last executing test programs:

2m2.084342237s ago: executing program 1 (id=369):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4e22, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000000000000000000007000000"], 0x20}, 0x4000)

2m2.084000257s ago: executing program 1 (id=370):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000040000000400000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
times(0x0)

2m1.984497945s ago: executing program 1 (id=372):
perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x0, 0x0, 0xff, 0x5, 0x0, 0x3ff, 0x44c04, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0xfffffffffffffff8, 0x8}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x80)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000200)=r3}, 0x20)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb791f6f9875f37538e486dd6317ce8102030400fe08000e40000200875a65969ff57b00ff020000000000000000000000000001"], 0xfdef)

2m1.866723294s ago: executing program 1 (id=375):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
socket$unix(0x1, 0x1, 0x0)
listen(0xffffffffffffffff, 0x0)
accept(0xffffffffffffffff, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4, 0x0, 0x400007}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x759, &(0x7f0000000780)={[{@noload}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}, 0x0}, {@data_journal}, {@journal_dev={'journal_dev', 0x3d, 0xf}}, {@i_version}, {@nobarrier}, {@debug}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xb6a}}, {@data_err_ignore}], [], 0x2c}, 0x2, 0x4f9, &(0x7f0000000200)="$eJzs3ElvHFUeAPB/te04zjL2ZNYsM+mZzAgLRBw764FDgkDKBQkJhMLR2E4U4iQoNlISWcRBKEgcQPkELDckPgEnuCBAHEBcibgipAj5ksABFarqatN2ub2l7cbx7yd151XVq37v31Uv/ZZuB7BpVbOnJGJHRHwXEb21zbkZqrV/7s9Mjfw8MzWSRJo+91OS57s3MzVSz1o/b3ux0V+JqLyRxN5ysd0T165fGB4fH7tS7BiYrBSpi8Pnxs6NXRo6ceLI4Z7jx4aOtiTOrE739rx2ed/u0y/efmbkzO2Xvvgoq29aHG+Mo6Yvf96y7BI6SnuqUZ37Xjb4//KrviHsbEgnndlzpX2VYdmyuza7XF15+++Njnyrpjeefr2tlQPWVJqmaXdp7+xn2XTaKElqJ6TpzRR4CCTR7hoA7VH/oL83k41Up0bK4+CH291TkY+AsrjvF4/akc58BFvtq42Nutao/L9GxJnpX97NHrHgPAQAQGt9cipiW9HvqD9qRyrx94Z8fyrWhvoi4s8RsSsi/lL0X/4Wkef9R0T8s+GcHctYBajO2y73f77pKRKN3dWWyfp/TxRrW3P7f7M17+sotnbm8XclZ8+Pjx0q3pP+6OrOtgfLLz07rfbpU9++06z8akP/L3tk5df7gkU9fuycN0E3Ojw5/KBx1929mb+xN8rxJ9GZ1FMRuyNizypeP3vPzj/64b5mx+fEn8VZiv/t5i/euYoKzZO+H/FI7fpPx7z4o1j/S/L1yYuvDExcu/74+cb1ycHjx4aODmyN8bFDA/W7ouzLr289WyRLw4hFrn+9aazpQlp2/bcteP/Prlz2ZanZ9dqJlZdx686bTcc0q73/tyTP5+n6+uzV4cnJK4MRW5Lp8v6h38+9OtwzJ38Wf/+Bhdv/rohf3yvO2xsR2U38r4j4d0TsL+r+n4j4b0QcWCT+z5/838vNhpBLx7+2svhHV3T9myVOfhWx8KGOC599XCr4rWop/q5odv2P5Kn+Ys/o8OTWpeJarKaNiQd+AwEAAGAD2J/P0yaVg8VE046oVA4ejNg+O4MyMfnY2cuvXhqtzef2RVelPtPV2zAfOljMDWfb2VlDDdvZ8cP5vHGapmlPtp2N38d3tjd02PS2N2n/mR/KP2kBHjYrWkdr9os2YEOa3/7vLPvM1n8hA1hfLfgeDbBBaf+weS27/a/Vr+CAtlmo/d+IuN+GqgDrbKH2/0Jpz8l1qQuwvoz/YfNaffv3ZQDY6Hz+w6a0rB/JryKx6/QieZLOtSm0eaISi/8VgL6I+p56n2bxF/y+EtGaGna0NNKeOde0smCerdGKsqKyZJ7OFfwhhvVNVP4Y1agluiNiibt39ma7UU9cX+uK5Y3gg/b+7wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDgfgsAAP//RUTTKw==")
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x1, 0xd}}, @union={0xffffffff, 0x0, 0x0, 0x5, 0x0, 0x1ff}]}}, 0x0, 0x3e, 0x0, 0x1, 0x9}, 0x28)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x100000000)
syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x8, 0x51031, 0xffffffffffffffff, 0x0)
r6 = openat$sysfs(0xffffff9c, &(0x7f0000000180)='/sys/kernel/notes', 0x0, 0x4555f60656226fef)
readv(r6, &(0x7f0000001300)=[{&(0x7f0000000200)=""/111, 0x6f}, {&(0x7f0000000340)=""/128, 0x80}], 0x2)
getsockopt$IP_SET_OP_VERSION(r6, 0x1, 0x53, &(0x7f0000000000), &(0x7f0000000040)=0x8)

2m1.218416526s ago: executing program 1 (id=379):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ff"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_create(r2, &(0x7f00000000c0)=@access={'system_u:object_r:xserver_misc_device_t:s0', 0x20, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023', 0x20, 0x836}, 0x6e)

2m0.992108844s ago: executing program 1 (id=389):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x8001}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10200000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
write$P9_RLERRORu(r5, &(0x7f0000000040)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

2m0.957915507s ago: executing program 32 (id=389):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x8001}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10200000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
write$P9_RLERRORu(r5, &(0x7f0000000040)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

4.36553073s ago: executing program 5 (id=3338):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x9}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@filter={'filter\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x0, 0x118, 0x228, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@multicast2, @empty, 0xff, 0xff, 'ip6erspan0\x00', 'wlan1\x00', {}, {}, 0x29, 0x1}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x4, 0x0, 0x1}}, @common=@inet=@ipcomp={{0x30}, {[0x4d6, 0x4d4], 0x1}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@socket0={{0x20}}, @common=@socket0={{0x20}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [0xffffff00, 0xff000000, 0xff], 0x4e21, 0x4e20, 0x4e24, 0x4e21, 0x7, 0x9, 0x6, 0x3, 0x404000}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r0, 0x0, 0x8)
fchdir(r2)
pipe(&(0x7f0000000040))
creat(&(0x7f00000000c0)='./file0\x00', 0xce)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x1ff, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x6, 0x618aeb64}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0xfffffffd, 0x0, 0x8}, 0xffffffffffffffff, 0xafffffffffffffff, 0xffffffffffffffff, 0xa)
syz_mount_image$ext4(0x0, &(0x7f00000003c0)='./file0\x00', 0x18eb009, 0x0, 0xff, 0x1a, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000740)=ANY=[@ANYBLOB="3c005ccd3b3a11541add0000000000000100000a0c0007800800094000000004050001000700000004000880100008800c00078008000640ffffffff02eb6038d7460b7f6e0fc7bbd699aded6607591db9e4a2ded7927aa44bd5a5fe967322c544ef06c0724d3d235db90fc5741ee657ad6f938ad81085ee68a95306422201"], 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x20000000)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x401, 0x0)
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x6)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r6, 0x5408, &(0x7f0000000040)={0x300, 0x0, 0x0, 0xfffffffe, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf", 0x2})
ioctl$TIOCGPGRP(r6, 0x5437, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="be00000000120000", @ANYRESDEC=0x0, @ANYBLOB=',k'])
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
r8 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)={0x80000, 0xa, 0x2}, 0x18)
name_to_handle_at(r8, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="100000002287e00000004000000000000000270000000000"], &(0x7f0000000240), 0x400)
write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[], 0x15)
dup(r7)
r9 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
fcntl$getflags(r9, 0x408)

4.310651735s ago: executing program 5 (id=3339):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1, 0x0, 0x4}, 0x18)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
writev(r2, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

4.281397567s ago: executing program 5 (id=3341):
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
chdir(&(0x7f0000000540)='./cgroup\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
lseek(r0, 0x7fffffff, 0x2)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=""/203, 0xcb)

4.156250757s ago: executing program 5 (id=3344):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010328bd7000fedbdf251c0000000c00018008000100", @ANYRES32=r2], 0x20}}, 0x10)

4.12187132s ago: executing program 5 (id=3347):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r2 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4, 0x0, 0x6}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000080)='kmem_cache_free\x00', r5, 0x0, 0x20000}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)

3.940951875s ago: executing program 4 (id=3288):
r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x40000333}, &(0x7f0000000340)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r0, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

3.87580624s ago: executing program 4 (id=3353):
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080))
r3 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)=ANY=[])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
writev(r4, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

3.756183809s ago: executing program 4 (id=3356):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000040)={0x2, 0xa000, @remote}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000280), &(0x7f0000000300)}, 0x20)
r3 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x40000333}, &(0x7f0000000340)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

3.585431853s ago: executing program 4 (id=3362):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000040)={[{@grpquota}, {@lazytime}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=ANY=[], 0x48)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000003000), 0x201, 0x0)
ioctl$TUNATTACHFILTER(r4, 0x401054d5, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
lsetxattr$security_selinux(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380), &(0x7f00000003c0)='system_u:object_r:utempter_exec_t:s0\x00', 0x25, 0x1)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x6b2, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8, 0x10000000000]})
write$binfmt_script(r0, &(0x7f00000004c0)={'#! ', './bus'}, 0x9)

2.99325594s ago: executing program 4 (id=3374):
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
chdir(&(0x7f0000000540)='./cgroup\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
lseek(r0, 0x7fffffff, 0x2)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=""/203, 0xcb)

2.228241801s ago: executing program 0 (id=3383):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000100ff850000002d000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
pipe2(&(0x7f0000001cc0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_uid}]}})
bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r1}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r5, 0x0, 0x4ab}, 0x18)
r6 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x6, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')

2.179465476s ago: executing program 0 (id=3384):
sendto$inet6(0xffffffffffffffff, &(0x7f0000000340)="a126d6912ef12e5c913abe39e665832c549a787e00551ddb75d936d483df11ee19d9f9299dda355600d03f1f077d1d97", 0x30, 0xc015, &(0x7f00000004c0)={0xa, 0x4e24, 0x7fff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}, 0x1c)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
add_key$keyring(&(0x7f00000003c0), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000000080), 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x80000000000080, &(0x7f0000006680))
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000880)=ANY=[@ANYRES64=r3, @ANYRES32=r3, @ANYBLOB="0400000000001900b7080000000000107b8abdce737a6ff86e5e00000000b703000008005623010d00000000030000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000000), 0x0}, 0x20)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, 0x0, 0x44080)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000004000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0xffffffffffffff92, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x3)
sync()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0x8000000000000}, 0x18)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})
socket$nl_netfilter(0x10, 0x3, 0xc)

2.062464445s ago: executing program 0 (id=3385):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0x9, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x77, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x88}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x21)
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f0000000780)='./file1\x00', 0x40, &(0x7f00000009c0)={[{@noquota}, {@norecovery}, {@dioread_lock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000d80)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYRESDEC, @ANYRESHEX], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
futex(0x0, 0x1, 0x800001, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000740)='./file1\x00', 0x183042, 0x15)
pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
read(r2, &(0x7f0000000800)=""/201, 0xc9)
r3 = socket(0x2c, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x3, 0x5}, 0x90)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000340), 0x1, 0x55e, &(0x7f0000001ac0)="$eJzs3c9vI1cdAPCvJz+cbrfNLhQJKmAXKCxotXbibaOql3YvIFRVQlQcEIdtSLxRiBOH2KmaEIlU/AkgFakn+BM4IHFA6okDN45IHBBSOSAtEIE2SCAZzXiSdbIO6629Nht/PtLszJvnme978Y7f87M9L4CxdTUi9iNiOiLeiojZfH8hX+K19pI+7t7B3tLhwd5SIVqtN/9WyPLTfdFxTOrp/JwzEfHNr0V8t/Bg3MbO7tpirVbdytPl5vpmubGze2N1fXGlulLdqFQW5hfmXr75UmVgdb2y/ou7X119/Vu//tVnPvzd/ld+kBbrYp7XWY++FE8m21WfOo6TmoyI1wcSbPQm8vX0iMvBR5NExMci4vPZ9T8bE9n/TgDgPGu1ZqM125kGAM67JBsDKySliEiS+NEn0k5AqT2G91xcSGr1RvP6nfr2xnJ7rOxSTCV3VmvVucvFP3w/6zFMFdL0fJaX5Wfpyqn0zYi4HBE/KT6VpUtL9dryyHo9ADDenu5s/yPin8UkKZV6OrTLp3oAwBNjZtQFAACGTvsPAONH+w8A46eH9j//sH//sZcFABgO7/8BYPw8avvvZk8A8OTz/h8Axso33ngjXVqH+f2vl9/e2V6rv31judpYK61vL5WW6lubpZV6fSW7Z8/7D/vRf61e35x/MbbfKTerjWa5sbN7e72+vdG8nd3X+3Z1ajjVAgD+h8tXPvh92qbvv/JUtkTH8L62Gs63ZNQFAEZm4mSy+EgH6yDAE81sXzC+emrCs07Cbx97WYDR6Pq53kzXzZN++ghBfM8I/q9c+1Tv4/++9g/ni/F/GF8TH+moVwdeDmD4jP/D+Gq1Cqfn/J8+zgIAzqU+vsLX+uGgOiHASD3sd70D+fwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzpmLEfG9KCSlbC7wJP03KZUinomISzFVuLNaq85FxLNxJSKmiml6ftSFBgD6lPylkM//dW32hYunc6cL/ypm6/Qh77/53juLzebWfLr/70f7o3g0fVjl/nF9zCsIAAxY1n5X8nX2Rn4y23/vYG/paBlmee7eiv/kUxEvHR7sZUs7ZzLSnREzWV/iwj8KeUnbc5E+HxETA4i//25EfPK4/suViDx+IRsbuZTPfNoZP/LYzwwqfte//+n4yYn4SZbXXqedr48PoCwwbj64FRGvdbv+kriarbtf/zPHr5z9uXurfbKj177DjviTeaSJLvHTa/5qrzFe/M3XH9jZmm3nvRvx/GS3+IXj+IUz4r/QY/w/fvqzP371jLzWzyKuRff4nbHKzfXNcmNn98bq+uJKdaW6UakszC/MvXzzpUo5G6MuH41UP+ivr1x/Ns5oL9L6Xzgj/kzX+k8fH/vFHuv/83+/9Z3P3U8WT8f/8he6P//PdY3flraJX+ox/uKFX545fXcaf/mM+j/s+b/eY/wP/7y73ONDAYAhaOzsri3WatWtvjbSd6G9H/XexZ7PnBaxtwcfdRf7q86fYgB/jUFtTPVdnVFtTB73FQd75m+nZxxydZKB16KvjXvDijW61yRgOO5f9KMuCQAAAAAAAAAAAAAAcJZh/HRp1HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/PpvAAAA///wjsrK")
syz_mount_image$ext4(&(0x7f0000000300)='ext3\x00', &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000940)={[{@jqfmt_vfsold}, {@dax_inode}, {@nouid32}, {@dax_always}, {@nomblk_io_submit}, {@minixdf}], [{@obj_user={'obj_user', 0x3d, '$\xb5'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}, 0xfe, 0x44b, &(0x7f0000001340)="$eJzs3MtvG8UfAPDv2kn6/iW/Uh4tLQQKouKRNOmDHriAQOIAEhIcijiFJK1K3QY1QaJVBYFDOKJK3BFHJP4CTnBBwAmJK9xRpQrl0sIBLVp7N3UcO40Tpy7x5yNtO+Mdd+a7u+OdnbEbQM8azv5IInZHxG8RMVjLLi8wXPvr1uLVyb8Wr04mkaZv/plUy91cvDpZFC3et6uWSdM8v61JvQvvRExUKtOX8vzo3IX3R2cvX3nu3IWJs9Nnpy+OZ//aoYGT4yc6EmcW180DH80c3P/q29denzx97d2fvslq2J3vr4+jU4ZrR7epJztdWZftqUsnfV1sCG0pR0R2uvqr/X8wyrFjad9gvPJpVxsHbKo0TdNm9+fcfApsYUl0uwVAdxQ3+uz5t9ju0tDjnnDjxdoDUBb3rXyr7emLUl6mv+H5tpOGI+L0/N9fZlts0jwEAEC977Lxz7PNxn+leKCu3P/yNZShiPh/ROyNiPsiYl9E3B9RLftgRDzUZv2NKyQrxz+l6+sKbI2y8d8L+drW8vFfMfqLoXKe21ONvz85c64yfTQ/Jkeif1uWH1ulju9f/vXzVvvqx3/ZltVfjAXzdlzva5igm5qYm9hIzPVufBJxoK9Z/EkUyzhJROyPiAPrrOPc018fbLXvzvGvogPrTOlXEU/Vzv98NMRfSJquT546dfzY2PMnx0+Mbo/K9NHR4qpY6edfFt5oVf+G4u+A7PzvbHr9L8U/lGyPmL185Xx1vXa2/ToWfv+s5TPNeq//geStanogf+3Dibm5S2MRA8lrK18fv/3eIl+Uz+I/crh5/98bt4/EwxGRXcSHIuKRiHg0b/tjEfF4RBxeJf4fX3rivfbjX2VWvoOy+KfudP6j/vy3nyif/+Hb9uMvZOf/eDV1JH9lLZ9/a23gRo4dAAAA/FeUqt+BT0ojS+lSaWSk9h3+fbGzVJmZnXvmzMwHF6dq35Ufiv5SMdM1WDcfOpbPDRf58Yb8sXze+Ivyjmp+ZHKmMtXt4KHH7WrR/zN/lLvdOmDT+b0W9K6G/p9+3K2GAHed+z/0Lv0fepf+D72rWf83BwC9wf0fepf+D71L/4fepf9DT2r52/jShn7yL7HlE1G6J5qx9RN9a/7PLNaZ2FZL/JMu29XtTyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDO+DcAAP//ezrmPw==")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000000)=0xd)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1.049079456s ago: executing program 0 (id=3396):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
bind$can_raw(r0, &(0x7f00000000c0)={0x1d, r5}, 0x10)
close(r0)
r8 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x26, 0x0, &(0x7f00000001c0)="00001dde73622c5e2fe73c522108002164a9a74b4fefdeec0804bd63a997935f1e140e1e9d2f", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x50)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f0000000280)='./file0/../file0\x00', r2, 0x4000, r4}, 0x18)
write$binfmt_elf32(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(r8)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x100}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @multicast}]}}}]}, 0x40}}, 0x84)
setsockopt$netlink_NETLINK_RX_RING(r9, 0x10e, 0x6, &(0x7f0000000000)={0x5, 0x6, 0x0, 0xffff}, 0x10)

