last executing test programs:

2m0.551050243s ago: executing program 2 (id=3974):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x3a7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r9, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
getgid()
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x34, r1, 0x7, 0x2, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x2710}]}, 0x34}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

2m0.280707647s ago: executing program 2 (id=3976):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={0x0}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r6}, 0x18)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

1m59.4772856s ago: executing program 2 (id=3980):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000110000000800000000000000000000003000000000100000002"], 0x0, 0x4e}, 0x20)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x9}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}]}, 0x38}}, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}, 0x801}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_serviced\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(0x0, 0xffffffffffffffff, 0x40000000000000, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r4, 0xfffff000, 0xe, 0x0, &(0x7f0000001700)="61df7100c80400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendto$inet6(r0, &(0x7f0000000180)="7800000018002507b9409b14ffff00000204be04020506050e0204095c0008000400000046000045653600648d0a0012000200000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004b32000400170005000a00000000e5c2cc7f18ff2439d1ddf66ed538f252325bd059c52cd85ab6d3", 0x78, 0x0, 0x0, 0x0)

1m59.439376961s ago: executing program 2 (id=3981):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x486, &(0x7f0000001040)="$eJzs3M9rHFUcAPDv7Db93SbWWm1tNVrF4o+kSav24EFFwYOCoId6jElaa7eNNBFsCRpF6lEK3sWj4F/gzYuoBxG8KniUQtEgNPW0Mr+a7WaTJmmSNdnPBzb73s6bfe87M2/3zbzMBtCxetM/ScTOiPgtIrrz7K0FevOnmenJ4RvTk8NJ1Otv/JVk5a5PTw6XRcv1dhSZI5WIyqdJPJ/MrXf84qWzQ7Xa6IUi3z9x7r3+8YuXnjpzbuj06OnR84MnThw/NvDsM4NPr0icaVzXD3w4dnD/K29deW345JW3f/wmbda+Q/nyxjhu60aLgFroTbfa3/VM87JHl9D29WBXQzrZ1MaGsCTViEh3V1fW/7ujGrM7rzte/qStjQNWVfrdtGX+xVN1YANLot0tANqj/KJPz3/LxxoNPf4Xrr0QsblIz0xPDs/cjL9arxSvd61i/b0RcXLq3y/TRyz1OgQAwDJkY5snW43/KrEve87nOnYXcyg9EXFXROyJiLsjYm9E3BORlb03Iu7LV653L7L+3qb83PFP5WrLNq+QdPz3XMPYb6Yh/uKpp1rkdmXxdyWnztRGjxbb5Eh0bUnzAwvU8d1Lv34+37LG8V/6SOsvx4JFA65uarpANzI0MbRSG+HaxxEHNrWKP7k5E5AeAfsj4sDS3np3mTjz+NcH5yt0+/gXsALzTPWvIh7L9/9UNMVfShaen+zfGrXRo/3lUTHXT79cfn2++u8o/hWQ7v/ttx7/TSW6/0ny+dquqNVGL4wvvY7Lv3827znNco//zcmb2Zz1z+/kr30wNDFxYSBic/Jqli/P6bLXB2fXLfNl+TT+I4db9/89xTpp/PdHRHoQH4qIByLiwaLtD0XEwxFxeIH4f3jxkXcXiD+JJNq6/0dafv7dPP57ksb5+mUkqme//3a+GfPF7f/jMZV91uayz7/bWGwD73DzAQAAwLpQiYidkVT68nTvzqhU+vry/+HfG9srtbHxiSdOjb1/fiS/R6Anuirlla7uhuuhA8lU8Y55frC4VlwuP1ZcN/6iui3L9w2P1UbaHDt0uh239v8o+3/qz2q7WwesOvdrQedq7v+VNrUDWHuL+f53LgAbU4v+v60d7QDWnvN/6Fyt+v9HTXnjf9iY5vb/P1r8ZB2wERn/Q+fS/6Fz6f/Qke7kvv7lJ8qbBZb/PlsXfYd/pyTKX7xYzbq2xewrUWl7yB2USHvM2lY6+xsqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA69l/AQAA//9EvefZ")
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0x38, 0xf8, 0x0, 0x0, 0x0, 0x9, 0x510, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10002, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x2, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x19}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="fbff00000000bbbbbbbbbbbb08"], 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
syz_clone(0x1940380, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'lo\x00', 0x200})
r1 = socket(0x400000000010, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x2, 0x70bd2a, 0xfffffffb, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {0xffff, 0x1c}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xffff}}}]}, 0x38}}, 0x1)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x9}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x48c0}, 0x20001880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
timerfd_gettime(0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000000000000000000000000105000000100000"], 0x0, 0x53}, 0x28)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xb, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="b400000000090000dd0a00000000000073013b00000000009500000000000000425e494e53a90f38f870e056d03b2010633dee8a3a6601dbd2"], &(0x7f0000000380)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x7}, 0x10}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000540)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x62, '\x00', r3, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x890b, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="680000000201126300001005020000000000000000020073797a30000000001c00078018000180148a841ebf0000000000000000000000000000000510050012000079d100010006000000"], 0x68}}, 0x0)
socket$inet6(0xa, 0x80002, 0x0)

1m59.308540283s ago: executing program 2 (id=3985):
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3f00, 0x0)

1m59.225543634s ago: executing program 2 (id=3989):
bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000ff7f00e2a9"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
pread64(0xffffffffffffffff, &(0x7f0000000280)=""/155, 0x9b, 0x8000000)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x15)
r0 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

1m59.224870014s ago: executing program 32 (id=3989):
bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000ff7f00e2a9"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
pread64(0xffffffffffffffff, &(0x7f0000000280)=""/155, 0x9b, 0x8000000)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x15)
r0 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

