7eb3df6e71818101a9b91359cb8a79e22819120cefeb920acf46b5473e454d1d1f3b358121484a47c34e7e078c58195dd4c2b191b771ed6feb2cc61346b45a84e01acff9af8d9a8e69ed82f6aa3b6fd5fd161d3ce3eff3252bd742d6bb8770f759f387fc3f0d03f7a913df2f03b45fc7dad96692801258dfba5fe58baa144be14a9b43dfc66e8f6a4f651d642d43050677c192f0a14a429d092a6b6f77ed2865bcaeb5bb8dbd0f3ad77f51cb062e625da8d1b14c72479b424ae48ad4ce8fea68f2e0a3d362dff43df1c693a8c8f5a4f2b9f79c29ba8c5e3e68efd1eb4e73d7d85a369e642786bdb6be92b18763a85ab7948fc662adfcdd2b66afbb7aca638bbb4da5fe0c1b21b0e5e0b762944b1e7e61104f5c61cd54f89b9ebd6b7aaf1319de2bf4485ea396a4bd0005a45538766b557d4b8178ee1b5d7a0867a9e825d76197c7635642596b7ace7bdffa1730dd012"}]}, 0x1090}}, 0x8000)
getsockname$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x14)

1.236205739s ago: executing program 2 (id=3128):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r0}, 0x18)
stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500))

1.179413251s ago: executing program 1 (id=3129):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x1000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x34000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0xc8, 0xfffffffe, 0x0, 0x9, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r2}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000fffe8000000000000010"], 0xfdef)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0xffffffffffffffae}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xfdef)

1.156452141s ago: executing program 2 (id=3130):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x27923244}, 0x9)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000280)='.\x00', 0xc8180, 0x0)
fcntl$notify(r3, 0x402, 0x8000003d)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x36)
fcntl$notify(r2, 0x402, 0x2)
openat$cgroup_ro(r4, &(0x7f0000000240)='freezer.state\x00', 0x275a, 0x0)

1.139017421s ago: executing program 1 (id=3131):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="5c00000012006bab9a3fe3d86e17aa0a076b876c1d000c6c7ea60864160af365040043000a001d002b7f6f4c9ee517d34460bc060000f0a705651e6182949a3651f60a84f709d182c5bb5b64f69853362a65a113827e4b4237268a9a", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@mcast2, 0x0, 0x0, 0xff, 0x3, 0x600, 0x600}, 0x21)
socket$packet(0x11, 0x2, 0x300)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)="8724866f", 0x4}], 0x1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000780)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1a04"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
add_key$keyring(&(0x7f00000001c0), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
close(r5)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r5, 0x4010744d, &(0x7f0000000180))

1.051813192s ago: executing program 2 (id=3132):
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='mm_page_alloc\x00', r0}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
io_setup(0x6, &(0x7f0000000300)=<r3=>0x0)
io_destroy(r3)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0xb)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r5 = msgget$private(0x0, 0x794)
msgsnd(r5, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x64, 0x1, 0x0, 0x0, 0x0, 0x210e, 0xc0002, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b80, 0x2, @perf_bp={&(0x7f0000000040), 0xe}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x2, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0xb)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000280)=0x3)
ioctl$TIOCSSOFTCAR(r7, 0x541a, &(0x7f0000000000))
r8 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r8, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
msgctl$IPC_RMID(r5, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)

964.479554ms ago: executing program 1 (id=3133):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, 0x0, 0x0}, 0x20)
close(r0)
r2 = inotify_init1(0x800)
fcntl$setstatus(r0, 0x4, 0x2c00)
fcntl$setown(r0, 0x8, 0x0)
fcntl$setsig(r2, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000200), &(0x7f0000000280)=r4}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18)
rt_sigtimedwait(&(0x7f0000000040)={[0xf7ffffffffff7ffc]}, 0x0, 0x0, 0x8)
inotify_add_watch(r2, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3UFvG1kdAPD/OHZp2nSTBQ6wEsvCLkorqJ1s2DbiUIqE4FQJKPcSEieK4sRR7LRNVEEqPgASQoDECS5ckPgASKgSF44IqRKcQYBACFo4cIDOyvY4TVM7cVs3TuPfT5rMmzfz/H/P0YznzTzNBDC03oqIqxHxKE3TCxExnuXnsil2WlNju4cP7sw3piTS9Po/k0iyvPZnJdn8bFbsdER87csR30yejlvb2l6Zq1TKG9lyqb66XqptbV9cXp1bKi+V12Zmpi/NXp59b3aqL+08FxFXvvjXH3z3Z1+68qvP3PrTjb+f/1ajWmPZ+r3teEb5g1a2ml5ofhd7C2w8Z7DjKN9sYWa00xYjT+Xcfcl1AgCgs8Y5/gcj4pMRcSHGY+Tg01kAAADgFZR+fiz+l0SknZ3qkg8AAAC8QnLNMbBJrpiNBRiLXK5YbI3h/XCcyVWqtfqnF6ubawutsbITUcgtLlfKU9lY4YkoJI3l6Wb68fK7+5ZnIuL1iPj++GhzuThfrSwM+uIHAAAADImz+/r//xlv9f8BAACAE2Zi0BUAAAAAXjr9fwAAADj59P8BAADgRPvKtWuNKW2//3rh5tbmSvXmxYVybaW4ujlfnK9urBeXqtWl5jP7Vg/7vEq1uv7ZWNu8XaqXa/VSbWv7xmp1c61+Y/mJV2ADAAAAR+j1j9/7QxIRO58bbU4Np3or2uNmwHGV300l2bzDbv3H11rzvxxRpYAjMTLoCgADkx90BYCBKQy6AsDAJYes7zp457fZ/BP9rQ8AANB/kx/tfv8/d2DJnYNXA8eenRiGl/v/MLya9/97HcnrZAFOlIIzABh6L3z//1Bp+kwVAgAA+m6sOSW5YnZ5byxyuWIx4lzztQCFZHG5Up6KiNci4vfjhQ80lqebJZND+wwAAAAAAAAAAAAAAAAAAAAAAAAAQEuaJpECAAAAJ1pE7m/Jr1vP8p8cf2ds//WBU8l/xyN7ReitH1//4e25en1jupH/r938+o+y/HcHcQUDAAAAhsIzvcC/3U9v9+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJ8ePrgz356OMu4/vhARE53i5+N0c346ChFx5t9J5PeUy0XESB/ijzb+fKRT/KRRrd2Q++Mn7bIvaOfugfFjIvsWOsU/24f4MMzuNY4/Vzvtf7l4qznvvP/lI55Yfl7dj3+xe/wb6bL/n+sxxhv3f1HqGv9uxBv5zsefdvykS/y3e4z/ja9vb3dbl/4kYrLj70/yRKxSfXW9VNvavri8OrdUXiqvzcxMX5q9PPve7FRpcblSzv52jPG9j/3y0UHtP9Ml/sQh7X+nx/b///7tBx9qJQud4p9/u0P83/w02+Lp+O3fvk9l6cb6yXZ6p5Xe682f/+7Ng9q/0KX9h/3/z/fY/gtf/c6fe9wUADgCta3tlblKpbxxYhONXvoxqIbEMUx8u68fmKZp2tinXuBzkjgOX0szMegjEwAA0G+PT/oHXRMAAAAAAAAAAAAAAAAAAAAYXkfxOLH9MXd2U0k/HqENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAX7wcAAP//ZWfZVg==")
fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_register(r5, &(0x7f00000000c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x9, 0x3a, '+\'', 0x3a, '', 0x3a, './file2', 0x3a, [0x46]}, 0x2a)

963.588344ms ago: executing program 4 (id=3134):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x101682, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@const={0x0, 0x0, 0x0, 0x9, 0x3}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x28}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x28)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000000)=0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000feffffff850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r3}, 0x18)
r4 = memfd_create(&(0x7f0000001040)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1\x8c.?}jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
write$binfmt_script(r4, &(0x7f0000000300)={'#! ', './file0'}, 0x17)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r6, 0x0, 0x7}, 0x18)
socket$tipc(0x1e, 0x2, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000800)={r5, 0x0, 0x0}, 0x20)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000011008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x40840)

883.435015ms ago: executing program 5 (id=3135):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x3}, 0x1c)
listen(r1, 0xbf2d)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x20181, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r2, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x2, 0x0, 0x14}, @ipv4=@tcp={{0x6, 0x4, 0x0, 0x8, 0x65, 0x68, 0x0, 0x3, 0x6, 0x0, @private=0xa010100, @remote, {[@end]}}, {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x1, 0x0, 0x6, 0x10, 0x1, 0x0, 0x8, {[@mss={0x2, 0x4, 0xb}]}}, {"ff09eb92334ce7bdbce1cc8ea7c31c4233f717f38859083e7244d871b6582e4b77453efb5c862f933cb39161906e8b6c78ab07fe1b"}}}}, 0x73)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x100}, 0x18)
mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000440)={0x2000000000002000, 0x2000001, 0x55, 0x3})
setreuid(0xee01, 0xee01)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000002feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f0000000280)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x2e, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffffb9}, 0x48)

785.606367ms ago: executing program 4 (id=3136):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000040), &(0x7f0000000080)=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
msgctl$IPC_STAT(0xffffffffffffffff, 0x2, &(0x7f0000000540)=""/22)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r9 = getpid()
process_vm_readv(r9, 0x0, 0x0, 0x0, 0x0, 0x0)
io_cancel(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_connect$cdc_ecm(0x4, 0x5f, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4d, 0x1, 0x1, 0xd, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0xd, {{0x6, 0x24, 0x6, 0x0, 0x0, 'e'}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x4, 0x0, 0x2}, [@mbim_extended={0x8, 0x24, 0x1c, 0x1, 0xe4, 0x6}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0x5, 0xa}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x9, 0x0, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x5, 0x9, 0x5}}}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x8, 0x3d, 0x7, 0x8, 0x4}, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x6, [{0x70, &(0x7f0000000200)=@string={0x70, 0x3, "272624bf5e5b68a327e10d2ee504fb6204e4d1bc3f01f084bf4a30987fba96f8cc88af84c80dd4ff109a9b4a409fd9b5286e7a6b8bb2661ae8ff1e6650c2f19f25387ed70af29377d83eaa3ccd3584b56b3fa71a8ed2c9e2f431abcb725971d629a0530e7c8d2560af1926926821"}}, {0xb5, &(0x7f0000000280)=@string={0xb5, 0x3, "c159bc0ff6d4be42730116b65d79a4e917feab56c9eee3b3e7e962b63fcd87a3b66ea9f57c4b18672d24417be46ba3d816df78ca3c7741600e31bc20cae4da791dd74cf2ef4ebad008f5bc99b825e1eb6992c685dd255ca24844d0c7c4ba2174ae320578ed7478d64ca53e18ec102d51503828b0498f788f7968e0e920c47d8d1743f3409a2661e632ed2703fed218e8dce14659f1e7a148569519ba1d2bd37365723360ca51de145397c7111c90473775a941"}}, {0x54, &(0x7f0000000340)=@string={0x54, 0x3, "ad5b0723846c6ba2e923c4b0434a0500e4a86223b8a9695c9ab4e1577d119e82018c97cffc9652dc74d95519a6840a3c31f09c7d3a9268d22a7cf5f9c824b2d76f0a40557d264b08c901c3b3ed659da54807"}}, {0x7e, &(0x7f00000003c0)=@string={0x7e, 0x3, "c92a266dab3f77ee59e39becdb1cec2db0b4731407927ffabc228d5898b3855e60bfc9e472403cca17f3b635314e165206ac1a67b21a89d5cee6341f9a2bc5588d68e04a45173013d398bf19d1fe768b8d2312a7dcc4a7c0106a60236d82d2dd5f9d87ac3660dfea21f3257bddccbe5907cf048fb5e253c3f3f20b26"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x430}}, {0x16, &(0x7f0000000480)=@string={0x16, 0x3, "58e5299bd7e858a8e17c3e6b9c8f95e0105f16f1"}}]})
ioctl$EVIOCRMFF(r2, 0x40085507, &(0x7f00000000c0)=0x18)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r10, 0x0, 0x23, &(0x7f0000000000)={@multicast1, @local}, 0xc)
getsockopt$inet_buf(r10, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400008c22752c72001400010000000000fc030025021f49cb46", @ANYRES32=r1, @ANYBLOB="08000200e000000214000300"/28], 0x34}}, 0x0)
r11 = gettid()
perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x7f, 0x2, 0x7f, 0xc, 0x0, 0x101, 0x40040, 0x12, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0xab9, 0x1, @perf_bp={&(0x7f0000000600), 0x1}, 0x1000, 0x10001, 0x6, 0x8, 0x5, 0x8, 0x7, 0x0, 0x4, 0x0, 0x3}, r11, 0x0, r6, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61154f000000000061138c0000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b33e0f32f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3cd3cedd01fdc59589ea6bacde1e40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7a7216f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bbff4bbe00000000000000000000000000fdba1133066c4a21a7149f32"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)
msgctl$IPC_STAT(0xffffffffffffffff, 0x2, &(0x7f0000000580)=""/95)

549.901771ms ago: executing program 5 (id=3137):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x100}, 0x18)
setreuid(0xee01, 0xee01)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000002feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031f"], &(0x7f0000000280)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

498.110812ms ago: executing program 5 (id=3138):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x27923244}, 0x9)
r2 = open(&(0x7f0000000280)='.\x00', 0xc8180, 0x0)
fcntl$notify(r2, 0x402, 0x8000003d)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x36)
openat$cgroup_ro(r3, &(0x7f0000000240)='freezer.state\x00', 0x275a, 0x0)

497.320472ms ago: executing program 5 (id=3139):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000000000), 0x4)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000)=0xfffffffc, 0x4)

413.418393ms ago: executing program 5 (id=3140):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000020000000900010073797a320000000014000200"], 0x34}}, 0xc800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x53, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{r3}, &(0x7f0000000280), &(0x7f0000000f80)='%pS    \x00'}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r4}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f0000000d00)={0x5, 0x80, 0x2e, 0x0, 0xf6, 0x5, 0x0, 0x4, 0x0, 0x9, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0xa, 0x2, @perf_bp={&(0x7f0000000580)}, 0x9050, 0x1, 0x8, 0x4, 0x6, 0x7, 0x1, 0x0, 0x8, 0x0, 0x9}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0xb)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, 0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)

151.464707ms ago: executing program 1 (id=3141):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYRES16=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
rmdir(0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
rmdir(&(0x7f0000000340)='./control\x00')
unshare(0x20060400)
r2 = epoll_create1(0x0)
r3 = io_uring_setup(0x2e31, &(0x7f0000000780)={0x0, 0x6d1d, 0x800, 0x0, 0x2a7})
close_range(r3, 0xffffffffffffffff, 0x0)
epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0xffffffffffffffff}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66960000)
r6 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd736, 0x8, 0x3, 0xbffffffa}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
io_uring_enter(r6, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)