872.705489ms ago: executing program 2 (id=3400):
r0 = syz_create_resource$binfmt(&(0x7f0000000000)='./file2\x00')
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700000002"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r10=>0x0})
bind$can_raw(r9, &(0x7f0000000000)={0x1d, r10}, 0x10)
bind$can_raw(r9, &(0x7f0000000080), 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000380)=r6}, 0x20)
recvmsg$unix(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000009c0)=""/181, 0xb5}], 0x1, 0x0, 0x0, 0x1000000}, 0x0)
shutdown(r5, 0x0)
openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff)
r11 = creat(&(0x7f00000000c0)='./file0\x00', 0x1f4)
dup2(r11, r11)
r12 = syz_io_uring_setup(0x6c14, &(0x7f0000000240)={0x0, 0x7093, 0x2000, 0x2, 0x14b, 0x0, r11}, &(0x7f00000002c0), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_FILES(r12, 0x2, &(0x7f0000000340)=[r4, r5], 0x2)

871.65022ms ago: executing program 0 (id=3401):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0xfeffff, 0x680, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40)
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080f00000a"], 0x48)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000340)={0x200000, 0x200000, 0x0, 0x0, 0x5989})
fsetxattr$security_selinux(r4, &(0x7f0000000040), &(0x7f0000000280)='system_u:object_r:ping_exec_t:s0\x00', 0x21, 0x0)
stat(&(0x7f0000000cc0)='./file0\x00', &(0x7f0000001c80)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000005c0)=ANY=[], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x4c09, 0x3)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000d00)=ANY=[@ANYRESDEC, @ANYBLOB="feb6ef", @ANYRESOCT, @ANYRES16, @ANYBLOB="0ffe0500", @ANYRES8, @ANYRES16=r4, @ANYBLOB="caec8743", @ANYRES32=r3, @ANYRES8=r7, @ANYBLOB="7de0de6948d7d44c4d01eeff92df69b773e9c6727f8fbda7576c2a151378", @ANYRESDEC=r5, @ANYBLOB='\b\x00', @ANYRES32=r6, @ANYBLOB='\b\x00', @ANYRES32=0xee00, @ANYBLOB, @ANYRES32, @ANYBLOB="1000040000000000200000000001"], 0x94, 0x1)
quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0x8000000040000483, r5, &(0x7f0000000540))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00'}, 0x10)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r8, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r8, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000000340)=[@cswp={0x58, 0x114, 0x7, {{0xb9, 0xc}, &(0x7f0000000180)=0x100, 0x0, 0xfff, 0x3, 0x9d86, 0x7, 0xa, 0x9}}], 0x58, 0x8004}, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000640)='netfs_failure\x00', r9, 0x0, 0x3}, 0x18)
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000002c0)={'xfrm0\x00', <r12=>0x0})
r13 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r10)
sendmsg$IPVS_CMD_NEW_DEST(r10, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="70010000", @ANYRES16=r13, @ANYBLOB="00042cbd7000ffdbdf25050000000c000380060007004e200000080006000800000070000180060004004e21000008000b0073697000140003007f000001000000400000000000000000080008000a000000060002003c000000060001000a000000080005000300000014000300e000000100000000000000000000000014000300ffffffff00000000000000000000000058000380060004008000000005000800fc000000080003000200000005000800010000000500080080000000080001000000000014000600fe80000000000000000000000000000e05000800030000000600040007007f0000000280080004002a00000008000500fdffffff080006000c00000006000f00ff07000005000d0000000000080003000200000005000d00000000003c00038014000600fc0200000000000000000000000000201400020070696d726567300000000000000000000800050064010101080001000100000008000600ff000000bbaf390020f26909b5ab1586b8a106e3815c43df9c30c457d665903a8d4937c224ad"], 0x170}, 0x1, 0x0, 0x0, 0x804}, 0x80)
sendmsg$nl_route_sched(r10, 0x0, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000001a40)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r12, {0x7, 0xfff1}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x2, 0xfff3}}]}}]}, 0x40}}, 0x0)

838.138443ms ago: executing program 2 (id=3402):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r2 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4, 0x0, 0x6}, 0x18)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x2000000, @loopback, 0xffffffff}, 0x1c)

796.696546ms ago: executing program 3 (id=3404):
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080))
r3 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)=ANY=[])

753.640179ms ago: executing program 3 (id=3405):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r1, &(0x7f00000005c0)="f5", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @private2}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8)

729.333421ms ago: executing program 3 (id=3406):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r2 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4, 0x0, 0x6}, 0x18)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x2000000, @loopback, 0xffffffff}, 0x1c)

638.010799ms ago: executing program 4 (id=3407):
syz_create_resource$binfmt(&(0x7f0000000000)='./file2\x00')
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700000002"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r6}, 0x10)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f0000000000)={0x1d, r8}, 0x10)
bind$can_raw(r7, &(0x7f0000000080), 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000380)=r3}, 0x20)
recvmsg$unix(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000009c0)=""/181, 0xb5}], 0x1, 0x0, 0x0, 0x1000000}, 0x0)
shutdown(r2, 0x0)

637.662269ms ago: executing program 33 (id=3407):
syz_create_resource$binfmt(&(0x7f0000000000)='./file2\x00')
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="02000000040000000700000002"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r6}, 0x10)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f0000000000)={0x1d, r8}, 0x10)
bind$can_raw(r7, &(0x7f0000000080), 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000380)=r3}, 0x20)
recvmsg$unix(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000009c0)=""/181, 0xb5}], 0x1, 0x0, 0x0, 0x1000000}, 0x0)
shutdown(r2, 0x0)

605.837421ms ago: executing program 2 (id=3409):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0)
pwritev(r2, &(0x7f00000000c0)=[{0x0, 0x4f}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0)

590.000763ms ago: executing program 5 (id=3354):
perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80b24, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257014bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1786eda2b20"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r0, 0x4)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
r3 = syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})
perf_event_open(0x0, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000800000004000000bb7f1a004d00feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b703850000001b000000b7000000000000009500000000000000000000030000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18)
syz_clone(0x6a02f080, 0x0, 0xfffffffffffffd7b, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x30, 0x0, 0x20, 0xfffff02f}]})

577.862903ms ago: executing program 2 (id=3410):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2b}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x58}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
r0 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, 0x0)
close(0xffffffffffffffff)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230000)
clock_gettime(0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000f00)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xc}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

479.318051ms ago: executing program 2 (id=3411):
r0 = getpid()
syz_pidfd_open(r0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
cachestat(r2, 0x0, &(0x7f0000000100), 0x0)
syz_clone3(&(0x7f0000000280)={0x80204000, &(0x7f0000000000), &(0x7f0000000080), &(0x7f00000000c0), {0x20}, &(0x7f0000000100)=""/11, 0xb, &(0x7f00000001c0)=""/73, &(0x7f0000000240)=[r0], 0x1, {r2}}, 0x58)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0xfc, 0x8, 0x0, 0x0, @multicast}, 0x10)
sendmmsg$unix(r3, &(0x7f0000002b40)=[{{&(0x7f0000000580)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40000d0}}, {{&(0x7f0000000bc0)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x24040848}}], 0x2, 0x24044002)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f3, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000440)={'erspan0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x1c, 0x18, 0x0, 0x2, 0x3, 0x29, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ra={0x94, 0x4, 0x5}]}}}}})
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000480)='./file0\x00', 0xc80, &(0x7f0000000380)=ANY=[], 0x1, 0x27c, &(0x7f0000000600)="$eJzs281qE1EYxvGnH9ov20Sr1VbEF93oZmjjFYTSghhQaiN+gDC1Ew2ZJiUTKhGx3bn1LoTi0p0g3kA3XoELd9247EIc6UxskzaiFXRs8/9tzhvOPOGcnDPhLGY2775aKhUCp+DW1N1l6pX6tSWl1a0exboabXdUH1ezNV0dzX26cPve/RvZXG5mzmw2O38tY2YjF98/ff7m0ofa0J23I+/6tJF+uPkl83ljbGN889v8k2JgxcDKlZq5tlCp1NwF37PFYlByzG75nht4ViwHXrWlv+BXlpfr5pYXhweXq14QmFuuW8mrW61itWrd3MdusWyO49jwoPAr+fW5OTeb9Cjwd1WrWXda0sS+nvx6IgMCAACJanP+X+P83yk4/3eC7fP/g8b924rzPwAAAAAAAAAAAAAAAAAAAAAAh8FWGKbCMEz9aI9J0Rs+YePzgKRBSUOSTkgaljQiKSUpLemkpFOSRiWdlnRG0piks5LOSRpv+q6k54r9kln/gSSnjCbc/52N9e9sTS/u9ktLL1fyK/m4jfuzBRXly9OkUvoarWVDXM9ez81MWiSt80urjfzqSr6nNT+l1PaGaZefivPWmu+L9t1OPqPU9gZrl8+0zffryuWmvKOUPj5SRb4Woz25m38xZTZ9M7cnPxFdd9Q5tqPt+jnOz/rj/AH2x57ft1cTvcnOHVJQf1Zyfd+rUlAcheK1/othHP4i6X8m/Au7i570SAAAAAAAAAAAAAAAAAAAB/GnTwiGq3H+dy5Oeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOz1PQAA//+5gF2o")
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000040000000400000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000940), 0x10)
listen(r5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r6}, 0x18)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)

389.072959ms ago: executing program 3 (id=3412):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xb30, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000740)=@newtaction={0x50, 0x30, 0x9, 0x0, 0x0, {}, [{0x3c, 0x1, [@m_bpf={0x38, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x50}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250)
mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0)
mount$nfs(&(0x7f00000001c0)='\'+\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x1000, &(0x7f0000000280)=ANY=[@ANYBLOB="275c8586535e2c252f5d2d2c2b6c2c2c7b2c6465767404000000006c746d706673002c5d2d282c253a292c736d61636b6673666c6f6f723d5b2840"])
r2 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r3}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9, 0x3, 0x0, 0x6, 0xfffffffa, 0x22}}}}]}, 0x4c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000180)={0x0, r3}, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)={0x28, 0x12, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0x135, 0x0, 0x0, @u64}]}, @nested={0x8, 0x31, 0x0, 0x1, [@nested={0x4, 0x4a}]}]}, 0x28}], 0x1}, 0x0)

326.883794ms ago: executing program 3 (id=3413):
r0 = socket(0x10, 0x3, 0x0)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x25dfdbfe, {}, [{0x4}]}, 0x18}}, 0x0)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)

284.008697ms ago: executing program 3 (id=3414):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r2 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4, 0x0, 0x6}, 0x18)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x2000000, @loopback, 0xffffffff}, 0x1c)

12.067979ms ago: executing program 0 (id=3415):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2b}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x9000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
close(0xffffffffffffffff)
clock_gettime(0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000f00)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xc}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

0s ago: executing program 2 (id=3416):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xb30, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000740)=@newtaction={0x50, 0x30, 0x9, 0x0, 0x0, {}, [{0x3c, 0x1, [@m_bpf={0x38, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x50}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250)
mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x3200890, 0x0)
mount$nfs(&(0x7f00000001c0)='\'+\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x1000, &(0x7f0000000280)=ANY=[@ANYBLOB="275c8586535e2c252f5d2d2c2b6c2c2c7b2c6465767404000000006c746d706673002c5d2d282c253a292c736d61636b6673666c6f6f723d5b2840"])
r2 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109}, 0x94)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9, 0x3, 0x0, 0x6, 0xfffffffa, 0x22}}}}]}, 0x4c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000180)={0x0, r3}, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r7, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)={0x28, 0x12, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0x135, 0x0, 0x0, @u64}]}, @nested={0x8, 0x31, 0x0, 0x1, [@nested={0x4, 0x4a}]}]}, 0x28}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

