last executing test programs:

1m9.597851659s ago: executing program 3 (id=2520):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x6)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)

1m9.54199143s ago: executing program 3 (id=2522):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
r0 = syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x381, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x5032})
io_setup(0xbf, &(0x7f0000000100)=<r4=>0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x100000000000}, 0x18)
io_submit(r4, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x20000000, 0x0, 0x7, 0x8, 0x0, r3, &(0x7f0000000080)='\x00\x00', 0x2}])
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000600)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x4840)
socketpair(0x8, 0x5, 0x7f, &(0x7f0000000000))
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x358, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))

1m9.252408954s ago: executing program 3 (id=2532):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

1m9.160238535s ago: executing program 3 (id=2534):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x5, 0x2, 0x1000, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0xfdfe, 0x7, @remote, 0x4}, 0x1c)
connect$pppl2tp(r2, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
setrlimit(0x8, 0x0)
unshare(0x22020600)
pivot_root(&(0x7f0000001100)='./file0/../file0/../file0\x00', &(0x7f00000010c0)='./file0/../file0/../file0/../file0\x00')
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)

1m9.100584916s ago: executing program 3 (id=2537):
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x68, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x7, 0xfffffffffffffffc}, 0x103200, 0x1, 0x840000, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
recvmmsg$unix(r0, &(0x7f0000002e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002120, 0x0) (async, rerun: 64)
r1 = socket(0x10, 0x3, 0x0) (rerun: 64)
write(r1, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) (async, rerun: 64)
close_range(r0, 0xffffffffffffffff, 0x0) (async, rerun: 64)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x10e, &(0x7f0000000280)={[{@init_itable_val={'init_itable', 0x3d, 0x957}}, {@nombcache}, {@nobarrier}, {@stripe={'stripe', 0x3d, 0x9c35}}, {@orlov}, {@errors_remount}]}, 0x4, 0x46b, &(0x7f00000009c0)="$eJzs289vFFUcAPDvTFt+IxXxBz/UKhobf2yhgHLwotHEgyYmXvBY20KQhRpaEyFE0Rg8GhITj8ajiX+BJ70Y9WTiVe+GhBguoqcxsztDd9fttsC2A93PJ9nueztv9r3vvHm7b+Z1AxhYY/mfJGJbRPweETua2fYCY82n69cuTP9z7cJ0Eln21l9Jo9zf1y5Ml0XL/bYWmfE0Iv00ib1d6p0/d/7UVL0+e7bITyycfm9i/tz5506enjoxe2L2zOTRo4cPHXzh+ckjfYnz3rytez6c27f7tbcvvzF97PI7P3+blPF3xNEnY702Ppllfa6uWttb0snwCnYYWsXGsGJ5N+TdNdIY/ztiKBY7b0e8+kmljQNWVVZYYvPFDFjHkqi6BUA1yi/6/Pq3fKzd7KN6V19qXgDlcV8vHs0tw5EWZUY6rm/7aSwijl3896v8EatzHwIAoM33+fzn2W7zvzQeaCl3T2xsrA2NFmspOyPivojYFRH3RzTKPhgRD3WrpMeCQOciyf/nP+mVW49uefn878Vibat9/lfO/mJ0qMhtb8R/JI2ozx5oHJOI8RjZePxkffZgjzp+eOW3z5fa1jr/yx95/eVcsGjHleGN7fvMTC1M3U7Mra5+HLFnuFv8yY2VgCQidkfEnlus4+TT3+xbatvy8fewknWmZWRfRzzV7P+L0RF/Kem9PjmxKT8fJvKz4EDXOn759dKbS9V/W/H3Qd7/W7qe/zfiH01a12vnb+bdm6P70h+fLXlNU7ul83/xhQ3F8wdTCwtnD0ZsSF5vNrr19cnFfct8WT6Pf3x/9/G/MxaPxN6IyE/ihyPikYh4tIjusYh4PCL29zgKP738xLu9jlD3+Df1eMf+yeOf6ej/0fYiHf2/mNgQna90Twyd+vG79ndcSfylvP8PN1LjxSuNz78ve8e1knbd7NkMAAAAd6s0IrZFktZupNO0Vmv+D/+u2JLW5+YXnjk+9/6ZmeZvBEZjJC3vdDXvB48k5f3P0Zb8ZEf+UHHf+IuhzY18bXquPlN18DDgtraO//KWb6359KffaMD614d1NOAuZfzD4DL+YXAZ/zC4uoz/zVW0A1h73b7/P6qgHcDa6xj/lv1ggLj+h8E1HFlSdRuAarR+//sggIExvzmW/5H8ekhkWZbdAc1YP4lI74hm9CeRrPIo2FZ1gDefqPqTCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD/+CwAA//9lEuuH") (async)
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071110a00000000008510000002000000850000005600000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async, rerun: 64)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000) (rerun: 64)

1m8.830132309s ago: executing program 3 (id=2538):
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = getpid()
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x8e, 0x0, r1}}, 0x40)

1m8.80062513s ago: executing program 32 (id=2538):
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = getpid()
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x8e, 0x0, r1}}, 0x40)

2.31061526s ago: executing program 4 (id=3809):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/vlan/vlan0\x00')
mmap(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x680000f, 0x12, r1, 0x2000)
syz_usb_connect$cdc_ncm(0x2, 0x76, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x64, 0x2, 0x1, 0x91, 0x10, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "00afbda9"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x7, 0x9, 0x21}, {0x6, 0x24, 0x1a, 0x404, 0x34}, [@acm={0x4, 0x24, 0x2, 0xa}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0xa, 0x6, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x40, 0x3a}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x66, 0x17, 0xd}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x2, 0x6, 0x4, 0x20, 0x60}, 0x2c, &(0x7f0000000200)={0x5, 0xf, 0x2c, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x1a, 0xa, 0x2, 0x101}, @ss_container_id={0x14, 0x10, 0x4, 0xc, "aee4c4d9b748f8f61003ba6d2f1cc599"}, @ssp_cap={0xc, 0x10, 0xa, 0x68, 0x0, 0x8, 0x0, 0x7fff}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x44d}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x406}}, {0x101, &(0x7f0000000340)=@string={0x101, 0x3, "7ba9e3a2aafc8de207efc1baa8f07fbff63e75e9d59688d1d2d3b937cd9115868600fd2191c3352cbaabd39943ad559864c5fd3c2e5b9886ea608adfd965d9cde7ed331cdf4d9dfb05537acd758a62c963331303ffd26244ec4c683c99b52d5d373ef6724a499210ed7da04493540350ac4c189394a848655d14f853efab11bf3c11051ab05437cdd61d69212bd1349bb44252c52e0dc0d78039f5615e5ccd6560b5bfd8895ef8413245ebb38dc105593de0481e885192e8aee724f84de3b8be16db1af78c2c5999b0f1cfb6693f2e8938b28e9a6bcc7d29144aaa2c310b95fc80284de1f9e51e70b1ff14eb752c25073f524af1a637147cce11cb63441fd6"}}, {0x3, &(0x7f0000000480)=@string={0x3, 0x3, "ec"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x445}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x2809}}]})
r2 = socket(0x2, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0e00000004000000080000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00002000000000000000000000000000000000000000000000db4e317be56d66e0b022ae25000000"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r3, &(0x7f0000000340), &(0x7f00000001c0)=@tcp=r2}, 0x20)

1.970305015s ago: executing program 1 (id=3819):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x2, 0x7, 0x2000, 0x2}, 0x14)
listen(r0, 0x1ff)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendto$inet(r1, &(0x7f0000000500)="ab", 0x4164, 0x40, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)

1.931743015s ago: executing program 1 (id=3820):
r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380), 0x0)
close(r0)

1.885181816s ago: executing program 1 (id=3822):
r0 = syz_io_uring_setup(0x3bd2, &(0x7f0000000300)={0x0, 0x5883, 0x1000, 0x8003, 0x1c2}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000680)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000580), 0x0}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
io_uring_enter(r0, 0x10007b0f, 0x96f0, 0x20, 0x0, 0x0)

1.869116046s ago: executing program 0 (id=3825):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000001100)=""/4083, 0xff3}], 0x1, 0x31, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r1, &(0x7f0000002980), 0x400000000000239, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.796389007s ago: executing program 1 (id=3826):
ioperm(0x200000000009c, 0x20, 0x4000000000000020)
r0 = timerfd_create(0x9, 0x80000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1100, 0x5dd8, 0x0, 0x3, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x400000000000000)
r4 = socket$inet6(0xa, 0x3, 0x5)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
r6 = dup3(r5, r4, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2, 0x9}, 0x20)
sendmmsg$inet6(r6, &(0x7f0000001580)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast2, 0x5}, 0x1c, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1400000000000000290000000b000000"], 0x18}}], 0x1, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r7, 0x400, 0x0)
mq_open(&(0x7f0000000040)='eth0\x00\xdd\xad4=2k\xf1\x05\x9bG\xeb\x85\xe6u*\x03\xb6J\x91y\xe1;F\xa2\x8df\xe6\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xa1\v\x00\x00\x00\x00\x00\x00\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0@\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15\x05\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8OF\xa7^\x8c\xaf\fu\xb7w\x9eF', 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRESHEX=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0xc0040)
pselect6(0x40, &(0x7f0000002a80)={0x7, 0x10000, 0x9, 0x5, 0x1, 0x8, 0x3, 0xfffffffffffffffc}, &(0x7f0000002ac0)={0x5, 0x7, 0x10000, 0x5, 0xff, 0x3, 0xdd, 0x2}, &(0x7f0000002b00)={0x9, 0xfffffffffffffff9, 0x10, 0x9, 0x4, 0x100000, 0x2, 0x2}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r8}, 0x10)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)

1.795985147s ago: executing program 4 (id=3827):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xffff}, 0x4c58, 0x5, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x6}, r2, 0xf, 0xffffffffffffffff, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@typedef={0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001600)={0xd, 0xe, &(0x7f00000014c0)=@framed={{}, [@alu={0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x8}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @generic={0x7, 0x0, 0x4, 0x0, 0x90}]}, &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0xb, r4, 0x8, 0x0, 0xfffffffffffffffa, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
r6 = syz_open_dev$loop(&(0x7f0000000100), 0x2000000, 0xe0001)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0xfffffe73, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1400000010000ec000ff0000000000000000000a20000000000a03000000000000000004010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000003780000000c0a010200fdffffff000000010000000900020073797a32000000004c000380480000800b000340000000003c000b80200007800e000100636f6e6e6c696d69740000000c00028008000140000000001800018004000200636f6e6e6c696d6974000000040002800900010073797a30"], 0xfc}}, 0x0)
getsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, 0x0, &(0x7f0000000140))
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r9}, 0x10)
rmdir(0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r10=>r4, {0x4}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000200)={{0x1, 0x1, 0x18, r5, {<r11=>r4}}, './file0\x00'})
r12 = signalfd(r3, &(0x7f0000000280)={[0x77d3]}, 0x8)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r10, 0x6, &(0x7f0000000440)={0x401, 0x0, &(0x7f0000000400)=[r11, r12, r3, r5]}, 0x4)
r13 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x40042, 0x101)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r13, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0xfffffffffffffff8]}})

1.707026098s ago: executing program 4 (id=3828):
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="77690addcfbe1fbb66ec", 0xfd9c}], 0x1, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100cb3a, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x13, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xc1, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1bff43052f002000636777fbac141443e000000d62079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xffff, 0x0, "4ae23ae17df2e98c69ba36c4095c911abad88f"})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x339)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0x9)
r5 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r5)
inotify_init1(0x800)
fcntl$setstatus(r5, 0x4, 0x2c00)
fcntl$setown(r2, 0x8, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000200)=0x76c, 0x4)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r6, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4)

1.622851169s ago: executing program 1 (id=3829):
r0 = socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r1}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0xa00)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
pwrite64(0xffffffffffffffff, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x3f, 0x3, 0x0, 0x0, 0x0, 0x3, 0x80000, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x50, 0x0, 0x92, 0xfffffffffffffffd, 0x5, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f00000004c0))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x3314048, &(0x7f0000000f40)={[{@sb={'sb', 0x3d, 0x9}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xffffffff}}], [{@euid_lt}, {@appraise}, {@hash}, {@measure}, {@euid_eq}, {@dont_measure}, {@subj_type={'subj_type', 0x3d, 'skb_copy_datagram_iovec\x00'}}, {@fowner_eq}]}, 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5")
sendmsg$key(r0, 0x0, 0x2)

1.57876183s ago: executing program 4 (id=3831):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r1 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_connect$uac1(0x4, 0x71, &(0x7f00000000c0)=ANY=[], 0x0)
close_range(r1, 0xffffffffffffffff, 0x200000000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f00000000c0)=0x401)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0xc800)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x9, 0x3, 0x8, 0x4, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kfree\x00', r3}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)="a0", 0x0}, 0x31)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0xc0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r7, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x20000000, @empty}, 0x1c)
setsockopt$inet6_udp_encap(r7, 0x11, 0x64, &(0x7f0000000180)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000480)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "6454f2303777d1be218229f20d5be158a1fd353b256e3779f00c06c8989f1fb4", "7f9d0a5a5c0a0cd4ece9511338660eb6a27dc8edc6d7e9614413bf111e87a0f9552a579cd2f5bc5e8cfc9054b47ab9cb", "567297f2337c0a828927e16de16de5437a561d6864f83290b7b8e2ad", {"b583d34250b04e5cec9f8b868d09f4c6", "cf17606f656b6044e98ad982f2fc8771"}}}}}}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
close(r8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))

1.024892787s ago: executing program 2 (id=3833):
r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380), 0x0)
close(r0)

1.019421157s ago: executing program 0 (id=3834):
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
open(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x8000, 0x80)

997.930758ms ago: executing program 2 (id=3835):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x304}, '\x00', "376a31a11e8e279cec092f071cc80f218d360356a936a7e3971a8c35c47e5804", '\x00', "fffffffffffffffd"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000080)=@gcm_256={{0x304}, "fb7faf0400", "0d35db0d4af1cbcce779bbc24b53fc4988c215118dd14cb837de56339a336a19", "46d93a3b", "8891ea13f18ef0be"}, 0x38)

997.554698ms ago: executing program 0 (id=3836):
r0 = syz_io_uring_setup(0x3bd2, &(0x7f0000000300)={0x0, 0x5883, 0x1000, 0x8003, 0x1c2}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000680)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000580), 0x0}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
io_uring_enter(r0, 0x10007b0f, 0x96f0, 0x20, 0x0, 0x0)

992.177587ms ago: executing program 2 (id=3837):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfe, 0x0, 0x7ffc0002}]})
removexattr(&(0x7f0000000200)='./file1\x00', &(0x7f0000000280)=@random={'system.', 'ext2\x00'})

952.262078ms ago: executing program 2 (id=3838):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100030010651fbe347b2c2b00000c00018008000100", @ANYRES16=r0], 0x20}}, 0x0)

862.123579ms ago: executing program 2 (id=3839):
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0x7, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r1, &(0x7f0000002980), 0x400000000000239, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