139.160657ms ago: executing program 2 (id=3142):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x27923244}, 0x9)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000280)='.\x00', 0xc8180, 0x0)
fcntl$notify(r3, 0x402, 0x8000003d)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x36)
fcntl$notify(r2, 0x402, 0x2)
openat$cgroup_ro(r4, &(0x7f0000000240)='freezer.state\x00', 0x275a, 0x0)

66.449119ms ago: executing program 2 (id=3143):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b7030000070000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x7}}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0x0, 0x6c}, 0x0, @in6=@dev}}, 0xe8)
syz_emit_ethernet(0x3e, &(0x7f0000000280)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0xffff, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x4, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @loopback}}}}}}, 0x0)

23.54635ms ago: executing program 1 (id=3144):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b70300000000b1098500000083000000bf0900000000000055090100"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x59, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x100)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r2, 0xc0f85403, 0x0)

22.636519ms ago: executing program 2 (id=3145):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRESOCT=r2, @ANYRES16=r3], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6000318e00383a00fe880000000000000000000000000001ff020000000000000000000000000001"], 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x2000000, @loopback, 0xffffffff}, 0x1c)
r6 = socket(0x11, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r8, 0x0, &(0x7f0000001700)=""/53}, 0x20)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'gre0\x00', <r9=>0x0})
bind$packet(r6, &(0x7f0000000180)={0x11, 0x0, r9}, 0x14)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r6, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="02017d29012918000e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x0)

1.44852ms ago: executing program 1 (id=3146):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x101682, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@const={0x0, 0x0, 0x0, 0x9, 0x3}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x28}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2}}]}}, 0x0, 0x4e}, 0x28)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000000)=0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000feffffff850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r3}, 0x18)
r4 = memfd_create(&(0x7f0000001040)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1\x8c.?}jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
write$binfmt_script(r4, &(0x7f0000000300)={'#! ', './file0'}, 0x17)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r6, 0x0, 0x7}, 0x18)
socket$tipc(0x1e, 0x2, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000800)={r5, 0x0, 0x0}, 0x20)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000011008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x40840)

0s ago: executing program 4 (id=3147):
r0 = syz_open_pts(0xffffffffffffffff, 0x400)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000005c0))
unshare(0x6a040000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x11, 0xffffffffffffffff, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ee, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) (async)
r5 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r5, r4, 0x0, 0x0) (async)
keyctl$KEYCTL_MOVE(0x4, r3, r3, 0x0, 0x0) (async)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000380)={0x7, &(0x7f0000000340)=[{0xd, 0x2, 0x1, 0x9}, {0x6, 0x40, 0x5, 0x9}, {0x7ff, 0x3, 0x6, 0xcfc5}, {0x7, 0x4, 0x7f, 0x4}, {0x7, 0x4, 0x81, 0x4}, {0xe0, 0x4, 0x2, 0xfffffff9}, {0x2, 0x7, 0x2, 0x75}]}, 0x10) (async)
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbafbbbbbbbb8a9d0d0000590806000108000604"], 0x0)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
r7 = socket$packet(0x11, 0x3, 0x300) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r8=>0x0})
sendto$packet(r7, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @link_local}, 0x14)
socket$inet_sctp(0x2, 0x1, 0x84)
r9 = gettid()
r10 = accept$unix(0xffffffffffffffff, &(0x7f0000000440), &(0x7f00000003c0)=0x6e)
recvmsg$unix(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000004c0)=""/52, 0x34}, {&(0x7f0000000600)=""/9, 0x9}], 0x2, &(0x7f0000000540)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}, 0x40) (async)
r11 = syz_io_uring_setup(0x5bb, &(0x7f00000002c0)={0x0, 0x0, 0x1, 0x203, 0x4e}, &(0x7f0000000240), &(0x7f0000000400))
kcmp(r9, r9, 0x0, r11, r11)
syz_clone(0x11000700, &(0x7f0000000000)="b7353e9d67f63e2e18f4a09e73c079e6d6fea2ba1bfa114fa277cd96b0e4e6c3608bc646d0e69c5a251aee9874d1c72e8e03c4a7f1505ad2b7a48e367848ef5c59105a77e0411149c91c655cacc7b8b6889d308c7e6b0d2f7abe8b8a21d2a434c78b59c2a4e431ec6d2f6779e8ea20490a3cdfb2c63036183560fc0b44441873447f71bc2d2551cc1b251e97daa86291af0d20282a70f6388c43167842c072ce702466779231dcfdf219a159db4285f69c0091fcacab67e3982ef323fc6d6ad68162f1bee49702b9df2c5ad3710d61", 0xcf, &(0x7f0000000100), &(0x7f0000000280), &(0x7f0000000180)="7e9e57d50221f001a7eb97aa6bfdb0a7be53897e562107ecc0ea200c002a4777b2a7c9c2c68330ce8f77db7f2595e530f8931872470955410b6487504bde59bf835cc197ad02c27daed622049c3047f0bc1feee9f9a9bcd4d030b58f490f844ece298184e86c59324ce886681b8fd9") (async)
r12 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r12, 0x2) (async)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='kfree\x00', r13}, 0x18)

kernel console output (not intermixed with test programs):