 (loop2): Filesystem has been set read-only
[  140.893501][T11066] veth0_vlan: entered promiscuous mode
[  140.922338][T11229] loop3: detected capacity change from 0 to 128
[  140.928601][T11066] veth1_vlan: entered promiscuous mode
[  140.941821][T11231] SELinux: failed to load policy
[  140.991203][T11066] veth0_macvtap: entered promiscuous mode
[  141.016773][T11066] veth1_macvtap: entered promiscuous mode
[  141.039464][T11066] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.052271][T11066] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.070127][ T5329] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.107733][ T5329] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.143764][ T5329] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.165167][ T5329] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.284356][T11260] FAULT_INJECTION: forcing a failure.
[  141.284356][T11260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.297568][T11260] CPU: 1 UID: 0 PID: 11260 Comm: syz.3.2804 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  141.297602][T11260] Tainted: [W]=WARN
[  141.297608][T11260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  141.297621][T11260] Call Trace:
[  141.297704][T11260]  <TASK>
[  141.297712][T11260]  __dump_stack+0x1d/0x30
[  141.297735][T11260]  dump_stack_lvl+0xe8/0x140
[  141.297751][T11260]  dump_stack+0x15/0x1b
[  141.297820][T11260]  should_fail_ex+0x265/0x280
[  141.297842][T11260]  should_fail+0xb/0x20
[  141.297859][T11260]  should_fail_usercopy+0x1a/0x20
[  141.297882][T11260]  _copy_from_user+0x1c/0xb0
[  141.297935][T11260]  keyctl_update_key+0x81/0x140
[  141.297959][T11260]  __se_sys_keyctl+0x221/0xb80
[  141.298016][T11260]  ? __rcu_read_unlock+0x4f/0x70
[  141.298038][T11260]  ? __fget_files+0x184/0x1c0
[  141.298062][T11260]  ? fput+0x8f/0xc0
[  141.298158][T11260]  __x64_sys_keyctl+0x67/0x80
[  141.298184][T11260]  x64_sys_call+0x2f6d/0x2ff0
[  141.298311][T11260]  do_syscall_64+0xd2/0x200
[  141.298337][T11260]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  141.298360][T11260]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  141.298447][T11260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.298504][T11260] RIP: 0033:0x7f2b6ee3ebe9
[  141.298520][T11260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.298579][T11260] RSP: 002b:00007f2b6d87e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  141.298613][T11260] RAX: ffffffffffffffda RBX: 00007f2b6f066090 RCX: 00007f2b6ee3ebe9
[  141.298626][T11260] RDX: 0000200000000680 RSI: 0000000024317d93 RDI: 0000000000000002
[  141.298638][T11260] RBP: 00007f2b6d87e090 R08: 0000000000000000 R09: 0000000000000000
[  141.298650][T11260] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001
[  141.298663][T11260] R13: 00007f2b6f066128 R14: 00007f2b6f066090 R15: 00007fff7f72fb68
[  141.298682][T11260]  </TASK>
[  141.810132][ T5323] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.900609][T11285] syzkaller1: entered promiscuous mode
[  141.906181][T11285] syzkaller1: entered allmulticast mode
[  141.934579][T11289] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2813'.
[  141.967507][ T5323] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.982722][T11293] loop5: detected capacity change from 0 to 1024
[  142.026895][T11293] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.045744][ T5323] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.057486][T11299] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=11299 comm=syz.2.2813
[  142.110333][ T5323] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.132280][ T4677] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.160698][T11310] loop4: detected capacity change from 0 to 1024
[  142.212024][T11310] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.225070][T11310] ext4 filesystem being mounted at /507/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.238779][T11319] loop2: detected capacity change from 0 to 128
[  142.272253][ T5323] bridge_slave_1: left allmulticast mode
[  142.278006][ T5323] bridge_slave_1: left promiscuous mode
[  142.283791][ T5323] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.291686][ T5323] bridge_slave_0: left allmulticast mode
[  142.297477][ T5323] bridge_slave_0: left promiscuous mode
[  142.300538][T11319] FAT-fs (loop2): error, corrupted file size (i_pos 548, 512)
[  142.303283][ T5323] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.310736][T11319] FAT-fs (loop2): Filesystem has been set read-only
[  142.330445][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.467963][T11337] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2831'.
[  142.497084][ T5323] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  142.506878][ T5323] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  142.516341][ T5323] bond0 (unregistering): Released all slaves
[  142.524790][ T5323] bond1 (unregistering): Released all slaves
[  142.533451][ T5323] bond2 (unregistering): Released all slaves
[  142.548522][T11337] hsr_slave_0: left promiscuous mode
[  142.554524][T11337] hsr_slave_1: left promiscuous mode
[  142.566496][T11271] chnl_net:caif_netlink_parms(): no params data found
[  142.597526][ T5323] tipc: Disabling bearer <udp:£>
[  142.602572][ T5323] tipc: Left network mode
[  142.640914][T11271] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.648112][T11271] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.661971][T11271] bridge_slave_0: entered allmulticast mode
[  142.668909][T11271] bridge_slave_0: entered promiscuous mode
[  142.677533][ T5323] hsr_slave_0: left promiscuous mode
[  142.683358][ T5323] hsr_slave_1: left promiscuous mode
[  142.691168][ T5323] veth1_macvtap: left promiscuous mode
[  142.696876][ T5323] veth0_macvtap: left promiscuous mode
[  142.702474][ T5323] veth1_vlan: left promiscuous mode
[  142.707849][ T5323] veth0_vlan: left promiscuous mode
[  142.760926][ T5323] team0 (unregistering): Port device team_slave_1 removed
[  142.773730][ T5323] team0 (unregistering): Port device team_slave_0 removed
[  142.781988][ T5322] smc: removing ib device syz!
[  142.804464][T11271] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.811737][T11271] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.822021][T11271] bridge_slave_1: entered allmulticast mode
[  142.828433][T11271] bridge_slave_1: entered promiscuous mode
[  142.860506][T11271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.875559][T11271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.921443][T11271] team0: Port device team_slave_0 added
[  142.928504][T11271] team0: Port device team_slave_1 added
[  142.956687][T11271] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.963852][T11271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.990133][T11271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  143.002014][T11271] batman_adv: batadv0: Adding interface: batadv_slave_1
[  143.009074][T11271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.035059][T11271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.068073][T11271] hsr_slave_0: entered promiscuous mode
[  143.074188][T11271] hsr_slave_1: entered promiscuous mode
[  143.225670][T11333] FAULT_INJECTION: forcing a failure.
[  143.225670][T11333] name failslab, interval 1, probability 0, space 0, times 0
[  143.238620][T11333] CPU: 1 UID: 0 PID: 11333 Comm: syz.2.2828 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  143.238651][T11333] Tainted: [W]=WARN
[  143.238657][T11333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  143.238675][T11333] Call Trace:
[  143.238682][T11333]  <TASK>
[  143.238689][T11333]  __dump_stack+0x1d/0x30
[  143.238708][T11333]  dump_stack_lvl+0xe8/0x140
[  143.238724][T11333]  dump_stack+0x15/0x1b
[  143.238738][T11333]  should_fail_ex+0x265/0x280
[  143.238767][T11333]  should_failslab+0x8c/0xb0
[  143.238787][T11333]  kmem_cache_alloc_node_noprof+0x57/0x320
[  143.238865][T11333]  ? __alloc_skb+0x101/0x320
[  143.238936][T11333]  __alloc_skb+0x101/0x320
[  143.238963][T11333]  tcp_stream_alloc_skb+0x2d/0x1d0
[  143.239069][T11333]  tcp_write_xmit+0xb3b/0x2fd0
[  143.239117][T11333]  __tcp_push_pending_frames+0x6d/0x1b0
[  143.239130][T11333]  tcp_send_fin+0x533/0x6b0
[  143.239210][T11333]  __tcp_close+0x607/0x10c0
[  143.239316][T11333]  tcp_close+0x28/0xd0
[  143.239331][T11333]  inet_release+0xce/0xf0
[  143.239343][T11333]  sock_close+0x6b/0x150
[  143.239425][T11333]  ? __pfx_sock_close+0x10/0x10
[  143.239439][T11333]  __fput+0x298/0x650
[  143.239532][T11333]  ____fput+0x1c/0x30
[  143.239547][T11333]  task_work_run+0x12e/0x1a0
[  143.239635][T11333]  get_signal+0xe13/0xf70
[  143.239654][T11333]  ? __sys_recvfrom+0x1cf/0x1f0
[  143.239668][T11333]  arch_do_signal_or_restart+0x96/0x480
[  143.239682][T11333]  exit_to_user_mode_loop+0x7a/0x100
[  143.239718][T11333]  do_syscall_64+0x1d6/0x200
[  143.239733][T11333]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  143.239746][T11333]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  143.239760][T11333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.239785][T11333] RIP: 0033:0x7fbb8af5ebe9
[  143.239795][T11333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.239806][T11333] RSP: 002b:00007fbb899a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  143.239817][T11333] RAX: fffffffffffffe00 RBX: 00007fbb8b186090 RCX: 00007fbb8af5ebe9
[  143.239824][T11333] RDX: 00000000ffffffdd RSI: 0000200000000000 RDI: 0000000000000003
[  143.239831][T11333] RBP: 00007fbb899a6090 R08: 0000000000000000 R09: 0000000000000015
[  143.239905][T11333] R10: 0000000000000734 R11: 0000000000000246 R12: 0000000000000001
[  143.239921][T11333] R13: 00007fbb8b186128 R14: 00007fbb8b186090 R15: 00007fff38568468
[  143.239932][T11333]  </TASK>
[  143.503829][T11356] loop2: detected capacity change from 0 to 1024
[  143.527951][T11356] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.540330][T11356] ext4 filesystem being mounted at /578/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.564710][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.603726][T11271] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  143.613858][T11271] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  143.624134][T11271] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  143.643604][T11271] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  143.656756][T11364] netlink: 'syz.5.2839': attribute type 30 has an invalid length.
[  143.676104][T11366] loop2: detected capacity change from 0 to 2048
[  143.682890][T11366] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  143.748080][T11271] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.756884][   T29] kauditd_printk_skb: 438 callbacks suppressed
[  143.756900][   T29] audit: type=1326 audit(1755540447.903:15715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.790124][T11271] 8021q: adding VLAN 0 to HW filter on device team0
[  143.797544][   T29] audit: type=1326 audit(1755540447.903:15716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.821241][   T29] audit: type=1326 audit(1755540447.903:15717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.833949][ T5323] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.844958][   T29] audit: type=1326 audit(1755540447.903:15718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.852085][ T5323] bridge0: port 1(bridge_slave_0) entered forwarding state
[  143.875777][   T29] audit: type=1326 audit(1755540447.903:15719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.906612][   T29] audit: type=1326 audit(1755540447.903:15720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.930490][   T29] audit: type=1326 audit(1755540447.903:15721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.930518][   T29] audit: type=1326 audit(1755540447.903:15722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.930660][   T29] audit: type=1326 audit(1755540447.903:15723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.930686][   T29] audit: type=1326 audit(1755540447.903:15724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11375 comm="syz.5.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  143.957822][ T5329] bridge0: port 2(bridge_slave_1) entered blocking state
[  143.957911][ T5329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.997185][T11271] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  143.997207][T11271] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  144.059779][T11389] loop4: detected capacity change from 0 to 1024
[  144.063811][T11271] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.101822][T11390] loop2: detected capacity change from 0 to 512
[  144.145859][T11390] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  144.177131][T11390] EXT4-fs (loop2): 1 truncate cleaned up
[  144.183209][T11390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.183968][T11389] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.207259][T11271] veth0_vlan: entered promiscuous mode
[  144.215317][T11389] ext4 filesystem being mounted at /510/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.231812][T11271] veth1_vlan: entered promiscuous mode
[  144.242024][T11402] loop5: detected capacity change from 0 to 128
[  144.249925][T11271] veth0_macvtap: entered promiscuous mode
[  144.257786][T11271] veth1_macvtap: entered promiscuous mode
[  144.268788][T11271] batman_adv: batadv0: Interface activated: batadv_slave_0
[  144.286147][T11271] batman_adv: batadv0: Interface activated: batadv_slave_1
[  144.297768][T11402] bio_check_eod: 13 callbacks suppressed
[  144.297784][T11402] syz.5.2847: attempt to access beyond end of device
[  144.297784][T11402] loop5: rw=2049, sector=130, nr_sectors = 1 limit=128
[  144.306005][ T5323] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.317023][T11402] Buffer I/O error on dev loop5, logical block 130, lost async page write
[  144.324870][T11402] syz.5.2847: attempt to access beyond end of device
[  144.324870][T11402] loop5: rw=2049, sector=131, nr_sectors = 1 limit=128
[  144.347939][T11402] Buffer I/O error on dev loop5, logical block 131, lost async page write
[  144.359789][T11402] syz.5.2847: attempt to access beyond end of device
[  144.359789][T11402] loop5: rw=2049, sector=132, nr_sectors = 1 limit=128
[  144.373354][T11402] Buffer I/O error on dev loop5, logical block 132, lost async page write
[  144.373949][ T5323] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.379251][ T5323] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.379669][ T5323] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.388283][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.406144][T11402] syz.5.2847: attempt to access beyond end of device
[  144.406144][T11402] loop5: rw=2049, sector=133, nr_sectors = 1 limit=128
[  144.406251][T11402] Buffer I/O error on dev loop5, logical block 133, lost async page write
[  144.406273][T11402] syz.5.2847: attempt to access beyond end of device
[  144.406273][T11402] loop5: rw=2049, sector=134, nr_sectors = 1 limit=128
[  144.406294][T11402] Buffer I/O error on dev loop5, logical block 134, lost async page write
[  144.406312][T11402] syz.5.2847: attempt to access beyond end of device
[  144.406312][T11402] loop5: rw=2049, sector=135, nr_sectors = 1 limit=128
[  144.406377][T11402] Buffer I/O error on dev loop5, logical block 135, lost async page write
[  144.406647][T11402] syz.5.2847: attempt to access beyond end of device
[  144.406647][T11402] loop5: rw=2049, sector=138, nr_sectors = 1 limit=128
[  144.406670][T11402] Buffer I/O error on dev loop5, logical block 138, lost async page write
[  144.406688][T11402] syz.5.2847: attempt to access beyond end of device
[  144.406688][T11402] loop5: rw=2049, sector=139, nr_sectors = 1 limit=128
[  144.406778][T11402] Buffer I/O error on dev loop5, logical block 139, lost async page write
[  144.406812][T11402] syz.5.2847: attempt to access beyond end of device
[  144.406812][T11402] loop5: rw=2049, sector=148, nr_sectors = 1 limit=128
[  144.406832][T11402] Buffer I/O error on dev loop5, logical block 148, lost async page write
[  144.406854][T11402] syz.5.2847: attempt to access beyond end of device
[  144.406854][T11402] loop5: rw=2049, sector=149, nr_sectors = 1 limit=128
[  144.406876][T11402] Buffer I/O error on dev loop5, logical block 149, lost async page write
[  144.590169][T11420] loop5: detected capacity change from 0 to 512
[  144.590802][T11420] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  144.840148][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.887782][T11443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2863'.
[  144.896966][T11443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2863'.
[  145.063936][T11453] SELinux: failed to load policy
[  145.211424][T11469] loop5: detected capacity change from 0 to 164
[  145.220851][T11469] ISOFS: unable to read i-node block
[  145.226310][T11469] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  145.248214][T11469] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2873'.
[  145.262163][T11476] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2874'.
[  145.319247][T11479] SELinux: failed to load policy
[  145.372601][T11483] SELinux: failed to load policy
[  145.574338][T11500] loop4: detected capacity change from 0 to 128
[  145.612459][T11495] blktrace: Concurrent blktraces are not allowed on loop4
[  145.619880][T11502] loop5: detected capacity change from 0 to 512
[  145.627118][T11502] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  145.850466][T11510] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2888'.
[  145.859589][T11510] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2888'.
[  145.938310][T11519] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2893'.
[  146.002120][    T9] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4
[  146.009847][    T9] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2
[  146.023020][    T9] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x3
[  146.036591][    T9] hid-generic 0000:3000000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  146.052794][T11526] fido_id[11526]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  146.296935][T11544] loop4: detected capacity change from 0 to 512
[  146.304313][T11544] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  146.379725][T11550] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2901'.
[  146.388816][T11550] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2901'.
[  146.417400][T11555] netlink: 'syz.3.2904': attribute type 30 has an invalid length.
[  146.480701][T11560] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2905'.
[  146.558766][T11571] loop4: detected capacity change from 0 to 512
[  146.606985][T11571] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.624936][T11571] ext4 filesystem being mounted at /527/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.648241][T11577] loop5: detected capacity change from 0 to 128
[  146.656226][T11571] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.2911: corrupted inode contents
[  146.807318][T11571] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #2: comm syz.4.2911: mark_inode_dirty error
[  146.851214][T11571] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.2911: corrupted inode contents
[  146.865796][T11571] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.2911: mark_inode_dirty error
[  146.894849][T11587] loop3: detected capacity change from 0 to 128
[  146.926097][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.989249][T11592] loop4: detected capacity change from 0 to 512
[  147.011721][T11602] netlink: 'syz.5.2923': attribute type 30 has an invalid length.
[  147.064022][T11609] netlink: 'syz.0.2924': attribute type 30 has an invalid length.
[  147.082727][T11592] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.101337][T11592] ext4 filesystem being mounted at /528/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.124493][T11592] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.2919: corrupted inode contents
[  147.138718][T11592] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #2: comm syz.4.2919: mark_inode_dirty error