1m4.083073412s ago: executing program 3 (id=4827):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0xd2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000002080)={0x2, {"a2e3ad214fc752f91b450a0787f70e06d038e7ff7fc6e5539b326d078b089b2008385d090890e0878f0e1ac6e70a9b334a959b689a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5bb6f5dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f0841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b158b41f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b00005e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85824056526f889af43a605608057228652010400006c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d82d6734b849304c27b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833c596c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f5d6d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9ef6d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ca4d24ad92f243941ed274f12a29ff962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e029efe0703615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712ea5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9b97474a5966a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185daba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687fd1602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81da8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6687f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741258c5488efeee327415cc19451432c6f14c27693102a5bd848d7cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a941f0000005f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c86310e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39e3313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13b5c1fa7cfaadba85c7248758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb9957697c9ede7885d94ffb0759be0daf60a842b09eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f49013a3a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1271e0400", 0x1000}}, 0x1006)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000000380)={0xffffffffffffffff, 0x1, 0x40, 0xfc, @vifc_lcl_addr=@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r4}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x200}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0xffff, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e85000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_generic(r8, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000001cc0)={0x3a0, 0x14, 0x200, 0x70bd29, 0x25dfdbfb, {0xb}, [@generic="e681f60e78f0b17abe498a4a0c555c0fa6f82faa288db8b7b708777caed4052647bd7601575bf9de33dfe749f1cb95ca08595b2fa03f4080e0dd2b5db0c88810b84a13c09ae19321b306f1acc3ab0fe5b378bf5b85e1c5c58b0713cf9d8c787519e085836b63e7face0cefd71813881a89c8f73a8b3c3cf8067f56856172ef47a9b627fd5800d949c33e9636fa091affccc9761c06f86c9009dad097de8c916e3ab14bd988fba9726e9e831f207845c89f8d807809db0a9422e500791cdc4ef58318b49247a4910c", @generic="d6f51f6f322a451c4ec0d0cd2b75a5fbebc89110f63d2673ad11aea090eaf63dd2fa6ae4f62348feab01a4ba6e77c730243564e1a9a949d39f17aaf98aacb5599fe72d834728c86b00ffe30bd3c8888c0dccd7dcf6c51177496965836170bd55c1af2523f91867", @nested={0xe4, 0x6e, 0x0, 0x1, [@nested={0x4, 0x112}, @generic="2baa6cedd691d259b0367a38cc816bdea2705ad17ee5b17c054d4041dba4f6ade76de91733b5320453924ea008d1f10ad443fb393b2a9ee0dde180c207923e52e8ee8f60a7d84f715f2bab9013576618457f1c3d89437e83d958527ffa7878f5f211aafa4298f6c479ca698f", @typed={0x8, 0x14, 0x0, 0x0, @fd=r8}, @nested={0x4, 0x4b}, @typed={0x8, 0x147, 0x0, 0x0, @u32=0x7}, @nested={0x4, 0x13b}, @typed={0x14, 0x122, 0x0, 0x0, @ipv6=@private2}, @typed={0x10, 0x119, 0x0, 0x0, @binary="c26e8f4a31f7134cfa3ac188"}, @typed={0x8, 0xd, 0x0, 0x0, @u32=0x2f1}, @typed={0x2a, 0x138, 0x0, 0x0, @binary="a44f4a763a7fe964d43603cf73d40cf938f896674d47c9938012120d114a3b2be1e85ab8daa6"}]}, @typed={0x39, 0x12e, 0x0, 0x0, @binary="f868ce945cadb55eea97eb38dc7ac2ca94a5fb02b025e9bc8dec04d1f4a7393910200147121e30144b402930e908bb72ec4672a679"}, @generic="982832fc98b3d860c03d03fd05e14886bb0e0fa5ff4ed5f2eaac8f5aea7ec0e46f6a9b6afcf1eb0563df272a64c717ffa8b6a65ca9546fdf860967523917738f892708d4941d6c9009eeaa001fed7ea1690ff85e6e465c86376177a7985fcc025e96fd502e54ce954fe03f8dbb7f8f6f5bb7f1a7ffc43fb7de073c9ef0aa440dba0f56277c4f855fb75cd555b515c70d1a40b7db74c661fc4f11e122291b769189456dbe382bea088ea57a96a4f9415d1aa140b121e6e03d799cbfc36ae92258652f838046a745d63451c3b3b439883f03d1bb68ec7e61cd51f5cc6a0b209abc0f32f4e173f6a2a096", @typed={0x14, 0x106, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @generic="c89c0222d2fb8a9a3f35aab8c7dd851b8b7908aac59a142d803cda8f7c576d2471e61d14feb9bf61a2f49f56a7e4f481d35523b9ea8350487ceabef87e43"]}, 0x3a0}, 0x1, 0x0, 0x0, 0x800}, 0x20044081)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r11}, 0x10)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c000100636f756e7465720010000180090001006c617374"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r12 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r12, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)

1m3.791556526s ago: executing program 3 (id=4829):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080)
r5 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f138d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade5b175c0a9b2ce9", 0x55}], 0x1}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
ustat(0x1, &(0x7f0000000100))
sched_rr_get_interval(0x0, &(0x7f0000000300))

1m3.716766027s ago: executing program 3 (id=4831):
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18)
setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r1, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804) (fail_nth: 10)

1m3.681655898s ago: executing program 3 (id=4832):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, r1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0xacf0165)
memfd_secret(0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
io_cancel(0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x80000000, 0x0, 0x1}, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0)
pwritev(r3, &(0x7f00000000c0)=[{0x0, 0x4f}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0)
munlockall()
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200000a, 0x50, r3, 0xf5ce000)
setsockopt$MRT6_ASSERT(r3, 0x29, 0xcf, &(0x7f0000000040)=0x1, 0x4)
setpgid(0x0, r1)
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0x87d, 0x401, 0x0)
ioctl$VT_GETSTATE(r3, 0x5603, &(0x7f00000001c0)={0x0, 0x1, 0x9})

1m3.602895109s ago: executing program 3 (id=4836):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
unshare(0x24020400)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x80000)
bind$bt_hci(r1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

1m2.426186058s ago: executing program 3 (id=4848):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

1m2.425484058s ago: executing program 33 (id=4848):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

4.023430616s ago: executing program 4 (id=5875):
futex(&(0x7f000000cffc)=0x1, 0xd, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000)=0x2, 0x25000001)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00"/13], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x100}, 0x18)
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x44008004)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001e80)=@newtaction={0x48, 0x31, 0x1, 0xfffffffd, 0x25dfdbfb, {0x0, 0x0, 0x11}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x2, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000037c0)={0x0, 0xe4ff, &(0x7f0000003780)={&(0x7f0000002100)=@newtaction={0x894, 0x30, 0x12f, 0x0, 0x0, {}, [{0x880, 0x1, [@m_police={0x87c, 0x1, 0x0, 0x0, {{0xb}, {0x850, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x4, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x7fff, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x7, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x2, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x4, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x0, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0xfffffffa, 0x3, 0x7, 0x9, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x9}], [@TCA_POLICE_TBF={0x30, 0x1, {0x3, 0x1, 0x7, 0x4, 0x1, {0x7, 0x0, 0x3, 0x7, 0x7, 0x80000001}, {0x4, 0x2, 0x2, 0xa, 0x1ff, 0x1c0000}, 0x9, 0xbc, 0xdf72c67}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x894}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1810000000000020ae200000008a00000900000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r9, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r9, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005f80)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1ff, 0x0, 0x20000001, 0x4, 0x2}, 0x1, r8}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xff}}]}, 0x90}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00)
creat(&(0x7f0000000300)='./file0\x00', 0x28)
r10 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r10, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r10, 0x29, 0x30, &(0x7f00000004c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x90)