[  176.102425][T10054] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.152337][   T37] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  176.168437][   T37] EXT4-fs (loop2): Remounting filesystem read-only
[  176.175052][  T331] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  176.197978][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.245114][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.249706][T10076] loop2: detected capacity change from 0 to 1024
[  176.294324][T10076] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.309443][T10076] ext4 filesystem being mounted at /385/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.328951][T10093] loop1: detected capacity change from 0 to 1024
[  176.362860][T10093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.389367][   T31] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  176.405680][T10093] ext4 filesystem being mounted at /427/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.417232][   T31] EXT4-fs (loop2): Remounting filesystem read-only
[  176.431660][  T110] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  176.452936][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.466326][T10102] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10102 comm=syz.5.2288
[  176.495238][   T31] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  176.513207][   T31] EXT4-fs (loop1): Remounting filesystem read-only
[  176.520830][  T110] EXT4-fs warning (device loop1): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  176.523067][T10116] FAULT_INJECTION: forcing a failure.
[  176.523067][T10116] name failslab, interval 1, probability 0, space 0, times 0
[  176.537362][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.547200][T10116] CPU: 0 UID: 0 PID: 10116 Comm: syz.5.2291 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  176.547232][T10116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  176.547248][T10116] Call Trace:
[  176.547259][T10116]  <TASK>
[  176.547269][T10116]  __dump_stack+0x1d/0x30
[  176.547308][T10116]  dump_stack_lvl+0xe8/0x140
[  176.547342][T10116]  dump_stack+0x15/0x1b
[  176.547366][T10116]  should_fail_ex+0x265/0x280
[  176.547472][T10116]  should_failslab+0x8c/0xb0
[  176.547538][T10116]  kmem_cache_alloc_noprof+0x50/0x310
[  176.547574][T10116]  ? alloc_empty_file+0x76/0x200
[  176.547607][T10116]  alloc_empty_file+0x76/0x200
[  176.547641][T10116]  alloc_file_pseudo+0xc6/0x160
[  176.547735][T10116]  anon_inode_getfile+0xa0/0x120
[  176.547900][T10116]  __se_sys_perf_event_open+0xb69/0x11c0
[  176.547954][T10116]  __x64_sys_perf_event_open+0x67/0x80
[  176.547992][T10116]  x64_sys_call+0x27ec/0x2fb0
[  176.548022][T10116]  do_syscall_64+0xd2/0x200
[  176.548075][T10116]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  176.548111][T10116]  ? clear_bhb_loop+0x40/0x90
[  176.548157][T10116]  ? clear_bhb_loop+0x40/0x90
[  176.548188][T10116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.548217][T10116] RIP: 0033:0x7fd4a341e9a9
[  176.548238][T10116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.548334][T10116] RSP: 002b:00007fd4a1a87038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  176.548428][T10116] RAX: ffffffffffffffda RBX: 00007fd4a3645fa0 RCX: 00007fd4a341e9a9
[  176.548445][T10116] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000100
[  176.548462][T10116] RBP: 00007fd4a1a87090 R08: 0000000000000000 R09: 0000000000000000
[  176.548479][T10116] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002
[  176.548531][T10116] R13: 0000000000000000 R14: 00007fd4a3645fa0 R15: 00007ffd8d7702a8
[  176.548559][T10116]  </TASK>
[  176.576237][T10118] loop5: detected capacity change from 0 to 1024
[  176.769638][T10121] IPv6: Can't replace route, no match found
[  176.770960][T10118] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.788532][T10118] ext4 filesystem being mounted at /183/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.824973][  T331] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  176.840994][  T331] EXT4-fs (loop5): Remounting filesystem read-only
[  176.848707][  T110] EXT4-fs warning (device loop5): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  176.864989][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.896085][T10141] bridge0: entered promiscuous mode
[  176.904682][T10137] loop5: detected capacity change from 0 to 512
[  176.913211][T10137] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.438907][T10226] 0·: renamed from hsr0 (while UP)
[  177.446200][T10226] 0·: entered allmulticast mode
[  177.451197][T10226] hsr_slave_0: entered allmulticast mode
[  177.456897][T10226] hsr_slave_1: entered allmulticast mode
[  177.463456][T10226] A link change request failed with some changes committed already. Interface 
70· may have been left with an inconsistent configuration, please check.
[  177.652376][ T3394] usb usb8-port1: attempt power cycle
[  177.806255][T10287] netlink: 'syz.1.2302': attribute type 10 has an invalid length.
[  177.881996][T10293] loop1: detected capacity change from 0 to 1024
[  177.919803][T10293] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.934821][T10293] ext4 filesystem being mounted at /432/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.968642][  T331] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  178.006205][  T331] EXT4-fs (loop1): Remounting filesystem read-only
[  178.013033][   T37] EXT4-fs warning (device loop1): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  178.028651][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.208528][   T29] kauditd_printk_skb: 540 callbacks suppressed
[  178.208545][   T29] audit: type=1326 audit(1753675654.787:21442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.1.2308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  178.253724][   T29] audit: type=1326 audit(1753675654.817:21443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.1.2308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  178.277510][   T29] audit: type=1326 audit(1753675654.817:21444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.1.2308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  178.301225][   T29] audit: type=1326 audit(1753675654.817:21445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.1.2308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  178.324958][   T29] audit: type=1326 audit(1753675654.817:21446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.1.2308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  178.332576][T10322] lo speed is unknown, defaulting to 1000
[  178.348687][   T29] audit: type=1326 audit(1753675654.817:21447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.1.2308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  178.378369][   T29] audit: type=1326 audit(1753675654.817:21448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.1.2308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  178.439460][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.521877][   T29] audit: type=1326 audit(1753675655.097:21449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10330 comm="syz.5.2313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  178.545634][   T29] audit: type=1326 audit(1753675655.097:21450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10330 comm="syz.5.2313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  178.569625][   T29] audit: type=1326 audit(1753675655.137:21451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10330 comm="syz.5.2313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  178.598117][T10331] __nla_validate_parse: 8 callbacks suppressed
[  178.598136][T10331] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2313'.
[  178.633556][T10333] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2314'.
[  178.663055][T10335] netlink: 'syz.5.2315': attribute type 10 has an invalid length.
[  178.672314][T10335] bond0: (slave dummy0): Releasing backup interface
[  178.827621][T10352] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2317'.
[  178.849972][T10355] xt_bpf: check failed: parse error
[  178.856538][T10355] siw: device registration error -23
[  178.862079][T10354] siw: device registration error -23
[  178.896132][T10357] FAULT_INJECTION: forcing a failure.
[  178.896132][T10357] name failslab, interval 1, probability 0, space 0, times 0
[  178.908923][T10357] CPU: 0 UID: 0 PID: 10357 Comm: syz.0.2320 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  178.909032][T10357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  178.909125][T10357] Call Trace:
[  178.909133][T10357]  <TASK>
[  178.909142][T10357]  __dump_stack+0x1d/0x30
[  178.909224][T10357]  dump_stack_lvl+0xe8/0x140
[  178.909247][T10357]  dump_stack+0x15/0x1b
[  178.909265][T10357]  should_fail_ex+0x265/0x280
[  178.909300][T10357]  should_failslab+0x8c/0xb0
[  178.909381][T10357]  __kmalloc_noprof+0xa5/0x3e0
[  178.909412][T10357]  ? io_cache_alloc_new+0x2a/0xb0
[  178.909447][T10357]  io_cache_alloc_new+0x2a/0xb0
[  178.909472][T10357]  io_sqe_buffer_register+0xf2/0x1430
[  178.909524][T10357]  ? __memcg_slab_post_alloc_hook+0x44c/0x580
[  178.909567][T10357]  ? __kvmalloc_node_noprof+0x398/0x4e0
[  178.909667][T10357]  ? io_sqe_buffers_register+0xc2/0x530
[  178.909698][T10357]  io_sqe_buffers_register+0x2ac/0x530
[  178.909733][T10357]  __se_sys_io_uring_register+0xa9f/0xeb0
[  178.909774][T10357]  ? __bpf_trace_sys_enter+0x10/0x30
[  178.909818][T10357]  ? __traceiter_sys_enter+0x5c/0x80
[  178.909844][T10357]  ? trace_sys_enter+0xd0/0x110
[  178.909872][T10357]  __x64_sys_io_uring_register+0x55/0x70
[  178.909913][T10357]  x64_sys_call+0xc91/0x2fb0
[  178.909968][T10357]  do_syscall_64+0xd2/0x200
[  178.909991][T10357]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  178.910021][T10357]  ? clear_bhb_loop+0x40/0x90
[  178.910113][T10357]  ? clear_bhb_loop+0x40/0x90
[  178.910141][T10357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.910194][T10357] RIP: 0033:0x7fa29e3ee9a9
[  178.910213][T10357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.910261][T10357] RSP: 002b:00007fa29ca4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  178.910338][T10357] RAX: ffffffffffffffda RBX: 00007fa29e615fa0 RCX: 00007fa29e3ee9a9
[  178.910355][T10357] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 0000000000000005
[  178.910438][T10357] RBP: 00007fa29ca4f090 R08: 0000000000000000 R09: 0000000000000000
[  178.910451][T10357] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[  178.910464][T10357] R13: 0000000000000000 R14: 00007fa29e615fa0 R15: 00007ffe3aac55f8
[  178.910489][T10357]  </TASK>
[  179.160283][T10359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2321'.
[  179.175513][T10359] GUP no longer grows the stack in syz.1.2321 (10359): 200000004000-20000000a000 (200000002000)
[  179.186042][T10359] CPU: 1 UID: 0 PID: 10359 Comm: syz.1.2321 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  179.186072][T10359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  179.186084][T10359] Call Trace:
[  179.186090][T10359]  <TASK>
[  179.186132][T10359]  __dump_stack+0x1d/0x30
[  179.186161][T10359]  dump_stack_lvl+0xe8/0x140
[  179.186186][T10359]  dump_stack+0x15/0x1b
[  179.186208][T10359]  __get_user_pages+0x199d/0x1fb0
[  179.186243][T10359]  ? __rcu_read_unlock+0x4f/0x70
[  179.186268][T10359]  get_user_pages_remote+0x1dc/0x7a0
[  179.186363][T10359]  __access_remote_vm+0x156/0x560
[  179.186389][T10359]  access_remote_vm+0x32/0x40
[  179.186491][T10359]  proc_pid_cmdline_read+0x30f/0x6a0
[  179.186568][T10359]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  179.186599][T10359]  vfs_readv+0x3f8/0x690
[  179.186688][T10359]  __x64_sys_preadv+0xfd/0x1c0
[  179.186707][T10359]  x64_sys_call+0x1503/0x2fb0
[  179.186732][T10359]  do_syscall_64+0xd2/0x200
[  179.186750][T10359]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  179.186830][T10359]  ? clear_bhb_loop+0x40/0x90
[  179.186853][T10359]  ? clear_bhb_loop+0x40/0x90
[  179.186898][T10359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.186924][T10359] RIP: 0033:0x7f6512dde9a9
[  179.186939][T10359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.186957][T10359] RSP: 002b:00007f6511447038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  179.186977][T10359] RAX: ffffffffffffffda RBX: 00007f6513005fa0 RCX: 00007f6512dde9a9
[  179.186993][T10359] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004
[  179.187011][T10359] RBP: 00007f6512e60d69 R08: 0000000000000000 R09: 0000000000000000
[  179.187027][T10359] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  179.187043][T10359] R13: 0000000000000000 R14: 00007f6513005fa0 R15: 00007ffef5ab9738
[  179.187068][T10359]  </TASK>
[  179.407886][T10367] loop1: detected capacity change from 0 to 1024
[  179.420802][T10367] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  179.433529][T10367] ext4 filesystem being mounted at /438/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.468826][  T331] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  179.487578][  T331] EXT4-fs (loop1): Remounting filesystem read-only
[  179.503272][  T110] EXT4-fs warning (device loop1): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  179.524163][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.535664][T10375] netlink: 'syz.0.2328': attribute type 10 has an invalid length.
[  179.545347][T10375] bond0: (slave dummy0): Releasing backup interface
[  179.569180][T10373] lo speed is unknown, defaulting to 1000
[  179.597658][ T3394] usb usb8-port1: unable to enumerate USB device
[  179.604262][T10006] vhci_hcd: invalid port number 254
[  179.609807][T10006] vhci_hcd: default hub control req: 8503 v0004 i00fe l0
[  179.650623][T10382] loop1: detected capacity change from 0 to 1024
[  179.679020][T10382] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  179.696302][T10382] ext4 filesystem being mounted at /440/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.768283][  T110] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  179.792797][  T110] EXT4-fs (loop1): Remounting filesystem read-only
[  179.800157][   T31] EXT4-fs warning (device loop1): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  179.814180][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.884563][T10392] netlink: 'syz.1.2334': attribute type 10 has an invalid length.
[  179.886375][T10395] FAULT_INJECTION: forcing a failure.
[  179.886375][T10395] name failslab, interval 1, probability 0, space 0, times 0
[  179.905142][T10395] CPU: 1 UID: 0 PID: 10395 Comm: syz.4.2335 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  179.905180][T10395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  179.905197][T10395] Call Trace:
[  179.905204][T10395]  <TASK>
[  179.905211][T10395]  __dump_stack+0x1d/0x30
[  179.905232][T10395]  dump_stack_lvl+0xe8/0x140
[  179.905251][T10395]  dump_stack+0x15/0x1b
[  179.905304][T10395]  should_fail_ex+0x265/0x280
[  179.905341][T10395]  ? __pfx_resume_store+0x10/0x10
[  179.905372][T10395]  should_failslab+0x8c/0xb0
[  179.905401][T10395]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  179.905482][T10395]  ? resume_store+0xf2/0x3d0
[  179.905504][T10395]  ? __rcu_read_unlock+0x4f/0x70
[  179.905537][T10395]  ? __pfx_resume_store+0x10/0x10
[  179.905559][T10395]  kstrndup+0x80/0x130
[  179.905586][T10395]  resume_store+0xf2/0x3d0
[  179.905614][T10395]  ? _copy_from_iter+0x6b5/0xe40
[  179.905657][T10395]  ? __pfx_resume_store+0x10/0x10
[  179.905692][T10395]  kobj_attr_store+0x4a/0x70
[  179.905721][T10395]  ? __pfx_kobj_attr_store+0x10/0x10
[  179.905752][T10395]  sysfs_kf_write+0xfb/0x120
[  179.905787][T10395]  ? __pfx_sysfs_kf_write+0x10/0x10
[  179.905835][T10395]  kernfs_fop_write_iter+0x1be/0x2d0
[  179.905968][T10395]  iter_file_splice_write+0x5ef/0x970
[  179.906015][T10395]  ? __pfx_iter_file_splice_write+0x10/0x10
[  179.906053][T10395]  direct_splice_actor+0x153/0x2a0
[  179.906090][T10395]  ? __pfx_shmem_file_open+0x1/0x10
[  179.906176][T10395]  splice_direct_to_actor+0x30f/0x680
[  179.906242][T10395]  ? __pfx_direct_splice_actor+0x10/0x10
[  179.906407][T10395]  do_splice_direct+0xda/0x150
[  179.906435][T10395]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  179.906497][T10395]  do_sendfile+0x380/0x650
[  179.906524][T10395]  __x64_sys_sendfile64+0x105/0x150
[  179.906546][T10395]  x64_sys_call+0xb39/0x2fb0
[  179.906567][T10395]  do_syscall_64+0xd2/0x200
[  179.906587][T10395]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  179.906629][T10395]  ? clear_bhb_loop+0x40/0x90
[  179.906674][T10395]  ? clear_bhb_loop+0x40/0x90
[  179.906695][T10395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.906715][T10395] RIP: 0033:0x7f79c8dee9a9
[  179.906731][T10395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.906755][T10395] RSP: 002b:00007f79c744f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  179.906783][T10395] RAX: ffffffffffffffda RBX: 00007f79c9015fa0 RCX: 00007f79c8dee9a9
[  179.906799][T10395] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000008
[  179.906811][T10395] RBP: 00007f79c744f090 R08: 0000000000000000 R09: 0000000000000000
[  179.906826][T10395] R10: 00008000fffffffe R11: 0000000000000246 R12: 0000000000000001
[  179.906840][T10395] R13: 0000000000000000 R14: 00007f79c9015fa0 R15: 00007ffc8902b588
[  179.906859][T10395]  </TASK>
[  180.190783][T10397] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2333'.
[  180.283129][T10402] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2336'.
[  180.359990][T10412] netlink: 'syz.4.2340': attribute type 10 has an invalid length.
[  180.368779][T10412] bond0: (slave dummy0): Releasing backup interface
[  180.393728][   T31] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2
[  180.456744][T10422] loop2: detected capacity change from 0 to 1024
[  180.487756][T10426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2345'.