[  147.159826][T11614] syzkaller1: entered promiscuous mode
[  147.165373][T11614] syzkaller1: entered allmulticast mode
[  147.172157][T11592] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.2919: corrupted inode contents
[  147.188703][T11592] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.2919: mark_inode_dirty error
[  147.203860][T11616] loop2: detected capacity change from 0 to 128
[  147.251924][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.370685][T11631] SELinux: failed to load policy
[  147.473313][T11644] syzkaller1: entered promiscuous mode
[  147.478893][T11644] syzkaller1: entered allmulticast mode
[  147.545337][T11649] loop5: detected capacity change from 0 to 164
[  147.554240][T11649] ISOFS: unable to read i-node block
[  147.559751][T11649] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  147.570825][T11649] FAULT_INJECTION: forcing a failure.
[  147.570825][T11649] name failslab, interval 1, probability 0, space 0, times 0
[  147.583519][T11649] CPU: 1 UID: 0 PID: 11649 Comm: syz.5.2942 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  147.583606][T11649] Tainted: [W]=WARN
[  147.583639][T11649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  147.583651][T11649] Call Trace:
[  147.583657][T11649]  <TASK>
[  147.583664][T11649]  __dump_stack+0x1d/0x30
[  147.583684][T11649]  dump_stack_lvl+0xe8/0x140
[  147.583700][T11649]  dump_stack+0x15/0x1b
[  147.583715][T11649]  should_fail_ex+0x265/0x280
[  147.583734][T11649]  ? sctp_association_new+0x71/0x1200
[  147.583783][T11649]  should_failslab+0x8c/0xb0
[  147.583848][T11649]  __kmalloc_cache_noprof+0x4c/0x320
[  147.583886][T11649]  sctp_association_new+0x71/0x1200
[  147.583942][T11649]  ? sctp_v4_to_sk_saddr+0x29/0x40
[  147.583968][T11649]  ? sctp_do_bind+0x497/0x4b0
[  147.584016][T11649]  ? sctp_v4_scope+0x140/0x150
[  147.584041][T11649]  sctp_connect_new_asoc+0x1a8/0x3a0
[  147.584071][T11649]  sctp_sendmsg+0xf10/0x18d0
[  147.584107][T11649]  ? selinux_socket_sendmsg+0x81/0x1b0
[  147.584147][T11649]  ? __pfx_sctp_sendmsg+0x10/0x10
[  147.584176][T11649]  inet_sendmsg+0xc5/0xd0
[  147.584194][T11649]  __sock_sendmsg+0x102/0x180
[  147.584284][T11649]  ____sys_sendmsg+0x345/0x4e0
[  147.584310][T11649]  ___sys_sendmsg+0x17b/0x1d0
[  147.584345][T11649]  __sys_sendmmsg+0x178/0x300
[  147.584378][T11649]  __x64_sys_sendmmsg+0x57/0x70
[  147.584401][T11649]  x64_sys_call+0x1c4a/0x2ff0
[  147.584462][T11649]  do_syscall_64+0xd2/0x200
[  147.584490][T11649]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  147.584544][T11649]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  147.584639][T11649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.584660][T11649] RIP: 0033:0x7f08ff3cebe9
[  147.584699][T11649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.584718][T11649] RSP: 002b:00007f08fde37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  147.584739][T11649] RAX: ffffffffffffffda RBX: 00007f08ff5f5fa0 RCX: 00007f08ff3cebe9
[  147.584751][T11649] RDX: 0000000000000002 RSI: 0000200000000880 RDI: 0000000000000007
[  147.584763][T11649] RBP: 00007f08fde37090 R08: 0000000000000000 R09: 0000000000000000
[  147.584775][T11649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.584787][T11649] R13: 00007f08ff5f6038 R14: 00007f08ff5f5fa0 R15: 00007ffcaafa6698
[  147.584850][T11649]  </TASK>
[  147.866930][T11661] netlink: 'syz.5.2946': attribute type 30 has an invalid length.
[  147.929597][T11666] loop5: detected capacity change from 0 to 128
[  147.987175][T11670] netlink: 'syz.5.2950': attribute type 30 has an invalid length.
[  148.105235][T11677] loop3: detected capacity change from 0 to 128
[  148.151645][T11677] FAT-fs (loop3): error, corrupted file size (i_pos 548, 512)
[  148.159205][T11677] FAT-fs (loop3): Filesystem has been set read-only
[  148.287404][T11701] wireguard0: entered promiscuous mode
[  148.292955][T11701] wireguard0: entered allmulticast mode
[  148.313942][T11703] wireguard0: entered promiscuous mode
[  148.319500][T11703] wireguard0: entered allmulticast mode
[  148.385472][T11684] chnl_net:caif_netlink_parms(): no params data found
[  148.423991][T11684] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.431277][T11684] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.438697][T11684] bridge_slave_0: entered allmulticast mode
[  148.445353][T11684] bridge_slave_0: entered promiscuous mode
[  148.452119][T11684] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.459386][T11684] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.466824][T11684] bridge_slave_1: entered allmulticast mode
[  148.473590][T11684] bridge_slave_1: entered promiscuous mode
[  148.492681][ T5329] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.516316][T11684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.539886][T11684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.572183][T11684] team0: Port device team_slave_0 added
[  148.586983][ T5329] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.615087][T11684] team0: Port device team_slave_1 added
[  148.622144][T11727] netlink: 'syz.3.2967': attribute type 30 has an invalid length.
[  148.658393][ T5329] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.672498][T11684] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.679584][T11684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.705832][T11684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.717188][T11684] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.724148][T11684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  148.724176][T11684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  148.772672][T11684] hsr_slave_0: entered promiscuous mode
[  148.786330][T11684] hsr_slave_1: entered promiscuous mode
[  148.795859][T11684] debugfs: 'hsr0' already exists in 'hsr'
[  148.801732][T11684] Cannot create hsr debugfs directory
[  148.808498][ T5329] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.821486][   T29] kauditd_printk_skb: 597 callbacks suppressed
[  148.821501][   T29] audit: type=1400 audit(1755540452.963:16322): avc:  denied  { append } for  pid=11738 comm="syz.5.2972" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  148.851650][   T29] audit: type=1400 audit(1755540452.963:16323): avc:  denied  { open } for  pid=11738 comm="syz.5.2972" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  148.879830][   T29] audit: type=1400 audit(1755540452.973:16324): avc:  denied  { ioctl } for  pid=11738 comm="syz.5.2972" path="/dev/sg0" dev="devtmpfs" ino=137 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  148.959278][   T29] audit: type=1326 audit(1755540453.103:16325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11742 comm="syz.5.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  148.983094][   T29] audit: type=1326 audit(1755540453.103:16326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11742 comm="syz.5.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  149.005115][   T10] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4
[  149.014877][   T10] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2
[  149.015017][   T29] audit: type=1326 audit(1755540453.103:16327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11742 comm="syz.5.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  149.046181][   T29] audit: type=1326 audit(1755540453.103:16328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11742 comm="syz.5.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  149.046408][   T10] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x3
[  149.070043][   T29] audit: type=1326 audit(1755540453.103:16329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11742 comm="syz.5.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  149.101294][   T29] audit: type=1326 audit(1755540453.103:16330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11742 comm="syz.5.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  149.124920][   T29] audit: type=1326 audit(1755540453.103:16331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11742 comm="syz.5.2973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  149.152299][   T10] hid-generic 0000:3000000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  149.166645][ T5329] bridge_slave_1: left allmulticast mode
[  149.166667][ T5329] bridge_slave_1: left promiscuous mode
[  149.166889][ T5329] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.168110][ T5329] bridge_slave_0: left allmulticast mode
[  149.168124][ T5329] bridge_slave_0: left promiscuous mode
[  149.168326][ T5329] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.253206][T11749] SELinux: failed to load policy
[  149.476829][ T5329] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.490203][ T5329] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.500228][ T5329] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  149.510612][ T5329] bond0 (unregistering): Released all slaves
[  149.576983][ T5329] hsr_slave_0: left promiscuous mode
[  149.582828][ T5329] hsr_slave_1: left promiscuous mode
[  149.588468][ T5329] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  149.596208][ T5329] batman_adv: batadv0: Removing interface: batadv_slave_0
[  149.611907][ T5329] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  149.619392][ T5329] batman_adv: batadv0: Removing interface: batadv_slave_1
[  149.655849][ T5329] team0 (unregistering): Port device team_slave_1 removed
[  149.665939][ T5329] team0 (unregistering): Port device team_slave_0 removed
[  149.788905][T11785] loop4: detected capacity change from 0 to 1024
[  149.816737][T11785] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.829768][T11785] FAULT_INJECTION: forcing a failure.
[  149.829768][T11785] name failslab, interval 1, probability 0, space 0, times 0
[  149.842461][T11785] CPU: 0 UID: 0 PID: 11785 Comm: syz.4.2989 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  149.842517][T11785] Tainted: [W]=WARN
[  149.842523][T11785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  149.842536][T11785] Call Trace:
[  149.842542][T11785]  <TASK>
[  149.842550][T11785]  __dump_stack+0x1d/0x30
[  149.842581][T11785]  dump_stack_lvl+0xe8/0x140
[  149.842601][T11785]  dump_stack+0x15/0x1b
[  149.842617][T11785]  should_fail_ex+0x265/0x280
[  149.842638][T11785]  should_failslab+0x8c/0xb0
[  149.842680][T11785]  kmem_cache_alloc_noprof+0x50/0x310
[  149.842753][T11785]  ? alloc_empty_file+0x76/0x200
[  149.842794][T11785]  ? mntput+0x4b/0x80
[  149.842873][T11785]  alloc_empty_file+0x76/0x200
[  149.842902][T11785]  path_openat+0x68/0x2170
[  149.842928][T11785]  ? _parse_integer_limit+0x170/0x190
[  149.842997][T11785]  ? kstrtoull+0x111/0x140
[  149.843017][T11785]  ? kstrtouint+0x76/0xc0
[  149.843036][T11785]  do_filp_open+0x109/0x230
[  149.843063][T11785]  do_sys_openat2+0xa6/0x110
[  149.843096][T11785]  __x64_sys_openat+0xf2/0x120
[  149.843163][T11785]  x64_sys_call+0x2e9c/0x2ff0
[  149.843185][T11785]  do_syscall_64+0xd2/0x200
[  149.843252][T11785]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  149.843314][T11785]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  149.843340][T11785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.843405][T11785] RIP: 0033:0x7fc7c66debe9
[  149.843420][T11785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.843438][T11785] RSP: 002b:00007fc7c5147038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  149.843456][T11785] RAX: ffffffffffffffda RBX: 00007fc7c6905fa0 RCX: 00007fc7c66debe9
[  149.843484][T11785] RDX: 0000000000002040 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  149.843566][T11785] RBP: 00007fc7c5147090 R08: 0000000000000000 R09: 0000000000000000
[  149.843577][T11785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.843587][T11785] R13: 00007fc7c6906038 R14: 00007fc7c6905fa0 R15: 00007ffdcf5eff28
[  149.843648][T11785]  </TASK>
[  150.064977][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.116702][T11791] loop3: detected capacity change from 0 to 1024
[  150.123564][T11791] EXT4-fs: Ignoring removed bh option
[  150.129582][T11791] EXT4-fs: inline encryption not supported
[  150.137398][T11791] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  150.139303][T11797] __nla_validate_parse: 11 callbacks suppressed
[  150.139319][T11797] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2993'.
[  150.160065][T11791] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.2990: lblock 2 mapped to illegal pblock 2 (length 1)
[  150.184754][T11791] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.2990: lblock 0 mapped to illegal pblock 48 (length 1)
[  150.199356][T11791] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.2990: Failed to acquire dquot type 0
[  150.213456][T11791] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  150.224061][T11684] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  150.237750][T11791] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.2990: mark_inode_dirty error
[  150.249371][T11791] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  150.259782][T11791] EXT4-fs (loop3): 1 orphan inode deleted
[  150.261523][T11684] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  150.274483][T11791] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.289154][ T5327] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:29: lblock 1 mapped to illegal pblock 1 (length 1)
[  150.317958][ T5327] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:29: Failed to release dquot type 0
[  150.344790][T11684] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  150.351973][T11805] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  150.363356][T11791] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  150.373610][T11791] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.2990: lblock 0 mapped to illegal pblock 48 (length 1)
[  150.388793][T11791] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  150.400163][T11684] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  150.424314][T11271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.581375][T11684] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.609048][T11684] 8021q: adding VLAN 0 to HW filter on device team0
[  150.657604][ T5324] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.664865][ T5324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.679917][ T5324] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.687102][ T5324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.705418][T11831] SELinux: failed to load policy
[  150.761697][T11684] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  150.772430][T11684] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  150.821356][T11840] SELinux: failed to load policy
[  150.884316][T11843] SELinux: failed to load policy
[  151.154063][T11684] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.182711][T11874] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3016'.
[  151.332664][T11684] veth0_vlan: entered promiscuous mode
[  151.342820][T11684] veth1_vlan: entered promiscuous mode
[  151.376172][T11891] tipc: Started in network mode
[  151.381078][T11891] tipc: Node identity , cluster identity 4711
[  151.387240][T11891] tipc: Failed to obtain node identity
[  151.392788][T11891] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  151.428067][T11882] loop5: detected capacity change from 0 to 512
[  151.443891][T11882] EXT4-fs: Ignoring removed nobh option
[  151.470700][T11684] veth0_macvtap: entered promiscuous mode
[  151.489994][T11684] veth1_macvtap: entered promiscuous mode
[  151.498856][T11882] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #3: comm syz.5.3019: corrupted inode contents
[  151.520034][T11882] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #3: comm syz.5.3019: mark_inode_dirty error
[  151.542382][T11882] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #3: comm syz.5.3019: corrupted inode contents
[  151.551105][T11684] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.563028][T11882] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #3: comm syz.5.3019: mark_inode_dirty error
[  151.566847][T11684] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.579323][T11882] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.3019: Failed to acquire dquot type 0
[  151.585754][ T5324] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.597728][T11882] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.3019: corrupted inode contents
[  151.616260][T11882] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #16: comm syz.5.3019: mark_inode_dirty error
[  151.630144][T11882] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.3019: corrupted inode contents
[  151.645548][T11882] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #16: comm syz.5.3019: mark_inode_dirty error
[  151.658058][T11882] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.3019: corrupted inode contents
[  151.676475][T11882] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[  151.677512][ T5325] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.686759][T11882] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.3019: corrupted inode contents
[  151.746188][ T5325] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.747409][T11882] EXT4-fs error (device loop5): ext4_truncate:4666: inode #16: comm syz.5.3019: mark_inode_dirty error
[  151.769055][ T5323] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.772071][T11909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2953'.
[  151.788976][T11882] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[  151.803762][T11882] EXT4-fs (loop5): 1 truncate cleaned up
[  151.814251][T11882] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.838301][T11882] ext4 filesystem being mounted at /514/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.891212][T11919] netlink: 'syz.3.3031': attribute type 30 has an invalid length.
[  151.909107][ T4677] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.924736][T11917] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.3030'.
[  152.134231][T11945] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3038'.
[  152.143348][T11945] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3038'.
[  152.274202][T11959] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3045'.
[  152.286738][T11956] loop4: detected capacity change from 0 to 1024
[  152.323457][T11956] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  152.334533][T11956] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  152.366651][T11956] JBD2: no valid journal superblock found
[  152.372492][T11956] EXT4-fs (loop4): Could not load journal inode
[  152.491502][T11969] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.3049'.
[  152.504270][T11964] SELinux: failed to load policy
[  152.538543][T11976] loop3: detected capacity change from 0 to 512
[  152.548678][T11975] loop5: detected capacity change from 0 to 512
[  152.563502][T11980] netlink: 'syz.0.3054': attribute type 30 has an invalid length.
[  152.566433][T11979] loop4: detected capacity change from 0 to 128
[  152.573907][T11976] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  152.590863][T11975] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  152.608010][T11976] EXT4-fs (loop3): 1 truncate cleaned up
[  152.616386][T11976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.635934][T11975] EXT4-fs (loop5): 1 truncate cleaned up
[  152.643417][T11975] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.679416][T11979] bio_check_eod: 24 callbacks suppressed
[  152.679434][T11979] syz.4.3053: attempt to access beyond end of device
[  152.679434][T11979] loop4: rw=2049, sector=129, nr_sectors = 1 limit=128
[  152.699105][T11979] buffer_io_error: 24 callbacks suppressed
[  152.699121][T11979] Buffer I/O error on dev loop4, logical block 129, lost async page write
[  152.713824][T11979] syz.4.3053: attempt to access beyond end of device
[  152.713824][T11979] loop4: rw=2049, sector=130, nr_sectors = 1 limit=128
[  152.715033][T11271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.727218][T11979] Buffer I/O error on dev loop4, logical block 130, lost async page write
[  152.727571][T11979] syz.4.3053: attempt to access beyond end of device