3.340313817s ago: executing program 6 (id=5882):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111b200000000008510000002000000850000008d00fc9eeabebf00525a00009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080)
r5 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r5, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
ustat(0x1, &(0x7f0000000100))
sched_rr_get_interval(0x0, &(0x7f0000000300))

3.282946908s ago: executing program 6 (id=5883):
r0 = syz_io_uring_complete(0x0)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x7, 0x24, 0x0, 0x28, 0x0, 0x70bd27, 0x25dfdbff, [@sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e20, 0x5, @rand_addr=' \x01\x00', 0x8}}, @sadb_x_filter={0x5, 0x1a, @in6=@loopback, @in=@multicast1, 0x2b, 0x14, 0x10}, @sadb_x_filter={0x5, 0x1a, @in6=@loopback, @in=@multicast1, 0x29, 0x10}, @sadb_key={0xd, 0x8, 0x2e0, 0x0, "21483b911c2bb3e43e4d629b286b69d2f01f67cd92047563174bdf2cdeb8a3a0e211d019c32985c2994b4ffe92a7b47ea868770ef30d0be4de9dc5013c99fabc6ef2946d885e5e5f6c37d85beb6ac1b17e86a11edc294b98149092da"}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e22, 0x5, @mcast1, 0x2}, @in6={0xa, 0x4e20, 0x7ff, @empty, 0x3}}]}, 0x140}}, 0x40)
write$tun(r0, &(0x7f00000001c0)={@val={0x0, 0x88a2}, @val={0x2, 0x80, 0xfff1, 0x2, 0x1, 0x10}, @arp=@ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x4, @broadcast, @empty, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}}}, 0x42)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff}, './file0\x00'})
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x38, 0x0, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @private0}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xffffffff}]}, 0x38}, 0x1, 0x0, 0x0, 0x885}, 0x4800)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000380)='geneve0\x00', 0x10)
r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x80049367, &(0x7f0000000400))
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000440)={0x0, r0, 0xea2a, 0x6, 0x4, 0x4})
getresuid(&(0x7f0000000480)=<r4=>0x0, &(0x7f00000004c0)=<r5=>0x0, &(0x7f0000000500)=<r6=>0x0)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010100}, @in6=@empty, 0x4e20, 0x101, 0x4e20, 0x0, 0xa, 0x0, 0x0, 0x87, 0x0, r4}, {0x3, 0x87dc, 0xffffffffffff7fff, 0x7, 0x61d, 0x3ff, 0x1e5e1f65, 0x8000000000000001}, {0x336d, 0x6, 0x5e08c6bd, 0x5c9}, 0x4b, 0x6e6bbf, 0x0, 0x1, 0x2, 0x3}, {{@in=@local, 0x4d4, 0x2b}, 0x67738b7a0288b3d8, @in=@rand_addr=0x64010101, 0x0, 0x0, 0x3, 0x9, 0x7, 0x80}}, 0xe8)
fdatasync(r1)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000640)='vm_unmapped_area\x00', r0, 0x0, 0x985}, 0x18)
mount$9p_rdma(&(0x7f00000006c0), &(0x7f0000000700)='./file0\x00', &(0x7f0000000740), 0x4, &(0x7f0000000780)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq', 0x3d, 0xd}}, {@common=@fscache}, {@sq={'sq', 0x3d, 0x54}}], [{@obj_role={'obj_role', 0x3d, '/selinux/avc/cache_threshold\x00'}}, {@measure}, {@fowner_gt={'fowner>', r6}}, {@fsname={'fsname', 0x3d, 'geneve0\x00'}}, {@euid_lt={'euid<', r5}}]}})
shutdown(r1, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000980)={@fallback=<r8=>r3, 0x0, 0x0, 0x1c, &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0], &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r9=>0x0}, 0x40)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000cc0)={r7, 0xe0, &(0x7f0000000bc0)={0x0, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000a00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000a80)=[0x0], 0x0, 0x34, &(0x7f0000000ac0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000b00), &(0x7f0000000b40), 0x8, 0xd5, 0x8, 0x8, &(0x7f0000000b80)}}, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000009c0)={@fallback=r0, r1, 0x0, 0x20, 0x0, @void, @void, @void, @value=r10, r9}, 0x20)
r11 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000d00), 0x1, 0x0)
r12 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000d80), 0x2, 0x0)
r13 = memfd_secret(0x80000)
ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000001180)={{0x1, 0x1, 0x18, <r14=>r3, {0x4}}, './file0\x00'})
r15 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f00000011c0), 0x2, 0x0)
pipe2$9p(&(0x7f0000001200)={0xffffffffffffffff, <r16=>0xffffffffffffffff}, 0x80)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000001240)={0x0, <r17=>0x0})
r18 = getpgid(0xffffffffffffffff)
sendmsg$netlink(r11, &(0x7f00000013c0)={&(0x7f0000000d40)=@kern={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001140)=[{&(0x7f0000000dc0)={0x198, 0x2c, 0x200, 0x70bd2d, 0x25dfdbfc, "", [@nested={0x7c, 0xed, 0x0, 0x1, [@nested={0x4, 0x59}, @generic="3e6876d02f85bff75669aba53bcd7f63b2515b0fa6c962fb4f9893302d94a313e073a2b61dd91c50b9473f24947a2656b7a0e542cb0b5710ebf6dea32af28b56a2c5b57ad4adc0354fe5d47468e5b8ee16839d75a41cad20ddab4a6cf5ec18d9ddc023fa", @typed={0x8, 0x68, 0x0, 0x0, @ipv4=@private=0xa010100}, @typed={0x8, 0x12d, 0x0, 0x0, @fd=r12}]}, @typed={0x8, 0x1d, 0x0, 0x0, @fd=r0}, @typed={0x7, 0x63, 0x0, 0x0, @str='.\xfd\x00'}, @nested={0x72, 0x5d, 0x0, 0x1, [@nested={0x4, 0xc}, @generic="75493f5dbe4a39099195f12198f32d01ee3666ed66b0ee3991b9169ece018fd120c06bb7b101f418e532cd16d43b2038054e4a05af485a0e8f827c28be0c41ce7d49240bce1cfbde2315f22540a20e67945f6bbe2d44abf98b7e3e86312c04835e1a99e7e8646d989150"]}, @typed={0x4, 0x11f}, @typed={0x8, 0x23, 0x0, 0x0, @uid=r4}, @generic="a159cb74f118bc9359bacfa033888701f678e39530bec495a04238dba6368b3f66f402de0b0a4922481facbe14fe130f0d47959519e45bb50b51ea4ca6b6b40d81d0aa32ae83ca6b3a717b75c448de7a8fe202c6f832615d75deaeb29b6ece8bd68d8bd0aaaab79bc8f9a5b9b31d9debeaee48e9e7197399b49efc4d"]}, 0x198}, {&(0x7f0000000f80)={0x198, 0x37, 0x300, 0x70bd2a, 0x25dfdbfc, "", [@generic="f89247d604592d6d778e8ef262b2b7daca74da1f1276854030fb76f0608321e5db0e14be5291edca18d3a6b29a47006fd77296054748bef45de1def2cde119432d85a30012aa126f31411d0ccff8ce5246efe8efbcb9051fa72a64cc2420f3a246066152b0ca26b6d2085fea8a725397de9ca86307214651376c9a4242e9a5601d47322ad554533fbbf6f9d8c1e801969777e0f9bdaf353cad9ec171738fd3c1cf42977a698e4c406dfa686eea1c5bd0bba2ad56", @nested={0xd1, 0xc, 0x0, 0x1, [@generic="a5a762b1a3dfd9b3bdfd05862cacc7b24c6e11caf450d986216114b4b57793b58c218afe76be9099199e2ffc640ca0d42d19f1d4668c0060abb4a0346b4df0fa0990f3f29d126444108f446db231a93475237512d336a059b7094e3f6983a0a3ff4c1860629ebf9b71c030bd426c1fe5a0a9af7429e0f71ac1dc1987adb15d10034f1ce517c0842f029f5d84921b37466bd5cd287e4e8f6a476c56d5a816ac557e6b6ce478126075a7aef130ef109e25297645d50bc8c53a9dbf5648a09743d72827a18d53", @typed={0x8, 0x128, 0x0, 0x0, @fd=r3}]}]}, 0x198}], 0x2, &(0x7f00000012c0)=[@rights={{0x34, 0x1, 0x1, [r8, r8, r13, r0, 0xffffffffffffffff, r14, r15, r0, r2]}}, @rights={{0x28, 0x1, 0x1, [r16, r3, r7, r7, r1, r8]}}, @cred={{0x1c, 0x1, 0x2, {r17, r6, 0xffffffffffffffff}}}, @rights={{0x28, 0x1, 0x1, [r1, r3, r8, r2, r2, r8]}}, @cred={{0x1c, 0x1, 0x2, {r18, r6, 0xee01}}}], 0xc8, 0x20000810}, 0x8800)
bind$netlink(r8, &(0x7f0000001400)={0x10, 0x0, 0x25dfdbfe, 0x200000}, 0xc)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f00000015c0)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x31886c93f5895351}, 0xc, &(0x7f0000001580)={&(0x7f0000001500)={0x54, 0x0, 0x9, 0x70bd2d, 0x2, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x293}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x113}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]]}, 0x54}, 0x1, 0x0, 0x0, 0x44080}, 0x20040044)