[  180.509161][T10422] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.523113][T10422] ext4 filesystem being mounted at /391/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.570686][   T37] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  180.596654][   T37] EXT4-fs (loop2): Remounting filesystem read-only
[  180.633174][  T110] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  180.655004][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.690936][T10433] lo speed is unknown, defaulting to 1000
[  180.715997][T10447] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2350'.
[  180.874356][T10470] loop5: detected capacity change from 0 to 512
[  180.892412][T10470] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.955877][T10482] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2359'.
[  181.107171][T10500] netlink: 'syz.4.2362': attribute type 10 has an invalid length.
[  181.283638][T10526] loop2: detected capacity change from 0 to 8192
[  181.291248][T10526] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  181.292443][T10531] loop4: detected capacity change from 0 to 1024
[  181.325385][T10531] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  181.338371][T10531] ext4 filesystem being mounted at /432/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.386798][   T31] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  181.402660][   T31] EXT4-fs (loop4): Remounting filesystem read-only
[  181.420466][T10545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2369'.
[  181.426282][  T110] EXT4-fs warning (device loop4): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  181.452418][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.660432][T10580] loop2: detected capacity change from 0 to 8192
[  181.686142][T10580] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  181.753260][T10605] FAULT_INJECTION: forcing a failure.
[  181.753260][T10605] name failslab, interval 1, probability 0, space 0, times 0
[  181.766113][T10605] CPU: 1 UID: 0 PID: 10605 Comm: syz.2.2381 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  181.766201][T10605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  181.766214][T10605] Call Trace:
[  181.766219][T10605]  <TASK>
[  181.766226][T10605]  __dump_stack+0x1d/0x30
[  181.766247][T10605]  dump_stack_lvl+0xe8/0x140
[  181.766273][T10605]  dump_stack+0x15/0x1b
[  181.766295][T10605]  should_fail_ex+0x265/0x280
[  181.766405][T10605]  ? __request_module+0x1c4/0x3e0
[  181.766481][T10605]  should_failslab+0x8c/0xb0
[  181.766526][T10605]  ? dev_load+0x61/0xc0
[  181.766565][T10605]  __kmalloc_cache_noprof+0x4c/0x320
[  181.766601][T10605]  ? dev_load+0x61/0xc0
[  181.766638][T10605]  __request_module+0x1c4/0x3e0
[  181.766664][T10605]  ? capable+0x7c/0xb0
[  181.766690][T10605]  dev_load+0x61/0xc0
[  181.766711][T10605]  dev_ioctl+0x2d1/0x960
[  181.766810][T10605]  sock_do_ioctl+0x197/0x220
[  181.766836][T10605]  sock_ioctl+0x41b/0x610
[  181.766861][T10605]  ? __pfx_sock_ioctl+0x10/0x10
[  181.766944][T10605]  __se_sys_ioctl+0xce/0x140
[  181.766982][T10605]  __x64_sys_ioctl+0x43/0x50
[  181.767017][T10605]  x64_sys_call+0x19a8/0x2fb0
[  181.767043][T10605]  do_syscall_64+0xd2/0x200
[  181.767121][T10605]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  181.767155][T10605]  ? clear_bhb_loop+0x40/0x90
[  181.767186][T10605]  ? clear_bhb_loop+0x40/0x90
[  181.767213][T10605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.767313][T10605] RIP: 0033:0x7f588c1be9a9
[  181.767370][T10605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.767388][T10605] RSP: 002b:00007f588a827038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  181.767406][T10605] RAX: ffffffffffffffda RBX: 00007f588c3e5fa0 RCX: 00007f588c1be9a9
[  181.767418][T10605] RDX: 0000200000000340 RSI: 0000000000008946 RDI: 0000000000000006
[  181.767430][T10605] RBP: 00007f588a827090 R08: 0000000000000000 R09: 0000000000000000
[  181.767442][T10605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.767507][T10605] R13: 0000000000000000 R14: 00007f588c3e5fa0 R15: 00007ffdc410fb78
[  181.767582][T10605]  </TASK>
[  182.931220][T10722] loop1: detected capacity change from 0 to 8192
[  182.932921][T10729] FAULT_INJECTION: forcing a failure.
[  182.932921][T10729] name failslab, interval 1, probability 0, space 0, times 0
[  182.938649][T10722] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  182.950440][T10729] CPU: 0 UID: 0 PID: 10729 Comm: syz.0.2406 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  182.950483][T10729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.950503][T10729] Call Trace:
[  182.950513][T10729]  <TASK>
[  182.950524][T10729]  __dump_stack+0x1d/0x30
[  182.950571][T10729]  dump_stack_lvl+0xe8/0x140
[  182.950599][T10729]  dump_stack+0x15/0x1b
[  182.950623][T10729]  should_fail_ex+0x265/0x280
[  182.950665][T10729]  ? audit_log_d_path+0x8d/0x150
[  182.950801][T10729]  should_failslab+0x8c/0xb0
[  182.950832][T10729]  __kmalloc_cache_noprof+0x4c/0x320
[  182.950884][T10729]  audit_log_d_path+0x8d/0x150
[  182.950936][T10729]  audit_log_d_path_exe+0x42/0x70
[  182.951052][T10729]  audit_log_task+0x1e9/0x250
[  182.951095][T10729]  audit_seccomp+0x61/0x100
[  182.951130][T10729]  ? __seccomp_filter+0x68c/0x10d0
[  182.951161][T10729]  __seccomp_filter+0x69d/0x10d0
[  182.951216][T10729]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  182.951262][T10729]  ? vfs_write+0x75e/0x8e0
[  182.951373][T10729]  ? __rcu_read_unlock+0x4f/0x70
[  182.951403][T10729]  ? __fget_files+0x184/0x1c0
[  182.951434][T10729]  __secure_computing+0x82/0x150
[  182.951546][T10729]  syscall_trace_enter+0xcf/0x1e0
[  182.951610][T10729]  do_syscall_64+0xac/0x200
[  182.951637][T10729]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  182.951673][T10729]  ? clear_bhb_loop+0x40/0x90
[  182.951730][T10729]  ? clear_bhb_loop+0x40/0x90
[  182.951760][T10729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.951791][T10729] RIP: 0033:0x7fa29e3ee9a9
[  182.951811][T10729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.951838][T10729] RSP: 002b:00007fa29ca4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000125
[  182.951917][T10729] RAX: ffffffffffffffda RBX: 00007fa29e615fa0 RCX: 00007fa29e3ee9a9
[  182.951942][T10729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  182.951958][T10729] RBP: 00007fa29ca4f090 R08: 0000000000000000 R09: 0000000000000000
[  182.951975][T10729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.951992][T10729] R13: 0000000000000000 R14: 00007fa29e615fa0 R15: 00007ffe3aac55f8
[  182.952019][T10729]  </TASK>
[  183.182077][T10742] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.229195][T10742] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.276661][   T29] kauditd_printk_skb: 636 callbacks suppressed
[  183.276677][   T29] audit: type=1326 audit(1753675659.848:22088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.308469][   T29] audit: type=1326 audit(1753675659.888:22089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.332085][   T29] audit: type=1326 audit(1753675659.888:22090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.355700][   T29] audit: type=1326 audit(1753675659.888:22091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.382078][   T29] audit: type=1326 audit(1753675659.958:22092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.405817][   T29] audit: type=1326 audit(1753675659.958:22093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.429509][   T29] audit: type=1326 audit(1753675659.958:22094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.453310][   T29] audit: type=1326 audit(1753675659.958:22095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.479728][T10742] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.491850][   T29] audit: type=1326 audit(1753675659.958:22096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.493332][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.515544][   T29] audit: type=1326 audit(1753675659.958:22097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10764 comm="syz.4.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  183.599191][T10742] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.686859][T10806] FAULT_INJECTION: forcing a failure.
[  183.686859][T10806] name failslab, interval 1, probability 0, space 0, times 0
[  183.699886][T10806] CPU: 0 UID: 0 PID: 10806 Comm: syz.1.2432 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  183.700001][T10806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.700021][T10806] Call Trace:
[  183.700027][T10806]  <TASK>
[  183.700036][T10806]  __dump_stack+0x1d/0x30
[  183.700071][T10806]  dump_stack_lvl+0xe8/0x140
[  183.700175][T10806]  dump_stack+0x15/0x1b
[  183.700199][T10806]  should_fail_ex+0x265/0x280
[  183.700315][T10806]  should_failslab+0x8c/0xb0
[  183.700340][T10806]  kmem_cache_alloc_noprof+0x50/0x310
[  183.700435][T10806]  ? skb_clone+0x151/0x1f0
[  183.700502][T10806]  skb_clone+0x151/0x1f0
[  183.700537][T10806]  __netlink_deliver_tap+0x2c9/0x500
[  183.700569][T10806]  netlink_unicast+0x653/0x680
[  183.700610][T10806]  netlink_sendmsg+0x58b/0x6b0
[  183.700709][T10806]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.700772][T10806]  __sock_sendmsg+0x142/0x180
[  183.700802][T10806]  ____sys_sendmsg+0x31e/0x4e0
[  183.700824][T10806]  ___sys_sendmsg+0x17b/0x1d0
[  183.700865][T10806]  __x64_sys_sendmsg+0xd4/0x160
[  183.700895][T10806]  x64_sys_call+0x2999/0x2fb0
[  183.700989][T10806]  do_syscall_64+0xd2/0x200
[  183.701075][T10806]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  183.701147][T10806]  ? clear_bhb_loop+0x40/0x90
[  183.701167][T10806]  ? clear_bhb_loop+0x40/0x90
[  183.701238][T10806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.701266][T10806] RIP: 0033:0x7f6512dde9a9
[  183.701293][T10806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.701317][T10806] RSP: 002b:00007f6511447038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  183.701347][T10806] RAX: ffffffffffffffda RBX: 00007f6513005fa0 RCX: 00007f6512dde9a9
[  183.701419][T10806] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  183.701436][T10806] RBP: 00007f6511447090 R08: 0000000000000000 R09: 0000000000000000
[  183.701452][T10806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.701541][T10806] R13: 0000000000000000 R14: 00007f6513005fa0 R15: 00007ffef5ab9738
[  183.701567][T10806]  </TASK>
[  183.931821][T10742] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  183.953176][T10742] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  183.983689][T10820] netlink: 'syz.0.2435': attribute type 10 has an invalid length.
[  183.984751][T10742] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.003625][T10818] __nla_validate_parse: 5 callbacks suppressed
[  184.003638][T10818] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2434'.
[  184.021092][T10742] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.126014][T10837] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2442'.
[  184.204137][T10850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2448'.
[  184.228831][T10848] loop4: detected capacity change from 0 to 8192
[  184.236019][T10848] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  184.362750][T10880] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2459'.
[  184.492218][T10889] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2460'.
[  184.568336][T10893] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2461'.
[  184.597620][T10891] netlink: 'syz.5.2463': attribute type 10 has an invalid length.
[  184.624315][T10896] loop2: detected capacity change from 0 to 1024
[  184.658238][T10896] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.686020][T10896] ext4 filesystem being mounted at /419/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.728907][  T110] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  184.767829][  T110] EXT4-fs (loop2): Remounting filesystem read-only
[  184.774485][   T37] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  184.774747][T10901] loop5: detected capacity change from 0 to 8192
[  184.795087][T10901] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  184.803822][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.849891][T10908] loop5: detected capacity change from 0 to 256
[  184.890521][T10910] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2469'.
[  185.232666][T10960] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2478'.
[  185.308487][T10964] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2483'.
[  185.625932][T10993] syzkaller1: entered promiscuous mode
[  185.631674][T10993] syzkaller1: entered allmulticast mode
[  185.647416][T10995] FAULT_INJECTION: forcing a failure.
[  185.647416][T10995] name failslab, interval 1, probability 0, space 0, times 0
[  185.660280][T10995] CPU: 0 UID: 0 PID: 10995 Comm: syz.0.2493 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  185.660315][T10995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  185.660361][T10995] Call Trace:
[  185.660369][T10995]  <TASK>
[  185.660378][T10995]  __dump_stack+0x1d/0x30
[  185.660413][T10995]  dump_stack_lvl+0xe8/0x140
[  185.660438][T10995]  dump_stack+0x15/0x1b
[  185.660457][T10995]  should_fail_ex+0x265/0x280
[  185.660535][T10995]  should_failslab+0x8c/0xb0
[  185.660612][T10995]  kmem_cache_alloc_noprof+0x50/0x310
[  185.660639][T10995]  ? security_inode_alloc+0x37/0x100
[  185.660750][T10995]  security_inode_alloc+0x37/0x100
[  185.660829][T10995]  inode_init_always_gfp+0x4b7/0x500
[  185.660872][T10995]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  185.660927][T10995]  alloc_inode+0x58/0x170
[  185.661033][T10995]  new_inode+0x1d/0xe0
[  185.661050][T10995]  shmem_get_inode+0x244/0x750
[  185.661166][T10995]  __shmem_file_setup+0x113/0x210
[  185.661314][T10995]  shmem_file_setup+0x3b/0x50
[  185.661351][T10995]  __se_sys_memfd_create+0x2c3/0x590
[  185.661410][T10995]  __x64_sys_memfd_create+0x31/0x40
[  185.661449][T10995]  x64_sys_call+0x122f/0x2fb0
[  185.661494][T10995]  do_syscall_64+0xd2/0x200
[  185.661554][T10995]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  185.661585][T10995]  ? clear_bhb_loop+0x40/0x90
[  185.661640][T10995]  ? clear_bhb_loop+0x40/0x90
[  185.661663][T10995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.661683][T10995] RIP: 0033:0x7fa29e3ee9a9
[  185.661701][T10995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.661725][T10995] RSP: 002b:00007fa29ca4ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  185.661815][T10995] RAX: ffffffffffffffda RBX: 00000000000005fb RCX: 00007fa29e3ee9a9
[  185.661827][T10995] RDX: 00007fa29ca4eef0 RSI: 0000000000000000 RDI: 00007fa29e4716fc
[  185.661841][T10995] RBP: 00002000000004c0 R08: 00007fa29ca4ebb7 R09: 00007fa29ca4ee40
[  185.661852][T10995] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040
[  185.661864][T10995] R13: 00007fa29ca4eef0 R14: 00007fa29ca4eeb0 R15: 0000200000000b40
[  185.661883][T10995]  </TASK>
[  185.991746][T11003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2497'.
[  186.128883][T11010] FAULT_INJECTION: forcing a failure.
[  186.128883][T11010] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.142159][T11010] CPU: 0 UID: 0 PID: 11010 Comm: syz.4.2501 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  186.142195][T11010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  186.142212][T11010] Call Trace:
[  186.142220][T11010]  <TASK>
[  186.142229][T11010]  __dump_stack+0x1d/0x30
[  186.142257][T11010]  dump_stack_lvl+0xe8/0x140
[  186.142357][T11010]  dump_stack+0x15/0x1b
[  186.142378][T11010]  should_fail_ex+0x265/0x280
[  186.142417][T11010]  should_fail+0xb/0x20
[  186.142487][T11010]  should_fail_usercopy+0x1a/0x20
[  186.142523][T11010]  _copy_to_user+0x20/0xa0
[  186.142549][T11010]  simple_read_from_buffer+0xb5/0x130
[  186.142651][T11010]  proc_fail_nth_read+0x100/0x140
[  186.142692][T11010]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  186.142773][T11010]  vfs_read+0x1a0/0x6f0
[  186.142802][T11010]  ? __rcu_read_unlock+0x4f/0x70
[  186.142840][T11010]  ? __fget_files+0x184/0x1c0
[  186.142860][T11010]  ksys_read+0xda/0x1a0
[  186.142970][T11010]  __x64_sys_read+0x40/0x50
[  186.143064][T11010]  x64_sys_call+0x2d77/0x2fb0
[  186.143117][T11010]  do_syscall_64+0xd2/0x200
[  186.143140][T11010]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  186.143196][T11010]  ? clear_bhb_loop+0x40/0x90
[  186.143225][T11010]  ? clear_bhb_loop+0x40/0x90
[  186.143323][T11010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.143417][T11010] RIP: 0033:0x7f79c8ded3bc
[  186.143431][T11010] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  186.143505][T11010] RSP: 002b:00007f79c744f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  186.143529][T11010] RAX: ffffffffffffffda RBX: 00007f79c9015fa0 RCX: 00007f79c8ded3bc
[  186.143545][T11010] RDX: 000000000000000f RSI: 00007f79c744f0a0 RDI: 0000000000000008
[  186.143560][T11010] RBP: 00007f79c744f090 R08: 0000000000000000 R09: 0000000000000000
[  186.143575][T11010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.143590][T11010] R13: 0000000000000000 R14: 00007f79c9015fa0 R15: 00007ffc8902b588
[  186.143609][T11010]  </TASK>
[  186.464540][T11030] syzkaller1: entered promiscuous mode
[  186.470201][T11030] syzkaller1: entered allmulticast mode
[  186.646071][T11041] lo speed is unknown, defaulting to 1000
[  186.670547][   T51] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.724781][   T51] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.776283][T11041] chnl_net:caif_netlink_parms(): no params data found
[  186.834734][   T51] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.846555][T11041] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.853776][T11041] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.861081][T11041] bridge_slave_0: entered allmulticast mode