861.734149ms ago: executing program 4 (id=3840):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x3, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0xfb, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000d40))
socket$kcm(0x2b, 0x1, 0x0)
socket$kcm(0x1e, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r0}, 0x9)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000003800)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x0, 0x5, 0xffff0000, 0x7, 0x6, 0xdcc, 0x81, 0x7, 0xf8, 0x9, 0x6e, 0xb, 0x10, 0x1f, 0x0, 0x5f7ee47a, 0x0, 0x78, 0x18000000, 0x2, 0x101, 0x2, 0x6, 0x4899a606, 0x81, 0x5, 0x5, 0x10, 0x20000000, 0x80, 0xfffffffd, 0x80000001, 0x7, 0x0, 0x7fff, 0x0, 0x1, 0x3, 0x2, 0xffff, 0x9, 0x1, 0x0, 0x2, 0xfc4, 0x5, 0x96ae, 0xffff, 0x1, 0x40, 0x2, 0x3, 0x4, 0x2, 0xfffffff7, 0x9, 0x80000000, 0x6, 0x1, 0x4, 0x4, 0x10001, 0x5, 0x4, 0x1, 0x6, 0x5, 0x8, 0x6bda55a8, 0x3, 0x5, 0x264, 0xc1, 0x0, 0x179ba908, 0x0, 0x7, 0x2a023d77, 0xfffffff7, 0x8, 0xa6, 0x9, 0x3, 0xa, 0xf, 0xffff6028, 0xbfffff07, 0xfffffff9, 0x6, 0x8, 0x7, 0x1, 0x0, 0x7ff, 0x63, 0x3, 0x7, 0x5, 0x2, 0x2d3, 0x200, 0xf, 0x3, 0xad, 0xffffffff, 0x10, 0x8, 0x4, 0x1, 0x1, 0x3, 0xc, 0x0, 0xc, 0xfffffffe, 0x1, 0x1, 0x7, 0x18, 0x7, 0x100, 0x5, 0x4, 0x9, 0x6, 0x4, 0x8, 0x4, 0x42, 0x3, 0x80, 0x0, 0x400, 0x4, 0x6, 0x101, 0x8, 0x2, 0x7f, 0x0, 0x7fff, 0xc, 0x15, 0x9, 0x7fffffff, 0x2, 0x80, 0x8001, 0x4, 0xb, 0xc00, 0xc, 0x9, 0xb9, 0x8, 0x2, 0x1000, 0x200, 0x1, 0x9, 0xfffffff7, 0x19, 0x3, 0xffffff81, 0x10000, 0x18, 0x4, 0xffff8001, 0x3, 0x6, 0x9, 0x6, 0x80000000, 0xc863, 0x81, 0x3, 0x4, 0x7, 0x2, 0x1, 0x2c2, 0x4, 0xfffffffb, 0x4, 0xf8, 0x7fff, 0x5, 0x80000000, 0x5, 0x9, 0x0, 0x3800, 0x9, 0x53, 0x47, 0x7fffffff, 0x1000, 0x3, 0x2, 0x81, 0x4, 0x80000001, 0x4, 0xe, 0xd, 0x6, 0x7, 0x1, 0x7ff, 0xfffff001, 0xa5, 0x10001, 0x3, 0x79, 0x807, 0x81, 0xe9ab, 0x6, 0x2, 0x4, 0x6, 0x7, 0x7, 0x3, 0x8c, 0x2, 0x718, 0x4, 0x0, 0x2, 0xab, 0x9, 0x9, 0x5, 0xfffffff1, 0xfffffff9, 0x7, 0x4, 0x4, 0x1, 0x90, 0xfffffd5d, 0x34ea, 0x6, 0x7, 0x8, 0x4, 0xfffffff7, 0x2, 0x2, 0x8a, 0x8, 0xfffffffd, 0x5, 0x8]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x8, 0x8, 0x9, 0x4, {0x3, 0x0, 0x53d, 0x5, 0x1ea, 0xe0000000}, {0x4, 0x1, 0x4, 0x7f, 0xc, 0x8}, 0x6, 0x40000, 0x5}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xe0, 0x1, 0xa, 0x1, 0x0, 0x3, 0xfffffffe, 0x8, 0xfffffffe, 0x7, 0x74d, 0x3, 0x0, 0x8, 0xc6, 0x5, 0x4, 0x2, 0x4, 0xfffff800, 0x3, 0x1, 0x8, 0xb25a, 0x2, 0x2, 0x101, 0x9, 0xca, 0x7, 0x50000, 0xe, 0x8, 0x0, 0x0, 0x4, 0x0, 0x4, 0x1, 0xfffffffd, 0x3, 0x80000001, 0xfff, 0x7, 0x40, 0x40, 0x86e, 0x40, 0x7, 0x8, 0x5, 0x0, 0x8000, 0x8, 0x8, 0x8, 0x5, 0x9, 0x6, 0x5, 0x9, 0x3, 0x8, 0x8, 0x5, 0x1000, 0xfffffffb, 0x5, 0x3, 0xf, 0x101, 0x5, 0x5, 0x7, 0x720f, 0x1, 0x8, 0x8, 0x5a1, 0x9, 0xe, 0xa684, 0xa000, 0x2, 0x5, 0xfffffffb, 0x4, 0x1000, 0x0, 0x41333142, 0x1, 0x2, 0xff, 0x605, 0x6, 0x4, 0x9f2b56b, 0xb0b7, 0xcd2, 0x6, 0x7, 0xb, 0x88, 0x80001, 0x8000, 0x1, 0x8, 0x0, 0x2, 0x800, 0x5, 0x1c1c, 0xe0, 0xf06, 0x9, 0x7, 0xf6eb, 0x2, 0x2, 0x7, 0x8, 0x9, 0x6, 0x2, 0x1, 0x40, 0x4, 0x9600, 0xf8, 0x5, 0xfffffffc, 0x9, 0x2, 0x81, 0x10001, 0x4, 0x1, 0xfffffffd, 0xc, 0xab, 0x7, 0x1, 0x7fff, 0xffffffff, 0x10000, 0x7, 0x6, 0x9, 0x2, 0x8, 0x48e, 0xb, 0xfffffffc, 0x200, 0x0, 0x5eea, 0x7, 0x5, 0x7fffffff, 0x0, 0x8, 0x9, 0xfffffff5, 0x6, 0x9, 0x3, 0xf9, 0x800, 0x8, 0xfffff76c, 0x4, 0x0, 0x30f1554e, 0x1, 0x8, 0x2, 0x200, 0x4, 0x3, 0xd6a, 0x9, 0x3, 0x9, 0x1ff, 0xff, 0xef6, 0x800, 0x80, 0x2, 0x81, 0x8000, 0x4, 0x6, 0x9, 0x0, 0x3, 0x4d8f, 0x81, 0x9, 0x3, 0x7fff, 0x7f, 0x6, 0xc6a, 0x4, 0xfffffffb, 0x81a, 0xfffffffd, 0x1, 0xfffffffe, 0x952, 0x3, 0x40, 0x4, 0x8, 0x2, 0x2c, 0x60000, 0x0, 0xc0000000, 0x6, 0xfffffffb, 0x1, 0x8, 0x4, 0x1381, 0x2, 0x6, 0x4fc4, 0x800, 0x7, 0x8, 0x5, 0x80000000, 0x5, 0x2, 0x8, 0x5, 0x8, 0x3, 0xb, 0x100, 0x4, 0x40, 0x53, 0x0, 0x0, 0x7, 0x7ff, 0x4, 0x18000, 0x70, 0x6, 0x8007, 0x6, 0xfffffffc]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x2}}}}]}]}, 0x88c}}, 0x0)
epoll_create1(0x0)
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dummy0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080))

840.22834ms ago: executing program 0 (id=3841):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000300000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0)

800.55277ms ago: executing program 0 (id=3842):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x6f9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x1, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x8002, 0x0, 0x0, 0x7, 0x0, 0x1, 0xfffd, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
link(&(0x7f00000000c0)='./file0/../file0/../file0\x00', &(0x7f0000000100)='./file0/../file0/../file0/../file0\x00')
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
syz_open_dev$tty1(0xc, 0x4, 0x2)

799.80654ms ago: executing program 4 (id=3843):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x6f9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x1, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x8002, 0x0, 0x0, 0x7, 0x0, 0x1, 0xfffd, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
link(&(0x7f00000000c0)='./file0/../file0/../file0\x00', &(0x7f0000000100)='./file0/../file0/../file0/../file0\x00')
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000340)=0x3)
pselect6(0x40, &(0x7f0000000300)={0x0, 0x7e8d, 0x0, 0x1ff, 0x0, 0x36bb, 0x800000}, &(0x7f0000000000)={0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$tty1(0xc, 0x4, 0x2)

762.14173ms ago: executing program 1 (id=3844):
ioperm(0xfffffffffffffffb, 0x1, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioperm(0x9, 0x0, 0x1)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r3, 0x0, r2, 0x0, 0x6, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
tee(r1, r4, 0x4e, 0x0)
write$binfmt_script(r2, &(0x7f0000000800)={'#! ', './file0'}, 0xb)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000005000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
clock_gettime(0x0, &(0x7f0000001400)={<r7=>0x0, <r8=>0x0})
recvmmsg(r2, &(0x7f0000001300)=[{{&(0x7f00000002c0)=@rc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000001480)=""/194, 0xc2}], 0x1, &(0x7f00000004c0)=""/99, 0x63}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000840)=""/254, 0xfe}], 0x1, &(0x7f0000000940)=""/226, 0xe2}, 0x2}, {{&(0x7f0000000700)=@alg, 0x80, &(0x7f0000000680)=[{&(0x7f0000000580)}], 0x1, &(0x7f0000000b00)=""/137, 0x89}, 0x3}, {{&(0x7f0000000bc0)=@phonet, 0x80, &(0x7f0000001640)=[{&(0x7f0000000c40)=""/23, 0x17}, {&(0x7f0000000c80)=""/215, 0xd7}, {&(0x7f0000000d80)=""/168, 0xa8}, {&(0x7f0000000e40)=""/40, 0x28}, {&(0x7f0000001700)=""/232, 0xe8}, {&(0x7f0000000fc0)=""/188, 0xbc}, {&(0x7f0000001080)=""/200, 0xc8}, {&(0x7f0000000340)=""/100, 0x64}, {&(0x7f00000003c0)=""/62, 0x3e}], 0x9, &(0x7f0000001200)=""/208, 0xd0}, 0x5d}], 0x4, 0x40002102, &(0x7f0000001440)={r7, r8+10000000})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r6}, 0x10)
socket$rds(0x15, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./bus\x00', 0x280008a, &(0x7f0000000240)=ANY=[@ANYBLOB='shortname=lower,shortname=win95,rodir,iocharset=default,uni_xlate=0,nonumtail=1,utf8=0,flush,rodir,shortname=win95,shortname=winnt,shortname=win95,showexec,uni_xlate=0,utf8=0,utf8=0,uni_xlate=0,shortname=mixed,\x00'], 0x97, 0x2ad, &(0x7f0000002000)="$eJzs3b9rO2UYAPDn0jQJOiSCkwge6OD05dvv6pIiLRQzKRnUQYttQZogtFDwB8ZOri6Ori6C4OY/4eJ/ILgKbhYsnNzlrklqGpPatP74fJa+fe953nve69uWDvf03eeHxwdpHJ1/8lO0WknUutGNiyQ6UYvKZzGj+0UAAP9mF1kWv2Zjq+QlEdFaX1kAwBqt/Pv/u7WXBACs2RtvvvXadq+383qatmJ3+PlZP//LPv84vr59FO/HIA7jcbTjMiK7Mh7vZlk2qqe5Trw0HJ3188zhOz+U62//ElHkb0U7OsXUbP5eb2crHZvKH+V1PFXev5vnP4l2PDvn/nu9nSdz8qPfiJdfnKr/UbTjx/figxjEQVHEOD9qEZ9upemr2Ze/ffx2Xl6en4zO+s0ibiLbuOcvDQAAAAAAAAAAAAAAAAAAAAAA/2GPyt45zSj69+RTZf+djcv8k81IK53Z/jzj/KRa6Fp/oFEWX1X9eR6naZqVgZP8ejxXj/rD7BoAAAAAAAAAAAAAAAAAAAD+WU4//Oh4fzA4PLmTQdUNoHqt/7brdKdmXojFwc3JvWrlcMHKsVHFJBELy8g3sXTNv5dtD2736J65qeZvvl16na//eu/lYHOJmL85qE7X8X4y/xk2o5ppVYfk++mYRix5r8ZNl7KVjl9j7qX2yntvPF0MRgtiIllU2Cs/j59cOZNc30WjeKpz0zfLwVT6bExr+fOcf6f8SXLVrSO52x9CAAAAAAAAAAAAAAAAAABAYfLS75yL5wtTa1lzbWUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL2a/P//FQajMnmJ4EacnD7wFgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgf+CMAAP//SfdjDw==")
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x106, 0x40001, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x0, 0x10000}, 0x1320, 0xfffffffd, 0x3, 0x0, 0x4, 0x1088f105, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189)
truncate(&(0x7f00000001c0)='./file2\x00', 0xaeb3)
write$binfmt_format(r9, &(0x7f0000000000)='1\x00', 0xb000)

749.990201ms ago: executing program 0 (id=3845):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000001100)=""/4083, 0xff3}], 0x1, 0x31, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r1, &(0x7f0000002980), 0x400000000000239, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

645.300002ms ago: executing program 5 (id=3848):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfe, 0x0, 0x7ffc0002}]})
removexattr(&(0x7f0000000200)='./file1\x00', &(0x7f0000000280)=@random={'system.', 'ext2\x00'})

533.323713ms ago: executing program 5 (id=3849):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001900)={0x11, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100030010651fbe347b2c2b00000c00018008000100", @ANYRES16=r0], 0x20}}, 0x0)

518.209584ms ago: executing program 5 (id=3850):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000c000000040000004f0c000001000000", @ANYRES32=0x1, @ANYBLOB="0000000000090000000000000000000000001000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x23, r0}, 0x38)

455.287414ms ago: executing program 5 (id=3851):
r0 = syz_io_uring_setup(0x3bd2, &(0x7f0000000300)={0x0, 0x5883, 0x1000, 0x8003, 0x1c2}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000680)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000580), 0x0}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
io_uring_enter(r0, 0x10007b0f, 0x96f0, 0x20, 0x0, 0x0)

407.773215ms ago: executing program 5 (id=3852):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000e0ffffff00"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
r1 = gettid()
process_vm_writev(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0)
r3 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xa5d4}, 0x4c58, 0x5, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, @perf_config_ext={0xf60, 0x40ffffffff}, 0x1100, 0x5, 0x3a65, 0x5, 0x0, 0x5, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000980)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f00000008c0)={{0xa, 0x4e21, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, {0xa, 0x4e22, 0xd42, @mcast2, 0x8}, 0x0, {[0x0, 0x1, 0x6aa, 0x80, 0x3, 0x10000, 0x10, 0x7fffffff]}}, 0x5c)
ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r3, 0x0)
r6 = socket(0x6, 0x80002, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x54, 0x1, [@m_sample={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0xfffffffc, 0x0, 0x10000000, 0x1000000}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x6b}]}, {0x4}, {0xc}, {0xc, 0x4, {0x2}}}}]}]}, 0x68}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x800004, &(0x7f0000001b40)={[{@dioread_lock}, {@jqfmt_vfsold}, {@journal_dev={'journal_dev', 0x3d, 0x5}}, {@data_err_ignore}, {@abort}, {@max_batch_time={'max_batch_time', 0x3d, 0x41}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
kexec_load(0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r7}, 0x18)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
readv(r8, &(0x7f0000000000)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1)
ioctl$TIOCVHANGUP(r8, 0x5437, 0x0)

292.932227ms ago: executing program 5 (id=3853):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48)
r2 = accept(r0, 0x0, &(0x7f0000000180))
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0xfffffffe, 0x2, 0x1, 0x6, 0x7, 0xf707}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

0s ago: executing program 2 (id=3854):
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x86dd}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x68, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800004, 0x1, @perf_bp={0x0, 0x6}, 0x117a20, 0x1, 0x840000, 0x5, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r0, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, &(0x7f00000001c0)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x4f, &(0x7f0000000280)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x2a, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000300)='4', 0x1}], 0x1)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r2, r3, 0x0)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
unshare(0x22020600)
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
fsmount(r7, 0x0, 0x4)

kernel console output (not intermixed with test programs):