3.250320399s ago: executing program 6 (id=5884):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
keyctl$KEYCTL_PKEY_DECRYPT(0x1a, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xd, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r4}, &(0x7f0000000280), &(0x7f00000002c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)

3.039349892s ago: executing program 4 (id=5887):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x44)

2.981135753s ago: executing program 4 (id=5888):
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x5, 0xc1a, 0x6, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "645b6048a2e4931144f6d9919fd48557d76811cd874f3c107bbfc1c8831026d4074af4be4cc414e02216198977dc3d41ed0880c64c39e5f4059b8e641ed15112"}}, 0x80}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
r4 = request_key(&(0x7f0000000180)='cifs.idmap\x00', &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000240)='](-!#+/\x00', 0xfffffffffffffffb)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, r4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5, 0x0, 0x3}, 0x18)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
io_setup(0x8a, &(0x7f0000000680)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x3000, 0x3, 0x1, 0x80, r6, 0x0, 0x3000}])
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r9}, 0x10)

2.398024472s ago: executing program 6 (id=5892):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x200000, 0x0, 0x0, 0x40f00, 0x28}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x9c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r5}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f80)={0x11, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==")
creat(&(0x7f0000000200)='./bus\x00', 0x10)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x0)
preadv2(r6, &(0x7f0000000d80)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0x1, 0x0, 0x0, 0x1b)

2.257093174s ago: executing program 6 (id=5893):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
fcntl$setlease(r0, 0x400, 0x0)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x8cff)
fcntl$setlease(r0, 0x400, 0x2)

2.187567165s ago: executing program 6 (id=5897):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000640)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000640)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x0) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000380)={0x4, 0x10000, 0x99, 0xffffffff, 0x11, "9b9b93a7b36f097853faeb080d53977b104819"})
r5 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000080000000850000000e00000095000000000035decb3910b95c48888d19fe0000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x59}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
readv(r5, &(0x7f0000000400)=[{0x0}, {&(0x7f0000004900)=""/4068, 0xab}], 0x2)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
recvmsg(r7, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/234, 0xea}], 0x1}, 0x1f00) (async)
recvmsg(r7, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/234, 0xea}], 0x1}, 0x1f00)
sendmsg$tipc(r8, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
socket$packet(0x11, 0xa, 0x300)
sendmmsg$sock(r8, &(0x7f000000bb40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4000011)
socket(0x40000000015, 0x5, 0x0) (async)
r9 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) (async)
connect$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r9, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r9, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$xdp(r9, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf, 0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf, 0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$pptp(0x18, 0x1, 0x2) (async)
r10 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r10, 0x0, 0x0)

2.032579738s ago: executing program 5 (id=5898):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x10, 0x0, 0x7ffc1ffb}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000000)=0x2, 0x4)
r1 = socket(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00'})
mount(0x0, 0x0, &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
pipe(&(0x7f00000008c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getdents64(r5, &(0x7f0000000040)=""/27, 0x1b)
getdents(r5, &(0x7f0000001f80)=""/4096, 0x1000)
splice(r3, 0x0, r4, 0x0, 0xa, 0x0)

1.394251678s ago: executing program 0 (id=5901):
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
unshare(0x80)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000180), 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0, 0x6}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
connect$unix(r0, &(0x7f0000000680)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="3000000010000108000000000000000000000000d7809f0fce5278741201fb91521f479386b4f2dca4d8d8e6109278b1e97f015ea30585ffddc290b6dc99a41216c655ef9bfc8a74a754e6a5f422f683917726c77990d138642fa0adb30346df01c160cbc1f38924bf873ec21a55ce6cc9f2f788498fef7cf46e38a600e0303cfa06765b27648e281986f2f3b265ad70fa40e3cf526d5b6c089de66a5b764df8727728dfa2fe3e4e9dc657420440d7ad9e683d9d0811d380f50fb68c9702593cc0246b2658ab520478949eeabc1f43113d7f3e1b00", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x2, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x46, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f0a000340110800450000380065000000019078ac1e0001ac1414aa0b009078120002282500000000000000002f00007f0000010000000021009a049f637b48d81c0ef36ffb1b64f9d65e0efbaf449d1868162c64eedff10a20ffac3a9a670e1c523ae68d81f13c9b210a36d519984314d9fb46d5cc28597ea0c25be0e8d21bbbe13a0c417eaa4706d39d7a0b10c5663c071d612c1e50bb48fb4645cfb5c1865ebbb0ffb56774c66f8a309798bbb6c42cca071cd7e80408814768c49fcdf34b44f6cf1f060f9f65e8bb70eaa968ba190468eb3b5825209fd6b6e568d5fab49ae79e65bcb3a8c97b58a11cbaeda9dbc27fb42e0c3f2c41cf3e6d390e0b5b85deff45b8823df2457d2bdd3ceef0e7a9ad1aaf01c8bd45f32d9fbe5db62c8ca4bcfdd8f0e224"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000002c0)=r3, 0x4)