[  186.867814][T11041] bridge_slave_0: entered promiscuous mode
[  186.874875][T11041] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.882015][T11041] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.889711][T11041] bridge_slave_1: entered allmulticast mode
[  186.896661][T11041] bridge_slave_1: entered promiscuous mode
[  186.927076][   T51] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.945490][T11041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.962511][T11041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.007707][T11041] team0: Port device team_slave_0 added
[  187.013795][T11108] loop5: detected capacity change from 0 to 1024
[  187.015171][T11106] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.032344][T11041] team0: Port device team_slave_1 added
[  187.040051][T11108] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.053274][T11108] ext4 filesystem being mounted at /215/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.073216][T11041] batman_adv: batadv0: Adding interface: batadv_slave_0
[  187.080260][T11041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.106279][T11041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  187.133052][T11106] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.147367][   T31] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  187.147807][T11041] batman_adv: batadv0: Adding interface: batadv_slave_1
[  187.169126][T11041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.182368][   T31] EXT4-fs (loop5): Remounting filesystem read-only
[  187.195195][T11041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  187.216456][  T110] EXT4-fs warning (device loop5): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  187.236551][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.248299][T11106] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.267595][T11041] hsr_slave_0: entered promiscuous mode
[  187.273873][T11041] hsr_slave_1: entered promiscuous mode
[  187.280912][T11041] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  187.288800][T11041] Cannot create hsr debugfs directory
[  187.315596][T11124] loop5: detected capacity change from 0 to 512
[  187.322765][T11124] EXT4-fs: Ignoring removed nomblk_io_submit option
[  187.330604][T11124] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  187.337535][   T51] bridge_slave_1: left allmulticast mode
[  187.344750][   T51] bridge_slave_1: left promiscuous mode
[  187.350588][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.359428][   T51] bridge_slave_0: left allmulticast mode
[  187.360728][T11124] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.365088][   T51] bridge_slave_0: left promiscuous mode
[  187.365257][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.387004][T11124] ext4 filesystem being mounted at /216/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.403948][T11124] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  187.529141][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.539330][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.550040][   T51] bond0 (unregistering): Released all slaves
[  187.559319][   T51] bond1 (unregistering): Released all slaves
[  187.568725][   T51] bond2 (unregistering): Released all slaves
[  187.578092][   T51] bond3 (unregistering): Released all slaves
[  187.588717][   T51] bond4 (unregistering): Released all slaves
[  187.599837][   T51] bond5 (unregistering): Released all slaves
[  187.610773][   T51] bond6 (unregistering): Released all slaves
[  187.620342][T11106] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.683079][   T51] hsr_slave_0: left promiscuous mode
[  187.718004][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.725514][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.746192][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.761277][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.768890][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.784367][   T51] veth1_macvtap: left promiscuous mode
[  187.791157][   T51] veth0_macvtap: left promiscuous mode
[  187.806603][   T51] veth1_vlan: left promiscuous mode
[  187.815238][   T51] veth0_vlan: left promiscuous mode
[  187.866501][   T51] pim6reg (unregistering): left allmulticast mode
[  187.886853][   T51] pimreg (unregistering): left allmulticast mode
[  187.933986][T11154] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=11154 comm=syz.5.2539
[  187.980950][T11106] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.001441][T11106] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.026695][T11106] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.040981][T11106] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.130842][T11179] loop4: detected capacity change from 0 to 1024
[  188.148867][T11179] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.163651][T11179] ext4 filesystem being mounted at /472/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.196375][  T331] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  188.216871][  T331] EXT4-fs (loop4): Remounting filesystem read-only
[  188.224662][  T110] EXT4-fs warning (device loop4): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  188.241036][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.283375][T11195] syzkaller1: entered promiscuous mode
[  188.288967][T11195] syzkaller1: entered allmulticast mode
[  188.299890][T11041] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  188.318464][T11041] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  188.327073][   T29] kauditd_printk_skb: 590 callbacks suppressed
[  188.327100][   T29] audit: type=1326 audit(1753675664.898:22686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  188.357089][   T29] audit: type=1326 audit(1753675664.898:22687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  188.380696][   T29] audit: type=1326 audit(1753675664.898:22688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  188.405706][T11041] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  188.414850][T11041] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  188.422749][   T29] audit: type=1326 audit(1753675664.898:22689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6512dde9e3 code=0x7ffc0000
[  188.446256][   T29] audit: type=1326 audit(1753675664.918:22690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6512ddd45f code=0x7ffc0000
[  188.469862][   T29] audit: type=1326 audit(1753675664.938:22691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f6512ddea37 code=0x7ffc0000
[  188.493486][   T29] audit: type=1326 audit(1753675664.958:22692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6512ddd310 code=0x7ffc0000
[  188.517104][   T29] audit: type=1326 audit(1753675664.958:22693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6512ddd60a code=0x7ffc0000
[  188.540622][   T29] audit: type=1326 audit(1753675664.968:22694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  188.564286][   T29] audit: type=1326 audit(1753675664.968:22695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.1.2556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6512dde9a9 code=0x7ffc0000
[  188.641435][T11041] 8021q: adding VLAN 0 to HW filter on device bond0
[  188.652381][T11223] loop2: detected capacity change from 0 to 1024
[  188.667601][T11041] 8021q: adding VLAN 0 to HW filter on device team0
[  188.677724][  T110] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.684840][  T110] bridge0: port 1(bridge_slave_0) entered forwarding state
[  188.688767][T11223] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.705362][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.707091][T11223] ext4 filesystem being mounted at /434/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.712449][  T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[  188.765721][   T12] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  188.781512][   T12] EXT4-fs (loop2): Remounting filesystem read-only
[  188.789699][  T110] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  188.804986][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.811084][T11041] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.862834][T11237] netlink: 'syz.2.2564': attribute type 10 has an invalid length.
[  188.916722][T11041] veth0_vlan: entered promiscuous mode
[  188.927750][T11041] veth1_vlan: entered promiscuous mode
[  188.948139][T11041] veth0_macvtap: entered promiscuous mode
[  188.956102][T11041] veth1_macvtap: entered promiscuous mode
[  188.974522][T11041] batman_adv: batadv0: Interface activated: batadv_slave_0
[  188.986239][T11041] batman_adv: batadv0: Interface activated: batadv_slave_1
[  188.996868][T11041] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  189.005688][T11041] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  189.014583][T11041] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  189.023385][T11041] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  189.032285][T11249] loop2: detected capacity change from 0 to 8192
[  189.139371][T11267] FAULT_INJECTION: forcing a failure.
[  189.139371][T11267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.152737][T11267] CPU: 1 UID: 0 PID: 11267 Comm: syz.0.2573 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  189.152774][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.152791][T11267] Call Trace:
[  189.152796][T11267]  <TASK>
[  189.152803][T11267]  __dump_stack+0x1d/0x30
[  189.152825][T11267]  dump_stack_lvl+0xe8/0x140
[  189.152887][T11267]  dump_stack+0x15/0x1b
[  189.152908][T11267]  should_fail_ex+0x265/0x280
[  189.152940][T11267]  should_fail+0xb/0x20
[  189.153036][T11267]  should_fail_usercopy+0x1a/0x20
[  189.153067][T11267]  _copy_from_iter+0xcf/0xe40
[  189.153156][T11267]  ? _copy_from_iter+0x16d/0xe40
[  189.153190][T11267]  copy_page_from_iter+0x178/0x2a0
[  189.153296][T11267]  skb_copy_datagram_from_iter+0x232/0x490
[  189.153324][T11267]  tun_get_user+0xa0e/0x2500
[  189.153367][T11267]  ? ref_tracker_alloc+0x1f2/0x2f0
[  189.153490][T11267]  ? selinux_file_permission+0x1e4/0x320
[  189.153522][T11267]  tun_chr_write_iter+0x15e/0x210
[  189.153556][T11267]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  189.153586][T11267]  vfs_write+0x4a0/0x8e0
[  189.153644][T11267]  ksys_write+0xda/0x1a0
[  189.153728][T11267]  __x64_sys_write+0x40/0x50
[  189.153767][T11267]  x64_sys_call+0x2cdd/0x2fb0
[  189.153863][T11267]  do_syscall_64+0xd2/0x200
[  189.153883][T11267]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  189.153916][T11267]  ? clear_bhb_loop+0x40/0x90
[  189.153942][T11267]  ? clear_bhb_loop+0x40/0x90
[  189.153973][T11267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.153992][T11267] RIP: 0033:0x7f7353ade9a9
[  189.154010][T11267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.154030][T11267] RSP: 002b:00007f7352147038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  189.154091][T11267] RAX: ffffffffffffffda RBX: 00007f7353d05fa0 RCX: 00007f7353ade9a9
[  189.154107][T11267] RDX: 000000000000fd6c RSI: 0000200000000280 RDI: 0000000000000003
[  189.154175][T11267] RBP: 00007f7352147090 R08: 0000000000000000 R09: 0000000000000000
[  189.154190][T11267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  189.154202][T11267] R13: 0000000000000000 R14: 00007f7353d05fa0 R15: 00007ffd473bfc58
[  189.154221][T11267]  </TASK>
[  189.506559][T11294] __nla_validate_parse: 5 callbacks suppressed
[  189.506578][T11294] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2579'.
[  189.526106][T11294] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2579'.
[  189.537140][T11294] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2579'.
[  189.546464][T11294] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2579'.
[  189.565733][T11297] FAULT_INJECTION: forcing a failure.
[  189.565733][T11297] name failslab, interval 1, probability 0, space 0, times 0
[  189.578428][T11297] CPU: 1 UID: 0 PID: 11297 Comm: +}[@ Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  189.578455][T11297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.578468][T11297] Call Trace:
[  189.578474][T11297]  <TASK>
[  189.578481][T11297]  __dump_stack+0x1d/0x30
[  189.578504][T11297]  dump_stack_lvl+0xe8/0x140
[  189.578527][T11297]  dump_stack+0x15/0x1b
[  189.578547][T11297]  should_fail_ex+0x265/0x280
[  189.578583][T11297]  should_failslab+0x8c/0xb0
[  189.578608][T11297]  kmem_cache_alloc_noprof+0x50/0x310
[  189.578639][T11297]  ? vm_area_alloc+0x2c/0xb0
[  189.578672][T11297]  vm_area_alloc+0x2c/0xb0
[  189.578702][T11297]  mmap_region+0xa43/0x1580
[  189.578754][T11297]  do_mmap+0x9b3/0xbe0
[  189.578808][T11297]  vm_mmap_pgoff+0x17a/0x2e0
[  189.578842][T11297]  ksys_mmap_pgoff+0xc2/0x310
[  189.578876][T11297]  ? __x64_sys_mmap+0x49/0x70
[  189.578897][T11297]  x64_sys_call+0x1602/0x2fb0
[  189.578920][T11297]  do_syscall_64+0xd2/0x200
[  189.578953][T11297]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  189.578985][T11297]  ? clear_bhb_loop+0x40/0x90
[  189.579010][T11297]  ? clear_bhb_loop+0x40/0x90
[  189.579031][T11297]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.579051][T11297] RIP: 0033:0x7f6512dde9e3
[  189.579067][T11297] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
[  189.579089][T11297] RSP: 002b:00007f6511446e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  189.579111][T11297] RAX: ffffffffffffffda RBX: 000000000000056f RCX: 00007f6512dde9e3
[  189.579126][T11297] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000
[  189.579140][T11297] RBP: 0000200000000782 R08: 00000000ffffffff R09: 0000000000000000
[  189.579154][T11297] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000006
[  189.579166][T11297] R13: 00007f6511446ef0 R14: 00007f6511446eb0 R15: 00002000000000c0
[  189.579185][T11297]  </TASK>
[  189.923036][T11329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.942262][T11315] loop5: detected capacity change from 0 to 8192
[  189.947319][T11332] loop2: detected capacity change from 0 to 1024
[  189.949375][T11315] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  189.956321][T11332] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  189.972852][T11329] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.106271][T11356] lo speed is unknown, defaulting to 1000
[  190.120958][T11357] random: crng reseeded on system resumption
[  190.136490][T11365] FAULT_INJECTION: forcing a failure.
[  190.136490][T11365] name failslab, interval 1, probability 0, space 0, times 0
[  190.149346][T11365] CPU: 1 UID: 0 PID: 11365 Comm: syz.2.2598 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  190.149385][T11365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  190.149402][T11365] Call Trace:
[  190.149410][T11365]  <TASK>
[  190.149461][T11365]  __dump_stack+0x1d/0x30
[  190.149488][T11365]  dump_stack_lvl+0xe8/0x140
[  190.149507][T11365]  dump_stack+0x15/0x1b
[  190.149523][T11365]  should_fail_ex+0x265/0x280
[  190.149557][T11365]  should_failslab+0x8c/0xb0
[  190.149633][T11365]  __kvmalloc_node_noprof+0x123/0x4e0
[  190.149669][T11365]  ? bpf_test_run_xdp_live+0xed/0xfe0
[  190.149712][T11365]  bpf_test_run_xdp_live+0xed/0xfe0
[  190.149847][T11365]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  190.149882][T11365]  ? __pfx_autoremove_wake_function+0x10/0x10
[  190.149926][T11365]  ? 0xffffffffa02057c0
[  190.149944][T11365]  ? synchronize_rcu+0x45/0x320
[  190.150033][T11365]  ? 0xffffffffa02057c0
[  190.150050][T11365]  ? 0xffffffffa02057c0
[  190.150066][T11365]  ? bpf_dispatcher_change_prog+0x6ec/0x7f0
[  190.150109][T11365]  ? 0xffffffffa0201a5c
[  190.150142][T11365]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  190.150192][T11365]  bpf_prog_test_run_xdp+0x4f5/0x910
[  190.150232][T11365]  ? __rcu_read_unlock+0x4f/0x70
[  190.150262][T11365]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  190.150369][T11365]  bpf_prog_test_run+0x227/0x390
[  190.150409][T11365]  __sys_bpf+0x3dc/0x790
[  190.150457][T11365]  __x64_sys_bpf+0x41/0x50
[  190.150563][T11365]  x64_sys_call+0x2478/0x2fb0
[  190.150585][T11365]  do_syscall_64+0xd2/0x200
[  190.150608][T11365]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  190.150678][T11365]  ? clear_bhb_loop+0x40/0x90
[  190.150705][T11365]  ? clear_bhb_loop+0x40/0x90
[  190.150727][T11365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.150748][T11365] RIP: 0033:0x7f588c1be9a9
[  190.150823][T11365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.150841][T11365] RSP: 002b:00007f588a827038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  190.150860][T11365] RAX: ffffffffffffffda RBX: 00007f588c3e5fa0 RCX: 00007f588c1be9a9
[  190.150876][T11365] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  190.150891][T11365] RBP: 00007f588a827090 R08: 0000000000000000 R09: 0000000000000000
[  190.150937][T11365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.150949][T11365] R13: 0000000000000000 R14: 00007f588c3e5fa0 R15: 00007ffdc410fb78
[  190.150972][T11365]  </TASK>
[  190.433461][T11371] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2600'.
[  190.520489][T11379] loop5: detected capacity change from 0 to 8192
[  190.527665][T11379] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  190.653781][T11393] loop2: detected capacity change from 0 to 1024
[  190.660960][T11393] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  190.709283][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2613'.
[  190.809333][T11411] netlink: 'syz.2.2618': attribute type 10 has an invalid length.
[  190.831893][T11413] FAULT_INJECTION: forcing a failure.
[  190.831893][T11413] name failslab, interval 1, probability 0, space 0, times 0
[  190.844688][T11413] CPU: 0 UID: 0 PID: 11413 Comm: syz.0.2619 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  190.844800][T11413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  190.844816][T11413] Call Trace:
[  190.844824][T11413]  <TASK>
[  190.844832][T11413]  __dump_stack+0x1d/0x30
[  190.844976][T11409] loop5: detected capacity change from 0 to 8192
[  190.844982][T11413]  dump_stack_lvl+0xe8/0x140
[  190.845012][T11413]  dump_stack+0x15/0x1b
[  190.845063][T11413]  should_fail_ex+0x265/0x280
[  190.845113][T11413]  should_failslab+0x8c/0xb0
[  190.845150][T11413]  kmem_cache_alloc_noprof+0x50/0x310
[  190.845272][T11413]  ? skb_clone+0x151/0x1f0
[  190.845304][T11413]  skb_clone+0x151/0x1f0
[  190.845334][T11413]  __netlink_deliver_tap+0x2c9/0x500
[  190.845372][T11413]  netlink_unicast+0x653/0x680
[  190.845489][T11413]  netlink_sendmsg+0x58b/0x6b0
[  190.845603][T11413]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.845714][T11413]  __sock_sendmsg+0x142/0x180
[  190.845756][T11413]  ____sys_sendmsg+0x31e/0x4e0
[  190.845791][T11413]  ___sys_sendmsg+0x17b/0x1d0
[  190.845852][T11413]  __x64_sys_sendmsg+0xd4/0x160
[  190.845889][T11413]  x64_sys_call+0x2999/0x2fb0
[  190.845922][T11413]  do_syscall_64+0xd2/0x200
[  190.845951][T11413]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  190.846019][T11413]  ? clear_bhb_loop+0x40/0x90
[  190.846083][T11413]  ? clear_bhb_loop+0x40/0x90
[  190.846134][T11413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.846278][T11413] RIP: 0033:0x7f7353ade9a9
[  190.846304][T11413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.846400][T11413] RSP: 002b:00007f7352147038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  190.846430][T11413] RAX: ffffffffffffffda RBX: 00007f7353d05fa0 RCX: 00007f7353ade9a9
[  190.846450][T11413] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  190.846470][T11413] RBP: 00007f7352147090 R08: 0000000000000000 R09: 0000000000000000
[  190.846511][T11413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.846531][T11413] R13: 0000000000000000 R14: 00007f7353d05fa0 R15: 00007ffd473bfc58
[  190.846563][T11413]  </TASK>
[  190.899117][T11416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2620'.
[  190.903932][T11409] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  190.933446][T11416] lo speed is unknown, defaulting to 1000
[  191.118180][T11429] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2624'.
[  191.163720][T11436] loop2: detected capacity change from 0 to 1024
[  191.175853][T11440] veth1_macvtap: left promiscuous mode
[  191.181770][T11440] macsec0: entered allmulticast mode
[  191.189869][T11436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.222534][T11436] ext4 filesystem being mounted at /455/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.237388][T11447] loop5: detected capacity change from 0 to 512
[  191.268774][T11447] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.310845][   T51] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  191.328625][   T51] EXT4-fs (loop2): Remounting filesystem read-only
[  191.335287][  T269] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  191.348694][T11455] netlink: 'syz.0.2631': attribute type 10 has an invalid length.
[  191.350445][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.378876][T11455] team0 (unregistering): Port device team_slave_0 removed
[  191.389530][T11455] team0 (unregistering): Port device team_slave_1 removed
[  191.438337][T11460] loop2: detected capacity change from 0 to 8192
[  191.445853][T11460] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  191.512851][T11476] FAULT_INJECTION: forcing a failure.
[  191.512851][T11476] name failslab, interval 1, probability 0, space 0, times 0
[  191.525636][T11476] CPU: 0 UID: 0 PID: 11476 Comm: syz.2.2633 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  191.525673][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  191.525689][T11476] Call Trace:
[  191.525698][T11476]  <TASK>
[  191.525708][T11476]  __dump_stack+0x1d/0x30
[  191.525807][T11476]  dump_stack_lvl+0xe8/0x140
[  191.525828][T11476]  dump_stack+0x15/0x1b
[  191.525889][T11476]  should_fail_ex+0x265/0x280
[  191.525927][T11476]  ? xt_rateest_tg_checkentry+0x14e/0x5a0
[  191.525947][T11476]  should_failslab+0x8c/0xb0
[  191.525995][T11476]  __kmalloc_cache_noprof+0x4c/0x320
[  191.526024][T11476]  ? __xt_rateest_lookup+0x140/0x1c0
[  191.526142][T11476]  xt_rateest_tg_checkentry+0x14e/0x5a0
[  191.526172][T11476]  xt_check_target+0x28a/0x4c0
[  191.526207][T11476]  ? __cond_resched+0x4e/0x90
[  191.526231][T11476]  ? strcmp+0x22/0x50
[  191.526298][T11476]  ? xt_find_target+0x1cd/0x200
[  191.526338][T11476]  translate_table+0xcf5/0x1070
[  191.526378][T11476]  do_ip6t_set_ctl+0x678/0x840
[  191.526430][T11476]  ? kstrtoull+0x111/0x140
[  191.526463][T11476]  ? __rcu_read_unlock+0x4f/0x70
[  191.526497][T11476]  nf_setsockopt+0x199/0x1b0
[  191.526593][T11476]  ipv6_setsockopt+0x11a/0x130
[  191.526623][T11476]  tcp_setsockopt+0x98/0xb0
[  191.526722][T11476]  sock_common_setsockopt+0x66/0x80
[  191.526756][T11476]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  191.526805][T11476]  __sys_setsockopt+0x181/0x200
[  191.526933][T11476]  __x64_sys_setsockopt+0x64/0x80
[  191.526976][T11476]  x64_sys_call+0x2bd5/0x2fb0
[  191.527010][T11476]  do_syscall_64+0xd2/0x200
[  191.527114][T11476]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  191.527149][T11476]  ? clear_bhb_loop+0x40/0x90
[  191.527254][T11476]  ? clear_bhb_loop+0x40/0x90
[  191.527283][T11476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.527386][T11476] RIP: 0033:0x7f588c1be9a9
[  191.527404][T11476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.527422][T11476] RSP: 002b:00007f588a827038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  191.527441][T11476] RAX: ffffffffffffffda RBX: 00007f588c3e5fa0 RCX: 00007f588c1be9a9
[  191.527453][T11476] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005
[  191.527467][T11476] RBP: 00007f588a827090 R08: 0000000000000518 R09: 0000000000000000
[  191.527483][T11476] R10: 0000200000000b40 R11: 0000000000000246 R12: 0000000000000001
[  191.527522][T11476] R13: 0000000000000000 R14: 00007f588c3e5fa0 R15: 00007ffdc410fb78
[  191.527545][T11476]  </TASK>
[  191.832539][T11492] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2634'.
[  191.868321][T11497] loop2: detected capacity change from 0 to 512
[  191.879473][T11497] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.893054][T11497] ext4 filesystem being mounted at /459/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.909370][T11497] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2635'.
[  191.988416][  T110] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  192.003389][  T110] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1029 with max blocks 1 with error 28
[  192.015969][  T110] EXT4-fs (loop2): This should not happen!! Data will be lost
[  192.015969][  T110] 
[  192.025696][  T110] EXT4-fs (loop2): Total free blocks count 0
[  192.031838][  T110] EXT4-fs (loop2): Free/Dirty block details
[  192.037849][  T110] EXT4-fs (loop2): free_blocks=65280
[  192.043183][  T110] EXT4-fs (loop2): dirty_blocks=1
[  192.048322][  T110] EXT4-fs (loop2): Block reservation details
[  192.054380][  T110] EXT4-fs (loop2): i_reserved_data_blocks=1
[  192.102587][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.148931][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.519143][T11595] loop2: detected capacity change from 0 to 512
[  192.527570][T11595] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.217693][T11694] loop5: detected capacity change from 0 to 1024
[  193.228196][T11694] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.241199][T11694] ext4 filesystem being mounted at /247/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.275143][   T12] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  193.290261][   T12] EXT4-fs (loop5): Remounting filesystem read-only
[  193.297051][   T37] EXT4-fs warning (device loop5): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  193.311277][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.385090][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.472236][   T29] kauditd_printk_skb: 575 callbacks suppressed
[  193.472251][   T29] audit: type=1326 audit(1753675670.048:23271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11731 comm="syz.1.2664" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6512dde9a9 code=0x0
[  193.527191][   T29] audit: type=1326 audit(1753675670.088:23272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.550853][   T29] audit: type=1326 audit(1753675670.088:23273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.574465][   T29] audit: type=1326 audit(1753675670.098:23274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.598028][   T29] audit: type=1326 audit(1753675670.098:23275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.621630][   T29] audit: type=1326 audit(1753675670.098:23276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.645244][   T29] audit: type=1326 audit(1753675670.098:23277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.668919][   T29] audit: type=1326 audit(1753675670.098:23278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.692685][   T29] audit: type=1326 audit(1753675670.098:23279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.716483][   T29] audit: type=1326 audit(1753675670.098:23280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11734 comm="syz.2.2665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f588c1be9a9 code=0x7ffc0000
[  193.857411][T11757] loop4: detected capacity change from 0 to 512
[  193.865856][T11757] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.956196][T11776] syzkaller1: entered promiscuous mode
[  193.961791][T11776] syzkaller1: entered allmulticast mode
[  194.141130][T11810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  194.154992][T11810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  194.523583][T11856] syzkaller1: entered promiscuous mode
[  194.529176][T11856] syzkaller1: entered allmulticast mode
[  194.538787][T11858] __nla_validate_parse: 8 callbacks suppressed
[  194.538802][T11858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2688'.
[  194.778609][T11899] loop5: detected capacity change from 0 to 764
[  194.787773][T11899] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  194.824711][T11899] Symlink component flag not implemented
[  194.836992][T11899] Symlink component flag not implemented (7)
[  194.893175][T11921] loop5: detected capacity change from 0 to 1024
[  194.904266][T11917] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2700'.
[  194.936623][T11925] syzkaller1: entered promiscuous mode
[  194.942197][T11925] syzkaller1: entered allmulticast mode
[  194.989327][T11921] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.004094][T11936] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2701'.
[  195.043730][T11921] ext4 filesystem being mounted at /257/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  195.324736][T11541] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  195.349645][T11541] EXT4-fs (loop5): Remounting filesystem read-only
[  195.364369][   T12] EXT4-fs warning (device loop5): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  195.390125][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.460630][T11992] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2714'.
[  195.501721][T12003] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.538648][T12012] loop5: detected capacity change from 0 to 512
[  195.546291][T12012] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  195.558341][T12003] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.591409][T12012] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  195.608855][T12003] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.613793][T12012] EXT4-fs (loop5): 1 truncate cleaned up
[  195.624996][T12012] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.646449][T12012] ./file0: Can't lookup blockdev
[  195.687775][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.698446][T12003] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.721172][T12031] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2726'.
[  195.774069][T12003] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  195.786255][T12003] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  195.798577][T12003] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  195.810209][T12003] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  195.889948][T12049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2732'.
[  195.929748][T12055] syzkaller1: entered promiscuous mode
[  195.935368][T12055] syzkaller1: entered allmulticast mode
[  195.950740][T12025] FAULT_INJECTION: forcing a failure.
[  195.950740][T12025] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  195.964080][T12025] CPU: 1 UID: 0 PID: 12025 Comm: +}[@ Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  195.964122][T12025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.964145][T12025] Call Trace:
[  195.964154][T12025]  <TASK>
[  195.964165][T12025]  __dump_stack+0x1d/0x30
[  195.964221][T12025]  dump_stack_lvl+0xe8/0x140
[  195.964250][T12025]  dump_stack+0x15/0x1b
[  195.964273][T12025]  should_fail_ex+0x265/0x280
[  195.964347][T12025]  should_fail_alloc_page+0xf2/0x100
[  195.964397][T12025]  __alloc_frozen_pages_noprof+0xff/0x360
[  195.964447][T12025]  alloc_pages_mpol+0xb3/0x250
[  195.964489][T12025]  folio_alloc_mpol_noprof+0x39/0x80
[  195.964531][T12025]  shmem_get_folio_gfp+0x3cf/0xd60
[  195.964672][T12025]  shmem_write_begin+0xa8/0x190
[  195.964715][T12025]  generic_perform_write+0x184/0x490
[  195.964828][T12025]  shmem_file_write_iter+0xc5/0xf0
[  195.964859][T12025]  do_iter_readv_writev+0x421/0x4c0
[  195.964979][T12025]  vfs_writev+0x2df/0x8b0
[  195.965081][T12025]  __se_sys_pwritev2+0xfc/0x1c0
[  195.965174][T12025]  __x64_sys_pwritev2+0x67/0x80
[  195.965240][T12025]  x64_sys_call+0x1cea/0x2fb0
[  195.965269][T12025]  do_syscall_64+0xd2/0x200
[  195.965295][T12025]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  195.965338][T12025]  ? clear_bhb_loop+0x40/0x90
[  195.965367][T12025]  ? clear_bhb_loop+0x40/0x90
[  195.965473][T12025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.965503][T12025] RIP: 0033:0x7f6512dde9a9
[  195.965524][T12025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.965552][T12025] RSP: 002b:00007f6511447038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  195.965577][T12025] RAX: ffffffffffffffda RBX: 00007f6513005fa0 RCX: 00007f6512dde9a9
[  195.965594][T12025] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000005
[  195.965645][T12025] RBP: 00007f6511447090 R08: 0000000000000000 R09: 0000000000000003
[  195.965661][T12025] R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000001
[  195.965717][T12025] R13: 0000000000000000 R14: 00007f6513005fa0 R15: 00007ffef5ab9738
[  195.965744][T12025]  </TASK>
[  196.204604][T12061] loop2: detected capacity change from 0 to 1024
[  196.218163][T12061] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.231168][T12061] ext4 filesystem being mounted at /485/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.268048][T11546] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  196.289873][T11546] EXT4-fs (loop2): Remounting filesystem read-only
[  196.298827][   T12] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30
[  196.313665][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.329009][T12076] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.359716][T12080] loop2: detected capacity change from 0 to 764
[  196.366978][T12080] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  196.393756][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.418285][T12076] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.434444][T12087] netlink: 'syz.2.2747': attribute type 10 has an invalid length.
[  196.468091][T12076] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.537974][T12076] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.595504][T12076] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.607417][T12076] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.620777][T12076] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.644498][T12076] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.752444][T12125] lo speed is unknown, defaulting to 1000
[  197.037825][T12195] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2773'.
[  197.084666][T12186] loop4: detected capacity change from 0 to 8192
[  197.105334][T12186] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  197.142041][T12205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2775'.
[  197.224392][T12211] loop5: detected capacity change from 0 to 8192
[  197.238782][T12211] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  197.280023][T12229] loop4: detected capacity change from 0 to 1024
[  197.287149][T12229] EXT4-fs: Ignoring removed oldalloc option
[  197.293155][T12229] EXT4-fs: Ignoring removed bh option
[  197.309220][T12229] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.342851][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.502271][T12277] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2791'.
[  197.522641][T12282] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2788'.
[  197.737784][T12312] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.749199][T12289] lo speed is unknown, defaulting to 1000
[  197.826030][T12312] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.944350][T12312] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.954431][T12342] loop2: detected capacity change from 0 to 1024
[  197.961915][T12342] EXT4-fs: Ignoring removed oldalloc option
[  197.968318][T12342] EXT4-fs: Ignoring removed bh option
[  197.974060][T12342] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 30064771075)!
[  197.985201][T12342] EXT4-fs (loop2): group descriptors corrupted!