T14576] name failslab, interval 1, probability 0, space 0, times 0
[  215.434575][T14576] CPU: 1 UID: 0 PID: 14576 Comm: syz.2.2935 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  215.434602][T14576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  215.434616][T14576] Call Trace:
[  215.434623][T14576]  <TASK>
[  215.434632][T14576]  __dump_stack+0x1d/0x30
[  215.434704][T14576]  dump_stack_lvl+0xe8/0x140
[  215.434731][T14576]  dump_stack+0x15/0x1b
[  215.434753][T14576]  should_fail_ex+0x265/0x280
[  215.434798][T14576]  should_failslab+0x8c/0xb0
[  215.434892][T14576]  __kmalloc_noprof+0xa5/0x3e0
[  215.434918][T14576]  ? alloc_pipe_info+0x1c9/0x350
[  215.434992][T14576]  alloc_pipe_info+0x1c9/0x350
[  215.435030][T14576]  splice_direct_to_actor+0x592/0x680
[  215.435070][T14576]  ? kstrtouint_from_user+0x9f/0xf0
[  215.435194][T14576]  ? __pfx_direct_splice_actor+0x10/0x10
[  215.435215][T14576]  ? __rcu_read_unlock+0x4f/0x70
[  215.435288][T14576]  ? get_pid_task+0x96/0xd0
[  215.435307][T14576]  ? avc_policy_seqno+0x15/0x30
[  215.435324][T14576]  do_splice_direct+0xda/0x150
[  215.435343][T14576]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  215.435398][T14576]  do_sendfile+0x380/0x640
[  215.435418][T14576]  __x64_sys_sendfile64+0x105/0x150
[  215.435559][T14576]  x64_sys_call+0xb39/0x2fb0
[  215.435581][T14576]  do_syscall_64+0xd0/0x1a0
[  215.435602][T14576]  ? clear_bhb_loop+0x40/0x90
[  215.435627][T14576]  ? clear_bhb_loop+0x40/0x90
[  215.435651][T14576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.435702][T14576] RIP: 0033:0x7f76c142e969
[  215.435714][T14576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.435782][T14576] RSP: 002b:00007f76bfa97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  215.435803][T14576] RAX: ffffffffffffffda RBX: 00007f76c1655fa0 RCX: 00007f76c142e969
[  215.435813][T14576] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[  215.435823][T14576] RBP: 00007f76bfa97090 R08: 0000000000000000 R09: 0000000000000000
[  215.435834][T14576] R10: 000000000000e065 R11: 0000000000000246 R12: 0000000000000001
[  215.435845][T14576] R13: 0000000000000000 R14: 00007f76c1655fa0 R15: 00007ffec21c41e8
[  215.435861][T14576]  </TASK>
[  215.465092][T14060] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.669467][   T29] audit: type=1400 audit(1748054472.186:9864): avc:  denied  { attach_queue } for  pid=14578 comm="syz.5.2936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  215.709484][T14060] 8021q: adding VLAN 0 to HW filter on device team0
[  215.722579][  T125] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.729632][  T125] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.753582][  T125] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.760692][  T125] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.778609][T14060] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  215.789597][T14060] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  215.814908][T14598] loop4: detected capacity change from 0 to 512
[  215.843549][T14598] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.856990][T14598] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[  215.867484][T14598] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  215.876971][T14598] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.2941: Failed to acquire dquot type 0
[  215.888778][T14060] 8021q: adding VLAN 0 to HW filter on device batadv0
[  215.950552][T14616] loop4: detected capacity change from 0 to 128
[  215.983745][T14616] syz.4.2942: attempt to access beyond end of device
[  215.983745][T14616] loop4: rw=2049, sector=153, nr_sectors = 8 limit=128
[  215.986824][T14060] veth0_vlan: entered promiscuous mode
[  216.006046][T14060] veth1_vlan: entered promiscuous mode
[  216.022245][T14060] veth0_macvtap: entered promiscuous mode
[  216.029576][T14060] veth1_macvtap: entered promiscuous mode
[  216.041309][T14060] batman_adv: batadv0: Interface activated: batadv_slave_0
[  216.050941][T14060] batman_adv: batadv0: Interface activated: batadv_slave_1
[  216.063673][T14060] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.072449][T14060] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.081956][T14060] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.090748][T14060] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.137603][   T29] audit: type=1400 audit(1748054472.656:9865): avc:  denied  { watch_reads } for  pid=14621 comm="syz.2.2944" path="/595" dev="tmpfs" ino=3220 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  216.168493][T14622] loop2: detected capacity change from 0 to 764
[  216.176737][T14622] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  216.403429][T14649] Symlink component flag not implemented
[  216.409134][T14649] Symlink component flag not implemented
[  216.415133][T14649] Symlink component flag not implemented (128)
[  216.421342][T14649] Symlink component flag not implemented (97)
[  216.602232][T14662] __nla_validate_parse: 1 callbacks suppressed
[  216.602264][T14662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2952'.
[  216.617387][T14662] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2952'.
[  216.697098][T14664] batman_adv: batadv0: Removing interface: batadv_slave_0
[  216.714455][   T29] audit: type=1400 audit(1748054473.216:9866): avc:  denied  { accept } for  pid=14663 comm="syz.1.2954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  216.865310][T14678] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2958'.
[  216.874392][T14678] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2958'.
[  216.946802][T14694] loop5: detected capacity change from 0 to 128
[  216.958150][   T29] audit: type=1326 audit(1748054473.486:9867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14680 comm="syz.0.2959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  217.180213][T14694] ext4 filesystem being mounted at /75/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  217.253683][T14672] EXT4-fs warning (device loop5): verify_group_input:137: Cannot add at group 9 (only 1 groups)
[  217.354355][T14739] loop1: detected capacity change from 0 to 128
[  217.381068][T14739] syz.1.2968: attempt to access beyond end of device
[  217.381068][T14739] loop1: rw=2049, sector=153, nr_sectors = 8 limit=128
[  217.412634][T14744] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2970'.
[  217.421900][T14744] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2970'.
[  217.522327][T14757] SELinux:  Context system_u:object_r:checkpolicy_exec_t:s0 is not valid (left unmapped).
[  217.575242][T14768] loop5: detected capacity change from 0 to 512
[  217.606690][T14768] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.648384][T14768] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.2976: Failed to acquire dquot type 0
[  217.825766][T14851] loop5: detected capacity change from 0 to 128
[  217.865754][T14778] chnl_net:caif_netlink_parms(): no params data found
[  217.881910][T14851] syz.5.2983: attempt to access beyond end of device
[  217.881910][T14851] loop5: rw=2049, sector=153, nr_sectors = 8 limit=128
[  217.953143][T14778] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.960361][T14778] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.967927][T14778] bridge_slave_0: entered allmulticast mode
[  217.975528][T14778] bridge_slave_0: entered promiscuous mode
[  217.991453][T14778] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.998590][T14778] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.006545][T14778] bridge_slave_1: entered allmulticast mode
[  218.014443][T14778] bridge_slave_1: entered promiscuous mode
[  218.051383][T14778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  218.062503][T14778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.084810][T14778] team0: Port device team_slave_0 added
[  218.091954][T14778] team0: Port device team_slave_1 added
[  218.098174][T15033] netlink: 2028 bytes leftover after parsing attributes in process `syz.5.2989'.
[  218.107348][T15033] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2989'.
[  218.132548][T14778] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.139654][T14778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.166463][T14778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.180259][T14778] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.187280][T14778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.213424][T14778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.228031][ T3407] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.259408][T14778] hsr_slave_0: entered promiscuous mode
[  218.265676][T14778] hsr_slave_1: entered promiscuous mode
[  218.271885][T14778] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  218.279582][T14778] Cannot create hsr debugfs directory
[  218.285946][ T3407] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.346185][ T3407] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.391421][ T3407] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.441734][   T29] kauditd_printk_skb: 118 callbacks suppressed
[  218.441748][   T29] audit: type=1326 audit(1748054474.966:9984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15158 comm="syz.0.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.471915][   T29] audit: type=1326 audit(1748054474.986:9985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15158 comm="syz.0.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.495480][   T29] audit: type=1326 audit(1748054474.986:9986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15158 comm="syz.0.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.519064][   T29] audit: type=1326 audit(1748054474.986:9987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15158 comm="syz.0.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.567121][T15178] block device autoloading is deprecated and will be removed.
[  218.611759][ T3407] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  218.631729][   T29] audit: type=1400 audit(1748054475.156:9988): avc:  denied  { setopt } for  pid=15177 comm="syz.0.2998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  218.652513][   T29] audit: type=1326 audit(1748054475.156:9989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15177 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.676101][   T29] audit: type=1326 audit(1748054475.156:9990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15177 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.700196][   T29] audit: type=1326 audit(1748054475.156:9991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15177 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.723669][   T29] audit: type=1326 audit(1748054475.156:9992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15177 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  218.747874][   T29] audit: type=1326 audit(1748054475.156:9993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15177 comm="syz.0.2998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  219.038958][T15194] FAULT_INJECTION: forcing a failure.
[  219.038958][T15194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.052076][T15194] CPU: 0 UID: 0 PID: 15194 Comm: syz.5.3003 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  219.052107][T15194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  219.052147][T15194] Call Trace:
[  219.052153][T15194]  <TASK>
[  219.052159][T15194]  __dump_stack+0x1d/0x30
[  219.052176][T15194]  dump_stack_lvl+0xe8/0x140
[  219.052194][T15194]  dump_stack+0x15/0x1b
[  219.052213][T15194]  should_fail_ex+0x265/0x280
[  219.052317][T15194]  should_fail+0xb/0x20
[  219.052349][T15194]  should_fail_usercopy+0x1a/0x20
[  219.052366][T15194]  strncpy_from_user+0x25/0x230
[  219.052413][T15194]  ? kmem_cache_alloc_noprof+0x186/0x310
[  219.052434][T15194]  ? getname_flags+0x80/0x3b0
[  219.052469][T15194]  getname_flags+0xae/0x3b0
[  219.052520][T15194]  __x64_sys_unlink+0x21/0x40
[  219.052544][T15194]  x64_sys_call+0x22a6/0x2fb0
[  219.052636][T15194]  do_syscall_64+0xd0/0x1a0
[  219.052660][T15194]  ? clear_bhb_loop+0x40/0x90
[  219.052707][T15194]  ? clear_bhb_loop+0x40/0x90
[  219.052732][T15194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.052757][T15194] RIP: 0033:0x7efc54bae969
[  219.052774][T15194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.052794][T15194] RSP: 002b:00007efc53217038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[  219.052815][T15194] RAX: ffffffffffffffda RBX: 00007efc54dd5fa0 RCX: 00007efc54bae969
[  219.052829][T15194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  219.052839][T15194] RBP: 00007efc53217090 R08: 0000000000000000 R09: 0000000000000000
[  219.052851][T15194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.052903][T15194] R13: 0000000000000000 R14: 00007efc54dd5fa0 R15: 00007ffc4ee9e4c8
[  219.052920][T15194]  </TASK>
[  219.391907][ T3407] bond0 (unregistering): Released all slaves
[  219.400305][ T3407] bond1 (unregistering): Released all slaves
[  219.409262][ T3407] bond2 (unregistering): Released all slaves
[  219.418680][ T5534] infiniband srz1: ib_query_port failed (-19)
[  219.418871][T15189] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  219.451144][T15207] loop1: detected capacity change from 0 to 512
[  219.473502][ T3407] tipc: Disabling bearer <udp:syz0>
[  219.478798][ T3407] tipc: Left network mode
[  219.484060][T15207] EXT4-fs mount: 51 callbacks suppressed
[  219.484077][T15207] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  219.503016][T15207] ext4 filesystem being mounted at /521/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  219.513792][T15197] loop5: detected capacity change from 0 to 512
[  219.517792][T15207] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.3005: Failed to acquire dquot type 0
[  219.542859][ T3407] hsr_slave_0: left promiscuous mode
[  219.550021][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  219.550898][ T3407] hsr_slave_1: left promiscuous mode
[  219.567648][ T3407] batadv_slave_0: left allmulticast mode
[  219.573423][ T3407] batadv_slave_0: left promiscuous mode
[  219.582660][ T3407] veth0_macvtap: left promiscuous mode
[  219.588243][ T3407] veth1_vlan: left promiscuous mode
[  219.593814][ T3407] veth0_vlan: left promiscuous mode
[  219.842973][T14778] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  219.854350][T14778] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  219.863935][T14778] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  219.875511][T14778] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  219.957583][T14778] 8021q: adding VLAN 0 to HW filter on device bond0
[  219.983410][T14778] 8021q: adding VLAN 0 to HW filter on device team0
[  220.002758][ T8846] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.009836][ T8846] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.075145][T14778] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  220.085544][T14778] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  220.152420][T15244] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.3008'.
[  220.161571][T15244] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3008'.
[  220.188041][ T8846] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.195143][ T8846] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.301042][T14778] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.477417][T14778] veth0_vlan: entered promiscuous mode
[  220.493216][T14778] veth1_vlan: entered promiscuous mode
[  220.510350][T14778] veth0_macvtap: entered promiscuous mode
[  220.518094][T14778] veth1_macvtap: entered promiscuous mode
[  220.530884][T14778] batman_adv: batadv0: Interface activated: batadv_slave_0
[  220.544144][T15266] loop4: detected capacity change from 0 to 256
[  220.604320][T14778] batman_adv: batadv0: Interface activated: batadv_slave_1
[  220.628574][T14778] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  220.637375][T14778] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  220.646268][T14778] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  220.655020][T14778] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  220.785027][T15279] loop4: detected capacity change from 0 to 8192
[  220.898852][T15292] loop0: detected capacity change from 0 to 512
[  220.925514][T15292] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.943898][T15292] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  220.955896][T15294] loop2: detected capacity change from 0 to 512
[  220.986658][T15300] loop4: detected capacity change from 0 to 128
[  221.078669][   T38] kworker/u8:2: attempt to access beyond end of device
[  221.078669][   T38] loop4: rw=1, sector=145, nr_sectors = 73 limit=128
[  221.170111][T15309] netlink: 'syz.0.3020': attribute type 1 has an invalid length.
[  221.367882][T15334] loop4: detected capacity change from 0 to 512
[  221.767748][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.027159][T15351] loop2: detected capacity change from 0 to 8192
[  222.151934][T15370] loop5: detected capacity change from 0 to 128
[  222.162131][T15366] loop1: detected capacity change from 0 to 8192
[  222.169007][T15370] syz.5.3041: attempt to access beyond end of device
[  222.169007][T15370] loop5: rw=2049, sector=153, nr_sectors = 8 limit=128
[  222.169684][T15366] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  222.221233][T15378] __nla_validate_parse: 2 callbacks suppressed
[  222.221245][T15378] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3044'.
[  222.237195][T15378] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3044'.
[  222.297686][T15380] loop1: detected capacity change from 0 to 8192
[  222.373152][T15391] loop2: detected capacity change from 0 to 8192
[  222.503489][T15405] netlink: 2028 bytes leftover after parsing attributes in process `syz.5.3050'.
[  222.512771][T15405] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3050'.
[  222.666586][T15413] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3052'.
[  222.998808][T15421] netlink: 40 bytes leftover after parsing attributes in process `’'.
[  223.074343][T15421] loop0: detected capacity change from 0 to 512
[  223.111435][T15421] ext4: Unknown parameter '›‘&YØròkyn+�^Û_E÷…âÂ`+$ŽÍØ