[  152.727571][T11979] loop4: rw=2049, sector=139, nr_sectors = 1 limit=128
[  152.758288][T11979] Buffer I/O error on dev loop4, logical block 139, lost async page write
[  152.767174][T11979] syz.4.3053: attempt to access beyond end of device
[  152.767174][T11979] loop4: rw=2049, sector=140, nr_sectors = 1 limit=128
[  152.780697][T11979] Buffer I/O error on dev loop4, logical block 140, lost async page write
[  152.789550][T11979] syz.4.3053: attempt to access beyond end of device
[  152.789550][T11979] loop4: rw=2049, sector=141, nr_sectors = 1 limit=128
[  152.803028][T11979] Buffer I/O error on dev loop4, logical block 141, lost async page write
[  152.818915][T11979] syz.4.3053: attempt to access beyond end of device
[  152.818915][T11979] loop4: rw=2049, sector=142, nr_sectors = 1 limit=128
[  152.832604][T11979] Buffer I/O error on dev loop4, logical block 142, lost async page write
[  152.841922][T11979] syz.4.3053: attempt to access beyond end of device
[  152.841922][T11979] loop4: rw=2049, sector=143, nr_sectors = 1 limit=128
[  152.855736][T11979] Buffer I/O error on dev loop4, logical block 143, lost async page write
[  152.868092][T11979] syz.4.3053: attempt to access beyond end of device
[  152.868092][T11979] loop4: rw=2049, sector=144, nr_sectors = 1 limit=128
[  152.881551][T11979] Buffer I/O error on dev loop4, logical block 144, lost async page write
[  152.913309][ T4677] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.932436][T11979] syz.4.3053: attempt to access beyond end of device
[  152.932436][T11979] loop4: rw=2049, sector=147, nr_sectors = 1 limit=128
[  152.945941][T11979] Buffer I/O error on dev loop4, logical block 147, lost async page write
[  152.958217][T11994] loop3: detected capacity change from 0 to 256
[  152.993518][T11996] loop5: detected capacity change from 0 to 512
[  153.012042][T11993] loop2: detected capacity change from 0 to 128
[  153.041355][T11996] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.067633][T11979] syz.4.3053: attempt to access beyond end of device
[  153.067633][T11979] loop4: rw=2049, sector=148, nr_sectors = 1 limit=128
[  153.081298][T11979] Buffer I/O error on dev loop4, logical block 148, lost async page write
[  153.106732][T11996] ext4 filesystem being mounted at /521/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.126122][T12003] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3061'.
[  153.185027][T11996] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.3059: corrupted inode contents
[  153.207697][T11994] random: crng reseeded on system resumption
[  153.240675][T11996] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.3059: mark_inode_dirty error
[  153.253403][T11996] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.3059: corrupted inode contents
[  153.253519][T11996] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.3059: mark_inode_dirty error
[  153.329524][T12012] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3065'.
[  153.342236][ T4677] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.399208][T12019] loop5: detected capacity change from 0 to 512
[  153.409718][T12019] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  153.428800][T12022] block device autoloading is deprecated and will be removed.
[  153.438172][T12019] EXT4-fs (loop5): 1 truncate cleaned up
[  153.444237][T12019] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.466639][T12021] loop4: detected capacity change from 0 to 512
[  153.477318][T12021] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.3070: corrupted in-inode xattr: invalid ea_ino
[  153.501161][T12021] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.3070: couldn't read orphan inode 15 (err -117)
[  153.525686][T12028] loop2: detected capacity change from 0 to 512
[  153.547960][ T4677] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.563958][T12028] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  153.586216][T12028] EXT4-fs (loop2): orphan cleanup on readonly fs
[  153.596602][T12028] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3063: bg 0: block 248: padding at end of block bitmap is not set
[  153.621287][T12033] netlink: 'syz.0.3072': attribute type 30 has an invalid length.
[  153.633385][T12028] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.3063: Failed to acquire dquot type 1
[  153.706194][T12028] EXT4-fs (loop2): 1 truncate cleaned up
[  153.758906][T12039] loop4: detected capacity change from 0 to 128
[  153.897501][T12044] SELinux: failed to load policy
[  153.993870][T12047] SELinux: failed to load policy
[  154.045349][T12051] loop3: detected capacity change from 0 to 512
[  154.091848][T12051] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.123794][T12051] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3077: corrupted inode contents
[  154.145623][T12051] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.3077: mark_inode_dirty error
[  154.221783][T12051] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3077: corrupted inode contents
[  154.253962][T12051] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.3077: mark_inode_dirty error
[  154.304617][T12072] netlink: 'syz.5.3085': attribute type 30 has an invalid length.
[  154.340487][ T5322] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  154.360243][ T5322] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  154.410594][ T5323] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  154.429011][ T5323] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  154.526010][T12086] loop5: detected capacity change from 0 to 1024
[  154.553166][T12086] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  154.564371][T12086] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  154.590185][T12086] JBD2: no valid journal superblock found
[  154.596207][T12086] EXT4-fs (loop5): Could not load journal inode
[  154.716814][T12099] loop5: detected capacity change from 0 to 512
[  154.747145][T12099] ext4 filesystem being mounted at /531/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.815704][T12099] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.3097: corrupted inode contents
[  154.845237][T12099] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.3097: mark_inode_dirty error
[  154.866596][T12099] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.3097: corrupted inode contents
[  154.884486][T12099] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.3097: mark_inode_dirty error
[  154.969962][T12095] loop0: detected capacity change from 0 to 128
[  154.988881][T12095] vfat: Unknown parameter 'shox'
[  155.019801][T12125] loop4: detected capacity change from 0 to 256
[  155.041576][T12126] loop5: detected capacity change from 0 to 512
[  155.074243][T12095] loop0: detected capacity change from 0 to 256
[  155.087400][T12126] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  155.149732][   T29] kauditd_printk_skb: 463 callbacks suppressed
[  155.149746][   T29] audit: type=1400 audit(1755540459.293:16787): avc:  denied  { read } for  pid=12094 comm="syz.0.3096" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  155.149990][T12126] EXT4-fs (loop5): 1 truncate cleaned up
[  155.234093][T12125] random: crng reseeded on system resumption
[  155.235173][   T29] audit: type=1326 audit(1755540459.373:16788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.283962][   T29] audit: type=1326 audit(1755540459.403:16789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.308301][   T29] audit: type=1326 audit(1755540459.403:16790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.331895][   T29] audit: type=1326 audit(1755540459.413:16791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.355486][   T29] audit: type=1326 audit(1755540459.413:16792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.379213][   T29] audit: type=1326 audit(1755540459.413:16793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.402831][   T29] audit: type=1326 audit(1755540459.413:16794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.426522][   T29] audit: type=1326 audit(1755540459.413:16795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.450171][   T29] audit: type=1326 audit(1755540459.413:16796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.5.3108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08ff3cebe9 code=0x7ffc0000
[  155.657854][T12144] loop5: detected capacity change from 0 to 1024
[  155.671566][T12144] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  155.682608][T12144] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  155.709609][T12148] __nla_validate_parse: 10 callbacks suppressed
[  155.709625][T12148] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3116'.
[  155.716053][T12144] JBD2: no valid journal superblock found
[  155.730826][T12144] EXT4-fs (loop5): Could not load journal inode
[  155.755131][T12146] loop4: detected capacity change from 0 to 512
[  155.813503][T12146] ext4 filesystem being mounted at /567/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.828345][T12146] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.3115: corrupted inode contents
[  155.850274][T12146] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #2: comm syz.4.3115: mark_inode_dirty error
[  155.862318][T12146] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.3115: corrupted inode contents
[  155.876738][T12146] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.3115: mark_inode_dirty error
[  155.895664][T12151] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3117'.
[  155.909153][T12151] netlink: 'syz.5.3117': attribute type 3 has an invalid length.
[  155.922105][T12151] loop5: detected capacity change from 0 to 512
[  155.965880][T12151] ext4 filesystem being mounted at /536/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.004343][T12164] loop5: detected capacity change from 0 to 512
[  156.015338][T12164] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  156.028655][T12163] loop4: detected capacity change from 0 to 128
[  156.036100][T12164] EXT4-fs (loop5): 1 truncate cleaned up
[  156.100312][T12169] loop5: detected capacity change from 0 to 128
[  156.109039][T12167] loop2: detected capacity change from 0 to 128
[  156.137990][T12169] FAT-fs (loop5): error, corrupted file size (i_pos 548, 512)
[  156.145655][T12169] FAT-fs (loop5): Filesystem has been set read-only
[  156.228503][T12173] loop5: detected capacity change from 0 to 512
[  156.235620][T12173] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  156.273215][T12173] EXT4-fs (loop5): 1 truncate cleaned up
[  156.674701][T12212] loop3: detected capacity change from 0 to 128
[  157.081994][T12233] loop5: detected capacity change from 0 to 128
[  157.095525][T12229] loop3: detected capacity change from 0 to 128
[  157.361974][T12256] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.3155'.
[  157.435620][T12261] loop4: detected capacity change from 0 to 512
[  157.454688][T12261] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  157.482566][T12261] EXT4-fs (loop4): 1 truncate cleaned up
[  157.703531][T12289] loop4: detected capacity change from 0 to 128
[  157.751621][T12289] bio_check_eod: 83 callbacks suppressed
[  157.751637][T12289] syz.4.3168: attempt to access beyond end of device
[  157.751637][T12289] loop4: rw=2049, sector=129, nr_sectors = 1 limit=128
[  157.770928][T12289] buffer_io_error: 83 callbacks suppressed
[  157.770942][T12289] Buffer I/O error on dev loop4, logical block 129, lost async page write
[  157.792810][T12289] syz.4.3168: attempt to access beyond end of device
[  157.792810][T12289] loop4: rw=2049, sector=130, nr_sectors = 1 limit=128
[  157.792859][T12296] loop3: detected capacity change from 0 to 128
[  157.806380][T12289] Buffer I/O error on dev loop4, logical block 130, lost async page write
[  157.821859][T12289] syz.4.3168: attempt to access beyond end of device
[  157.821859][T12289] loop4: rw=2049, sector=139, nr_sectors = 1 limit=128
[  157.835378][T12289] Buffer I/O error on dev loop4, logical block 139, lost async page write
[  157.844629][T12289] syz.4.3168: attempt to access beyond end of device
[  157.844629][T12289] loop4: rw=2049, sector=140, nr_sectors = 1 limit=128
[  157.858189][T12289] Buffer I/O error on dev loop4, logical block 140, lost async page write
[  157.867536][T12289] syz.4.3168: attempt to access beyond end of device
[  157.867536][T12289] loop4: rw=2049, sector=141, nr_sectors = 1 limit=128
[  157.881037][T12289] Buffer I/O error on dev loop4, logical block 141, lost async page write
[  157.889789][T12289] syz.4.3168: attempt to access beyond end of device
[  157.889789][T12289] loop4: rw=2049, sector=142, nr_sectors = 1 limit=128
[  157.903292][T12289] Buffer I/O error on dev loop4, logical block 142, lost async page write
[  157.915474][T12289] syz.4.3168: attempt to access beyond end of device
[  157.915474][T12289] loop4: rw=2049, sector=143, nr_sectors = 1 limit=128
[  157.929153][T12289] Buffer I/O error on dev loop4, logical block 143, lost async page write
[  157.937866][T12289] syz.4.3168: attempt to access beyond end of device
[  157.937866][T12289] loop4: rw=2049, sector=144, nr_sectors = 1 limit=128
[  157.951432][T12289] Buffer I/O error on dev loop4, logical block 144, lost async page write
[  157.960323][T12289] syz.4.3168: attempt to access beyond end of device
[  157.960323][T12289] loop4: rw=2049, sector=147, nr_sectors = 1 limit=128
[  157.967751][T12298] loop2: detected capacity change from 0 to 128
[  157.973979][T12289] Buffer I/O error on dev loop4, logical block 147, lost async page write
[  157.988812][T12289] syz.4.3168: attempt to access beyond end of device
[  157.988812][T12289] loop4: rw=2049, sector=148, nr_sectors = 1 limit=128
[  158.002227][T12289] Buffer I/O error on dev loop4, logical block 148, lost async page write
[  158.113987][T12305] loop0: detected capacity change from 0 to 512
[  158.153600][T12305] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  158.175305][T12307] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3172'.
[  158.184336][T12307] netlink: 'syz.3.3172': attribute type 30 has an invalid length.
[  158.203578][T12305] EXT4-fs (loop0): 1 truncate cleaned up
[  158.214423][ T5324] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  158.262351][ T5324] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  158.292234][ T5324] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  158.331753][ T5324] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  158.428772][T12332] loop3: detected capacity change from 0 to 128
[  158.498135][T12333] loop0: detected capacity change from 0 to 128
[  158.578440][T12343] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3189'.
[  158.584454][T12345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3190'.
[  158.587529][T12343] netlink: 'syz.4.3189': attribute type 30 has an invalid length.
[  158.645984][ T5324] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  158.655260][ T5324] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  158.664505][ T5324] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  158.680161][ T5324] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  158.745522][T12360] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3193'.
[  158.754455][T12360] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3193'.
[  158.789457][T12363] loop5: detected capacity change from 0 to 1024
[  158.842544][T12363] SELinux:  Context @ is not valid (left unmapped).
[  158.895830][T12373] loop2: detected capacity change from 0 to 512
[  158.916251][T12373] EXT4-fs: Ignoring removed mblk_io_submit option
[  158.926086][T12373] EXT4-fs (loop2): failed to initialize system zone (-117)
[  158.942644][T12373] EXT4-fs (loop2): mount failed
[  159.024605][T12382] FAULT_INJECTION: forcing a failure.
[  159.024605][T12382] name failslab, interval 1, probability 0, space 0, times 0
[  159.037426][T12382] CPU: 1 UID: 0 PID: 12382 Comm: syz.5.3202 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  159.037464][T12382] Tainted: [W]=WARN
[  159.037471][T12382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  159.037514][T12382] Call Trace:
[  159.037521][T12382]  <TASK>
[  159.037529][T12382]  __dump_stack+0x1d/0x30
[  159.037550][T12382]  dump_stack_lvl+0xe8/0x140
[  159.037569][T12382]  dump_stack+0x15/0x1b
[  159.037586][T12382]  should_fail_ex+0x265/0x280
[  159.037675][T12382]  should_failslab+0x8c/0xb0
[  159.037701][T12382]  __kmalloc_noprof+0xa5/0x3e0
[  159.037730][T12382]  ? ___neigh_create+0x4c9/0x1290
[  159.037764][T12382]  ___neigh_create+0x4c9/0x1290
[  159.037814][T12382]  ? should_failslab+0x8c/0xb0
[  159.037855][T12382]  ? __alloc_skb+0x1b2/0x320
[  159.037887][T12382]  __neigh_create+0x54/0x70
[  159.037964][T12382]  ip_neigh_gw4+0x12e/0x170
[  159.038006][T12382]  ip_finish_output2+0x857/0x8b0
[  159.038037][T12382]  ip_do_fragment+0x61f/0xc90
[  159.038083][T12382]  ? __pfx_ip_finish_output2+0x10/0x10
[  159.038112][T12382]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  159.038149][T12382]  ip_fragment+0xcc/0x140
[  159.038233][T12382]  ip_finish_output+0x1c7/0x2a0
[  159.038359][T12382]  ip_output+0xbd/0x190
[  159.038383][T12382]  ? __pfx_ip_finish_output+0x10/0x10
[  159.038435][T12382]  ip_local_out+0xb9/0xe0
[  159.038459][T12382]  iptunnel_xmit+0x354/0x480
[  159.038482][T12382]  ip_tunnel_xmit+0x1499/0x1580
[  159.038584][T12382]  ipgre_xmit+0x5c0/0x6a0
[  159.038611][T12382]  dev_hard_start_xmit+0x122/0x3e0
[  159.038635][T12382]  __dev_queue_xmit+0x10f9/0x2000
[  159.038656][T12382]  ? __dev_queue_xmit+0x182/0x2000
[  159.038685][T12382]  ? skb_release_data+0x34a/0x370
[  159.038710][T12382]  __bpf_redirect+0x67f/0x990
[  159.038737][T12382]  bpf_clone_redirect+0x18e/0x200
[  159.038762][T12382]  bpf_prog_208b094576c80b22+0x5f/0x68
[  159.038780][T12382]  ? obj_cgroup_charge_account+0x122/0x1a0
[  159.038825][T12382]  ? security_inode_alloc+0x37/0x100
[  159.038852][T12382]  ? should_fail_ex+0x30/0x280
[  159.038872][T12382]  ? __rcu_read_unlock+0x4f/0x70
[  159.038894][T12382]  ? avc_has_perm_noaudit+0x1b1/0x200
[  159.038987][T12382]  ? avc_has_perm+0xf7/0x180
[  159.039048][T12382]  ? __rcu_read_unlock+0x4f/0x70
[  159.039147][T12382]  ? is_bpf_text_address+0x141/0x160
[  159.039178][T12382]  ? kernel_text_address+0x94/0xb0
[  159.039214][T12382]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  159.039242][T12382]  ? __kernel_text_address+0xd/0x40
[  159.039297][T12382]  ? unwind_get_return_address+0x16/0x40
[  159.039324][T12382]  ? arch_stack_walk+0xfc/0x150
[  159.039350][T12382]  ? filter_irq_stacks+0x1d/0x70
[  159.039379][T12382]  ? stack_depot_save_flags+0xa93/0xb80
[  159.039480][T12382]  ? read_tsc+0x9/0x20
[  159.039496][T12382]  ? ktime_get+0x1eb/0x210
[  159.039520][T12382]  bpf_test_run+0x1e3/0x490
[  159.039539][T12382]  ? __list_add_valid_or_report+0x38/0xe0
[  159.039643][T12382]  ? bpf_test_run+0xf6/0x490
[  159.039716][T12382]  bpf_prog_test_run_skb+0x834/0xbd0
[  159.039755][T12382]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  159.039787][T12382]  bpf_prog_test_run+0x22a/0x390
[  159.039954][T12382]  __sys_bpf+0x4b9/0x7b0
[  159.040028][T12382]  __x64_sys_bpf+0x41/0x50
[  159.040051][T12382]  x64_sys_call+0x2aea/0x2ff0
[  159.040072][T12382]  do_syscall_64+0xd2/0x200
[  159.040098][T12382]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  159.040186][T12382]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  159.040216][T12382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.040265][T12382] RIP: 0033:0x7f08ff3cebe9
[  159.040281][T12382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.040310][T12382] RSP: 002b:00007f08fde37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  159.040330][T12382] RAX: ffffffffffffffda RBX: 00007f08ff5f5fa0 RCX: 00007f08ff3cebe9
[  159.040343][T12382] RDX: 000000000000001e RSI: 0000200000000080 RDI: 000000000000000a
[  159.040355][T12382] RBP: 00007f08fde37090 R08: 0000000000000000 R09: 0000000000000000
[  159.040368][T12382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  159.040381][T12382] R13: 00007f08ff5f6038 R14: 00007f08ff5f5fa0 R15: 00007ffcaafa6698
[  159.040400][T12382]  </TASK>