[  198.023823][T12312] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.036223][T12342] SELinux: syz.2.2799 (12342) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  198.347504][T12384] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  198.355906][T12384] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  198.364198][T12384] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  198.372519][T12384] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  198.381499][T12384] vxlan0: entered promiscuous mode
[  198.542188][   T29] kauditd_printk_skb: 754 callbacks suppressed
[  198.542202][   T29] audit: type=1326 audit(1753675675.119:24035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.572515][   T29] audit: type=1326 audit(1753675675.119:24036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.596379][   T29] audit: type=1326 audit(1753675675.119:24037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.619926][   T29] audit: type=1326 audit(1753675675.119:24038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.643615][   T29] audit: type=1326 audit(1753675675.119:24039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.667273][   T29] audit: type=1326 audit(1753675675.119:24040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.691025][   T29] audit: type=1326 audit(1753675675.119:24041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.714599][   T29] audit: type=1326 audit(1753675675.119:24042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.738307][   T29] audit: type=1326 audit(1753675675.119:24043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.747963][T12393] syzkaller1: entered promiscuous mode
[  198.762059][   T29] audit: type=1326 audit(1753675675.119:24044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12390 comm="syz.4.2809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  198.767413][T12393] syzkaller1: entered allmulticast mode
[  198.825345][T12397] loop4: detected capacity change from 0 to 764
[  198.833116][T12397] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  198.918867][T12403] loop4: detected capacity change from 0 to 8192
[  198.925865][T12403] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  199.045665][T12423] loop4: detected capacity change from 0 to 764
[  199.053320][T12423] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  199.099173][T12428] syzkaller1: entered promiscuous mode
[  199.104796][T12428] syzkaller1: entered allmulticast mode
[  199.181240][T12441] tipc: Started in network mode
[  199.186258][T12441] tipc: Node identity 020e34130fda, cluster identity 4711
[  199.193461][T12441] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  199.205319][T12441] tipc: Disabling bearer <eth:syzkaller0>
[  199.250056][T12455] 9pnet_fd: Insufficient options for proto=fd
[  199.250073][T12454] 9pnet_fd: Insufficient options for proto=fd
[  199.266904][T12455] loop4: detected capacity change from 0 to 512
[  199.275350][T12455] ext4: Unknown parameter 'smackfshat'
[  199.276641][T12458] FAULT_INJECTION: forcing a failure.
[  199.276641][T12458] name failslab, interval 1, probability 0, space 0, times 0
[  199.293650][T12458] CPU: 1 UID: 0 PID: 12458 Comm: syz.1.2838 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  199.293715][T12458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  199.293731][T12458] Call Trace:
[  199.293739][T12458]  <TASK>
[  199.293748][T12458]  __dump_stack+0x1d/0x30
[  199.293775][T12458]  dump_stack_lvl+0xe8/0x140
[  199.293876][T12458]  dump_stack+0x15/0x1b
[  199.293897][T12458]  should_fail_ex+0x265/0x280
[  199.293937][T12458]  should_failslab+0x8c/0xb0
[  199.293962][T12458]  kmem_cache_alloc_node_noprof+0x57/0x320
[  199.293991][T12458]  ? __alloc_skb+0x101/0x320
[  199.294040][T12458]  __alloc_skb+0x101/0x320
[  199.294078][T12458]  netlink_ack+0xfd/0x500
[  199.294117][T12458]  netlink_rcv_skb+0x192/0x220
[  199.294205][T12458]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  199.294248][T12458]  nfnetlink_rcv+0x16b/0x1690
[  199.294278][T12458]  ? __kfree_skb+0x109/0x150
[  199.294310][T12458]  ? nlmon_xmit+0x4f/0x60
[  199.294340][T12458]  ? consume_skb+0x49/0x150
[  199.294372][T12458]  ? nlmon_xmit+0x4f/0x60
[  199.294392][T12458]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  199.294435][T12458]  ? __dev_queue_xmit+0x11c0/0x1fb0
[  199.294452][T12458]  ? __dev_queue_xmit+0x182/0x1fb0
[  199.294498][T12458]  ? __account_obj_stock+0x211/0x350
[  199.294527][T12458]  ? ref_tracker_free+0x37d/0x3e0
[  199.294572][T12458]  ? __netlink_deliver_tap+0x4dc/0x500
[  199.294598][T12458]  netlink_unicast+0x5a8/0x680
[  199.294760][T12458]  netlink_sendmsg+0x58b/0x6b0
[  199.294788][T12458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  199.294814][T12458]  __sock_sendmsg+0x142/0x180
[  199.294843][T12458]  ____sys_sendmsg+0x31e/0x4e0
[  199.294892][T12458]  ___sys_sendmsg+0x17b/0x1d0
[  199.294932][T12458]  __x64_sys_sendmsg+0xd4/0x160
[  199.294956][T12458]  x64_sys_call+0x2999/0x2fb0
[  199.294981][T12458]  do_syscall_64+0xd2/0x200
[  199.295032][T12458]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  199.295096][T12458]  ? clear_bhb_loop+0x40/0x90
[  199.295127][T12458]  ? clear_bhb_loop+0x40/0x90
[  199.295155][T12458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.295186][T12458] RIP: 0033:0x7f6512dde9a9
[  199.295206][T12458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.295225][T12458] RSP: 002b:00007f6511447038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  199.295314][T12458] RAX: ffffffffffffffda RBX: 00007f6513005fa0 RCX: 00007f6512dde9a9
[  199.295327][T12458] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: 0000000000000003
[  199.295338][T12458] RBP: 00007f6511447090 R08: 0000000000000000 R09: 0000000000000000
[  199.295350][T12458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.295363][T12458] R13: 0000000000000000 R14: 00007f6513005fa0 R15: 00007ffef5ab9738
[  199.295386][T12458]  </TASK>
[  199.584061][T12455] loop4: detected capacity change from 0 to 4096
[  199.627679][T12467] __nla_validate_parse: 3 callbacks suppressed
[  199.627694][T12467] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2841'.
[  199.654413][T12469] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2842'.
[  199.918946][T12497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2855'.
[  199.955590][T12493] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2848'.
[  200.345009][T12534] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2867'.
[  200.387337][T12539] loop4: detected capacity change from 0 to 764
[  200.427374][T12539] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  200.497056][T12547] loop4: detected capacity change from 0 to 512
[  200.521097][T12550] loop2: detected capacity change from 0 to 128
[  200.529256][T12547] ext4 filesystem being mounted at /519/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.547558][T12547] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2873'.
[  200.586934][T12552] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2871'.
[  200.622311][T11541] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  200.656687][T11541] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1029 with max blocks 1 with error 28
[  200.669347][T11541] EXT4-fs (loop4): This should not happen!! Data will be lost
[  200.669347][T11541] 
[  200.679105][T11541] EXT4-fs (loop4): Total free blocks count 0
[  200.685186][T11541] EXT4-fs (loop4): Free/Dirty block details
[  200.691219][T11541] EXT4-fs (loop4): free_blocks=65280
[  200.696640][T11541] EXT4-fs (loop4): dirty_blocks=1
[  200.701695][T11541] EXT4-fs (loop4): Block reservation details
[  200.707813][T11541] EXT4-fs (loop4): i_reserved_data_blocks=1
[  200.725617][T12550] bio_check_eod: 35 callbacks suppressed
[  200.725706][T12550] syz.2.2866: attempt to access beyond end of device
[  200.725706][T12550] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128
[  200.780945][T12550] syz.2.2866: attempt to access beyond end of device
[  200.780945][T12550] loop2: rw=524288, sector=145, nr_sectors = 224 limit=128
[  200.794893][T12550] syz.2.2866: attempt to access beyond end of device
[  200.794893][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  200.836061][T12550] syz.2.2866: attempt to access beyond end of device
[  200.836061][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  200.866789][T12550] syz.2.2866: attempt to access beyond end of device
[  200.866789][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  200.881542][T12550] syz.2.2866: attempt to access beyond end of device
[  200.881542][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  200.886462][T12312] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.907594][T12550] syz.2.2866: attempt to access beyond end of device
[  200.907594][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  200.920273][T12312] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.938445][T12312] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  200.966493][T12550] syz.2.2866: attempt to access beyond end of device
[  200.966493][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  201.004968][T12312] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  201.010574][T12550] syz.2.2866: attempt to access beyond end of device
[  201.010574][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  201.014408][T12559] loop4: detected capacity change from 0 to 8192
[  201.046558][T12550] syz.2.2866: attempt to access beyond end of device
[  201.046558][T12550] loop2: rw=0, sector=145, nr_sectors = 8 limit=128
[  201.062324][T12559] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  201.179510][T12579] loop5: detected capacity change from 0 to 764
[  201.213122][T12579] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  201.239741][T12589] xt_hashlimit: max too large, truncated to 1048576
[  201.257431][T12589] openvswitch: netlink: Message has 6 unknown bytes.
[  201.389798][T12617] loop2: detected capacity change from 0 to 764
[  201.406004][T12617] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  201.430770][T12624] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2905'.
[  201.492986][T12624] netlink: 52 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  201.566758][T12647] netlink: 'syz.0.2916': attribute type 10 has an invalid length.
[  201.575402][T12643] lo speed is unknown, defaulting to 1000
[  201.657569][T12653] pimreg: entered allmulticast mode
[  201.898645][T12691] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2933'.
[  201.922733][T12692] pim6reg: entered allmulticast mode
[  201.992724][T12692] pim6reg: left allmulticast mode
[  202.182226][T12717] netlink: 'syz.4.2936': attribute type 10 has an invalid length.
[  202.361984][T12738] loop4: detected capacity change from 0 to 512
[  202.397822][T12738] ext4 filesystem being mounted at /538/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  202.427742][T12739] syzkaller1: entered promiscuous mode
[  202.433302][T12739] syzkaller1: entered allmulticast mode
[  202.601067][T11538] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  202.618771][T11538] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1029 with max blocks 1 with error 28
[  202.631380][T11538] EXT4-fs (loop4): This should not happen!! Data will be lost
[  202.631380][T11538] 
[  202.641131][T11538] EXT4-fs (loop4): Total free blocks count 0
[  202.647988][T11538] EXT4-fs (loop4): Free/Dirty block details
[  202.653913][T11538] EXT4-fs (loop4): free_blocks=65280
[  202.659575][T11538] EXT4-fs (loop4): dirty_blocks=1
[  202.664638][T11538] EXT4-fs (loop4): Block reservation details
[  202.670682][T11538] EXT4-fs (loop4): i_reserved_data_blocks=1
[  202.816373][T12773] loop5: detected capacity change from 0 to 8192
[  202.823249][T12773] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  202.945347][T12817] loop4: detected capacity change from 0 to 512
[  202.960086][T12817] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  202.969319][T12817] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  203.284094][T12847] netlink: 'syz.4.2958': attribute type 10 has an invalid length.
[  203.477491][T12811] lo speed is unknown, defaulting to 1000
[  203.486685][T12871] loop4: detected capacity change from 0 to 164
[  203.538562][T12815] lo speed is unknown, defaulting to 1000
[  203.813919][T12907] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.892787][T12907] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.938671][T12907] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.938921][T12912] SELinux:  Context :syz0:E:18446744073709551614:':max_batch_time:./file0: is not valid (left unmapped).
[  204.019874][T12907] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.033385][T12912] lo speed is unknown, defaulting to 1000
[  204.105820][T12907] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.118752][T12907] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.159414][T12907] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.183916][T12907] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  204.462639][T12934] loop4: detected capacity change from 0 to 512
[  204.487508][T12934] EXT4-fs: old and new quota format mixing
[  204.519386][T12938] loop2: detected capacity change from 0 to 512
[  204.549327][T12941] syzkaller1: entered promiscuous mode
[  204.554863][T12941] syzkaller1: entered allmulticast mode
[  204.568524][T12938] EXT4-fs mount: 6 callbacks suppressed
[  204.568538][T12938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.612314][T12938] ext4 filesystem being mounted at /534/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.705713][T12938] __nla_validate_parse: 5 callbacks suppressed
[  204.705729][T12938] netlink: 52 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  204.744436][T12962] netlink: 'syz.5.2983': attribute type 10 has an invalid length.
[  204.761551][T11538] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  204.781916][T11538] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1029 with max blocks 1 with error 28
[  204.794518][T11538] EXT4-fs (loop2): This should not happen!! Data will be lost
[  204.794518][T11538] 
[  204.804288][T11538] EXT4-fs (loop2): Total free blocks count 0
[  204.810341][T11538] EXT4-fs (loop2): Free/Dirty block details
[  204.816285][T11538] EXT4-fs (loop2): free_blocks=65280
[  204.821589][T11538] EXT4-fs (loop2): dirty_blocks=1
[  204.826742][T11538] EXT4-fs (loop2): Block reservation details
[  204.832746][T11538] EXT4-fs (loop2): i_reserved_data_blocks=1
[  204.879161][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.925788][T12984] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2990'.
[  205.017302][T13006] loop2: detected capacity change from 0 to 512
[  205.034082][T13010] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2990'.
[  205.063194][T13006] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.093150][T13006] ext4 filesystem being mounted at /537/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  205.096644][T13017] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2991'.
[  205.127451][T13022] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2997'.
[  205.140532][T13006] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2994: bg 0: block 289: padding at end of block bitmap is not set
[  205.217051][T13022] netlink: 52 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  205.227151][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.338068][T13046] netlink: 'syz.2.3001': attribute type 10 has an invalid length.
[  205.626729][T13090] FAULT_INJECTION: forcing a failure.
[  205.626729][T13090] name failslab, interval 1, probability 0, space 0, times 0
[  205.639415][T13090] CPU: 0 UID: 0 PID: 13090 Comm: syz.0.3012 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  205.639447][T13090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  205.639516][T13090] Call Trace:
[  205.639523][T13090]  <TASK>
[  205.639532][T13090]  __dump_stack+0x1d/0x30
[  205.639555][T13090]  dump_stack_lvl+0xe8/0x140
[  205.639584][T13090]  dump_stack+0x15/0x1b
[  205.639604][T13090]  should_fail_ex+0x265/0x280
[  205.639661][T13090]  should_failslab+0x8c/0xb0
[  205.639689][T13090]  __kmalloc_noprof+0xa5/0x3e0
[  205.639728][T13090]  ? iovec_from_user+0x84/0x210
[  205.639804][T13090]  iovec_from_user+0x84/0x210
[  205.639832][T13090]  __import_iovec+0xf3/0x540
[  205.639859][T13090]  ? _parse_integer_limit+0x170/0x190
[  205.639895][T13090]  import_iovec+0x61/0x80
[  205.639928][T13090]  ___sys_sendmsg+0x146/0x1d0
[  205.640016][T13090]  __x64_sys_sendmsg+0xd4/0x160
[  205.640058][T13090]  x64_sys_call+0x2999/0x2fb0
[  205.640085][T13090]  do_syscall_64+0xd2/0x200
[  205.640109][T13090]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  205.640153][T13090]  ? clear_bhb_loop+0x40/0x90
[  205.640180][T13090]  ? clear_bhb_loop+0x40/0x90
[  205.640279][T13090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.640305][T13090] RIP: 0033:0x7f7353ade9a9
[  205.640320][T13090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.640342][T13090] RSP: 002b:00007f7352147038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  205.640362][T13090] RAX: ffffffffffffffda RBX: 00007f7353d05fa0 RCX: 00007f7353ade9a9
[  205.640374][T13090] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  205.640391][T13090] RBP: 00007f7352147090 R08: 0000000000000000 R09: 0000000000000000
[  205.640404][T13090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  205.640439][T13090] R13: 0000000000000000 R14: 00007f7353d05fa0 R15: 00007ffd473bfc58
[  205.640458][T13090]  </TASK>
[  205.968014][T11541] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  205.977967][T11541] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.043261][T11541] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  206.053176][T11541] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.068713][T13112] netlink: 'syz.0.3017': attribute type 10 has an invalid length.