1.337530729s ago: executing program 0 (id=5902):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x4, 0x2003, 0xc, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018010000202070250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r0}, &(0x7f0000000200), &(0x7f0000000300)=r2}, 0x20)
r4 = socket(0x28, 0x5, 0x0)
r5 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r5, 0x4)
connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r4, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0)
r6 = accept4$unix(r5, 0x0, 0x0, 0x800)
recvfrom$unix(r6, &(0x7f0000000140)=""/248, 0xf8, 0xec32a12c82c248a6, 0x0, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffb0}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.28935613s ago: executing program 4 (id=5903):
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_clone3(&(0x7f0000000380)={0x20080, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r4, &(0x7f0000002d00)=[{{&(0x7f0000001080)={0xa, 0x4e22, 0x1, @private2, 0x10001}, 0x1c, &(0x7f0000001680)=[{&(0x7f00000011c0)="e6", 0x1}, {&(0x7f0000001200)="c437f87d8cc9d51995d8efda1d2904c5958542ea8cc2b128b2d151f742c99768206b82453d68e9524b5a14a792d0b4d4340793dd99837d2b74b4e2f04cccc25a5bd6a782b2d92f9c18e5ff73e8ded01704d1e0f91176b0566c99656a1e6b0fc8d43f00792dffdbfbc52e83aa6b98be2cae232c3b92c92f26adbb5948b49416371b2b19115c0b2b337fe7ba4939414d3e4a9bdd70bbb01ec73684e722b2c406dadf52211e5f", 0xa5}, {&(0x7f0000001100)="c604bcb15b0b3e4e2d245f3e74a11dd7fad840f4b8c74844ecea270559c6d893630958da73ee7671934dbe6957feeb1143cb4797bc801331e6c7e35eaedd98db6986d85ec35d31dcbe13", 0x4a}, {&(0x7f00000012c0)="7f49d2ad97cdb21c92c6fac9cedcd700271c868ff7b77034cc0fa7e166dddeda7d71857fd8a0598d0af59341fe4980379aea6b57048c991a9de8f0ebd427dae314be4093387ab2e00bc49721541b9f4b2b2ca56b3060c805d477e4d18df97114bfd285839e87632256a11b871034b7cbd6fa8b065ac2b62e15dd3f918562bd599eebc82abda32f937343c6267603459b35a763eb299455aabafc8d2836699a572d0f25fbcf8ec0414642f7a6dc28d11ccfb8ef894fbcf7a4168509eb44f9234f254f897f705273dbbe23a1c298ae1b791466434c3785a4eee90cd19244b6f246a83bb91245b90c4045f3efced8d0953105163d51a253810cb9d3180ead", 0xfd}, {&(0x7f0000001740)="d8f1077f6ae13a450b695641cf2472e68a06022fced03ee9ac64d719ad42ca003b368fb352808a98604b408fc30fab651441d10a07803d10a551e55263a745761149", 0x42}, {&(0x7f0000001440)="bb67db0cb85719375fedefa07e00c2c5feb0305ebc943a1d05628ab61fbf06e67916b75e7a3b1cc90b853be9d8675e7278a58c261c37a0c9fac17a7cffad5c5851047fc67efdab14cb9f2543f137223f6435ff474777cdba549cc919601c17cd19e0226d155763cfb81b7486c9280bfb42769f115e47c9", 0x77}, {&(0x7f0000000040)="48cd262588efb9db62b3df5a49ecbd27232b2115b8cc24be0b99ebd2c4efd440e47f00000000000000042127", 0x2c}, {&(0x7f00000017c0)="ac488b464fcd364cc238c406451394b36a2fcbedeb0f23b80b3c7cbc45835a977aa10e9813046201db70c289060000010041b29b91d9ce99980b2cf3790fd1df8d4e2d67aa5126859c529e3cbe24d738ac36c256230eedb35fa6d506c50ce8776b47dd5d6d39732c9890771a43f759856317f50589a73dafb7be57aee2c7055ba1f9a8e503ad6f573fffccef0e2e08941fb1a40efa457f7a5ec03cdcab01680cc2dc2fc043a53eb5ce6c50cd785ac0cfa132c0dd4e33e4464a6e4e22a4fd591a86d14be456e7b5c5b2c68f4d7d2fd46daff1", 0xd2}, {&(0x7f0000001580)="5e35ea4a325b64e856b1e8f26ca268b669d2d3eeaeb4e383846f9df14541c4df68cce9599fc7f6bfcc4c78961fb59951e6e55c41ccdb460c4cc6925e64cd412de557fd3ea11142582d7f4aa5e8f03ff370dfaba917c50ff34bd35b32ae314f601249c73570768c0c263e93fc29f43592495d6647ad400d97d68a2e8dd13a90852a1ab47d655bfe3e579c7e30691ccb1c80f764531b123b99a3285eb0f7fc69251d2f28bc87ac7a47af386115b173120383957834f843cc92e1df", 0xba}, {&(0x7f0000001640)}], 0xa}}], 0x1, 0x48040)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
shutdown(r4, 0x1)

1.28891251s ago: executing program 0 (id=5904):
gettid()
timer_create(0x1, 0x0, &(0x7f0000000000))
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
readv(r0, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1.229414721s ago: executing program 5 (id=5905):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x50)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000440)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
fcntl$setlease(r1, 0x400, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x3d, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r3, @ANYRES32=r4, @ANYBLOB="00000000000000865a406dfd65ace53d4ec1a253057743b407259bdbb21be50907a0b121db03e6f02df4a62ce3478e66f2e30234da9444af9a36d0dee0245dcaf6a2dd97945cf00b873a8975a8fdf92f7493c8f4f757eb6364a29af20bc3b78742111718811ecf6e85cb30b1b88b0f7fc323a07cfac5bc057a995ba28ad3fe4073095f325e9f75c18d38163d64d18505b5bc1cc39ebd04526493a43ba570a520ff6107e3874a60262481617a39411dfcf073bd6fb3055e507e59080ba03db6a3d046ce"], 0x28}}, 0x20006800)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x50) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000440)='GPL\x00', 0x4}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x50) (async)
fcntl$setlease(r1, 0x400, 0x1) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) (async)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x3d, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r3, @ANYRES32=r4, @ANYBLOB="00000000000000865a406dfd65ace53d4ec1a253057743b407259bdbb21be50907a0b121db03e6f02df4a62ce3478e66f2e30234da9444af9a36d0dee0245dcaf6a2dd97945cf00b873a8975a8fdf92f7493c8f4f757eb6364a29af20bc3b78742111718811ecf6e85cb30b1b88b0f7fc323a07cfac5bc057a995ba28ad3fe4073095f325e9f75c18d38163d64d18505b5bc1cc39ebd04526493a43ba570a520ff6107e3874a60262481617a39411dfcf073bd6fb3055e507e59080ba03db6a3d046ce"], 0x28}}, 0x20006800) (async)