œ¦Y¾~ŠéS2Z'VO3ÉÔX¦ãÚ³‹ª·ëf«ýc÷'
[  223.455995][T15440] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[  223.464311][T15440] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[  223.479152][T15443] loop4: detected capacity change from 0 to 128
[  223.651408][   T12] kworker/u8:0: attempt to access beyond end of device
[  223.651408][   T12] loop4: rw=1, sector=145, nr_sectors = 73 limit=128
[  223.720364][T15456] tipc: Started in network mode
[  223.725259][T15456] tipc: Node identity ac14140f, cluster identity 4711
[  223.725764][T15459] loop0: detected capacity change from 0 to 512
[  223.757880][T15456] tipc: New replicast peer: 10.1.1.2
[  223.763825][T15456] tipc: Enabled bearer <udp:syz0>, priority 10
[  223.775172][T15459] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.787829][T15459] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  223.802035][   T29] kauditd_printk_skb: 61 callbacks suppressed
[  223.802049][   T29] audit: type=1326 audit(1748054480.326:10053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15466 comm="syz.4.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  223.849072][   T29] audit: type=1107 audit(1748054480.366:10054): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  223.863186][   T29] audit: type=1326 audit(1748054480.366:10055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15466 comm="syz.4.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  223.886794][   T29] audit: type=1326 audit(1748054480.366:10056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15466 comm="syz.4.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  223.911126][   T29] audit: type=1326 audit(1748054480.366:10057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15466 comm="syz.4.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  223.925795][T15459] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[  223.934684][   T29] audit: type=1326 audit(1748054480.366:10058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15466 comm="syz.4.3070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  223.934741][   T29] audit: type=1107 audit(1748054480.366:10059): pid=15470 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  223.945052][T15459] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  223.945074][T15459] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.3068: Failed to acquire dquot type 0
[  223.972622][T15473] loop2: detected capacity change from 0 to 8192
[  224.028534][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.163868][T15489] loop0: detected capacity change from 0 to 128
[  224.177212][T15489] syz.0.3076: attempt to access beyond end of device
[  224.177212][T15489] loop0: rw=34817, sector=97, nr_sectors = 32 limit=128
[  224.245091][T15500] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3077'.
[  224.279946][  T125] kworker/u8:4: attempt to access beyond end of device
[  224.279946][  T125] loop0: rw=1, sector=145, nr_sectors = 73 limit=128
[  224.287556][T15502] SELinux: failed to load policy
[  224.332024][   T29] audit: type=1326 audit(1748054480.856:10060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15492 comm="syz.2.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  224.483489][T15523] loop2: detected capacity change from 0 to 512
[  224.509255][T15513] loop0: detected capacity change from 0 to 8192
[  224.532716][T15523] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.577765][T15525] loop4: detected capacity change from 0 to 8192
[  224.580400][T15513] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  224.585062][T15523] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.614609][T15523] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.3088: Failed to acquire dquot type 0
[  224.673741][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.780534][ T5534] tipc: Node number set to 2886997007
[  224.968717][T15560] loop0: detected capacity change from 0 to 512
[  224.993817][T15560] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.006935][T15560] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.210651][T15578] netlink: 2028 bytes leftover after parsing attributes in process `syz.5.3102'.
[  225.220516][T15578] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3102'.
[  225.376052][T15581] loop4: detected capacity change from 0 to 8192
[  225.734245][T15606] netlink: 40 bytes leftover after parsing attributes in process `’'.
[  225.748698][T15606] loop2: detected capacity change from 0 to 512
[  225.756215][T15606] ext4: Unknown parameter '›‘&YØròkyn+�^Û_E÷…âÂ`+$ŽÍØ
œ¦Y¾~ŠéS2Z'VO3ÉÔX¦ãÚ³‹ª·ëf«ýc÷'
[  225.842959][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.891886][T15623] loop4: detected capacity change from 0 to 512
[  225.912029][T15623] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.926264][T15623] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.947376][T15623] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.3115: Failed to acquire dquot type 0
[  225.959055][T15628] loop0: detected capacity change from 0 to 512
[  225.979502][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.001968][T15628] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.014804][T15628] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.028804][T15628] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.3116: Failed to acquire dquot type 0
[  226.040219][T15641] loop4: detected capacity change from 0 to 512
[  226.058837][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.088719][T15646] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=15646 comm=syz.5.3121
[  226.169431][T15671] loop4: detected capacity change from 0 to 512
[  226.183349][T15671] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.195922][T15671] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.327239][T15688] loop0: detected capacity change from 0 to 512
[  226.334858][T15671] netlink: 'syz.4.3128': attribute type 1 has an invalid length.
[  226.361536][T15688] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.376112][T15688] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  226.388634][T15688] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.3133: Failed to acquire dquot type 0
[  226.412239][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.462632][T15705] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=15705 comm=syz.0.3137
[  226.480757][T15706] loop5: detected capacity change from 0 to 512
[  226.539398][T15715] loop0: detected capacity change from 0 to 128
[  226.553843][T15715] syz.0.3140: attempt to access beyond end of device
[  226.553843][T15715] loop0: rw=2049, sector=145, nr_sectors = 8 limit=128
[  226.568415][T15715] syz.0.3140: attempt to access beyond end of device
[  226.568415][T15715] loop0: rw=2049, sector=161, nr_sectors = 8 limit=128
[  226.894429][T15729] Option 'Í'M•O§±' to dns_resolver key: bad/missing value
[  226.949199][T15729] loop0: detected capacity change from 0 to 512
[  226.979145][T15729] EXT4-fs: Ignoring removed mblk_io_submit option
[  227.057631][T15729] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  227.068691][T15729] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  227.069731][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.076985][T15729] EXT4-fs (loop0): orphan cleanup on readonly fs
[  227.093272][T15729] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.3142: Invalid block bitmap block 0 in block_group 0
[  227.108514][T15729] EXT4-fs (loop0): Remounting filesystem read-only
[  227.115371][T15729] EXT4-fs (loop0): 1 orphan inode deleted
[  227.121660][T15729] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  227.153529][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.238262][T15762] loop0: detected capacity change from 0 to 1024
[  227.247121][T15762] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  227.258209][T15762] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  227.269630][T15762] EXT4-fs error (device loop0): ext4_ext_check_inode:524: inode #2: comm syz.0.3151: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  227.287836][T15762] EXT4-fs (loop0): no journal found
[  227.438261][T15782] loop2: detected capacity change from 0 to 128
[  227.467985][T15782] syz.2.3158: attempt to access beyond end of device
[  227.467985][T15782] loop2: rw=34817, sector=97, nr_sectors = 32 limit=128
[  227.598244][   T12] kworker/u8:0: attempt to access beyond end of device
[  227.598244][   T12] loop2: rw=1, sector=145, nr_sectors = 73 limit=128
[  227.711743][T15800] loop0: detected capacity change from 0 to 128
[  227.839119][   T12] kworker/u8:0: attempt to access beyond end of device
[  227.839119][   T12] loop0: rw=1, sector=145, nr_sectors = 73 limit=128
[  228.048419][T15824] loop0: detected capacity change from 0 to 512
[  228.057524][T15826] loop1: detected capacity change from 0 to 512
[  228.081933][T15826] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.097521][T15826] ext4 filesystem being mounted at /542/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.113407][T15826] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.3169: Failed to acquire dquot type 0
[  228.156665][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.214319][T15855] loop0: detected capacity change from 0 to 128
[  228.221712][T15849] loop1: detected capacity change from 0 to 1024
[  228.222020][T15849] EXT4-fs: inline encryption not supported
[  228.222063][T15849] EXT4-fs: Ignoring removed i_version option
[  228.223804][T15849] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  228.252828][T15849] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #3: block 2: comm syz.1.3173: lblock 2 mapped to illegal pblock 2 (length 1)
[  228.266974][T15849] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #3: block 48: comm syz.1.3173: lblock 0 mapped to illegal pblock 48 (length 1)
[  228.282563][T15849] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.3173: Failed to acquire dquot type 0
[  228.294108][T15849] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5899: Corrupt filesystem
[  228.304939][T15849] EXT4-fs error (device loop1): ext4_evict_inode:259: inode #11: comm syz.1.3173: mark_inode_dirty error
[  228.317872][T15849] EXT4-fs warning (device loop1): ext4_evict_inode:262: couldn't mark inode dirty (err -117)
[  228.332299][T15849] EXT4-fs (loop1): 1 orphan inode deleted
[  228.338548][T15849] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.354037][   T38] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  228.371671][ T8846] kworker/u8:10: attempt to access beyond end of device
[  228.371671][ T8846] loop0: rw=1, sector=145, nr_sectors = 73 limit=128
[  228.376265][   T38] EXT4-fs error (device loop1): ext4_release_dquot:6971: comm kworker/u8:2: Failed to release dquot type 0
[  228.386158][T15849] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #3: block 1: comm syz.1.3173: lblock 1 mapped to illegal pblock 1 (length 1)
[  228.416086][T15849] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.3173: Failed to acquire dquot type 0
[  228.455573][T15881] loop4: detected capacity change from 0 to 512
[  228.463629][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.475685][ T3314] EXT4-fs error (device loop1): __ext4_get_inode_loc:4450: comm syz-executor: Invalid inode table block 1 in block_group 0
[  228.488711][ T3314] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5899: Corrupt filesystem
[  228.499530][ T3314] EXT4-fs error (device loop1): ext4_quota_off:7219: inode #3: comm syz-executor: mark_inode_dirty error
[  228.500059][T15881] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.524018][T15881] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.534647][T15884] loop0: detected capacity change from 0 to 8192
[  228.544607][T15881] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.3183: Failed to acquire dquot type 0
[  228.546155][T15884] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  228.586896][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.608304][T15891] loop1: detected capacity change from 0 to 8192
[  228.616411][T15891] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  228.726655][T15908] loop0: detected capacity change from 0 to 1024
[  228.733181][T15910] loop2: detected capacity change from 0 to 512
[  228.733681][T15908] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  228.751086][T15908] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  228.764568][T15908] JBD2: no valid journal superblock found
[  228.770326][T15908] EXT4-fs (loop0): Could not load journal inode
[  228.789654][T15910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.803236][T15910] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.930838][   T29] kauditd_printk_skb: 129 callbacks suppressed
[  228.930850][   T29] audit: type=1326 audit(1748054485.456:10170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15905 comm="syz.1.3187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  228.998248][T15910] netlink: 'syz.2.3189': attribute type 1 has an invalid length.
[  229.007114][   T29] audit: type=1326 audit(1748054485.496:10171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15905 comm="syz.1.3187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  229.031415][   T29] audit: type=1326 audit(1748054485.496:10172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15905 comm="syz.1.3187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  229.054904][   T29] audit: type=1326 audit(1748054485.496:10173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15905 comm="syz.1.3187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  229.079124][   T29] audit: type=1326 audit(1748054485.496:10174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15905 comm="syz.1.3187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  229.103235][   T29] audit: type=1326 audit(1748054485.496:10175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15905 comm="syz.1.3187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  229.138777][T15908] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  229.295131][   T29] audit: type=1400 audit(1748054485.816:10176): avc:  denied  { map } for  pid=15927 comm="syz.0.3191" path="socket:[38872]" dev="sockfs" ino=38872 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  229.319565][   T29] audit: type=1400 audit(1748054485.816:10177): avc:  denied  { read accept } for  pid=15927 comm="syz.0.3191" path="socket:[38872]" dev="sockfs" ino=38872 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  229.510062][T15929] loop0: detected capacity change from 0 to 512
[  229.533221][T15929] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.545929][T15929] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.564837][   T29] audit: type=1326 audit(1748054486.086:10178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15936 comm="syz.4.3193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  229.595707][   T29] audit: type=1326 audit(1748054486.086:10179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15936 comm="syz.4.3193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  229.619500][T15939] loop4: detected capacity change from 0 to 512
[  229.628980][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.648597][T15946] loop2: detected capacity change from 0 to 256
[  230.168346][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.561977][T16031] loop2: detected capacity change from 0 to 128
[  230.572913][T16031] syz.2.3201: attempt to access beyond end of device
[  230.572913][T16031] loop2: rw=2049, sector=145, nr_sectors = 8 limit=128
[  230.588787][T16031] syz.2.3201: attempt to access beyond end of device
[  230.588787][T16031] loop2: rw=2049, sector=161, nr_sectors = 8 limit=128
[  230.607964][T16029] loop0: detected capacity change from 0 to 8192
[  230.696899][T16043] loop0: detected capacity change from 0 to 2048
[  230.706020][T16043] EXT4-fs: Ignoring removed nomblk_io_submit option
[  230.712775][T16043] EXT4-fs: Ignoring removed nobh option
[  230.732943][T16043] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.757894][T16043] EXT4-fs error (device loop0): ext4_check_all_de:659: inode #12: block 5: comm +}[@: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0
[  230.777367][T16043] EXT4-fs (loop0): Remounting filesystem read-only
[  230.793679][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.843187][T16065] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3210'.
[  230.853533][T16065] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3210'.
[  230.865898][T16065] loop2: detected capacity change from 0 to 512
[  230.893911][T16065] EXT4-fs (loop2): 1 orphan inode deleted
[  230.902189][T16065] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.914890][T15998] EXT4-fs error (device loop2): ext4_release_dquot:6971: comm kworker/u8:60: Failed to release dquot type 1
[  230.914947][T16065] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.971952][T16070] loop0: detected capacity change from 0 to 1024
[  230.979536][T16070] EXT4-fs: Ignoring removed orlov option
[  230.984757][T16073] loop5: detected capacity change from 0 to 512
[  230.993395][T16070] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  230.995237][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.018290][T16073] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.033312][T16073] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.046759][T16073] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.3213: Failed to acquire dquot type 0
[  231.066829][T16081] loop4: detected capacity change from 0 to 128
[  231.070339][T16070] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.086978][T11663] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.106802][T15964] kworker/u8:27: attempt to access beyond end of device
[  231.106802][T15964] loop4: rw=1, sector=145, nr_sectors = 73 limit=128
[  231.168454][T14060] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.178877][T16100] loop2: detected capacity change from 0 to 2048
[  231.189407][T16104] loop5: detected capacity change from 0 to 512
[  231.190076][T16100] EXT4-fs: Ignoring removed nomblk_io_submit option
[  231.202579][T16100] EXT4-fs: Ignoring removed nobh option