[  206.093520][T13081] lo speed is unknown, defaulting to 1000
[  206.117289][T11541] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  206.127200][T11541] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.257273][T11541] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  206.267128][T11541] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.279099][T13135] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3023'.
[  206.288297][T13135] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3023'.
[  206.306520][T13085] lo speed is unknown, defaulting to 1000
[  206.379976][T13081] chnl_net:caif_netlink_parms(): no params data found
[  206.510326][T11541] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  206.523110][T11541] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  206.533684][T11541] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  206.543533][T11541] bond0 (unregistering): Released all slaves
[  206.554298][T11541] bond1 (unregistering): Released all slaves
[  206.669713][T13193] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3033'.
[  206.680038][T11541] tipc: Left network mode
[  206.735526][T13081] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.742746][T13081] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.751009][T13081] bridge_slave_0: entered allmulticast mode
[  206.758163][T13081] bridge_slave_0: entered promiscuous mode
[  206.774709][T13193] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3033'.
[  206.812433][T11541] hsr_slave_0: left promiscuous mode
[  206.818651][T11541] hsr_slave_1: left promiscuous mode
[  206.827009][T11541] veth1_macvtap: left promiscuous mode
[  206.832648][T11541] veth0_macvtap: left promiscuous mode
[  206.838948][T11541] veth1_vlan: left promiscuous mode
[  206.844321][T11541] veth0_vlan: left promiscuous mode
[  206.888244][T11541] pimreg (unregistering): left allmulticast mode
[  206.898863][T11541] pim6reg (unregistering): left allmulticast mode
[  206.974851][T13081] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.982123][T13081] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.007526][T13081] bridge_slave_1: entered allmulticast mode
[  207.026135][   T29] kauditd_printk_skb: 628 callbacks suppressed
[  207.026150][   T29] audit: type=1326 audit(1753675683.599:24673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.056249][   T29] audit: type=1326 audit(1753675683.599:24674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.056918][T13081] bridge_slave_1: entered promiscuous mode
[  207.079832][   T29] audit: type=1326 audit(1753675683.599:24675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.109332][   T29] audit: type=1326 audit(1753675683.599:24676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.132993][   T29] audit: type=1326 audit(1753675683.599:24677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.156976][   T29] audit: type=1326 audit(1753675683.599:24678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.180599][   T29] audit: type=1326 audit(1753675683.599:24679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.204508][   T29] audit: type=1326 audit(1753675683.599:24680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.228118][   T29] audit: type=1326 audit(1753675683.599:24681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.251743][   T29] audit: type=1326 audit(1753675683.599:24682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.5.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4a341e9a9 code=0x7ffc0000
[  207.280994][T13236] syzkaller1: entered promiscuous mode
[  207.286629][T13236] syzkaller1: entered allmulticast mode
[  207.348723][T13081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  207.359630][T13081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  207.382885][T13081] team0: Port device team_slave_0 added
[  207.411607][T13081] team0: Port device team_slave_1 added
[  207.450940][T11541] ------------[ cut here ]------------
[  207.456528][T11541] WARNING: CPU: 1 PID: 11541 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x17c/0x1f0
[  207.466374][T11541] Modules linked in:
[  207.470294][T11541] CPU: 1 UID: 0 PID: 11541 Comm: kworker/u8:10 Not tainted 6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  207.483163][T11541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  207.493347][T11541] Workqueue: netns cleanup_net
[  207.498224][T11541] RIP: 0010:xfrm_state_fini+0x17c/0x1f0
[  207.503906][T11541] Code: 48 8d bb 70 0e 00 00 e8 92 5e c1 fc 48 8b bb 70 0e 00 00 e8 36 c3 cd fc 5b 41 5e 41 5f 5d e9 0b 94 b3 00 cc e8 05 4f a7 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 f7 4e a7 fc 90 0f 0b 90 4c 89 f7 e8 5b
[  207.523612][T11541] RSP: 0000:ffffc900072f3c60 EFLAGS: 00010293
[  207.529906][T11541] RAX: ffffffff84b0551b RBX: ffff88810c400000 RCX: ffff888109928000
[  207.537954][T11541] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810c400e40
[  207.546060][T11541] RBP: ffffffff86c82460 R08: 0001ffff86848aff R09: 0000000000000000
[  207.554115][T11541] R10: ffffc900072f3be8 R11: 0001c900072f3be8 R12: ffffffff86c82480
[  207.562214][T11541] R13: ffff88810c400028 R14: ffff88810c400e40 R15: ffff88810c400000
[  207.570251][T11541] FS:  0000000000000000(0000) GS:ffff8882aef2d000(0000) knlGS:0000000000000000
[  207.579235][T11541] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  207.580948][T13251] loop5: detected capacity change from 0 to 512
[  207.585845][T11541] CR2: 000055558462d4a8 CR3: 000000011e8ac000 CR4: 00000000003506f0
[  207.600134][T11541] Call Trace:
[  207.603443][T11541]  <TASK>
[  207.606445][T11541]  xfrm_net_exit+0x2d/0x60
[  207.610944][T11541]  ops_undo_list+0x27b/0x410
[  207.615660][T11541]  cleanup_net+0x2de/0x4d0
[  207.620292][T11541]  process_scheduled_works+0x4cb/0x9d0
[  207.625832][T11541]  worker_thread+0x582/0x770
[  207.630558][T11541]  kthread+0x486/0x510
[  207.634746][T11541]  ? finish_task_switch+0xad/0x2b0
[  207.639911][T11541]  ? __pfx_worker_thread+0x10/0x10
[  207.645114][T11541]  ? __pfx_kthread+0x10/0x10
[  207.649764][T11541]  ret_from_fork+0xda/0x150
[  207.654438][T11541]  ? __pfx_kthread+0x10/0x10
[  207.659082][T11541]  ret_from_fork_asm+0x1a/0x30
[  207.663959][T11541]  </TASK>
[  207.667098][T11541] ---[ end trace 0000000000000000 ]---
[  207.668122][T13256] netlink: 'wg1': attribute type 1 has an invalid length.
[  207.683350][T13081] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.684161][T13251] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.690396][T13081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.728836][T13081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.733533][T13251] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  207.755261][T13081] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.762389][T13081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.788432][T13081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  207.889622][T13081] hsr_slave_0: entered promiscuous mode
[  207.896745][T13081] hsr_slave_1: entered promiscuous mode
[  207.925852][T11546] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  207.945555][T11546] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1029 with max blocks 1 with error 28
[  207.958241][T11546] EXT4-fs (loop5): This should not happen!! Data will be lost
[  207.958241][T11546] 
[  207.968023][T11546] EXT4-fs (loop5): Total free blocks count 0
[  207.974158][T11546] EXT4-fs (loop5): Free/Dirty block details
[  207.980121][T11546] EXT4-fs (loop5): free_blocks=65280
[  207.985465][T11546] EXT4-fs (loop5): dirty_blocks=1
[  207.990531][T11546] EXT4-fs (loop5): Block reservation details
[  207.996726][T11546] EXT4-fs (loop5): i_reserved_data_blocks=1
[  208.006695][ T7041] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.097667][T13277] syzkaller1: entered promiscuous mode
[  208.103202][T13277] syzkaller1: entered allmulticast mode
[  208.368582][T13081] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  208.382648][T13081] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  208.468634][T13081] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  208.489199][T13081] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  208.908569][T13081] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.924717][T13081] 8021q: adding VLAN 0 to HW filter on device team0
[  208.934844][T11546] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.942057][T11546] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.979028][T13081] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  208.989478][T13081] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  209.007658][T11546] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.014921][T11546] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.098404][T13081] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.270462][T13081] veth0_vlan: entered promiscuous mode
[  209.294884][T13081] veth1_vlan: entered promiscuous mode
[  209.347676][T13081] veth0_macvtap: entered promiscuous mode
[  209.371575][T13081] veth1_macvtap: entered promiscuous mode
[  209.395229][T13081] batman_adv: batadv0: Interface activated: batadv_slave_0
[  209.415066][T13081] batman_adv: batadv0: Interface activated: batadv_slave_1
[  209.441370][T13081] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.450278][T13081] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.459054][T13081] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.467805][T13081] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.562800][T13401] syzkaller1: entered promiscuous mode
[  209.568427][T13401] syzkaller1: entered allmulticast mode
[  209.990800][T13441] netlink: 'syz.1.3075': attribute type 10 has an invalid length.
[  210.029148][T13441] team0 (unregistering): Port device team_slave_0 removed
[  210.058114][T13441] team0 (unregistering): Port device team_slave_1 removed
[  210.102369][T13452] syzkaller1: entered promiscuous mode
[  210.107998][T13452] syzkaller1: entered allmulticast mode
[  210.253694][T13467] FAULT_INJECTION: forcing a failure.
[  210.253694][T13467] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.266942][T13467] CPU: 0 UID: 0 PID: 13467 Comm: syz.0.3079 Tainted: G        W           6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  210.266984][T13467] Tainted: [W]=WARN
[  210.266991][T13467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  210.267085][T13467] Call Trace:
[  210.267093][T13467]  <TASK>
[  210.267103][T13467]  __dump_stack+0x1d/0x30
[  210.267130][T13467]  dump_stack_lvl+0xe8/0x140
[  210.267174][T13467]  dump_stack+0x15/0x1b
[  210.267195][T13467]  should_fail_ex+0x265/0x280
[  210.267233][T13467]  should_fail+0xb/0x20
[  210.267341][T13467]  should_fail_usercopy+0x1a/0x20
[  210.267382][T13467]  _copy_from_user+0x1c/0xb0
[  210.267419][T13467]  sock_do_ioctl+0xe6/0x220
[  210.267445][T13467]  sock_ioctl+0x41b/0x610
[  210.267473][T13467]  ? __pfx_sock_ioctl+0x10/0x10
[  210.267501][T13467]  __se_sys_ioctl+0xce/0x140
[  210.267538][T13467]  __x64_sys_ioctl+0x43/0x50
[  210.267587][T13467]  x64_sys_call+0x19a8/0x2fb0
[  210.267610][T13467]  do_syscall_64+0xd2/0x200
[  210.267657][T13467]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  210.267683][T13467]  ? clear_bhb_loop+0x40/0x90
[  210.267704][T13467]  ? clear_bhb_loop+0x40/0x90
[  210.267728][T13467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.267755][T13467] RIP: 0033:0x7f7353ade9a9
[  210.267771][T13467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.267793][T13467] RSP: 002b:00007f7352147038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  210.267812][T13467] RAX: ffffffffffffffda RBX: 00007f7353d05fa0 RCX: 00007f7353ade9a9
[  210.267828][T13467] RDX: 0000200000000340 RSI: 0000000000008946 RDI: 0000000000000003
[  210.267844][T13467] RBP: 00007f7352147090 R08: 0000000000000000 R09: 0000000000000000
[  210.267867][T13467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.267883][T13467] R13: 0000000000000000 R14: 00007f7353d05fa0 R15: 00007ffd473bfc58
[  210.267907][T13467]  </TASK>
[  211.072066][T13508] __nla_validate_parse: 5 callbacks suppressed
[  211.072082][T13508] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3090'.
[  211.183022][T13521] loop2: detected capacity change from 0 to 512
[  211.190296][T13521] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  211.199413][T13521] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  211.248232][T13525] SELinux:  Context system_u:object_r:gpg_exec_t:s0 is not valid (left unmapped).
[  211.252025][T13528] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3099'.
[  211.293425][T13528] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3099'.
[  211.377265][T13536] loop2: detected capacity change from 0 to 128
[  211.535071][T13546] loop5: detected capacity change from 0 to 8192
[  211.535632][T13546] SELinux: security_context_str_to_sid (poot) failed with errno=-22
[  211.591769][T13548] netlink: 'syz.1.3109': attribute type 10 has an invalid length.
[  211.846320][T13585] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3117'.
[  212.222179][T13613] loop4: detected capacity change from 0 to 8192
[  212.246769][   T29] kauditd_printk_skb: 140 callbacks suppressed
[  212.246841][   T29] audit: type=1400 audit(1753675688.829:24823): avc:  denied  { write } for  pid=13633 comm="syz.1.3131" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  212.285525][   T29] audit: type=1400 audit(1753675688.859:24824): avc:  denied  { nlmsg_read } for  pid=13611 comm="syz.4.3126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  212.312521][   T29] audit: type=1400 audit(1753675688.869:24825): avc:  denied  { create } for  pid=13611 comm="syz.4.3126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  212.351718][T13613] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3126'.
[  212.385863][T13642] netlink: 'syz.2.3132': attribute type 10 has an invalid length.
[  212.393976][T13642] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3132'.
[  212.405290][T13642] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  212.431114][T13649] binfmt_misc: register: failed to install interpreter file ./file2
[  212.457274][T13650] netlink: 'syz.4.3134': attribute type 10 has an invalid length.
[  212.559624][T13664] syzkaller1: entered promiscuous mode
[  212.565141][T13664] syzkaller1: entered allmulticast mode
[  212.581202][   T29] audit: type=1400 audit(1753675689.159:24826): avc:  denied  { read } for  pid=13667 comm="syz.4.3136" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  212.604797][   T29] audit: type=1400 audit(1753675689.159:24827): avc:  denied  { open } for  pid=13667 comm="syz.4.3136" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  212.673414][   T29] audit: type=1326 audit(1753675689.159:24828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13667 comm="syz.4.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  212.697301][   T29] audit: type=1326 audit(1753675689.159:24829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13667 comm="syz.4.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  212.721010][   T29] audit: type=1326 audit(1753675689.159:24830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13667 comm="syz.4.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  212.744841][   T29] audit: type=1326 audit(1753675689.159:24831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13667 comm="syz.4.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  212.768657][   T29] audit: type=1326 audit(1753675689.159:24832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13667 comm="syz.4.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f79c8dee9a9 code=0x7ffc0000
[  213.081849][T13699] lo speed is unknown, defaulting to 1000
[  213.379712][T13750] ==================================================================
[  213.387880][T13750] BUG: KCSAN: data-race in mas_state_walk / mas_wmb_replace
[  213.395221][T13750] 
[  213.397569][T13750] write to 0xffff888103c99d00 of 8 bytes by task 13748 on cpu 1:
[  213.405310][T13750]  mas_wmb_replace+0x20d/0x14a0
[  213.410194][T13750]  mas_wr_store_entry+0x1773/0x2b50
[  213.415431][T13750]  mas_store_prealloc+0x74d/0x9e0
[  213.420495][T13750]  vma_iter_store_new+0x1c5/0x200
[  213.425555][T13750]  vma_complete+0x125/0x580
[  213.430089][T13750]  __split_vma+0x5d9/0x650
[  213.434528][T13750]  vma_modify+0x3f2/0xc80
[  213.438874][T13750]  vma_modify_flags+0x101/0x130
[  213.443751][T13750]  mprotect_fixup+0x2cc/0x570
[  213.448446][T13750]  do_mprotect_pkey+0x6d6/0x980
[  213.453315][T13750]  __x64_sys_mprotect+0x48/0x60
[  213.458184][T13750]  x64_sys_call+0x2794/0x2fb0
[  213.462878][T13750]  do_syscall_64+0xd2/0x200
[  213.467397][T13750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.473319][T13750] 
[  213.475657][T13750] read to 0xffff888103c99d00 of 8 bytes by task 13750 on cpu 0:
[  213.483299][T13750]  mas_state_walk+0x119/0x650
[  213.488002][T13750]  mas_walk+0x30/0x120
[  213.492098][T13750]  lock_vma_under_rcu+0xa2/0x2f0
[  213.497058][T13750]  do_user_addr_fault+0x233/0x1090
[  213.502194][T13750]  exc_page_fault+0x62/0xa0
[  213.506719][T13750]  asm_exc_page_fault+0x26/0x30
[  213.511588][T13750] 
[  213.513920][T13750] value changed: 0xffff88812254a141 -> 0xffff888103c99d00
[  213.521036][T13750] 
[  213.523364][T13750] Reported by Kernel Concurrency Sanitizer on:
[  213.529526][T13750] CPU: 0 UID: 0 PID: 13750 Comm: syz.4.3147 Tainted: G        W           6.16.0-rc7-syzkaller-00142-gb711733e89a3 #0 PREEMPT(voluntary) 
[  213.543604][T13750] Tainted: [W]=WARN
[  213.547412][T13750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  213.557486][T13750] ==================================================================
[  213.586966][T13753] netlink: 'syz.1.3146': attribute type 10 has an invalid length.
[  213.715846][T13749] lo speed is unknown, defaulting to 1000