[  159.593080][T12373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.610685][T12373] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.863213][T12409] loop0: detected capacity change from 0 to 128
[  159.943673][T12417] netlink: 'syz.4.3214': attribute type 30 has an invalid length.
[  160.001199][T12424] loop5: detected capacity change from 0 to 128
[  160.024899][T12424] FAT-fs (loop5): error, corrupted file size (i_pos 548, 512)
[  160.032401][T12424] FAT-fs (loop5): Filesystem has been set read-only
[  160.127693][T12437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3220'.
[  160.135837][T12436] loop5: detected capacity change from 0 to 128
[  160.136620][T12437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3220'.
[  160.160377][   T29] kauditd_printk_skb: 945 callbacks suppressed
[  160.160393][   T29] audit: type=1326 audit(1755540464.303:17742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64e7315ba7 code=0x7ffc0000
[  160.169924][T12439] loop3: detected capacity change from 0 to 128
[  160.204878][   T29] audit: type=1326 audit(1755540464.353:17743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64e72badd9 code=0x7ffc0000
[  160.271159][   T29] audit: type=1326 audit(1755540464.353:17744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64e7315ba7 code=0x7ffc0000
[  160.295597][   T29] audit: type=1326 audit(1755540464.353:17745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64e72badd9 code=0x7ffc0000
[  160.319376][   T29] audit: type=1326 audit(1755540464.353:17746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  160.342991][   T29] audit: type=1326 audit(1755540464.373:17747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64e7315ba7 code=0x7ffc0000
[  160.366670][   T29] audit: type=1326 audit(1755540464.373:17748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64e72badd9 code=0x7ffc0000
[  160.390510][   T29] audit: type=1326 audit(1755540464.373:17749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  160.414688][   T29] audit: type=1326 audit(1755540464.373:17750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f64e7315ba7 code=0x7ffc0000
[  160.438250][   T29] audit: type=1326 audit(1755540464.373:17751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12422 comm="syz.0.3217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f64e72badd9 code=0x7ffc0000
[  160.739251][T12471] __nla_validate_parse: 2 callbacks suppressed
[  160.739267][T12471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3235'.
[  160.754710][T12471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3235'.
[  160.892938][T12475] loop5: detected capacity change from 0 to 128
[  161.016807][T12481] netlink: 'syz.3.3241': attribute type 30 has an invalid length.
[  161.138548][T12473] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  161.145844][T12473] IPv6: NLM_F_CREATE should be set when creating new route
[  161.153143][T12473] IPv6: NLM_F_CREATE should be set when creating new route
[  161.160374][T12473] IPv6: NLM_F_CREATE should be set when creating new route
[  161.171163][T12473] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  161.186090][T12489] loop3: detected capacity change from 0 to 512
[  161.199278][T12489] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  161.228574][T12489] EXT4-fs (loop3): 1 truncate cleaned up
[  161.252291][T12489] EXT4-fs mount: 24 callbacks suppressed
[  161.252309][T12489] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.328553][T11271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.383388][T12500] loop3: detected capacity change from 0 to 128
[  161.394465][T12506] loop4: detected capacity change from 0 to 128
[  161.395600][T12504] loop2: detected capacity change from 0 to 128
[  161.444088][T12506] FAT-fs (loop4): error, corrupted file size (i_pos 548, 512)
[  161.451670][T12506] FAT-fs (loop4): Filesystem has been set read-only
[  161.468456][T12508] netlink: 'syz.5.3253': attribute type 30 has an invalid length.
[  161.512595][T12513] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3254'.
[  161.521637][T12513] netlink: 'syz.2.3254': attribute type 30 has an invalid length.
[  161.565935][T12510] tipc: Failed to remove unknown binding: 66,1,1/0:649366242/649366244
[  161.569523][ T5324] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  161.582919][T12511] tipc: Failed to remove unknown binding: 66,1,1/0:649366242/649366244
[  161.594299][T12521] loop5: detected capacity change from 0 to 128
[  161.604375][T12511] tipc: Failed to remove unknown binding: 66,1,1/0:649366242/649366244
[  161.612668][T12511] tipc: Failed to remove unknown binding: 66,1,1/0:649366242/649366244
[  161.651138][ T5324] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  161.661267][ T5324] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  161.671232][ T5324] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  161.709181][T12531] loop5: detected capacity change from 0 to 512
[  161.718446][T12524] loop2: detected capacity change from 0 to 128
[  161.740391][T12531] EXT4-fs (loop5): too many log groups per flexible block group
[  161.748167][T12531] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  161.766991][T12531] EXT4-fs (loop5): mount failed
[  161.790810][T12540] FAULT_INJECTION: forcing a failure.
[  161.790810][T12540] name failslab, interval 1, probability 0, space 0, times 0
[  161.803503][T12540] CPU: 0 UID: 0 PID: 12540 Comm: syz.2.3263 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  161.803591][T12540] Tainted: [W]=WARN
[  161.803602][T12540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  161.803615][T12540] Call Trace:
[  161.803623][T12540]  <TASK>
[  161.803632][T12540]  __dump_stack+0x1d/0x30
[  161.803654][T12540]  dump_stack_lvl+0xe8/0x140
[  161.803673][T12540]  dump_stack+0x15/0x1b
[  161.803688][T12540]  should_fail_ex+0x265/0x280
[  161.803706][T12540]  should_failslab+0x8c/0xb0
[  161.803771][T12540]  __kmalloc_cache_node_noprof+0x54/0x320
[  161.803797][T12540]  ? __get_vm_area_node+0x106/0x1d0
[  161.803826][T12540]  __get_vm_area_node+0x106/0x1d0
[  161.803857][T12540]  __vmalloc_node_range_noprof+0x273/0xe00
[  161.803941][T12540]  ? copy_process+0x399/0x2000
[  161.803968][T12540]  ? __rcu_read_unlock+0x4f/0x70
[  161.803993][T12540]  __vmalloc_node_noprof+0x89/0xc0
[  161.804021][T12540]  ? copy_process+0x399/0x2000
[  161.804044][T12540]  ? copy_process+0x399/0x2000
[  161.804108][T12540]  dup_task_struct+0x449/0x6a0
[  161.804131][T12540]  ? _parse_integer+0x27/0x40
[  161.804287][T12540]  copy_process+0x399/0x2000
[  161.804310][T12540]  ? kstrtouint+0x76/0xc0
[  161.804374][T12540]  ? kstrtouint_from_user+0x9f/0xf0
[  161.804396][T12540]  ? __rcu_read_unlock+0x4f/0x70
[  161.804419][T12540]  kernel_clone+0x16c/0x5c0
[  161.804476][T12540]  ? vfs_write+0x7e8/0x960
[  161.804496][T12540]  __x64_sys_clone+0xe6/0x120
[  161.804567][T12540]  x64_sys_call+0x119c/0x2ff0
[  161.804586][T12540]  do_syscall_64+0xd2/0x200
[  161.804613][T12540]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  161.804643][T12540]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  161.804714][T12540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.804737][T12540] RIP: 0033:0x7fdd0eefebe9
[  161.804753][T12540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.804791][T12540] RSP: 002b:00007fdd0d95efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  161.804807][T12540] RAX: ffffffffffffffda RBX: 00007fdd0f125fa0 RCX: 00007fdd0eefebe9
[  161.804818][T12540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  161.804829][T12540] RBP: 00007fdd0d95f090 R08: 0000000000000000 R09: 0000000000000000
[  161.804849][T12540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.804861][T12540] R13: 00007fdd0f126038 R14: 00007fdd0f125fa0 R15: 00007ffcc27fdcc8
[  161.804881][T12540]  </TASK>
[  162.050351][T12540] syz.2.3263: vmalloc error: size 16384, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  162.065550][T12540] CPU: 0 UID: 0 PID: 12540 Comm: syz.2.3263 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  162.065582][T12540] Tainted: [W]=WARN
[  162.065634][T12540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  162.065647][T12540] Call Trace:
[  162.065655][T12540]  <TASK>
[  162.065665][T12540]  __dump_stack+0x1d/0x30
[  162.065685][T12540]  dump_stack_lvl+0xe8/0x140
[  162.065702][T12540]  dump_stack+0x15/0x1b
[  162.065716][T12540]  warn_alloc+0x12b/0x1a0
[  162.065751][T12540]  __vmalloc_node_range_noprof+0x297/0xe00
[  162.065892][T12540]  ? __rcu_read_unlock+0x4f/0x70
[  162.065915][T12540]  __vmalloc_node_noprof+0x89/0xc0
[  162.065941][T12540]  ? copy_process+0x399/0x2000
[  162.065963][T12540]  ? copy_process+0x399/0x2000
[  162.066068][T12540]  dup_task_struct+0x449/0x6a0
[  162.066092][T12540]  ? _parse_integer+0x27/0x40
[  162.066115][T12540]  copy_process+0x399/0x2000
[  162.066233][T12540]  ? kstrtouint+0x76/0xc0
[  162.066252][T12540]  ? kstrtouint_from_user+0x9f/0xf0
[  162.066330][T12540]  ? __rcu_read_unlock+0x4f/0x70
[  162.066431][T12540]  kernel_clone+0x16c/0x5c0
[  162.066455][T12540]  ? vfs_write+0x7e8/0x960
[  162.066479][T12540]  __x64_sys_clone+0xe6/0x120
[  162.066545][T12540]  x64_sys_call+0x119c/0x2ff0
[  162.066576][T12540]  do_syscall_64+0xd2/0x200
[  162.066604][T12540]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  162.066628][T12540]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  162.066730][T12540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.066751][T12540] RIP: 0033:0x7fdd0eefebe9
[  162.066766][T12540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.066780][T12540] RSP: 002b:00007fdd0d95efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  162.066796][T12540] RAX: ffffffffffffffda RBX: 00007fdd0f125fa0 RCX: 00007fdd0eefebe9
[  162.066860][T12540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  162.066871][T12540] RBP: 00007fdd0d95f090 R08: 0000000000000000 R09: 0000000000000000
[  162.066883][T12540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.066895][T12540] R13: 00007fdd0f126038 R14: 00007fdd0f125fa0 R15: 00007ffcc27fdcc8
[  162.066915][T12540]  </TASK>
[  162.066993][T12540] Mem-Info:
[  162.294080][T12540] active_anon:15025 inactive_anon:0 isolated_anon:0
[  162.294080][T12540]  active_file:23416 inactive_file:2412 isolated_file:0
[  162.294080][T12540]  unevictable:0 dirty:180 writeback:0
[  162.294080][T12540]  slab_reclaimable:3454 slab_unreclaimable:28606
[  162.294080][T12540]  mapped:34652 shmem:5073 pagetables:1322
[  162.294080][T12540]  sec_pagetables:0 bounce:0
[  162.294080][T12540]  kernel_misc_reclaimable:0
[  162.294080][T12540]  free:1826716 free_pcp:22367 free_cma:0
[  162.294142][T12540] Node 0 active_anon:60100kB inactive_anon:0kB active_file:93664kB inactive_file:9648kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:138608kB dirty:720kB writeback:0kB shmem:20292kB kernel_stack:3840kB pagetables:5288kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  162.294197][T12540] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  162.294342][T12540] lowmem_reserve[]: 0 2883 7862 7862
[  162.294370][T12540] Node 0 DMA32 free:2949212kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952844kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:100kB free_cma:0kB
[  162.294455][T12540] lowmem_reserve[]: 0 0 4978 4978
[  162.294549][T12540] Node 0 Normal free:4342292kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:60216kB inactive_anon:0kB active_file:93664kB inactive_file:9648kB unevictable:0kB writepending:720kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:85752kB local_pcp:66032kB free_cma:0kB
[  162.294686][T12540] lowmem_reserve[]: 0 0 0 0
[  162.294711][T12540] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  162.295045][T12540] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 2*16kB (M) 3*32kB (M) 3*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949212kB
[  162.295394][T12540] Node 0 Normal: 1061*4kB (UM) 524*8kB (UME) 254*16kB (UM) 72*32kB (UME) 175*64kB (UME) 93*128kB (UME) 178*256kB (UM) 132*512kB (UME) 89*1024kB (UME) 44*2048kB (UM) 979*4096kB (UM) = 4342292kB
[  162.295608][T12540] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  162.295626][T12540] 30929 total pagecache pages
[  162.295641][T12540] 5 pages in swap cache
[  162.295646][T12540] Free swap  = 124976kB
[  162.544907][T12540] Total swap = 124996kB
[  162.549061][T12540] 2097051 pages RAM
[  162.553080][T12540] 0 pages HighMem/MovableOnly
[  162.557860][T12540] 80440 pages reserved
[  162.620798][T12546] loop4: detected capacity change from 0 to 1024
[  162.621171][T12554] loop2: detected capacity change from 0 to 512
[  162.627787][T12546] EXT4-fs: Ignoring removed i_version option
[  162.639798][T12546] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  162.649879][T12552] netlink: 'syz.3.3268': attribute type 30 has an invalid length.
[  162.660114][T12554] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  162.673845][T12546] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3265: Invalid block bitmap block 0 in block_group 0
[  162.689611][T12554] EXT4-fs (loop2): 1 truncate cleaned up
[  162.702230][T12546] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3265: Failed to acquire dquot type 0
[  162.713451][T12559] FAULT_INJECTION: forcing a failure.
[  162.713451][T12559] name failslab, interval 1, probability 0, space 0, times 0
[  162.714057][T12546] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.3265: Freeing blocks not in datazone - block = 0, count = 4096
[  162.726369][T12559] CPU: 0 UID: 0 PID: 12559 Comm: syz.0.3266 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  162.726401][T12559] Tainted: [W]=WARN
[  162.726409][T12559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  162.726422][T12559] Call Trace:
[  162.726430][T12559]  <TASK>
[  162.726504][T12559]  __dump_stack+0x1d/0x30
[  162.726526][T12559]  dump_stack_lvl+0xe8/0x140
[  162.726625][T12559]  dump_stack+0x15/0x1b
[  162.726641][T12559]  should_fail_ex+0x265/0x280
[  162.726662][T12559]  should_failslab+0x8c/0xb0
[  162.726687][T12559]  kmem_cache_alloc_node_noprof+0x57/0x320
[  162.726801][T12559]  ? __alloc_skb+0x101/0x320
[  162.726833][T12559]  __alloc_skb+0x101/0x320
[  162.726862][T12559]  ? audit_log_start+0x365/0x6c0
[  162.726892][T12559]  audit_log_start+0x380/0x6c0
[  162.727026][T12559]  audit_seccomp+0x48/0x100
[  162.727129][T12559]  ? __seccomp_filter+0x68c/0x10d0
[  162.727151][T12559]  __seccomp_filter+0x69d/0x10d0
[  162.727241][T12559]  ? tty_kref_put+0xdc/0x100
[  162.727267][T12559]  ? tty_unlock+0x21/0x30
[  162.727286][T12559]  ? tty_set_ldisc+0x358/0x380
[  162.727316][T12559]  __secure_computing+0x82/0x150
[  162.727337][T12559]  syscall_trace_enter+0xcf/0x1e0
[  162.727395][T12559]  do_syscall_64+0xac/0x200
[  162.727422][T12559]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  162.727446][T12559]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  162.727551][T12559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.727572][T12559] RIP: 0033:0x7f64e731d5fc
[  162.727589][T12559] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  162.727607][T12559] RSP: 002b:00007f64e5d87030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  162.727627][T12559] RAX: ffffffffffffffda RBX: 00007f64e7545fa0 RCX: 00007f64e731d5fc
[  162.727640][T12559] RDX: 000000000000000f RSI: 00007f64e5d870a0 RDI: 0000000000000008
[  162.727730][T12559] RBP: 00007f64e5d87090 R08: 0000000000000000 R09: 0000000000000000
[  162.727743][T12559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.727755][T12559] R13: 00007f64e7546038 R14: 00007f64e7545fa0 R15: 00007ffffb83b7e8
[  162.727850][T12559]  </TASK>
[  162.740034][T12554] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.752918][T12546] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.3265: Invalid inode bitmap blk 0 in block_group 0
[  162.773936][ T5323] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:25: Failed to release dquot type 0
[  162.777199][T12546] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  163.002070][T12546] EXT4-fs (loop4): 1 orphan inode deleted
[  163.002507][T11684] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.008143][T12546] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.078753][T12546] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #2: block 16: comm syz.4.3265: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  163.098670][T12546] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #2: block 16: comm syz.4.3265: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  163.202646][T12582] loop2: detected capacity change from 0 to 512
[  163.232848][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.261262][T12582] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  163.276148][T12585] FAULT_INJECTION: forcing a failure.
[  163.276148][T12585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.276659][T12587] sch_tbf: peakrate 1 is lower than or equals to rate 6 !
[  163.289487][T12585] CPU: 1 UID: 0 PID: 12585 Comm: syz.5.3278 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  163.289520][T12585] Tainted: [W]=WARN
[  163.289564][T12585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  163.289576][T12585] Call Trace:
[  163.289583][T12585]  <TASK>
[  163.289592][T12585]  __dump_stack+0x1d/0x30
[  163.289614][T12585]  dump_stack_lvl+0xe8/0x140
[  163.289634][T12585]  dump_stack+0x15/0x1b
[  163.289651][T12585]  should_fail_ex+0x265/0x280
[  163.289669][T12585]  should_fail+0xb/0x20
[  163.289746][T12585]  should_fail_usercopy+0x1a/0x20
[  163.289768][T12585]  _copy_from_iter+0xcf/0xe40
[  163.289794][T12585]  ? alloc_pages_mpol+0x201/0x250
[  163.289876][T12585]  copy_page_from_iter+0x178/0x2a0
[  163.289974][T12585]  tun_get_user+0x679/0x2680
[  163.290018][T12585]  ? ref_tracker_alloc+0x1f2/0x2f0
[  163.290072][T12585]  tun_chr_write_iter+0x15e/0x210
[  163.290102][T12585]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  163.290130][T12585]  vfs_write+0x52a/0x960
[  163.290233][T12585]  ksys_write+0xda/0x1a0
[  163.290255][T12585]  __x64_sys_write+0x40/0x50
[  163.290278][T12585]  x64_sys_call+0x27fe/0x2ff0
[  163.290299][T12585]  do_syscall_64+0xd2/0x200
[  163.290404][T12585]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  163.290428][T12585]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  163.290453][T12585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.290529][T12585] RIP: 0033:0x7f08ff3cd69f
[  163.290545][T12585] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  163.290622][T12585] RSP: 002b:00007f08fde37000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  163.290642][T12585] RAX: ffffffffffffffda RBX: 00007f08ff5f5fa0 RCX: 00007f08ff3cd69f
[  163.290672][T12585] RDX: 0000000000000066 RSI: 00002000000068c0 RDI: 00000000000000c8
[  163.290684][T12585] RBP: 00007f08fde37090 R08: 0000000000000000 R09: 0000000000000000
[  163.290697][T12585] R10: 0000000000000066 R11: 0000000000000293 R12: 0000000000000001
[  163.290709][T12585] R13: 00007f08ff5f6038 R14: 00007f08ff5f5fa0 R15: 00007ffcaafa6698
[  163.290727][T12585]  </TASK>
[  163.509839][T12582] EXT4-fs (loop2): 1 truncate cleaned up
[  163.531897][T12582] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.571163][T11684] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.639541][T12601] loop0: detected capacity change from 0 to 1024
[  163.646694][T12601] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  163.657694][T12601] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  163.667848][T12601] JBD2: no valid journal superblock found
[  163.673756][T12601] EXT4-fs (loop0): Could not load journal inode
[  163.694781][T12601] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  163.708062][T12605] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3285'.
[  163.717095][T12605] netlink: 'syz.4.3285': attribute type 30 has an invalid length.
[  163.818150][ T3312] bridge0: port 3(syz_tun) entered disabled state
[  163.831772][T12614] loop2: detected capacity change from 0 to 128
[  163.843723][ T3312] syz_tun (unregistering): left allmulticast mode
[  163.850204][ T3312] syz_tun (unregistering): left promiscuous mode
[  163.856743][ T3312] bridge0: port 3(syz_tun) entered disabled state