[  231.225319][T16104] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.225552][T16100] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.242168][T16104] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.264959][T16104] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.3222: Failed to acquire dquot type 0
[  231.271837][T16100] EXT4-fs error (device loop2): ext4_check_all_de:659: inode #12: block 5: comm +}[@: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0
[  231.295014][T16100] EXT4-fs (loop2): Remounting filesystem read-only
[  231.311765][T11663] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.323199][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.337451][T16122] tipc: Started in network mode
[  231.342474][T16122] tipc: Node identity ac14140f, cluster identity 4711
[  231.351710][T16122] tipc: New replicast peer: 10.1.1.2
[  231.357171][T16122] tipc: Enabled bearer <udp:syz0>, priority 10
[  231.438648][T16142] loop5: detected capacity change from 0 to 1024
[  231.449189][T16142] EXT4-fs: Ignoring removed orlov option
[  231.457760][T16147] loop2: detected capacity change from 0 to 512
[  231.466451][T16142] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  231.477281][T16134] loop4: detected capacity change from 0 to 8192
[  231.486227][T16134] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  231.504331][T16147] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.519213][T16142] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.530199][T16147] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.547140][T16147] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.3233: Failed to acquire dquot type 0
[  231.592323][T16161] loop4: detected capacity change from 0 to 2048
[  231.599161][T16161] EXT4-fs: Ignoring removed nomblk_io_submit option
[  231.607364][T16161] EXT4-fs: Ignoring removed nobh option
[  231.607716][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.623431][T16159] loop0: detected capacity change from 0 to 8192
[  231.636806][T16159] tmpfs: Unknown parameter 'hu°¡meversB ¥«ZXHIê'
[  231.655854][T16161] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.656499][T16168] netlink: 'syz.2.3237': attribute type 27 has an invalid length.
[  231.670314][T11663] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.702759][T16161] EXT4-fs error (device loop4): ext4_check_all_de:659: inode #12: block 5: comm +}[@: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0
[  231.724994][T16168] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.731437][T16161] EXT4-fs (loop4): Remounting filesystem read-only
[  231.732224][T16168] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.772170][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.787921][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.796919][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.809302][T16168] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  231.822339][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.827223][T16168] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.848733][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.857752][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.867974][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.891079][T16168] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  231.899473][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.900002][T16168] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  231.900043][T16168] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  231.900112][T16168] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  231.938606][T16182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3237'.
[  231.964102][T16173] 8021q: adding VLAN 0 to HW filter on device bond0
[  231.972512][T16173] 8021q: adding VLAN 0 to HW filter on device team0
[  231.982983][T16173] net_ratelimit: 324 callbacks suppressed
[  231.982994][T16173] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  231.988917][T16197] loop4: detected capacity change from 0 to 512
[  232.011509][T16197] EXT4-fs: Ignoring removed orlov option
[  232.017639][T16197] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  232.037087][T16197] EXT4-fs (loop4): orphan cleanup on readonly fs
[  232.064679][T16197] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3244: bg 0: block 248: padding at end of block bitmap is not set
[  232.080347][T16197] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.3244: Failed to acquire dquot type 1
[  232.098299][T16197] EXT4-fs (loop4): 1 truncate cleaned up
[  232.109070][T16197] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  232.129466][T16220] loop5: detected capacity change from 0 to 1024
[  232.136569][T16220] EXT4-fs: Ignoring removed orlov option
[  232.146416][T16220] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  232.188005][T16220] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.226267][T16230] FAULT_INJECTION: forcing a failure.
[  232.226267][T16230] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.239419][T16230] CPU: 1 UID: 0 PID: 16230 Comm: syz.1.3251 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  232.239450][T16230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.239461][T16230] Call Trace:
[  232.239466][T16230]  <TASK>
[  232.239501][T16230]  __dump_stack+0x1d/0x30
[  232.239524][T16230]  dump_stack_lvl+0xe8/0x140
[  232.239546][T16230]  dump_stack+0x15/0x1b
[  232.239565][T16230]  should_fail_ex+0x265/0x280
[  232.239598][T16230]  should_fail+0xb/0x20
[  232.239672][T16230]  should_fail_usercopy+0x1a/0x20
[  232.239703][T16230]  _copy_from_user+0x1c/0xb0
[  232.239729][T16230]  ___sys_sendmsg+0xc1/0x1d0
[  232.239766][T16230]  __x64_sys_sendmsg+0xd4/0x160
[  232.239917][T16230]  x64_sys_call+0x2999/0x2fb0
[  232.239959][T16230]  do_syscall_64+0xd0/0x1a0
[  232.239983][T16230]  ? clear_bhb_loop+0x40/0x90
[  232.240005][T16230]  ? clear_bhb_loop+0x40/0x90
[  232.240032][T16230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.240055][T16230] RIP: 0033:0x7f8c31f3e969
[  232.240089][T16230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.240157][T16230] RSP: 002b:00007f8c305a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  232.240179][T16230] RAX: ffffffffffffffda RBX: 00007f8c32165fa0 RCX: 00007f8c31f3e969
[  232.240195][T16230] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000000000000003
[  232.240209][T16230] RBP: 00007f8c305a7090 R08: 0000000000000000 R09: 0000000000000000
[  232.240221][T16230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.240236][T16230] R13: 0000000000000000 R14: 00007f8c32165fa0 R15: 00007ffd31c3cb18
[  232.240254][T16230]  </TASK>
[  232.433151][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.458381][T16237] loop2: detected capacity change from 0 to 128
[  232.481398][    T9] tipc: Node number set to 2886997007
[  232.501123][T11663] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.516842][T16237] syz.2.3254: attempt to access beyond end of device
[  232.516842][T16237] loop2: rw=2049, sector=145, nr_sectors = 8 limit=128
[  232.546186][T16237] syz.2.3254: attempt to access beyond end of device
[  232.546186][T16237] loop2: rw=2049, sector=161, nr_sectors = 8 limit=128
[  232.562411][T16248] loop5: detected capacity change from 0 to 2048
[  232.610854][T16248] Alternate GPT is invalid, using primary GPT.
[  232.617187][T16248]  loop5: p1 p2 p3
[  232.643497][T16263] loop4: detected capacity change from 0 to 512
[  232.665096][T16261] loop0: detected capacity change from 0 to 8192
[  232.677840][T16261] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  232.730689][T16282] loop1: detected capacity change from 0 to 2048
[  232.740270][T16295] tipc: Started in network mode
[  232.745282][T16295] tipc: Node identity ac14140f, cluster identity 4711
[  232.755277][T16295] tipc: New replicast peer: 10.1.1.2
[  232.760743][T16295] tipc: Enabled bearer <udp:syz0>, priority 10
[  232.765868][T16298] loop5: detected capacity change from 0 to 2048
[  232.777284][T16298] EXT4-fs: Ignoring removed nomblk_io_submit option
[  232.786649][T16298] EXT4-fs: Ignoring removed nobh option
[  232.796123][T16282] Alternate GPT is invalid, using primary GPT.
[  232.803125][T16282]  loop1: p1 p2 p3
[  232.809420][T16298] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.882589][T16298] EXT4-fs error (device loop5): ext4_check_all_de:659: inode #12: block 5: comm +}[@: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0
[  232.905245][ T3390] Process accounting resumed
[  232.926889][T16298] EXT4-fs (loop5): Remounting filesystem read-only
[  232.971561][T11663] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.056379][T16352] 9pnet_fd: Insufficient options for proto=fd
[  233.065599][T16352] loop1: detected capacity change from 0 to 128
[  233.074437][T16352] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  233.086959][T16352] ext4 filesystem being mounted at /556/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.127865][T16358] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  233.292094][ T3314] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  233.303037][T16356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.311615][T16356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.333491][T16381] loop1: detected capacity change from 0 to 128
[  233.345986][T16375] loop5: detected capacity change from 0 to 2048
[  233.352701][T16375] EXT4-fs: Ignoring removed nomblk_io_submit option
[  233.359578][T16375] EXT4-fs: Ignoring removed nobh option
[  233.382444][T16375] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.416559][T16375] EXT4-fs error (device loop5): ext4_check_all_de:659: inode #12: block 5: comm +}[@: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0
[  233.456577][T16375] EXT4-fs (loop5): Remounting filesystem read-only
[  233.475858][T11663] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.498043][T16411] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  233.574405][T16413] loop5: detected capacity change from 0 to 8192
[  233.608678][T16413] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  233.687052][T16444] loop4: detected capacity change from 0 to 2048
[  233.695329][T16444] EXT4-fs: Ignoring removed nomblk_io_submit option
[  233.704021][T16444] EXT4-fs: Ignoring removed nobh option
[  233.723427][T16444] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.759291][T16450] loop1: detected capacity change from 0 to 1024
[  233.772848][T16450] EXT4-fs: Ignoring removed orlov option
[  233.779313][T16450] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  233.805290][T16444] EXT4-fs error (device loop4): ext4_check_all_de:659: inode #12: block 5: comm +}[@: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0
[  233.833850][T16444] EXT4-fs (loop4): Remounting filesystem read-only
[  233.854730][T16450] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.867966][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.881112][ T5534] tipc: Node number set to 2886997007
[  233.903875][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.949315][T16472] loop4: detected capacity change from 0 to 512
[  233.966294][   T29] kauditd_printk_skb: 137 callbacks suppressed
[  233.966306][   T29] audit: type=1400 audit(1748054490.486:10308): avc:  denied  { append } for  pid=16476 comm="syz.1.3309" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  233.976423][T16477] vcan0: entered promiscuous mode
[  234.002349][T16477] vcan0: entered allmulticast mode
[  234.052218][T16472] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.067080][T16472] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  234.106304][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.134491][T16494] loop2: detected capacity change from 0 to 8192
[  234.148328][T16494] tmpfs: Unknown parameter 'hu°¡meversB ¥«ZXHIê'
[  234.201655][   T29] audit: type=1326 audit(1748054490.726:10309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16507 comm="syz.2.3319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  234.225421][   T29] audit: type=1326 audit(1748054490.726:10310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16507 comm="syz.2.3319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  234.295039][   T29] audit: type=1326 audit(1748054490.726:10311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16507 comm="syz.2.3319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  234.319365][   T29] audit: type=1326 audit(1748054490.726:10312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16507 comm="syz.2.3319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  234.512800][T16533] loop4: detected capacity change from 0 to 8192
[  234.521072][T16533] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  234.875534][   T29] audit: type=1326 audit(1748054491.396:10313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.4.3331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  234.925228][   T29] audit: type=1326 audit(1748054491.396:10314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.4.3331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  234.926235][T16560] loop4: detected capacity change from 0 to 1024
[  234.950349][   T29] audit: type=1326 audit(1748054491.396:10315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.4.3331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  234.958905][T16560] EXT4-fs: Ignoring removed orlov option
[  234.988185][T16560] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  235.224732][T16577] loop5: detected capacity change from 0 to 8192
[  235.233019][T16577] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  235.271653][T16581] loop1: detected capacity change from 0 to 256
[  235.326173][T16601] loop4: detected capacity change from 0 to 8192
[  235.333009][T16605] FAULT_INJECTION: forcing a failure.
[  235.333009][T16605] name failslab, interval 1, probability 0, space 0, times 0
[  235.333044][T16605] CPU: 1 UID: 0 PID: 16605 Comm: syz.0.3344 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  235.333129][T16605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  235.333144][T16605] Call Trace:
[  235.333151][T16605]  <TASK>
[  235.333158][T16605]  __dump_stack+0x1d/0x30
[  235.333182][T16605]  dump_stack_lvl+0xe8/0x140
[  235.333204][T16605]  dump_stack+0x15/0x1b
[  235.333222][T16605]  should_fail_ex+0x265/0x280
[  235.333317][T16605]  should_failslab+0x8c/0xb0
[  235.333409][T16605]  __kvmalloc_node_noprof+0x126/0x4d0
[  235.333471][T16605]  ? recent_mt_check+0x3e2/0x8f0
[  235.333538][T16605]  ? strnlen+0x28/0x50
[  235.333567][T16605]  ? strchr+0x27/0x50
[  235.333670][T16605]  recent_mt_check+0x3e2/0x8f0
[  235.333701][T16605]  recent_mt_check_v0+0x67/0x90
[  235.333737][T16605]  xt_check_match+0x2aa/0x4f0
[  235.333803][T16605]  ? strnlen+0x28/0x50
[  235.333850][T16605]  ? strcmp+0x22/0x50
[  235.333920][T16605]  ? xt_find_match+0x1d1/0x210
[  235.333960][T16605]  translate_table+0xb4b/0x1070
[  235.334004][T16605]  ? _copy_from_user+0x89/0xb0
[  235.334038][T16605]  do_ip6t_set_ctl+0x678/0x840
[  235.334097][T16605]  ? kstrtoull+0x111/0x140
[  235.334137][T16605]  ? __rcu_read_unlock+0x4f/0x70
[  235.334174][T16605]  nf_setsockopt+0x196/0x1b0
[  235.334203][T16605]  ipv6_setsockopt+0x11a/0x130
[  235.334233][T16605]  tcp_setsockopt+0x95/0xb0
[  235.334463][T16605]  sock_common_setsockopt+0x66/0x80
[  235.334571][T16605]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  235.334612][T16605]  __sys_setsockopt+0x181/0x200
[  235.334682][T16605]  __x64_sys_setsockopt+0x64/0x80
[  235.334710][T16605]  x64_sys_call+0x2bd5/0x2fb0
[  235.334741][T16605]  do_syscall_64+0xd0/0x1a0
[  235.334774][T16605]  ? clear_bhb_loop+0x40/0x90
[  235.334854][T16605]  ? clear_bhb_loop+0x40/0x90
[  235.334885][T16605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.334920][T16605] RIP: 0033:0x7f7caba4e969
[  235.334951][T16605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.334976][T16605] RSP: 002b:00007f7caa0b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  235.335014][T16605] RAX: ffffffffffffffda RBX: 00007f7cabc75fa0 RCX: 00007f7caba4e969
[  235.335031][T16605] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005
[  235.335074][T16605] RBP: 00007f7caa0b7090 R08: 0000000000000458 R09: 0000000000000000
[  235.335089][T16605] R10: 0000200000000c80 R11: 0000000000000246 R12: 0000000000000001
[  235.335103][T16605] R13: 0000000000000000 R14: 00007f7cabc75fa0 R15: 00007ffe44c669d8
[  235.335126][T16605]  </TASK>
[  235.404432][T16608] loop0: detected capacity change from 0 to 512
[  235.418143][T16601] tmpfs: Unknown parameter 'hu°¡meversB ¥«ZXHIê'
[  235.441976][T16608] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  235.734043][T16618] netlink: 'syz.0.3345': attribute type 1 has an invalid length.
[  236.006535][T16627] loop2: detected capacity change from 0 to 1024
[  236.013622][T16627] EXT4-fs: Ignoring removed orlov option
[  236.019661][T16627] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  236.185763][T16642] loop5: detected capacity change from 0 to 128
[  236.254647][T16649] __nla_validate_parse: 10 callbacks suppressed
[  236.254662][T16649] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3355'.
[  236.273015][T15998] kworker/u8:60: attempt to access beyond end of device
[  236.273015][T15998] loop5: rw=1, sector=145, nr_sectors = 73 limit=128
[  236.275697][T16652] sctp: [Deprecated]: syz.1.3353 (pid 16652) Use of struct sctp_assoc_value in delayed_ack socket option.
[  236.275697][T16652] Use struct sctp_sack_info instead
[  236.327649][T16660] loop5: detected capacity change from 0 to 164
[  236.327845][T16662] FAULT_INJECTION: forcing a failure.
[  236.327845][T16662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  236.346974][T16662] CPU: 1 UID: 0 PID: 16662 Comm: syz.0.3356 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  236.347001][T16662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  236.347036][T16662] Call Trace:
[  236.347055][T16662]  <TASK>
[  236.347063][T16662]  __dump_stack+0x1d/0x30
[  236.347115][T16662]  dump_stack_lvl+0xe8/0x140
[  236.347137][T16662]  dump_stack+0x15/0x1b
[  236.347151][T16662]  should_fail_ex+0x265/0x280
[  236.347180][T16662]  should_fail+0xb/0x20
[  236.347279][T16662]  should_fail_usercopy+0x1a/0x20