1.205279441s ago: executing program 5 (id=5906):
r0 = perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x8}})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @empty}, {0x20000010304, @local}, 0x4, {0x2, 0x4e20, @rand_addr=0x64010102}})

1.148811542s ago: executing program 5 (id=5907):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xffffffc0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0x10, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r3}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRESOCT=r4, @ANYRES32, @ANYRES64=r1, @ANYRES64=r5, @ANYRESDEC], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000080), &(0x7f0000000240)=r7}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="d8000000180001004e81f782db4cb904021d0800fe007c05e8fe55a10a000f000200142603600e12080005007f370401a8000700e00002400400027c035c0461c1d67f6f94007134cf6efb80009a38b540a6ea553e437a0ef0a007a290457f0189b3050000006bbace8017cbec4c2ee5015030485bca8aa7cef4090000001fb7d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf51951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r8=>r0, {0x7fffffff}}, './file0\x00'})
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0x4008010)
r10 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082)
r11 = fcntl$dupfd(r10, 0x0, r10)
ioctl$SG_IO(r11, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x73, @scatter={0x9, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000800)=""/253, 0xfd}, {&(0x7f00000006c0)=""/13, 0xd}, {&(0x7f0000000a00)=""/198, 0xc6}, {&(0x7f0000000700)=""/101, 0x65}, {&(0x7f0000000b00)=""/253, 0xfd}, {&(0x7f0000000c00)=""/237, 0xed}, {&(0x7f0000000900)=""/87, 0x57}, {&(0x7f00000017c0)=""/4096, 0x1000}, {&(0x7f0000000980)=""/34, 0x22}]}, &(0x7f0000000400)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x8, 0x8, 0x2, 0x10000, r8, 0x4, '\x00', 0x0, r8, 0x3, 0x4, 0x1, 0x7, @void, @value, @value=r8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r12, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f00000004c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r13 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r14 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r14, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4800000, 0x8005, 0x0, 0x0, 0x9, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d10a00966d61fdcf335263bd9bffbcc2542ded71038259ca0400e1a311efec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})
write$binfmt_misc(r13, &(0x7f00000003c0)='(', 0x1)

678.524839ms ago: executing program 1 (id=5909):
open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x29c)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1300, 0x1d)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x23)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_io_uring_setup(0x1714, &(0x7f0000000300)={0x0, 0x2dd2, 0x10100, 0x0, 0xffffffdc}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000002180)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='kmem_cache_free\x00', r7, 0x0, 0x100000000}, 0x18)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
read$hiddev(r8, &(0x7f00000000c0)=""/4092, 0xffc)
io_uring_enter(r3, 0x636f, 0x1, 0x29, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x8, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x6, 0x1ff}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="4800000010000104000000000400000000000000", @ANYRES32=r11, @ANYBLOB="000000070000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r11], 0x48}}, 0x0)
fcntl$setlease(r0, 0x400, 0x0)

597.467381ms ago: executing program 5 (id=5910):
r0 = getpgid(0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
capget(&(0x7f00000003c0)={0x19980330, r0}, &(0x7f0000000440)={0x36d3af21, 0x7, 0x9, 0x3c18, 0xffff, 0x1})

516.455392ms ago: executing program 0 (id=5911):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88240, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001340)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x6}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x38, 0x6d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_PROP_LIST={0x18, 0x34, 0x0, 0x1, [{0x14, 0x35, 'ip6_vti0\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000)
munmap(&(0x7f000060f000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000c1d000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000807000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil)
mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="340000001a00010000000000000000000a000000000000000000000006001d000000000006001c0000000000080019"], 0x34}}, 0x0)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c4010000", @ANYRES16=r10, @ANYBLOB="010128bd7000ffdbdf251e0000000c0006000100000001000000f8002f800c0002000202aaaaaaaaaaaa0c0002000201aaaaaaaaaaaab40003800800010002000000540003800c0004000203aaaaaaaaaaaa06000100030000030c00040000000000000000000c000400000000000000000006000300000000000c0004000203aaaaaaaaaaaa06000300a2aa000006000300feff00000500020001000000080004"], 0x1c4}, 0x1, 0x0, 0x0, 0x48810}, 0x4800)