[  163.885845][T12616] loop5: detected capacity change from 0 to 128
[  163.904058][T12614] FAT-fs (loop2): error, corrupted file size (i_pos 548, 512)
[  163.911700][T12614] FAT-fs (loop2): Filesystem has been set read-only
[  163.950028][T12616] bio_check_eod: 176 callbacks suppressed
[  163.950053][T12616] syz.5.3290: attempt to access beyond end of device
[  163.950053][T12616] loop5: rw=2049, sector=129, nr_sectors = 1 limit=128
[  163.969759][T12616] buffer_io_error: 176 callbacks suppressed
[  163.969775][T12616] Buffer I/O error on dev loop5, logical block 129, lost async page write
[  163.985936][T12616] syz.5.3290: attempt to access beyond end of device
[  163.985936][T12616] loop5: rw=2049, sector=130, nr_sectors = 1 limit=128
[  163.999601][T12616] Buffer I/O error on dev loop5, logical block 130, lost async page write
[  164.010105][T12616] syz.5.3290: attempt to access beyond end of device
[  164.010105][T12616] loop5: rw=2049, sector=139, nr_sectors = 1 limit=128
[  164.023639][T12616] Buffer I/O error on dev loop5, logical block 139, lost async page write
[  164.032766][T12616] syz.5.3290: attempt to access beyond end of device
[  164.032766][T12616] loop5: rw=2049, sector=140, nr_sectors = 1 limit=128
[  164.046288][T12616] Buffer I/O error on dev loop5, logical block 140, lost async page write
[  164.054918][T12616] syz.5.3290: attempt to access beyond end of device
[  164.054918][T12616] loop5: rw=2049, sector=141, nr_sectors = 1 limit=128
[  164.068476][T12616] Buffer I/O error on dev loop5, logical block 141, lost async page write
[  164.077068][T12616] syz.5.3290: attempt to access beyond end of device
[  164.077068][T12616] loop5: rw=2049, sector=142, nr_sectors = 1 limit=128
[  164.090473][T12616] Buffer I/O error on dev loop5, logical block 142, lost async page write
[  164.099115][T12616] syz.5.3290: attempt to access beyond end of device
[  164.099115][T12616] loop5: rw=2049, sector=143, nr_sectors = 1 limit=128
[  164.112709][T12616] Buffer I/O error on dev loop5, logical block 143, lost async page write
[  164.121319][T12616] syz.5.3290: attempt to access beyond end of device
[  164.121319][T12616] loop5: rw=2049, sector=144, nr_sectors = 1 limit=128
[  164.134998][T12616] Buffer I/O error on dev loop5, logical block 144, lost async page write
[  164.145958][ T5329] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  164.149136][T12616] syz.5.3290: attempt to access beyond end of device
[  164.149136][T12616] loop5: rw=2049, sector=147, nr_sectors = 1 limit=128
[  164.156266][ T5329] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.180367][T12616] Buffer I/O error on dev loop5, logical block 147, lost async page write
[  164.189653][T12616] syz.5.3290: attempt to access beyond end of device
[  164.189653][T12616] loop5: rw=2049, sector=148, nr_sectors = 1 limit=128
[  164.203360][T12616] Buffer I/O error on dev loop5, logical block 148, lost async page write
[  164.252413][ T5329] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  164.262937][ T5329] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.298214][T12617] chnl_net:caif_netlink_parms(): no params data found
[  164.318004][T12639] loop0: detected capacity change from 0 to 256
[  164.331911][ T5329] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  164.342285][ T5329] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.406984][T12655] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12655 comm=syz.0.3301
[  164.422440][ T5329] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  164.432789][ T5329] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.512212][T12617] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.519337][T12617] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.526812][T12617] bridge_slave_0: entered allmulticast mode
[  164.533431][T12617] bridge_slave_0: entered promiscuous mode
[  164.543076][T12617] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.550261][T12617] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.557623][T12617] bridge_slave_1: entered allmulticast mode
[  164.564110][T12617] bridge_slave_1: entered promiscuous mode
[  164.618427][T12617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.644356][T12661] loop0: detected capacity change from 0 to 128
[  164.660820][ T5329] bridge_slave_1: left allmulticast mode
[  164.666797][ T5329] bridge_slave_1: left promiscuous mode
[  164.672621][ T5329] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.710710][T12661] FAT-fs (loop0): error, corrupted file size (i_pos 548, 512)
[  164.718516][T12661] FAT-fs (loop0): Filesystem has been set read-only
[  164.727123][ T5329] bridge_slave_0: left allmulticast mode
[  164.730807][T12668] program syz.5.3306 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  164.733031][ T5329] bridge_slave_0: left promiscuous mode
[  164.747849][ T5329] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.756442][T12668] FAULT_INJECTION: forcing a failure.
[  164.756442][T12668] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.769715][T12668] CPU: 1 UID: 0 PID: 12668 Comm: syz.5.3306 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  164.769798][T12668] Tainted: [W]=WARN
[  164.769805][T12668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  164.769818][T12668] Call Trace:
[  164.769825][T12668]  <TASK>
[  164.769834][T12668]  __dump_stack+0x1d/0x30
[  164.769855][T12668]  dump_stack_lvl+0xe8/0x140
[  164.769901][T12668]  dump_stack+0x15/0x1b
[  164.769918][T12668]  should_fail_ex+0x265/0x280
[  164.769941][T12668]  should_fail+0xb/0x20
[  164.769959][T12668]  should_fail_usercopy+0x1a/0x20
[  164.770005][T12668]  _copy_from_user+0x1c/0xb0
[  164.770032][T12668]  scsi_ioctl+0x1108/0x14d0
[  164.770055][T12668]  ? avc_has_perm+0xf7/0x180
[  164.770078][T12668]  ? file_has_perm+0x324/0x370
[  164.770102][T12668]  ? do_vfs_ioctl+0x866/0xe10
[  164.770123][T12668]  sg_ioctl+0xdf6/0x1360
[  164.770153][T12668]  ? __pfx_sg_ioctl+0x10/0x10
[  164.770179][T12668]  __se_sys_ioctl+0xcb/0x140
[  164.770208][T12668]  __x64_sys_ioctl+0x43/0x50
[  164.770238][T12668]  x64_sys_call+0x1816/0x2ff0
[  164.770277][T12668]  do_syscall_64+0xd2/0x200
[  164.770384][T12668]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  164.770409][T12668]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  164.770480][T12668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.770575][T12668] RIP: 0033:0x7f08ff3cebe9
[  164.770591][T12668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.770607][T12668] RSP: 002b:00007f08fde37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  164.770623][T12668] RAX: ffffffffffffffda RBX: 00007f08ff5f5fa0 RCX: 00007f08ff3cebe9
[  164.770636][T12668] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 0000000000000006
[  164.770647][T12668] RBP: 00007f08fde37090 R08: 0000000000000000 R09: 0000000000000000
[  164.770658][T12668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.770670][T12668] R13: 00007f08ff5f6038 R14: 00007f08ff5f5fa0 R15: 00007ffcaafa6698
[  164.770729][T12668]  </TASK>
[  165.097377][ T5329]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  165.106916][ T5329]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  165.115908][ T5329]  (unregistering): Released all slaves
[  165.125094][T12617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.151501][T12617] team0: Port device team_slave_0 added
[  165.161910][ T5329] hsr_slave_0: left promiscuous mode
[  165.168107][ T5329] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  165.175545][ T5329] batman_adv: batadv0: Removing interface: batadv_slave_0
[  165.189612][ T5329] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  165.197185][ T5329] batman_adv: batadv0: Removing interface: batadv_slave_1
[  165.206650][ T5329] batman_adv: batadv0: Interface deactivated: dummy0
[  165.213368][ T5329] batman_adv: batadv0: Removing interface: dummy0
[  165.228802][T12695] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3316'.
[  165.261867][ T5329] team0 (unregistering): Port device team_slave_1 removed
[  165.271166][ T5329] team0 (unregistering): Port device team_slave_0 removed
[  165.298271][T12697] loop0: detected capacity change from 0 to 512
[  165.298293][ T5329] vcan0 (unregistering): left allmulticast mode
[  165.322195][T12697] __quota_error: 684 callbacks suppressed
[  165.322209][T12697] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6).
[  165.338041][T12697] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  165.339114][T12617] team0: Port device team_slave_1 added
[  165.360228][T12697] EXT4-fs (loop0): mount failed
[  165.384381][T12617] batman_adv: batadv0: Adding interface: batadv_slave_0
[  165.391381][T12617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.417657][T12617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  165.429525][T12617] batman_adv: batadv0: Adding interface: batadv_slave_1
[  165.436484][T12617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.462975][T12617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.488315][T12617] hsr_slave_0: entered promiscuous mode
[  165.494371][T12617] hsr_slave_1: entered promiscuous mode
[  165.500480][T12617] debugfs: 'hsr0' already exists in 'hsr'
[  165.506403][T12617] Cannot create hsr debugfs directory
[  165.574022][T12706] loop0: detected capacity change from 0 to 128
[  165.592911][T12706] FAT-fs (loop0): error, corrupted file size (i_pos 548, 512)
[  165.600540][T12706] FAT-fs (loop0): Filesystem has been set read-only
[  165.628728][T12708] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3319'.
[  165.637813][T12708] netlink: 'syz.0.3319': attribute type 30 has an invalid length.
[  165.649622][ T5326] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  165.666673][ T5326] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  165.682550][ T5326] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  165.692349][ T5326] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  165.701382][T12712] netlink: 'syz.0.3321': attribute type 30 has an invalid length.
[  165.789028][T12617] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  165.800274][T12617] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  165.811826][T12617] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  165.825977][T12617] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  165.851424][   T29] audit: type=1326 audit(1755540469.993:18431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  165.891893][   T29] audit: type=1326 audit(1755540469.993:18432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  165.899041][T12617] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.916006][   T29] audit: type=1326 audit(1755540469.993:18433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  165.946136][   T29] audit: type=1326 audit(1755540469.993:18434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  165.950569][T12617] 8021q: adding VLAN 0 to HW filter on device team0
[  165.970001][   T29] audit: type=1326 audit(1755540469.993:18435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  166.000215][   T29] audit: type=1326 audit(1755540469.993:18436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  166.023842][   T29] audit: type=1326 audit(1755540469.993:18437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  166.030418][T12727] loop3: detected capacity change from 0 to 128
[  166.047569][   T29] audit: type=1326 audit(1755540469.993:18438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  166.077351][   T29] audit: type=1326 audit(1755540469.993:18439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12713 comm="syz.0.3322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64e731ebe9 code=0x7ffc0000
[  166.125786][ T5325] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.132984][ T5325] bridge0: port 1(bridge_slave_0) entered forwarding state
[  166.176406][ T5325] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.183702][ T5325] bridge0: port 2(bridge_slave_1) entered forwarding state
[  166.219918][T12617] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  166.230410][T12617] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  166.347160][T12617] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.466401][T12772] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3337'.
[  166.475325][T12772] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3337'.
[  166.493310][T12773] 9pnet_fd: Insufficient options for proto=fd
[  166.615800][T12617] veth0_vlan: entered promiscuous mode
[  166.642661][T12617] veth1_vlan: entered promiscuous mode
[  166.680354][T12617] veth0_macvtap: entered promiscuous mode
[  166.696710][T12617] veth1_macvtap: entered promiscuous mode
[  166.734612][T12617] batman_adv: batadv0: Interface activated: batadv_slave_0
[  166.753239][T12797] syzkaller1: entered promiscuous mode
[  166.759138][T12797] syzkaller1: entered allmulticast mode
[  166.770073][T12617] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.796386][ T5326] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  166.819505][ T5326] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  166.828818][ T5326] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  166.838587][ T5323] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  166.902409][T12813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3350'.
[  166.911717][T12813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3350'.
[  166.959685][T12817] sd 0:0:1:0: device reset
[  166.966652][T12817] program syz.4.3353 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  167.280170][T12842] SELinux:  Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped).
[  167.290858][T12844] loop4: detected capacity change from 0 to 512
[  167.307500][T12844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.322761][ T5326] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.323482][T12844] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  167.333093][ T5326] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.356720][T12852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3363'.
[  167.365723][T12852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3363'.
[  167.398346][T12854] netlink: 'syz.0.3365': attribute type 30 has an invalid length.
[  167.400110][T12844] SELinux:  Context system_u:object_r:utempter_exec_t:s0 is not valid (left unmapped).
[  167.425297][ T5326] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.435866][ T5326] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.519778][T12824] chnl_net:caif_netlink_parms(): no params data found
[  167.534722][T12844] loop4: detected capacity change from 512 to 3
[  167.535024][T12868] EXT4-fs error (device loop4): ext4_write_dquot:6913: comm syz.4.3362: Failed to commit dquot type 0
[  167.554743][T12868] EXT4-fs error (device loop4): ext4_write_dquot:6913: comm syz.4.3362: Failed to commit dquot type 1
[  167.573610][ T5326] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.574765][T12868] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Out of memory
[  167.584144][ T5326] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.613532][T12868] EXT4-fs error (device loop4): ext4_ext_truncate:4475: inode #18: comm syz.4.3362: mark_inode_dirty error
[  167.666219][T12868] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Out of memory
[  167.684825][T12868] EXT4-fs error (device loop4): ext4_truncate:4666: inode #18: comm syz.4.3362: mark_inode_dirty error
[  167.702689][T12866] loop3: detected capacity change from 0 to 128
[  167.709914][ T5326] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  167.720376][ T5326] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.813895][T12824] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.821045][T12824] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.840953][T12617] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.852260][T12824] bridge_slave_0: entered allmulticast mode
[  167.858905][T12824] bridge_slave_0: entered promiscuous mode
[  167.867914][T12824] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.875076][T12824] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.882796][T12824] bridge_slave_1: entered allmulticast mode
[  167.889714][T12824] bridge_slave_1: entered promiscuous mode
[  167.922577][T12824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  167.934978][T12824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  167.981923][T12824] team0: Port device team_slave_0 added
[  167.990343][T12824] team0: Port device team_slave_1 added
[  168.031631][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3377'.
[  168.040649][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3377'.
[  168.117515][T12888] FAULT_INJECTION: forcing a failure.
[  168.117515][T12888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.130800][T12888] CPU: 0 UID: 0 PID: 12888 Comm: syz.0.3378 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  168.130853][T12888] Tainted: [W]=WARN
[  168.130860][T12888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  168.130874][T12888] Call Trace:
[  168.130880][T12888]  <TASK>
[  168.130888][T12888]  __dump_stack+0x1d/0x30
[  168.130911][T12888]  dump_stack_lvl+0xe8/0x140
[  168.131009][T12888]  dump_stack+0x15/0x1b
[  168.131027][T12888]  should_fail_ex+0x265/0x280
[  168.131050][T12888]  should_fail+0xb/0x20
[  168.131069][T12888]  should_fail_usercopy+0x1a/0x20
[  168.131105][T12888]  _copy_to_user+0x20/0xa0
[  168.131183][T12888]  simple_read_from_buffer+0xb5/0x130
[  168.131243][T12888]  proc_fail_nth_read+0x10e/0x150
[  168.131279][T12888]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  168.131325][T12888]  vfs_read+0x1a8/0x770
[  168.131345][T12888]  ? __rcu_read_unlock+0x4f/0x70
[  168.131384][T12888]  ? __fget_files+0x184/0x1c0
[  168.131489][T12888]  ksys_read+0xda/0x1a0
[  168.131571][T12888]  __x64_sys_read+0x40/0x50
[  168.131593][T12888]  x64_sys_call+0x27bc/0x2ff0
[  168.131675][T12888]  do_syscall_64+0xd2/0x200
[  168.131726][T12888]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  168.131751][T12888]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  168.131778][T12888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.131855][T12888] RIP: 0033:0x7f64e731d5fc
[  168.131892][T12888] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  168.131910][T12888] RSP: 002b:00007f64e5d87030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  168.131931][T12888] RAX: ffffffffffffffda RBX: 00007f64e7545fa0 RCX: 00007f64e731d5fc
[  168.131944][T12888] RDX: 000000000000000f RSI: 00007f64e5d870a0 RDI: 0000000000000006
[  168.131991][T12888] RBP: 00007f64e5d87090 R08: 0000000000000000 R09: 0000000000000000
[  168.132051][T12888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.132063][T12888] R13: 00007f64e7546038 R14: 00007f64e7545fa0 R15: 00007ffffb83b7e8
[  168.132082][T12888]  </TASK>
[  168.379880][ T5326] bond0 (unregistering): Released all slaves
[  168.389175][ T5326] bond1 (unregistering): Released all slaves
[  168.417291][T12824] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.424269][T12824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.450380][T12824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  168.492611][T12824] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.499820][T12824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.525865][T12824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  168.605070][ T5326] veth1_macvtap: left promiscuous mode
[  168.618046][ T5326] veth0_macvtap: left promiscuous mode
[  168.623767][ T3291] printk: udevd: 117 output lines suppressed due to ratelimiting
[  168.631841][ T5326] veth0_vlan: left promiscuous mode
[  168.784305][T12907] loop0: detected capacity change from 0 to 1024
[  168.799895][T12824] hsr_slave_0: entered promiscuous mode
[  168.815233][T12824] hsr_slave_1: entered promiscuous mode
[  168.821674][T12824] debugfs: 'hsr0' already exists in 'hsr'
[  168.827456][T12824] Cannot create hsr debugfs directory
[  168.840116][T12907] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.874159][T12907] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.897236][T12907] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.3385: lblock 3 mapped to illegal pblock 3 (length 13)