[  236.347297][T16662]  strncpy_from_user+0x25/0x230
[  236.347329][T16662]  strncpy_from_user_nofault+0x68/0xf0
[  236.347362][T16662]  bpf_probe_read_compat_str+0xb4/0x130
[  236.347454][T16662]  bpf_prog_e42f6260c1b72fb3+0x3e/0x44
[  236.347533][T16662]  bpf_trace_run3+0x10c/0x1d0
[  236.347557][T16662]  ? __kfree_skb+0x109/0x150
[  236.347579][T16662]  ? __kfree_skb+0x109/0x150
[  236.347596][T16662]  __traceiter_kmem_cache_free+0x38/0x60
[  236.347665][T16662]  ? __kfree_skb+0x109/0x150
[  236.347756][T16662]  kmem_cache_free+0x246/0x2f0
[  236.347779][T16662]  __kfree_skb+0x109/0x150
[  236.347797][T16662]  ? nlmon_xmit+0x4f/0x60
[  236.347818][T16662]  consume_skb+0x49/0x150
[  236.347866][T16662]  nlmon_xmit+0x4f/0x60
[  236.347887][T16662]  dev_hard_start_xmit+0x12f/0x3d0
[  236.347911][T16662]  __dev_queue_xmit+0x10b9/0x1fb0
[  236.347937][T16662]  ? __dev_queue_xmit+0x182/0x1fb0
[  236.348007][T16662]  ? __skb_clone+0x2a6/0x2d0
[  236.348030][T16662]  __netlink_deliver_tap+0x3c3/0x500
[  236.348056][T16662]  netlink_unicast+0x64c/0x670
[  236.348181][T16662]  netlink_sendmsg+0x58b/0x6b0
[  236.348205][T16662]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.348228][T16662]  __sock_sendmsg+0x145/0x180
[  236.348259][T16662]  ____sys_sendmsg+0x31e/0x4e0
[  236.348286][T16662]  ___sys_sendmsg+0x17b/0x1d0
[  236.348353][T16662]  __x64_sys_sendmsg+0xd4/0x160
[  236.348379][T16662]  x64_sys_call+0x2999/0x2fb0
[  236.348401][T16662]  do_syscall_64+0xd0/0x1a0
[  236.348492][T16662]  ? clear_bhb_loop+0x40/0x90
[  236.348514][T16662]  ? clear_bhb_loop+0x40/0x90
[  236.348536][T16662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.348558][T16662] RIP: 0033:0x7f7caba4e969
[  236.348615][T16662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.348634][T16662] RSP: 002b:00007f7caa0b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  236.348653][T16662] RAX: ffffffffffffffda RBX: 00007f7cabc75fa0 RCX: 00007f7caba4e969
[  236.348667][T16662] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  236.348727][T16662] RBP: 00007f7caa0b7090 R08: 0000000000000000 R09: 0000000000000000
[  236.348740][T16662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  236.348752][T16662] R13: 0000000000000000 R14: 00007f7cabc75fa0 R15: 00007ffe44c669d8
[  236.348772][T16662]  </TASK>
[  236.663672][T16666] loop0: detected capacity change from 0 to 1024
[  236.676997][T16666] EXT4-fs: Ignoring removed orlov option
[  236.704192][T16669] loop1: detected capacity change from 0 to 1024
[  236.709260][T16671] loop2: detected capacity change from 0 to 2048
[  236.717084][T16666] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  236.727802][T16669] EXT4-fs: Ignoring removed orlov option
[  236.728188][T16669] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  236.734317][T16671] EXT4-fs: Ignoring removed nomblk_io_submit option
[  236.734373][T16671] EXT4-fs: Ignoring removed nobh option
[  236.856069][T16704] loop1: detected capacity change from 0 to 512
[  236.879054][T16712] FAULT_INJECTION: forcing a failure.
[  236.879054][T16712] name failslab, interval 1, probability 0, space 0, times 0
[  236.891929][T16712] CPU: 0 UID: 0 PID: 16712 Comm: syz.4.3370 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  236.892016][T16712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  236.892029][T16712] Call Trace:
[  236.892109][T16712]  <TASK>
[  236.892119][T16712]  __dump_stack+0x1d/0x30
[  236.892145][T16712]  dump_stack_lvl+0xe8/0x140
[  236.892171][T16712]  dump_stack+0x15/0x1b
[  236.892203][T16712]  should_fail_ex+0x265/0x280
[  236.892238][T16712]  ? nd_alloc_stack+0x50/0xa0
[  236.892285][T16712]  should_failslab+0x8c/0xb0
[  236.892338][T16712]  __kmalloc_cache_noprof+0x4c/0x320
[  236.892367][T16712]  nd_alloc_stack+0x50/0xa0
[  236.892410][T16712]  pick_link+0x781/0x820
[  236.892524][T16712]  ? __d_lookup_rcu+0x248/0x2a0
[  236.892603][T16712]  step_into+0x7b6/0x820
[  236.892634][T16712]  ? inode_permission+0xb5/0x300
[  236.892673][T16712]  link_path_walk+0x545/0x8b0
[  236.892809][T16712]  path_openat+0x1de/0x2170
[  236.892832][T16712]  ? path_openat+0x1bf8/0x2170
[  236.892862][T16712]  ? _parse_integer_limit+0x170/0x190
[  236.892935][T16704] ext4 filesystem being mounted at /569/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.892909][T16712]  do_filp_open+0x109/0x230
[  236.892971][T16712]  ? __pfx_shmem_put_link+0x10/0x10
[  236.892991][T16712]  ? __pfx_shmem_put_link+0x10/0x10
[  236.893015][T16712]  file_open_name+0xfa/0x120
[  236.893046][T16712]  __se_sys_acct+0xf0/0x490
[  236.893108][T16712]  ? fpregs_assert_state_consistent+0x84/0xa0
[  236.893154][T16712]  __x64_sys_acct+0x1f/0x30
[  236.893191][T16712]  x64_sys_call+0x18cf/0x2fb0
[  236.893220][T16712]  do_syscall_64+0xd0/0x1a0
[  236.893332][T16712]  ? clear_bhb_loop+0x40/0x90
[  236.893362][T16712]  ? clear_bhb_loop+0x40/0x90
[  236.893392][T16712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.893420][T16712] RIP: 0033:0x7f163c06e969
[  236.893458][T16712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.893480][T16712] RSP: 002b:00007f163a6d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[  236.893580][T16712] RAX: ffffffffffffffda RBX: 00007f163c295fa0 RCX: 00007f163c06e969
[  236.893630][T16712] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0
[  236.893646][T16712] RBP: 00007f163a6d7090 R08: 0000000000000000 R09: 0000000000000000
[  236.893662][T16712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  236.893749][T16712] R13: 0000000000000000 R14: 00007f163c295fa0 R15: 00007ffca2d5edd8
[  236.893773][T16712]  </TASK>
[  237.112486][T16727] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3372'.
[  237.226465][T16738] netlink: 'syz.1.3367': attribute type 1 has an invalid length.
[  237.227009][T16737] loop4: detected capacity change from 0 to 164
[  237.336351][T16747] loop2: detected capacity change from 0 to 2048
[  237.345908][T16747] EXT4-fs: Ignoring removed nomblk_io_submit option
[  237.355014][T16747] EXT4-fs: Ignoring removed nobh option
[  237.414832][T16749] loop4: detected capacity change from 0 to 512
[  237.417335][T16756] loop2: detected capacity change from 0 to 1024
[  237.428242][T16756] EXT4-fs: Ignoring removed orlov option
[  237.435357][T16756] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  237.448231][T16749] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  237.468296][   T29] audit: type=1400 audit(1748054493.986:10316): avc:  denied  { create } for  pid=16748 comm="syz.4.3377" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1
[  237.491598][   T29] audit: type=1400 audit(1748054493.986:10317): avc:  denied  { unlink } for  pid=16748 comm="syz.4.3377" name=E91F7189591E9233614B dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1
[  237.551135][T16767] loop4: detected capacity change from 0 to 512
[  237.560341][T16767] EXT4-fs (loop4): can't mount with commit=, fs mounted w/o journal
[  237.739265][T16791] loop4: detected capacity change from 0 to 128
[  237.762516][T16781] loop2: detected capacity change from 0 to 8192
[  237.784219][T16781] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  237.808894][T16799] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3388'.
[  237.859756][T15982] kworker/u8:44: attempt to access beyond end of device
[  237.859756][T15982] loop4: rw=1, sector=145, nr_sectors = 73 limit=128
[  237.862944][T16801] loop0: detected capacity change from 0 to 512
[  237.907210][T16826] loop5: detected capacity change from 0 to 2048
[  237.917703][T16801] ext4 filesystem being mounted at /101/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  237.951027][T16826] Alternate GPT is invalid, using primary GPT.
[  237.957484][T16826]  loop5: p1 p2 p3
[  237.982564][T16839] random: crng reseeded on system resumption
[  238.061855][T16851] loop4: detected capacity change from 0 to 256
[  238.323285][T16875] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3405'.
[  238.398974][T16883] loop0: detected capacity change from 0 to 8192
[  239.052206][T16922] loop4: detected capacity change from 0 to 128
[  239.095295][T16924] loop2: detected capacity change from 0 to 8192
[  239.108776][T16924] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  239.185392][T16930] loop1: detected capacity change from 0 to 8192
[  239.277055][   T29] kauditd_printk_skb: 75 callbacks suppressed
[  239.277068][   T29] audit: type=1326 audit(1748054495.796:10393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.307546][   T29] audit: type=1326 audit(1748054495.796:10394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c31f3d2d0 code=0x7ffc0000
[  239.331802][   T29] audit: type=1326 audit(1748054495.796:10395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.355540][   T29] audit: type=1326 audit(1748054495.796:10396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.379696][   T29] audit: type=1326 audit(1748054495.796:10397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.404048][   T29] audit: type=1326 audit(1748054495.796:10398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.427741][   T29] audit: type=1326 audit(1748054495.796:10399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.451411][   T29] audit: type=1326 audit(1748054495.796:10400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.475783][   T29] audit: type=1326 audit(1748054495.796:10401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.499369][   T29] audit: type=1326 audit(1748054495.796:10402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16947 comm="syz.1.3427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  239.526731][T16956] loop2: detected capacity change from 0 to 2048
[  239.566506][T16961] loop1: detected capacity change from 0 to 2048
[  239.599633][T16966] loop5: detected capacity change from 0 to 512
[  239.607560][T16956] Alternate GPT is invalid, using primary GPT.
[  239.607935][T16961] Alternate GPT is invalid, using primary GPT.
[  239.613970][T16956]  loop2: p1 p2 p3
[  239.620721][T16961]  loop1: p1 p2 p3
[  239.632908][T16966] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.758175][T16966] netlink: 'syz.5.3432': attribute type 1 has an invalid length.
[  239.774157][T16993] Falling back ldisc for ttyS3.
[  239.833022][T17006] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  239.925023][T17012] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3439'.
[  240.217660][T17033] loop4: detected capacity change from 0 to 128
[  240.226945][T17029] loop2: detected capacity change from 0 to 2048
[  240.306847][T17035] loop0: detected capacity change from 0 to 8192
[  240.357707][T17029] Alternate GPT is invalid, using primary GPT.
[  240.364004][T17029]  loop2: p1 p2 p3
[  240.410089][T15964] kworker/u8:27: attempt to access beyond end of device
[  240.410089][T15964] loop4: rw=1, sector=145, nr_sectors = 73 limit=128
[  240.622582][T17052] loop4: detected capacity change from 0 to 2048
[  240.678002][T17052] EXT4-fs: Ignoring removed nomblk_io_submit option
[  240.690675][T17052] EXT4-fs: Ignoring removed nobh option
[  240.741450][T17075] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3453'.
[  240.782911][T17088] loop2: detected capacity change from 0 to 128
[  240.882663][T17105] loop2: detected capacity change from 0 to 128
[  240.894731][T17095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3458'.
[  240.905146][T17095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3458'.
[  240.928290][T17095] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3458'.
[  240.937886][T17095] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3458'.
[  240.948480][T17095] 0ªX¹¦À: renamed from caif0
[  240.967610][T17095] 0ªX¹¦À: entered allmulticast mode
[  240.973044][T17095] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  241.017182][T17114] loop0: detected capacity change from 0 to 1024
[  241.024679][T17114] EXT4-fs: Ignoring removed orlov option
[  241.031087][T17114] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  241.051781][T15958] kworker/u8:21: attempt to access beyond end of device
[  241.051781][T15958] loop2: rw=1, sector=145, nr_sectors = 73 limit=128
[  241.299792][T17140] loop2: detected capacity change from 0 to 2048
[  241.308220][T17140] EXT4-fs: Ignoring removed nomblk_io_submit option
[  241.315667][T17140] EXT4-fs: Ignoring removed nobh option
[  241.573291][T17156] loop2: detected capacity change from 0 to 512
[  241.581634][T17156] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  241.593872][T17156] EXT4-fs (loop2): 1 truncate cleaned up
[  241.712492][T17168] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  241.727854][T17172] loop2: detected capacity change from 0 to 128
[  242.534890][T17179] __nla_validate_parse: 1 callbacks suppressed
[  242.534912][T17179] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3473'.
[  242.642492][T15958] kworker/u8:21: attempt to access beyond end of device
[  242.642492][T15958] loop2: rw=1, sector=145, nr_sectors = 73 limit=128
[  242.778347][T17203] loop2: detected capacity change from 0 to 128
[  242.801087][T17207] loop0: detected capacity change from 0 to 2048
[  242.831645][T17207] Alternate GPT is invalid, using primary GPT.
[  242.837908][T17207]  loop0: p1 p2 p3
[  242.845673][T17211] loop4: detected capacity change from 0 to 8192
[  242.854288][T17211] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  242.986584][T17236] loop4: detected capacity change from 0 to 128
[  243.506204][T17262] loop4: detected capacity change from 0 to 8192
[  243.586962][T17271] loop5: detected capacity change from 0 to 2048
[  243.630663][T17271] Alternate GPT is invalid, using primary GPT.
[  243.637001][T17271]  loop5: p1 p2 p3
[  243.738926][T17297] loop5: detected capacity change from 0 to 128
[  243.817122][T17307] loop2: detected capacity change from 0 to 8192
[  243.964803][T17334] loop0: detected capacity change from 0 to 2048
[  244.041578][T17334] Alternate GPT is invalid, using primary GPT.
[  244.047905][T17334]  loop0: p1 p2 p3
[  244.067757][T17366] loop5: detected capacity change from 0 to 1024
[  244.076722][T17366] EXT4-fs: Ignoring removed orlov option
[  244.082884][T17366] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  244.106097][T17370] loop1: detected capacity change from 0 to 164
[  244.161243][T17381] loop0: detected capacity change from 0 to 128
[  244.391296][T17395] loop0: detected capacity change from 0 to 8192
[  244.468602][T17400] loop0: detected capacity change from 0 to 1024
[  244.475833][T17400] EXT4-fs: Ignoring removed orlov option
[  244.482998][T17400] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  244.626843][   T29] kauditd_printk_skb: 170 callbacks suppressed
[  244.626859][   T29] audit: type=1326 audit(1748054501.136:10573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17415 comm="syz.5.3526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  244.658581][   T29] audit: type=1326 audit(1748054501.136:10574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17415 comm="syz.5.3526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  244.684212][   T29] audit: type=1326 audit(1748054501.136:10575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17415 comm="syz.5.3526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  244.708028][   T29] audit: type=1326 audit(1748054501.136:10576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17415 comm="syz.5.3526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  244.777011][T17430] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3533'.
[  244.835244][T17428] loop4: detected capacity change from 0 to 256
[  244.847105][T17437] loop2: detected capacity change from 0 to 128
[  245.585763][   T29] audit: type=1326 audit(1748054502.106:10577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17456 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  245.611175][   T29] audit: type=1326 audit(1748054502.106:10578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17456 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  245.634784][   T29] audit: type=1326 audit(1748054502.106:10579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17456 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  245.658986][   T29] audit: type=1326 audit(1748054502.106:10580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17456 comm="syz.1.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c31f3e969 code=0x7ffc0000
[  245.734968][T17460] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  245.942166][T17461] chnl_net:caif_netlink_parms(): no params data found
[  246.058815][   T29] audit: type=1326 audit(1748054502.576:10581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17603 comm="syz.2.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  246.083581][   T29] audit: type=1326 audit(1748054502.576:10582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17603 comm="syz.2.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  246.217950][T17613] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3552'.
[  246.294948][T17618] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  246.302903][T17615] loop2: detected capacity change from 0 to 8192
[  246.310266][T17615] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  246.352317][T17461] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.359450][T17461] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.366828][T17461] bridge_slave_0: entered allmulticast mode
[  246.373306][T17461] bridge_slave_0: entered promiscuous mode
[  246.383000][T17461] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.390285][T17461] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.397986][T17461] bridge_slave_1: entered allmulticast mode
[  246.404733][T17461] bridge_slave_1: entered promiscuous mode
[  246.431215][T17461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  246.442276][T17461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  246.468923][T17461] team0: Port device team_slave_0 added
[  246.476159][T17461] team0: Port device team_slave_1 added
[  246.496804][T17461] batman_adv: batadv0: Adding interface: batadv_slave_0