515.107452ms ago: executing program 1 (id=5912):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001800", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000030000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
syz_mount_image$iso9660(&(0x7f0000000b00), &(0x7f0000000040)='./file0\x00', 0x4002, &(0x7f0000000140)=ANY=[@ANYBLOB='map=off,cruft,iocharset=ascii,block=0x0000000000000200,unhide,session=0x0000000000000011,uid=', @ANYRESDEC=0x0, @ANYBLOB="2c004238994fceef7f633ea81416b1324d35327f7ace27c590b7f9fb133af0ffd6dfc4d893195864142b1450fbace6795f6e181993255fbbca2cb54fcf79cc53b3a6c3704aed82da89741aad5205bb43ded29cfd65509ff9c85cbdb7337ef48b9412ff439da96bb3f5ac11273d94d3d75d"], 0x1, 0xa2f, &(0x7f0000001580)="$eJzs3ctvXNd9B/DvHfEl2lBlW3VVwbZGMmTTNkuRVC1B8KKWyKFEl4+WpAALbWEZllQIIurCbgHb6EIFiq5q1CiKAk02gZdZGXAW8SbQLlkFWWURIPF/EBhZKQGCCebOUOJjZihSFKnIn89gNPfxO+f87tw792iGM/eEP2b1er28b3P+0vd3M1kePecnv/78i08b93+/lb7sy+vFD5OBJNWk5/flsdI7MbkwP7tJRTeTK0luJ0WS/jQfO9i/Zu5Kiv/Ok/fmb6f4bg63KTawxY1jU3W+1fb6+AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfSxOTo6FiRmem5S29XOyuHAO+yfqW6r8pRv4uvVjfR16bZIika9wwMrAz1ffjQvdXPNv45nueac881R/4eyCdPPHvwjWd6KivluyS0Kz78+JOb7y4vX/vg3qLeTQv1P9yctqVve8Uu1OamF+enZ89dqFWnF+erZ0+fHj15cWqxOjWd2uLlxaXabHVioXZuaX6hOjTxSnXs7NlT1drI5flLcxcmR2ZqKwvP/MX46Ojp6lsjf1M7t7A4P3fyrZHFiYvTMzPTcxfKmMbqRsyZxoH419NL1aXaudlq9fqN5WunNkuyETTWdk1R3ZdVQeOb1TQ+Oj4+NjY+Pnb69bOvnxkd7dmwYHSdbIjY+4OWvfODh3IOh22qtPr/zGQ6c7mUt1Nte5vIZBYyn9kO61tW+v8TJ2td213d/6/08ofvrT6Ssv9/oTn3Qqf+v0Mum9/q9WbN2y2/cvswH+eT3My7Wc5yruWDB66xP+sy++2D1ti6VR98azfeLqSWuUxnMfOZzmzOlUuqrSXVnM3pnM5o3snFTGUx1UxlOjOpZTGXs5il1MojaiILqeVcljKfhVQzlIm8kmrGcjZncyrV1DKSy5nPpczlQiZzrqzlem6Uz/upLjneDRq7n6DxLkE73P/XH8X/CfKw7ej5Gx5EvdX/t3uP3gyor0wNTexaVgAAAMBO+vOf5MChp3/8y6Q3z5efy09Nz9RG9zotAAAAYAeVX9d7rvHQ25h6PoX3/wAAAPC4Kcrf2BVJBnO0OdX8JdS++BAAAAAAHhPl3/9faDwMNqaOprh7JZQre50bAAAAsDPuXmM/na6xu+lV+Ivhlcv/Vq82H6+2IlrX+R2cmp6pjUzMz7wxlpfKqwyUvzTYUNu+pOgtf37wao41o44NNh8H19Y40IgaG3ljLK/meGtDhl5sPLw41CZyvBn5cjPy5S6RpxqRAPC4O96lP77f/v/VDDcjho/09CXpOdKmZx3VswLAo2LzMXY2jSj+8t77/95WtWv6/6dz/WjzKwUjeS/vZzlXM1z+2qD8xsGaWv/+s9ZnBne/hjCa4U0+DViJ/dmZSoY7fB7Ql/X1jmd4k08EmrH5h+TUw98RALCLjnfoh7fS/w+vev+fje//7w4tdM1PCgHgkXB3BPuHOLHX2wgArKWXBgAAAAAAAAAAAAAAAAAAAAAAAAAAgJ23o1f7H9hm8V+1xvV7uMMQbJjY33oOtl/P/yTZvZyLRlv9O1dhZQfqqSfZrf21exM5mGz7WW17GPcl2fvt2srEXp6VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2C1Fsq/d8krSn2Q0ycndz2r7isYWdXFr1zLZbT/92w4r/mr1THEnd/JRDuxOTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3x6t6/9X0nx8orkoPZXkRJIrSf5ur3PcSXf2OoEdsn+b5VZd/7+xz1Mv0tPc7Sl6JyYX5mfL8RP6G+u//vyLTxv3VcX777edMrCybnCJVgvrY7/35MrUU2WpwclrH978l/f/uTp5PpX05fzS1Mzk7IWFN+8Vebb4MqmmeV+xku+/nfjRZ222/MvGlra3vt2p8smZ3Njun7Ur3b3dbm4sXxtvtLRUe3vpX//pxkerVj2dY8mLQ8nQ2pb+sXHv0NKx9HZrrfim+M/iQP4vV8r933g2inrR2EV/Um7//us3lq+NvPf+8tUOOR3M0SRXk4H7z+lo5wE5yqOu0ttodbQMavxzqF193cf0aFvjWIdteKo8ZAZb29B3X9tQ3SSBVc97pd36ZkanOmT0TF5qs6fr/UnnjF7qvqfbK74pflFczM/zH6vG/6g09v+JdH51rq2ijFx1pHSMrDQjyy0fX73infWRv/7/+8q+7TA1bNV/rXnxVlad/1v7aofOR/Wi6/loVYtbe12sa3HdUdHldVH2SIfWlWidfTqVaeV5qBnVIc8/zWtJz5FuZ8UNvfVrm53SVsq/2X71dl//3ymG8pvcMv4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw6CuSfe2WV5ITSQ6uzFeT+haq7e+0ojJYbDXFHXXr7j+PhcpWCxR3cicf5cDDSQcAAAAAAACA3XZ+8uvPv/i0cS//Hr/vTr3e+vt+NelJcrD43/2ZXJif3aSi3uRKktuN6YFOQb+rN61d2iiXJ+/N327MHW5bwcH73S4AoLM/BAAA///r9m7p")
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000940)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f0000000900)='%pK    \x00'}, 0x20)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x9, &(0x7f0000000380)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0x6}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x3}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x5}, @ldst={0x3, 0x0, 0x2, 0x8, 0x0, 0x100, 0x8}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000680)='syzkaller\x00', 0x2, 0x33, &(0x7f00000006c0)=""/51, 0x41100, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x0, 0xd, 0x6f4c, 0x101}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[0x1, 0xffffffffffffffff, r2, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x2}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r5}, 0x18)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, r7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x18)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x38, 0x1403, 0x1, 0x70bd29, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_bridge\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x20000010)
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80800)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_ro(r9, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
preadv(r10, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/56, 0x38}], 0x1, 0x8, 0x0)
syz_clone3(&(0x7f0000000480)={0x22044000, &(0x7f0000000400), &(0x7f0000000180), &(0x7f0000000300), {0x8}, &(0x7f0000000540)=""/169, 0xa9, &(0x7f0000000400), &(0x7f0000000440)=[0xffffffffffffffff, 0x0], 0x2, {r10}}, 0x58)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000880)='xprtrdma_post_linv_err\x00', r10, 0x0, 0x4ab}, 0x65)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073f97a310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[@ANYBLOB="fd5f7c2997ffbd9be76a4fa171e78f7317b2f4f542579b3d03e5d4d1c70eb8f031400f89fcc0716cdbba25b72bbfd641c0858e422d95115d53dd80360871849a"], 0x34}}, 0x0)