[  168.944290][T12914] FAULT_INJECTION: forcing a failure.
[  168.944290][T12914] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.957409][T12914] CPU: 1 UID: 0 PID: 12914 Comm: syz.3.3387 Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  168.957531][T12914] Tainted: [W]=WARN
[  168.957538][T12914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  168.957549][T12914] Call Trace:
[  168.957555][T12914]  <TASK>
[  168.957563][T12914]  __dump_stack+0x1d/0x30
[  168.957582][T12914]  dump_stack_lvl+0xe8/0x140
[  168.957670][T12914]  dump_stack+0x15/0x1b
[  168.957688][T12914]  should_fail_ex+0x265/0x280
[  168.957706][T12914]  should_fail+0xb/0x20
[  168.957721][T12914]  should_fail_usercopy+0x1a/0x20
[  168.957847][T12914]  _copy_from_user+0x1c/0xb0
[  168.957873][T12914]  perf_copy_attr+0x145/0x610
[  168.957898][T12914]  __se_sys_perf_event_open+0x67/0x11c0
[  168.957946][T12914]  ? vfs_write+0x7e8/0x960
[  168.957966][T12914]  ? __rcu_read_unlock+0x4f/0x70
[  168.958023][T12914]  __x64_sys_perf_event_open+0x67/0x80
[  168.958053][T12914]  x64_sys_call+0x7bd/0x2ff0
[  168.958072][T12914]  do_syscall_64+0xd2/0x200
[  168.958109][T12914]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  168.958183][T12914]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  168.958218][T12914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.958237][T12914] RIP: 0033:0x7f3ea1dbebe9
[  168.958252][T12914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.958309][T12914] RSP: 002b:00007f3ea081f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  168.958326][T12914] RAX: ffffffffffffffda RBX: 00007f3ea1fe5fa0 RCX: 00007f3ea1dbebe9
[  168.958337][T12914] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200
[  168.958347][T12914] RBP: 00007f3ea081f090 R08: 0000000000000000 R09: 0000000000000000
[  168.958367][T12914] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  168.958380][T12914] R13: 00007f3ea1fe6038 R14: 00007f3ea1fe5fa0 R15: 00007ffd7d3ba7d8
[  168.958399][T12914]  </TASK>
[  168.966459][T12907] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[  169.170131][T12907] EXT4-fs (loop0): This should not happen!! Data will be lost
[  169.170131][T12907] 
[  169.183964][T12920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3389'.
[  169.192908][T12920] netlink: 'syz.3.3389': attribute type 30 has an invalid length.
[  169.202683][T12915] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.3385: lblock 3 mapped to illegal pblock 3 (length 1)
[  169.271000][T12926] netlink: 'syz.2.3391': attribute type 30 has an invalid length.
[  169.521609][T12824] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  169.530807][T12824] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  169.567491][T12824] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  169.591432][T12824] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  169.648715][T12934] loop2: detected capacity change from 0 to 1024
[  169.666835][T12934] EXT4-fs: Ignoring removed orlov option
[  169.684164][T12934] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.720742][T12944] netlink: 'syz.3.3395': attribute type 30 has an invalid length.
[  169.729907][T11066] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.742983][T12824] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.755191][T12824] 8021q: adding VLAN 0 to HW filter on device team0
[  169.765039][ T5322] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.772123][ T5322] bridge0: port 1(bridge_slave_0) entered forwarding state
[  169.791071][T11684] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.808434][ T5325] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.815601][ T5325] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.897085][T12952] netlink: 'syz.3.3399': attribute type 30 has an invalid length.
[  169.937814][T12824] 8021q: adding VLAN 0 to HW filter on device batadv0
[  170.020194][T12975] capability: warning: `syz.0.3401' uses deprecated v2 capabilities in a way that may be insecure
[  170.042851][T12981] sd 0:0:1:0: device reset
[  170.047866][T12975] atomic_op ffff8881034ab528 conn xmit_atomic 0000000000000000
[  170.056469][T12981] program syz.3.3404 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  170.072949][T12824] veth0_vlan: entered promiscuous mode
[  170.082333][T12824] veth1_vlan: entered promiscuous mode
[  170.099861][T12824] veth0_macvtap: entered promiscuous mode
[  170.108697][T12824] veth1_macvtap: entered promiscuous mode
[  170.120513][T12824] batman_adv: batadv0: Interface activated: batadv_slave_0
[  170.132254][T12824] batman_adv: batadv0: Interface activated: batadv_slave_1
[  170.145064][ T5322] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.167379][ T5324] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  170.181663][ T5324] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  170.192985][ T5324] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  170.202155][ T5324] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.265510][T12999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3410'.
[  170.274434][T12999] netlink: 'syz.2.3410': attribute type 30 has an invalid length.
[  170.375419][   T29] kauditd_printk_skb: 372 callbacks suppressed
[  170.375432][   T29] audit: type=1326 audit(1755540474.523:18810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12986 comm="syz.3.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.405538][   T29] audit: type=1326 audit(1755540474.523:18811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12986 comm="syz.3.3406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.466780][T12993] chnl_net:caif_netlink_parms(): no params data found
[  170.550115][   T29] audit: type=1326 audit(1755540474.693:18812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.574567][   T29] audit: type=1326 audit(1755540474.693:18813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.598802][   T29] audit: type=1326 audit(1755540474.693:18814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.622544][   T29] audit: type=1326 audit(1755540474.693:18815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.646365][   T29] audit: type=1326 audit(1755540474.693:18816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.670120][   T29] audit: type=1326 audit(1755540474.693:18817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.693861][   T29] audit: type=1326 audit(1755540474.693:18818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.717535][   T29] audit: type=1326 audit(1755540474.693:18819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13019 comm="syz.3.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ea1dbebe9 code=0x7ffc0000
[  170.741913][T13011] loop2: detected capacity change from 0 to 128
[  170.762521][T12993] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.769870][T12993] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.777618][T12993] bridge_slave_0: entered allmulticast mode
[  170.789090][T12993] bridge_slave_0: entered promiscuous mode
[  170.835093][T12993] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.835118][T13026] netlink: 'syz.0.3415': attribute type 30 has an invalid length.
[  170.835198][T12993] ==================================================================
[  170.835223][T12993] BUG: KCSAN: data-race in data_push_tail / string
[  170.835250][T12993] 
[  170.835256][T12993] write to 0xffffffff88e38d20 of 1 bytes by task 13026 on cpu 1:
[  170.835273][T12993]  string+0x187/0x220
[  170.835289][T12993]  vsnprintf+0x532/0x890
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  170.835306][T12993]  vscnprintf+0x41/0x90
[  170.835323][T12993]  printk_sprint+0x30/0x2d0
[  170.835340][T12993]  vprintk_store+0x599/0x860
[  170.835371][T12993]  vprintk_emit+0x178/0x650
[  170.835388][T12993]  vprintk_default+0x26/0x30
[  170.835405][T12993]  vprintk+0x1d/0x30
[  170.835425][T12993]  _printk+0x79/0xa0
[  170.835453][T12993]  __nla_validate_parse+0x1227/0x1d00
[  170.835473][T12993]  __nla_parse+0x40/0x60
[  170.835494][T12993]  rtnl_newlink+0x793/0x12d0
[  170.835519][T12993]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  170.835542][T12993]  netlink_rcv_skb+0x123/0x220
[  170.835561][T12993]  rtnetlink_rcv+0x1c/0x30
[  170.835585][T12993]  netlink_unicast+0x5bd/0x690
[  170.835616][T12993]  netlink_sendmsg+0x58b/0x6b0
[  170.835636][T12993]  __sock_sendmsg+0x142/0x180
[  170.835662][T12993]  ____sys_sendmsg+0x345/0x4e0
[  170.835681][T12993]  ___sys_sendmsg+0x17b/0x1d0
[  170.835698][T12993]  __sys_sendmmsg+0x178/0x300
[  170.835715][T12993]  __x64_sys_sendmmsg+0x57/0x70
[  170.835740][T12993]  x64_sys_call+0x1c4a/0x2ff0
[  170.835761][T12993]  do_syscall_64+0xd2/0x200
[  170.835787][T12993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.835808][T12993] 
[  170.835815][T12993] read to 0xffffffff88e38d20 of 8 bytes by task 12993 on cpu 0:
[  170.835831][T12993]  data_push_tail+0xfd/0x420
[  170.835858][T12993]  data_alloc+0xbf/0x2b0
[  170.835885][T12993]  prb_reserve+0x808/0xaf0
[  170.835909][T12993]  vprintk_store+0x56d/0x860
[  170.835935][T12993]  vprintk_emit+0x178/0x650
[  170.835950][T12993]  vprintk_default+0x26/0x30
[  170.835968][T12993]  vprintk+0x1d/0x30
[  170.835991][T12993]  _printk+0x79/0xa0
[  170.836018][T12993]  br_set_state+0x28c/0x390
[  170.836041][T12993]  br_init_port+0x5c/0xf0
[  170.836071][T12993]  new_nbp+0x22b/0x300
[  170.836090][T12993]  br_add_if+0x1e7/0xa60
[  170.836108][T12993]  br_add_slave+0x2c/0x40
[  170.836140][T12993]  do_set_master+0x38d/0x460
[  170.836167][T12993]  do_setlink+0xa43/0x2810
[  170.836193][T12993]  rtnl_newlink+0xe75/0x12d0
[  170.836214][T12993]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  170.836237][T12993]  netlink_rcv_skb+0x123/0x220
[  170.836256][T12993]  rtnetlink_rcv+0x1c/0x30
[  170.836279][T12993]  netlink_unicast+0x5bd/0x690
[  170.836306][T12993]  netlink_sendmsg+0x58b/0x6b0
[  170.836325][T12993]  __sock_sendmsg+0x142/0x180
[  170.836350][T12993]  __sys_sendto+0x268/0x330
[  170.836380][T12993]  __x64_sys_sendto+0x76/0x90
[  170.836398][T12993]  x64_sys_call+0x2d05/0x2ff0
[  170.836417][T12993]  do_syscall_64+0xd2/0x200
[  170.836440][T12993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.836461][T12993] 
[  170.836466][T12993] value changed: 0x00000000fffff54b -> 0x3a27353134332e30
[  170.836479][T12993] 
[  170.836484][T12993] Reported by Kernel Concurrency Sanitizer on:
[  170.836499][T12993] CPU: 0 UID: 0 PID: 12993 Comm: syz-executor Tainted: G        W           6.17.0-rc2-syzkaller #0 PREEMPT(voluntary) 
[  170.836529][T12993] Tainted: [W]=WARN
[  170.836536][T12993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  170.836548][T12993] ==================================================================
[  171.180330][T12993] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.190301][T12993] bridge_slave_1: entered allmulticast mode
[  171.197193][T12993] bridge_slave_1: entered promiscuous mode
[  171.567123][ T5322] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.627988][ T5322] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.697055][ T5322] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.765805][ T5322] bridge_slave_1: left allmulticast mode
[  171.771513][ T5322] bridge_slave_1: left promiscuous mode
[  171.777234][ T5322] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.785205][ T5322] bridge_slave_0: left allmulticast mode
[  171.790854][ T5322] bridge_slave_0: left promiscuous mode
[  171.796632][ T5322] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.906650][ T5322] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  171.916613][ T5322] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  171.926070][ T5322] bond0 (unregistering): Released all slaves
[  171.988332][ T5322] hsr_slave_0: left promiscuous mode
[  171.994038][ T5322] hsr_slave_1: left promiscuous mode
[  171.999822][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.007224][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_0
[  172.014875][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.022330][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_1
[  172.032516][ T5322] veth1_macvtap: left promiscuous mode
[  172.038253][ T5322] veth0_macvtap: left promiscuous mode
[  172.043766][ T5322] veth1_vlan: left promiscuous mode
[  172.049394][ T5322] veth0_vlan: left promiscuous mode
[  172.100344][ T5322] team0 (unregistering): Port device team_slave_1 removed
[  172.109569][ T5322] team0 (unregistering): Port device team_slave_0 removed
[  172.458126][ T5322] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.468479][ T5322] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.516902][ T5322] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.527293][ T5322] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.576935][ T5322] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.587268][ T5322] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.648407][ T5322] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.658801][ T5322] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.708575][ T5322] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.718951][ T5322] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.747218][ T5322] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.757546][ T5322] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.806783][ T5322] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.817489][ T5322] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.877311][ T5322] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.887604][ T5322] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.927836][ T5322] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.938159][ T5322] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.967521][ T5322] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  172.978000][ T5322] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.037717][ T5322] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  173.048076][ T5322] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.117067][ T5322] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  173.127558][ T5322] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.166349][ T5322] bridge_slave_1: left allmulticast mode
[  173.172087][ T5322] bridge_slave_1: left promiscuous mode
[  173.177782][ T5322] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.185689][ T5322] bridge_slave_0: left allmulticast mode
[  173.191322][ T5322] bridge_slave_0: left promiscuous mode
[  173.197021][ T5322] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.205241][ T5322] bridge_slave_1: left allmulticast mode
[  173.210897][ T5322] bridge_slave_1: left promiscuous mode
[  173.216679][ T5322] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.224486][ T5322] bridge_slave_0: left allmulticast mode
[  173.230252][ T5322] bridge_slave_0: left promiscuous mode
[  173.235957][ T5322] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.244248][ T5322] bridge_slave_1: left allmulticast mode
[  173.250537][ T5322] bridge_slave_1: left promiscuous mode
[  173.256238][ T5322] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.263924][ T5322] bridge_slave_0: left allmulticast mode
[  173.269610][ T5322] bridge_slave_0: left promiscuous mode
[  173.275355][ T5322] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.283554][ T5322] bridge_slave_1: left allmulticast mode
[  173.289420][ T5322] bridge_slave_1: left promiscuous mode
[  173.295106][ T5322] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.302677][ T5322] bridge_slave_0: left allmulticast mode
[  173.308366][ T5322] bridge_slave_0: left promiscuous mode
[  173.314161][ T5322] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.436484][ T5322] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.446562][ T5322] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.455965][ T5322] bond0 (unregistering): Released all slaves
[  173.626830][ T5322] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.636594][ T5322] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.645967][ T5322] bond0 (unregistering): Released all slaves
[  173.787062][ T5322] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  173.797036][ T5322] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  173.806568][ T5322] bond0 (unregistering): Released all slaves
[  173.845835][ T5322] bond0 (unregistering): Released all slaves
[  173.937418][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  173.944854][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.952426][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  173.959970][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.968642][ T5322] hsr_slave_0: left promiscuous mode
[  173.974338][ T5322] hsr_slave_1: left promiscuous mode
[  173.979946][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  173.987557][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.995673][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.003227][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.012037][ T5322] hsr_slave_0: left promiscuous mode
[  174.017666][ T5322] hsr_slave_1: left promiscuous mode
[  174.023337][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.030964][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.038556][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.046119][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.059795][ T5322] veth1_macvtap: left promiscuous mode
[  174.065392][ T5322] veth0_macvtap: left promiscuous mode
[  174.071072][ T5322] veth1_vlan: left promiscuous mode
[  174.076410][ T5322] veth0_vlan: left promiscuous mode
[  174.082097][ T5322] veth1_macvtap: left promiscuous mode
[  174.087606][ T5322] veth0_macvtap: left promiscuous mode
[  174.093092][ T5322] veth1_vlan: left promiscuous mode
[  174.098678][ T5322] veth0_vlan: left promiscuous mode
[  174.104407][ T5322] veth1_macvtap: left promiscuous mode
[  174.109978][ T5322] veth0_macvtap: left promiscuous mode
[  174.115498][ T5322] veth1_vlan: left promiscuous mode
[  174.120975][ T5322] veth0_vlan: left promiscuous mode
[  174.225746][ T5322] team0 (unregistering): Port device team_slave_1 removed
[  174.235579][ T5322] team0 (unregistering): Port device team_slave_0 removed
[  174.280250][ T5322] team0 (unregistering): Port device team_slave_1 removed
[  174.290095][ T5322] team0 (unregistering): Port device team_slave_0 removed
[  174.333624][ T5322] team0 (unregistering): Port device team_slave_1 removed
[  174.344042][ T5322] team0 (unregistering): Port device team_slave_0 removed
[  175.198375][ T5322] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.276921][ T5322] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.347097][ T5322] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.416844][ T5322] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  175.495421][ T5322] bridge_slave_1: left allmulticast mode
[  175.501217][ T5322] bridge_slave_1: left promiscuous mode
[  175.507033][ T5322] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.515042][ T5322] bridge_slave_0: left allmulticast mode
[  175.520776][ T5322] bridge_slave_0: left promiscuous mode
[  175.526567][ T5322] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.596610][ T5322] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  175.606673][ T5322] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  175.616051][ T5322] bond0 (unregistering): Released all slaves
[  175.667549][ T5322] hsr_slave_0: left promiscuous mode
[  175.673338][ T5322] hsr_slave_1: left promiscuous mode
[  175.679128][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.686666][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.694124][ T5322] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.701608][ T5322] batman_adv: batadv0: Removing interface: batadv_slave_1
[  175.711345][ T5322] veth1_macvtap: left promiscuous mode
[  175.717172][ T5322] veth0_macvtap: left promiscuous mode
[  175.722671][ T5322] veth1_vlan: left promiscuous mode
[  175.727946][ T5322] veth0_vlan: left promiscuous mode
[  175.779795][ T5322] team0 (unregistering): Port device team_slave_1 removed
[  175.789564][ T5322] team0 (unregistering): Port device team_slave_0 removed