[  246.504594][T17461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  246.531206][T17461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  246.543300][T17461] batman_adv: batadv0: Adding interface: batadv_slave_1
[  246.550287][T17461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  246.576745][T17461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  246.617717][T17461] hsr_slave_0: entered promiscuous mode
[  246.624753][T17461] hsr_slave_1: entered promiscuous mode
[  246.692783][T17461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  246.699165][T17828] loop4: detected capacity change from 0 to 1024
[  246.709775][T17828] EXT4-fs: Ignoring removed orlov option
[  246.718237][T17828] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  246.731618][T17461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  246.791247][T17461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  246.842654][T17461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  246.916828][T17461] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  246.925579][T17461] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  246.934572][T17461] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  246.946755][T17461] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  246.980685][T17461] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.993936][T17461] 8021q: adding VLAN 0 to HW filter on device team0
[  247.003475][T15963] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.010580][T15963] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.023315][T15963] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.030377][T15963] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.092477][T17866] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3563'.
[  247.104178][T17461] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.175124][T17461] veth0_vlan: entered promiscuous mode
[  247.185828][T17461] veth1_vlan: entered promiscuous mode
[  247.193841][T17870] loop0: detected capacity change from 0 to 8192
[  247.212927][T17461] veth0_macvtap: entered promiscuous mode
[  247.227830][T17461] veth1_macvtap: entered promiscuous mode
[  247.247243][T17461] batman_adv: batadv0: Interface activated: batadv_slave_0
[  247.259050][T17461] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.271872][T17461] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.280618][T17461] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.289356][T17461] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.298849][T17461] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.312924][T17883] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3566'.
[  247.327392][T17883] dummy0: entered promiscuous mode
[  247.333060][T17883] macvtap1: entered promiscuous mode
[  247.338496][T17883] macvtap1: entered allmulticast mode
[  247.344191][T17883] dummy0: entered allmulticast mode
[  247.373690][T17896] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3571'.
[  247.527882][T17914] FAULT_INJECTION: forcing a failure.
[  247.527882][T17914] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  247.541202][T17914] CPU: 0 UID: 0 PID: 17914 Comm: syz.1.3577 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  247.541238][T17914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  247.541259][T17914] Call Trace:
[  247.541266][T17914]  <TASK>
[  247.541274][T17914]  __dump_stack+0x1d/0x30
[  247.541377][T17914]  dump_stack_lvl+0xe8/0x140
[  247.541394][T17914]  dump_stack+0x15/0x1b
[  247.541408][T17914]  should_fail_ex+0x265/0x280
[  247.541446][T17914]  should_fail_alloc_page+0xf2/0x100
[  247.541525][T17914]  __alloc_frozen_pages_noprof+0xff/0x360
[  247.541561][T17914]  alloc_pages_mpol+0xb3/0x250
[  247.541589][T17914]  vma_alloc_folio_noprof+0x1aa/0x300
[  247.541612][T17914]  do_wp_page+0x673/0x23e0
[  247.541683][T17914]  ? __rcu_read_lock+0x37/0x50
[  247.541708][T17914]  handle_mm_fault+0x6dc/0x2ae0
[  247.541785][T17914]  ? mas_walk+0xf2/0x120
[  247.541808][T17914]  do_user_addr_fault+0x636/0x1090
[  247.541836][T17914]  ? fpregs_assert_state_consistent+0x84/0xa0
[  247.541877][T17914]  ? fpregs_assert_state_consistent+0x84/0xa0
[  247.541912][T17914]  exc_page_fault+0x54/0xc0
[  247.541932][T17914]  asm_exc_page_fault+0x26/0x30
[  247.541953][T17914] RIP: 0033:0x7f0f1c380d70
[  247.542038][T17914] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41
[  247.542053][T17914] RSP: 002b:00007f0f1ab264a0 EFLAGS: 00010202
[  247.542067][T17914] RAX: 0000000000009005 RBX: 00007f0f1ab26540 RCX: 0000000000000101
[  247.542077][T17914] RDX: 00000000000021ff RSI: 0000000000000800 RDI: 00007f0f1ab265e0
[  247.542091][T17914] RBP: 0000000000000102 R08: 00007f0f12707000 R09: 0000000000000004
[  247.542111][T17914] R10: 0000200000000642 R11: 0000000000000616 R12: 0000000000000601
[  247.542145][T17914] R13: 00007f0f1c55bfc0 R14: 0000000000000015 R15: 00007f0f1ab265e0
[  247.542168][T17914]  </TASK>
[  247.542177][T17914] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  247.570090][T17910] loop5: detected capacity change from 0 to 256
[  247.577282][T17914] loop1: detected capacity change from 0 to 1024
[  247.634421][T17917] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3573'.
[  247.639918][T17914] EXT4-fs: Ignoring removed i_version option
[  247.779268][T17914] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  247.779633][T15958] bridge_slave_1: left allmulticast mode
[  247.790265][T17914] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  247.793640][T15958] bridge_slave_1: left promiscuous mode
[  247.808848][T17914] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  247.810305][T15958] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.818229][T17914] EXT4-fs (loop1): orphan cleanup on readonly fs
[  247.833852][T17914] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5899: Corrupt filesystem
[  247.843983][T15958] bridge_slave_0: left allmulticast mode
[  247.845718][T17914] EXT4-fs (loop1): Remounting filesystem read-only
[  247.849694][T15958] bridge_slave_0: left promiscuous mode
[  247.856399][T17914] EXT4-fs (loop1): 1 orphan inode deleted
[  247.863859][T15958] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.922190][T17928] loop1: detected capacity change from 0 to 2048
[  247.960826][T17928] Alternate GPT is invalid, using primary GPT.
[  247.967138][T17928]  loop1: p1 p2 p3
[  248.353975][T15958] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.364281][T15958] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.374579][T15958] bond0 (unregistering): Released all slaves
[  248.389130][T15958] bond1 (unregistering): Released all slaves
[  248.400328][T15958] bond2 (unregistering): Released all slaves
[  248.417343][T17947] loop0: detected capacity change from 0 to 164
[  248.423940][T15958] bond3 (unregistering): Released all slaves
[  248.426557][T15958] bond4 (unregistering): Released all slaves
[  248.440626][T17950] loop4: detected capacity change from 0 to 128
[  248.444286][T15958] bond5 (unregistering): Released all slaves
[  248.522597][T15958] tipc: Disabling bearer <udp:syz2>
[  248.527906][T15958] tipc: Disabling bearer <udp:syz0>
[  248.535279][T15958] tipc: Left network mode
[  248.555926][T17963] loop0: detected capacity change from 0 to 512
[  248.567095][T15958] IPVS: stopping backup sync thread 7335 ...
[  248.596285][T17963] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.653312][T15958] team0 (unregistering): Port device team_slave_1 removed
[  248.672061][T15958] team0 (unregistering): Port device team_slave_0 removed
[  248.685605][T17986] loop4: detected capacity change from 0 to 512
[  248.694732][T17985] netlink: 'syz.0.3586': attribute type 1 has an invalid length.
[  248.773815][T17991] loop2: detected capacity change from 0 to 1024
[  248.786355][T17991] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  248.799108][T17991] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  248.810865][T17991] JBD2: no valid journal superblock found
[  248.816589][T17991] EXT4-fs (loop2): Could not load journal inode
[  248.901983][T18004] loop4: detected capacity change from 0 to 128
[  248.978051][T18010] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  249.065930][T18012] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3598'.
[  249.179540][T18020] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3603'.
[  249.446462][T18041] netlink: 'syz.1.3612': attribute type 12 has an invalid length.
[  249.454363][T18041] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3612'.
[  249.584577][T18057] FAULT_INJECTION: forcing a failure.
[  249.584577][T18057] name failslab, interval 1, probability 0, space 0, times 0
[  249.597244][T18057] CPU: 1 UID: 0 PID: 18057 Comm: syz.4.3619 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  249.597276][T18057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.597291][T18057] Call Trace:
[  249.597338][T18057]  <TASK>
[  249.597407][T18057]  __dump_stack+0x1d/0x30
[  249.597423][T18057]  dump_stack_lvl+0xe8/0x140
[  249.597439][T18057]  dump_stack+0x15/0x1b
[  249.597452][T18057]  should_fail_ex+0x265/0x280
[  249.597484][T18057]  should_failslab+0x8c/0xb0
[  249.597602][T18057]  kmem_cache_alloc_node_noprof+0x57/0x320
[  249.597620][T18057]  ? __alloc_skb+0x101/0x320
[  249.597654][T18057]  __alloc_skb+0x101/0x320
[  249.597707][T18057]  netlink_alloc_large_skb+0xba/0xf0
[  249.597734][T18057]  netlink_sendmsg+0x3cf/0x6b0
[  249.597764][T18057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  249.597779][T18057]  __sock_sendmsg+0x145/0x180
[  249.597801][T18057]  ____sys_sendmsg+0x31e/0x4e0
[  249.597820][T18057]  ___sys_sendmsg+0x17b/0x1d0
[  249.597914][T18057]  __x64_sys_sendmsg+0xd4/0x160
[  249.597942][T18057]  x64_sys_call+0x2999/0x2fb0
[  249.597959][T18057]  do_syscall_64+0xd0/0x1a0
[  249.598097][T18057]  ? clear_bhb_loop+0x40/0x90
[  249.598114][T18057]  ? clear_bhb_loop+0x40/0x90
[  249.598131][T18057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.598147][T18057] RIP: 0033:0x7f163c06e969
[  249.598159][T18057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.598244][T18057] RSP: 002b:00007f163a6d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  249.598259][T18057] RAX: ffffffffffffffda RBX: 00007f163c295fa0 RCX: 00007f163c06e969
[  249.598269][T18057] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  249.598278][T18057] RBP: 00007f163a6d7090 R08: 0000000000000000 R09: 0000000000000000
[  249.598315][T18057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.598325][T18057] R13: 0000000000000000 R14: 00007f163c295fa0 R15: 00007ffca2d5edd8
[  249.598340][T18057]  </TASK>
[  249.849725][T18061] loop4: detected capacity change from 0 to 8192
[  249.858224][T18061] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  249.859132][   T29] kauditd_printk_skb: 166 callbacks suppressed
[  249.859154][   T29] audit: type=1400 audit(1748054506.386:10745): avc:  denied  { execute } for  pid=18062 comm="syz.5.3621" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=43294 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  249.903760][   T29] audit: type=1400 audit(1748054506.396:10746): avc:  denied  { mount } for  pid=18060 comm="syz.4.3620" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  249.969905][   T29] audit: type=1326 audit(1748054506.486:10747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18074 comm="syz.4.3624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  249.993695][   T29] audit: type=1326 audit(1748054506.486:10748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18074 comm="syz.4.3624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  250.017312][   T29] audit: type=1326 audit(1748054506.486:10749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18074 comm="syz.4.3624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  250.046151][   T29] audit: type=1326 audit(1748054506.496:10750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18074 comm="syz.4.3624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f163c06e969 code=0x7ffc0000
[  250.122828][   T29] audit: type=1400 audit(1748054506.646:10751): avc:  denied  { create } for  pid=18082 comm="syz.5.3628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  250.161059][   T29] audit: type=1400 audit(1748054506.646:10752): avc:  denied  { write } for  pid=18082 comm="syz.5.3628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  250.181863][   T29] audit: type=1400 audit(1748054506.676:10753): avc:  denied  { ioctl } for  pid=18082 comm="syz.5.3628" path="socket:[41919]" dev="sockfs" ino=41919 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  250.211965][   T29] audit: type=1400 audit(1748054506.716:10754): avc:  denied  { getopt } for  pid=18084 comm="syz.5.3629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  250.297802][T18093] tipc: Started in network mode
[  250.302760][T18093] tipc: Node identity ac14140f, cluster identity 4711
[  250.311985][T18093] tipc: New replicast peer: 10.1.1.2
[  250.317343][T18093] tipc: Enabled bearer <udp:syz0>, priority 10
[  250.336292][T18095] netlink: 'syz.4.3634': attribute type 1 has an invalid length.
[  250.349878][T18096] netlink: 'syz.4.3634': attribute type 1 has an invalid length.
[  250.388370][T18103] loop1: detected capacity change from 0 to 128
[  250.467509][T18112] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3631'.
[  250.506351][T18114] loop0: detected capacity change from 0 to 2048
[  250.555220][T18114] EXT4-fs (loop0): failed to initialize system zone (-117)
[  250.564544][T18114] EXT4-fs (loop0): mount failed
[  250.777612][T18114] loop0: detected capacity change from 0 to 164
[  250.802649][T18114] iso9660: Corrupted directory entry in block 4 of inode 1792
[  250.885538][T18168] loop1: detected capacity change from 0 to 8192
[  250.893854][T18168] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  251.024502][T18184] loop1: detected capacity change from 0 to 2048
[  251.041521][T18184] EXT4-fs (loop1): bad block size 16384
[  251.063330][T18184] loop1: detected capacity change from 0 to 164
[  251.102579][T18184] iso9660: Corrupted directory entry in block 4 of inode 1792
[  251.348449][T18235] loop1: detected capacity change from 0 to 8192
[  251.363698][T18235] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  251.534207][   T36] tipc: Node number set to 2886997007
[  251.593969][T18252] loop2: detected capacity change from 0 to 2048
[  251.615909][T18254] loop4: detected capacity change from 0 to 512
[  251.651213][T18252] Alternate GPT is invalid, using primary GPT.
[  251.654087][T18254] EXT4-fs mount: 42 callbacks suppressed
[  251.654105][T18254] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.657634][T18252]  loop2: p1 p2 p3
[  251.663395][T18254] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.747268][T18272] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3666'.
[  251.767704][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.779181][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.786897][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.794329][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.804075][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.811440][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.818643][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.826027][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.838669][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.845944][T18277] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  251.916305][T18284] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  252.028884][T18292] FAULT_INJECTION: forcing a failure.
[  252.028884][T18292] name failslab, interval 1, probability 0, space 0, times 0
[  252.041571][T18292] CPU: 0 UID: 0 PID: 18292 Comm: syz.2.3678 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  252.041595][T18292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  252.041653][T18292] Call Trace:
[  252.041660][T18292]  <TASK>
[  252.041668][T18292]  __dump_stack+0x1d/0x30
[  252.041746][T18292]  dump_stack_lvl+0xe8/0x140
[  252.041823][T18292]  dump_stack+0x15/0x1b
[  252.041842][T18292]  should_fail_ex+0x265/0x280
[  252.041880][T18292]  should_failslab+0x8c/0xb0
[  252.041922][T18292]  kmem_cache_alloc_noprof+0x50/0x310
[  252.041942][T18292]  ? create_new_namespaces+0x3c/0x410
[  252.041977][T18292]  ? __rcu_read_unlock+0x4f/0x70
[  252.042039][T18292]  create_new_namespaces+0x3c/0x410
[  252.042078][T18292]  __se_sys_setns+0x1b8/0xf10
[  252.042118][T18292]  __x64_sys_setns+0x31/0x40
[  252.042153][T18292]  x64_sys_call+0x2e95/0x2fb0
[  252.042195][T18292]  do_syscall_64+0xd0/0x1a0
[  252.042361][T18292]  ? clear_bhb_loop+0x40/0x90
[  252.042386][T18292]  ? clear_bhb_loop+0x40/0x90
[  252.042410][T18292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.042511][T18292] RIP: 0033:0x7f61366be969
[  252.042528][T18292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.042544][T18292] RSP: 002b:00007f6134d27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000134
[  252.042618][T18292] RAX: ffffffffffffffda RBX: 00007f61368e5fa0 RCX: 00007f61366be969
[  252.042629][T18292] RDX: 0000000000000000 RSI: 0000000064000080 RDI: 0000000000000003
[  252.042640][T18292] RBP: 00007f6134d27090 R08: 0000000000000000 R09: 0000000000000000
[  252.042651][T18292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  252.042661][T18292] R13: 0000000000000000 R14: 00007f61368e5fa0 R15: 00007ffe10c95898
[  252.042679][T18292]  </TASK>
[  252.268564][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.577767][T18307] SELinux:  Context system_u:object_r:fsa is not valid (left unmapped).
[  252.613768][T18309] loop1: detected capacity change from 0 to 2048
[  252.630691][T18309] EXT4-fs (loop1): failed to initialize system zone (-117)
[  252.637963][T18309] EXT4-fs (loop1): mount failed
[  252.649409][T18309] loop1: detected capacity change from 0 to 164
[  252.658137][T18309] iso9660: Corrupted directory entry in block 4 of inode 1792
[  252.724641][T18323] loop1: detected capacity change from 0 to 512
[  252.741627][T18323] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.754414][T18323] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  252.808233][T18323] netlink: 'syz.1.3686': attribute type 1 has an invalid length.
[  252.826079][T17461] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.879078][T18335] loop1: detected capacity change from 0 to 1024
[  252.887139][T18335] EXT4-fs: Ignoring removed orlov option
[  252.893163][T18335] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  252.915572][T18335] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.004013][T17461] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.059201][T18352] loop1: detected capacity change from 0 to 1024
[  253.070907][T18352] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal
[  253.139558][T18381] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3692'.
[  253.189592][T18385] loop2: detected capacity change from 0 to 512
[  253.217993][T18385] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.372601][T18385] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  253.386824][T18396] loop5: detected capacity change from 0 to 256
[  253.488510][T18409] netlink: 'syz.2.3698': attribute type 1 has an invalid length.
[  253.563625][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.621911][T18422] FAULT_INJECTION: forcing a failure.
[  253.621911][T18422] name failslab, interval 1, probability 0, space 0, times 0
[  253.636543][T18422] CPU: 0 UID: 0 PID: 18422 Comm: syz.4.3709 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  253.636589][T18422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  253.636601][T18422] Call Trace:
[  253.636606][T18422]  <TASK>
[  253.636612][T18422]  __dump_stack+0x1d/0x30
[  253.636637][T18422]  dump_stack_lvl+0xe8/0x140
[  253.636693][T18422]  dump_stack+0x15/0x1b
[  253.636765][T18422]  should_fail_ex+0x265/0x280
[  253.636805][T18422]  should_failslab+0x8c/0xb0
[  253.636905][T18422]  kmem_cache_alloc_node_noprof+0x57/0x320
[  253.636931][T18422]  ? __alloc_skb+0x101/0x320
[  253.637017][T18422]  __alloc_skb+0x101/0x320
[  253.637052][T18422]  ? audit_log_start+0x365/0x6c0
[  253.637131][T18422]  audit_log_start+0x380/0x6c0
[  253.637160][T18422]  audit_seccomp+0x48/0x100
[  253.637182][T18422]  ? __seccomp_filter+0x68c/0x10d0
[  253.637206][T18422]  __seccomp_filter+0x69d/0x10d0
[  253.637234][T18422]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  253.637265][T18422]  ? vfs_write+0x75e/0x8d0
[  253.637371][T18422]  __secure_computing+0x82/0x150
[  253.637390][T18422]  syscall_trace_enter+0xcf/0x1e0
[  253.637411][T18422]  do_syscall_64+0xaa/0x1a0
[  253.637431][T18422]  ? clear_bhb_loop+0x40/0x90
[  253.637496][T18422]  ? clear_bhb_loop+0x40/0x90
[  253.637601][T18422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.637626][T18422] RIP: 0033:0x7f163c06e969
[  253.637643][T18422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.637736][T18422] RSP: 002b:00007f163a6d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  253.637754][T18422] RAX: ffffffffffffffda RBX: 00007f163c295fa0 RCX: 00007f163c06e969
[  253.637766][T18422] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000005
[  253.637780][T18422] RBP: 00007f163a6d7090 R08: 0000010000008ebc R09: 0000000000000000
[  253.637794][T18422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.637808][T18422] R13: 0000000000000000 R14: 00007f163c295fa0 R15: 00007ffca2d5edd8
[  253.637830][T18422]  </TASK>
[  253.638596][T18423] loop1: detected capacity change from 0 to 512
[  253.738142][T18417] loop2: detected capacity change from 0 to 8192
[  253.864952][T18423] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.881733][T18417] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  253.892548][T18423] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  253.949678][T17461] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.097451][T18446] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  254.241861][T18459] loop1: detected capacity change from 0 to 512
[  254.265763][T18463] loop5: detected capacity change from 0 to 8192
[  254.273505][T18463] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  254.406205][T18477] SELinux: failed to load policy
[  254.547467][T18490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.557653][T18490] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  254.827804][T18499] loop4: detected capacity change from 0 to 256
[  254.847412][T18507] loop2: detected capacity change from 0 to 512
[  254.872913][T18507] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.885513][T18507] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  254.938427][T18507] netlink: 'syz.2.3732': attribute type 1 has an invalid length.
[  254.945090][   T29] kauditd_printk_skb: 317 callbacks suppressed
[  254.945105][   T29] audit: type=1400 audit(1748054511.466:11070): avc:  denied  { create } for  pid=18511 comm="syz.0.3733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  254.976163][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.997882][T18519] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3735'.
[  255.005938][   T29] audit: type=1400 audit(1748054511.516:11071): avc:  denied  { write } for  pid=18518 comm="syz.0.3735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  255.029777][   T29] audit: type=1400 audit(1748054511.546:11072): avc:  denied  { create } for  pid=18518 comm="syz.0.3735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  255.037200][T18521] loop2: detected capacity change from 0 to 1024
[  255.058363][T18521] EXT4-fs: Ignoring removed orlov option
[  255.064630][T18521] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  255.081951][   T29] audit: type=1400 audit(1748054511.606:11073): avc:  denied  { setopt } for  pid=18518 comm="syz.0.3735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  255.083564][T18521] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.149703][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.265847][T18536] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  255.292423][T18538] loop2: detected capacity change from 0 to 128
[  255.457332][T18547] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3744'.
[  255.466371][T18547] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3744'.
[  255.476942][T18547] loop5: detected capacity change from 0 to 256
[  255.484645][T18547] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  255.511474][   T29] audit: type=1400 audit(1748054512.036:11074): avc:  denied  { setopt } for  pid=18552 comm="syz.5.3745" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  255.532559][T18553] loop5: detected capacity change from 0 to 2048
[  255.570921][T18553] Alternate GPT is invalid, using primary GPT.
[  255.577239][T18553]  loop5: p1 p2 p3
[  255.584546][   T29] audit: type=1400 audit(1748054512.116:11075): avc:  denied  { watch watch_reads } for  pid=18552 comm="syz.5.3745" path="/dev/loop5p1" dev="devtmpfs" ino=904 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  255.691065][T18569] loop5: detected capacity change from 0 to 8192
[  255.801042][   T29] audit: type=1400 audit(1748054512.326:11076): avc:  denied  { bind } for  pid=18572 comm="syz.4.3748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  255.827828][   T29] audit: type=1400 audit(1748054512.336:11077): avc:  denied  { write } for  pid=18572 comm="syz.4.3748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  255.873031][T18587] loop0: detected capacity change from 0 to 128
[  255.945310][   T29] audit: type=1326 audit(1748054512.466:11078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18593 comm="syz.0.3754" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7caba4e969 code=0x0
[  255.996753][   T29] audit: type=1326 audit(1748054512.516:11079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18593 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caba4e969 code=0x7ffc0000
[  256.282438][T18616] loop2: detected capacity change from 0 to 2048
[  256.312774][T18616] Alternate GPT is invalid, using primary GPT.
[  256.319082][T18616]  loop2: p1 p2 p3
[  256.342839][T18625] loop1: detected capacity change from 0 to 512
[  256.353356][T18633] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3760'.
[  256.382030][T18625] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.394686][T18625] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.449848][T18625] netlink: 'syz.1.3759': attribute type 1 has an invalid length.
[  256.468123][T17461] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.568213][T18644] loop4: detected capacity change from 0 to 1024
[  256.575415][T18644] EXT4-fs: Ignoring removed orlov option
[  256.581406][T18644] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  256.632030][T18644] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.723066][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.751644][T18665] loop4: detected capacity change from 0 to 2048
[  256.780685][T18665] Alternate GPT is invalid, using primary GPT.
[  256.786990][T18665]  loop4: p1 p2 p3
[  256.842510][T18678] loop0: detected capacity change from 0 to 8192
[  256.851255][T18678] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  256.952678][T18695] FAULT_INJECTION: forcing a failure.
[  256.952678][T18695] name failslab, interval 1, probability 0, space 0, times 0
[  256.966201][T18695] CPU: 0 UID: 0 PID: 18695 Comm: syz.0.3775 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  256.966238][T18695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  256.966254][T18695] Call Trace:
[  256.966262][T18695]  <TASK>
[  256.966271][T18695]  __dump_stack+0x1d/0x30
[  256.966365][T18695]  dump_stack_lvl+0xe8/0x140
[  256.966389][T18695]  dump_stack+0x15/0x1b
[  256.966410][T18695]  should_fail_ex+0x265/0x280
[  256.966566][T18695]  should_failslab+0x8c/0xb0
[  256.966634][T18695]  __kvmalloc_node_noprof+0x126/0x4d0
[  256.966676][T18695]  ? rhashtable_init_noprof+0x316/0x4f0
[  256.966748][T18695]  rhashtable_init_noprof+0x316/0x4f0
[  256.966881][T18695]  nf_flow_table_init+0xe2/0x1d0
[  256.966905][T18695]  nf_tables_newflowtable+0xa2a/0x10b0
[  256.966993][T18695]  nfnetlink_rcv+0xb99/0x1690
[  256.967069][T18695]  netlink_unicast+0x5a1/0x670
[  256.967106][T18695]  netlink_sendmsg+0x58b/0x6b0
[  256.967130][T18695]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.967152][T18695]  __sock_sendmsg+0x145/0x180
[  256.967218][T18695]  ____sys_sendmsg+0x31e/0x4e0
[  256.967277][T18695]  ___sys_sendmsg+0x17b/0x1d0
[  256.967365][T18695]  __x64_sys_sendmsg+0xd4/0x160
[  256.967423][T18695]  x64_sys_call+0x2999/0x2fb0
[  256.967449][T18695]  do_syscall_64+0xd0/0x1a0
[  256.967477][T18695]  ? clear_bhb_loop+0x40/0x90
[  256.967503][T18695]  ? clear_bhb_loop+0x40/0x90
[  256.967572][T18695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.967599][T18695] RIP: 0033:0x7f7caba4e969
[  256.967616][T18695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.967711][T18695] RSP: 002b:00007f7caa0b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  256.967733][T18695] RAX: ffffffffffffffda RBX: 00007f7cabc75fa0 RCX: 00007f7caba4e969
[  256.967749][T18695] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  256.967763][T18695] RBP: 00007f7caa0b7090 R08: 0000000000000000 R09: 0000000000000000
[  256.967773][T18695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  256.967784][T18695] R13: 0000000000000000 R14: 00007f7cabc75fa0 R15: 00007ffe44c669d8
[  256.967802][T18695]  </TASK>
[  257.261371][T18703] loop2: detected capacity change from 0 to 1024
[  257.268434][T18703] EXT4-fs: Ignoring removed orlov option
[  257.278029][T18703] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  257.312219][T18703] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.400523][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.655680][T18736] loop2: detected capacity change from 0 to 512
[  257.719002][T18736] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  257.731694][T18736] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  257.809205][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.825306][T18771] loop5: detected capacity change from 0 to 512
[  257.915366][T18781] loop2: detected capacity change from 0 to 1024
[  257.922070][T18781] EXT4-fs: Ignoring removed orlov option
[  257.928147][T18781] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  257.941991][T18781] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.018792][T14778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.184659][T18789] vlan2: entered allmulticast mode
[  258.374178][T18812] loop4: detected capacity change from 0 to 512
[  258.392340][T18812] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.405083][T18812] ext4 filesystem being mounted at /218/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.467887][T13530] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.508975][T18821] loop5: detected capacity change from 0 to 1024
[  258.516398][T18821] EXT4-fs: Ignoring removed orlov option
[  258.522209][T18821] EXT4-fs: Ignoring removed nomblk_io_submit option
[  258.533380][T18821] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  258.552623][T18821] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3806'.
[  258.627644][T18832] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.637090][T18832] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  258.953087][T18856] loop1: detected capacity change from 0 to 512
[  259.044160][T18865] loop2: detected capacity change from 0 to 256
[  259.175662][T18883] netlink: 'syz.4.3827': attribute type 3 has an invalid length.
[  259.183520][T18883] netlink: 'syz.4.3827': attribute type 3 has an invalid length.
[  259.192558][T18883] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3827'.
[  259.354792][T11663] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.425668][T18905] loop1: detected capacity change from 0 to 512
[  259.978892][   T29] kauditd_printk_skb: 296 callbacks suppressed
[  259.978969][   T29] audit: type=1326 audit(1748054516.496:11376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18930 comm="syz.2.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  260.040638][   T29] audit: type=1326 audit(1748054516.496:11377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18930 comm="syz.2.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  260.066279][   T29] audit: type=1326 audit(1748054516.496:11378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18930 comm="syz.2.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  260.092057][   T29] audit: type=1326 audit(1748054516.496:11379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18930 comm="syz.2.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61366be969 code=0x7ffc0000
[  260.324878][   T29] audit: type=1326 audit(1748054516.846:11380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.5.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  260.348623][T18950] loop1: detected capacity change from 0 to 256
[  260.349812][   T29] audit: type=1326 audit(1748054516.846:11381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.5.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  260.378665][   T29] audit: type=1326 audit(1748054516.846:11382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.5.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  260.402369][   T29] audit: type=1326 audit(1748054516.846:11383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18958 comm="syz.5.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  260.566694][   T29] audit: type=1326 audit(1748054517.076:11384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18968 comm="syz.5.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  260.590725][T18969] loop5: detected capacity change from 0 to 526
[  260.591950][T18969] ext4: Unknown parameter '	'
[  260.603177][   T29] audit: type=1326 audit(1748054517.076:11385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18968 comm="syz.5.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc54bae969 code=0x7ffc0000
[  260.967351][T19000] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  261.002480][T18942] ==================================================================
[  261.010561][T18942] BUG: KCSAN: data-race in fasync_remove_entry / sock_wake_async
[  261.018277][T18942] 
[  261.020593][T18942] write to 0xffff8881005a2a98 of 8 bytes by task 18943 on cpu 1:
[  261.028302][T18942]  fasync_remove_entry+0xcc/0x120
[  261.033338][T18942]  fasync_helper+0x97/0xc0
[  261.037759][T18942]  sock_fasync+0x58/0xc0
[  261.042011][T18942]  __fput+0x5e6/0x650
[  261.045998][T18942]  ____fput+0x1c/0x30
[  261.049971][T18942]  task_work_run+0x12e/0x1a0
[  261.054577][T18942]  resume_user_mode_work+0x6a/0x70
[  261.059710][T18942]  syscall_exit_to_user_mode+0x77/0xb0
[  261.065176][T18942]  do_syscall_64+0xdd/0x1a0
[  261.069679][T18942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.075568][T18942] 
[  261.077882][T18942] read to 0xffff8881005a2a98 of 8 bytes by task 18942 on cpu 0:
[  261.085501][T18942]  sock_wake_async+0x29/0x110
[  261.090181][T18942]  unix_write_space+0x13b/0x140
[  261.095051][T18942]  sock_wfree+0x148/0x3c0
[  261.099384][T18942]  unix_destruct_scm+0xc3/0xf0
[  261.104149][T18942]  skb_release_head_state+0xba/0x1a0
[  261.109434][T18942]  __kfree_skb+0x18/0x150
[  261.113758][T18942]  sk_skb_reason_drop+0xbd/0x270
[  261.118692][T18942]  unix_release_sock+0x5d3/0x720
[  261.123647][T18942]  unix_release+0x58/0x80
[  261.127974][T18942]  sock_close+0x6b/0x150
[  261.132215][T18942]  __fput+0x298/0x650
[  261.136189][T18942]  ____fput+0x1c/0x30
[  261.140168][T18942]  task_work_run+0x12e/0x1a0
[  261.144766][T18942]  resume_user_mode_work+0x6a/0x70
[  261.149883][T18942]  syscall_exit_to_user_mode+0x77/0xb0
[  261.155339][T18942]  do_syscall_64+0xdd/0x1a0
[  261.159847][T18942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.165740][T18942] 
[  261.168057][T18942] value changed: 0xffff8881192521e0 -> 0x0000000000000000
[  261.175151][T18942] 
[  261.177470][T18942] Reported by Kernel Concurrency Sanitizer on:
[  261.183614][T18942] CPU: 0 UID: 0 PID: 18942 Comm: syz.4.3843 Not tainted 6.15.0-rc7-syzkaller-00112-geccf6f2f6ab9 #0 PREEMPT(voluntary) 
[  261.196113][T18942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  261.206178][T18942] ==================================================================
[  261.339962][ T3369] page_pool_release_retry() stalled pool shutdown: id 166, 1 inflight 60 sec