511.173422ms ago: executing program 5 (id=5913):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x7, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYRES8], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095", @ANYBLOB="07e38f818d3ec08f66bb300b442ca04d3fffdc020ddacc981f22a569d5df3e2dfa3e0dc079c76bcb011325d2a71a725bb8ff9adb82c5101ae0499e11", @ANYBLOB="72b005a5817f6f9711cfe1071bdc4897276e0b1ed103a86a64f1f67aa87d3fb956a0279d525584aaf70a7df65c25095e73a37cea815f1520b68d22400529b86e5c009e8d6e8f4dc6018d981799f448d2545948e20e7d881800f3b471e032e2c1977e4e540f15a1ce5209432d45c607ec5801ad66ebfdf4fbcc0e4773e6650da37dd0b083e6c8f7179bce408576c6f5788cc36819d0e7707c7faa9359b6d9bdd67a49b398577b8cbb33b9123d0732007551f4ab29e9561e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000002c0)=0x1)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xf, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
clock_nanosleep(0x9, 0xfffffdfc, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)
setresuid(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
syz_clone(0x19241000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x494}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={r5}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='subflow_check_data_avail\x00', r2}, 0x18)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100), 0x0)
getpid()

483.287833ms ago: executing program 34 (id=5913):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x7, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYRES8], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095", @ANYBLOB="07e38f818d3ec08f66bb300b442ca04d3fffdc020ddacc981f22a569d5df3e2dfa3e0dc079c76bcb011325d2a71a725bb8ff9adb82c5101ae0499e11", @ANYBLOB="72b005a5817f6f9711cfe1071bdc4897276e0b1ed103a86a64f1f67aa87d3fb956a0279d525584aaf70a7df65c25095e73a37cea815f1520b68d22400529b86e5c009e8d6e8f4dc6018d981799f448d2545948e20e7d881800f3b471e032e2c1977e4e540f15a1ce5209432d45c607ec5801ad66ebfdf4fbcc0e4773e6650da37dd0b083e6c8f7179bce408576c6f5788cc36819d0e7707c7faa9359b6d9bdd67a49b398577b8cbb33b9123d0732007551f4ab29e9561e"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000002c0)=0x1)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xf, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
clock_nanosleep(0x9, 0xfffffdfc, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)
setresuid(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
syz_clone(0x19241000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x2, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x494}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000000c0)={r5}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='subflow_check_data_avail\x00', r2}, 0x18)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100), 0x0)
getpid()

480.175062ms ago: executing program 4 (id=5915):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000010100000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)

409.503664ms ago: executing program 0 (id=5916):
r0 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_to_batadv\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x933}]}}]}, 0x40}}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000073000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r3}, 0x10)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pim6reg0\x00', 0x2})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f0000000380)=ANY=[@ANYBLOB="01000004"])
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0)

378.920244ms ago: executing program 1 (id=5917):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='svcsock_tcp_recv_short\x00', r1, 0x0, 0x1}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r2}, 0x8)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000640)='kmem_cache_free\x00', r5, 0x0, 0x80001}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000980)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r5, @ANYRES8=r4, @ANYBLOB="d0907b51bf139dee36b13484f555b5b0d11de30b4e812309fd84e1ba3170125d8995e4c326faa1f49650db1ff06bc84c5991609d8f3b43ea21a9ad14c8e3545a48d2f5aa8b5a6ae8716e5bd6e736640902c5bdbf8c2db6844fc571dd8ed3614ee73856231f46541acd14ca85645d19e4b57e3724b3fc316f0f6694a40fa4bee51130bc9ec3ecb3e2c4a504816cf77aba090a3bd660eb56183416", @ANYRES8=r2, @ANYRES8=r3, @ANYRES32=r0, @ANYRES64=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r6, 0x0, 0x178}, 0x18)
read(r0, &(0x7f0000000840)=""/191, 0xbf)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0x80)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={r7}, 0x4)

362.239335ms ago: executing program 0 (id=5918):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000002780)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000400)={r3, 0x3, r2, 0xfffffffd})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000000c0)='svcrdma_no_rwctx_err\x00', r1, 0x0, 0xce}, 0x18)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x50, r5, 0x1, 0x70bd29, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x50}, 0x1, 0x0, 0x0, 0x44844}, 0x4000800)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r6, 0x89f3, &(0x7f0000001040)={'ip_vti0\x00', &(0x7f00000000c0)={'syztnl2\x00', 0x0, 0x40, 0xab00, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}}}})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000fcffff0318110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r11}, 0x10)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c000000bcd7c82fdbb2d48e31e3e1606d094053bc7301c37b19e635e727948b6790aa9ab7b3357c074fdead036484566a44f371b1f08d21f757d882", @ANYRES16=r13, @ANYBLOB="010000000000000000001a00000018000180140002006261746164765f736c6176655f310000"], 0x2c}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x0, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x6e, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x0, 0x3, 0x1d}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x3}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x22044028}, 0x800)

161.328748ms ago: executing program 1 (id=5919):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000400000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}, 0x1, 0x0, 0xfff10000}, 0x0)

144.414988ms ago: executing program 1 (id=5920):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111b200000000008510000002000000850000008d00fc9eeabebf00525a00009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080)
r5 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
ustat(0x1, &(0x7f0000000100))
sched_rr_get_interval(0x0, &(0x7f0000000300))

101.833159ms ago: executing program 1 (id=5921):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000180)={@multicast1, @remote, @local}, 0xc)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'ipvlan1\x00', <r6=>0x0})
setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f00000001c0)={0x3, {{0x2, 0x4e24, @multicast1}}, {{0x2, 0x4e22, @private=0xa010102}}}, 0x108)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000000)={@multicast1, @loopback, r6}, 0xc)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@mpls_getnetconf={0x14, 0x52, 0x100, 0x70bd2c, 0x25dfdbfb}, 0x14}}, 0x40040)
r7 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x4810, &(0x7f0000000380)={[{@sysvgroups}, {@max_batch_time}, {@noauto_da_alloc}, {@errors_remount}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@nolazytime}], [{@flag='async'}]}, 0x0, 0x4ec, &(0x7f0000000c40)="$eJzs3ElvHMUeAPB/j5fEL8mzX957QBbIQEBYIOLYWQ8cCAIpFyQkEApHYztRiJOg2EhJZBGzKEgcQPkEAW5IfAJOcEGAOIC4EsERIUXIBxw4oEE10zOMPTPe4iWxfz9pnKru6q6q7q64lmkHsGEV048sYmtE/BgR3ZXozATFyj+3piaG/piaGMqiVHrht6ycbnpq4sNq0upxW/JIbyGi8E4Wu5rkO3bp8pnB0dGRC5Xo2zfGC/mes4OnRk6NnBs4evTgga4jhwcOLUs9U5mmd75xfveO4y9fe27oxLVXvv40lbeU75+emhiaeUTPInNoa9hSjOLMa1nnkUWe/U63rS6ctaefhbUrDAuWntp0uzrK7b872sqxiu549q1aImDdKZVKpU0NW2sNfrJUL8sqBwDrRKZJwwa0ve43/vRUGqlODDWOg9e3m8eiPAJK9b6Vfyp72ssj2GJPZWzUsUL5/y8iTkz+eT19ouk8BADA8vr8WETp5987Ur+j+qnsKcQ9den+na8N9UTEfyIi9R3/m/df/h9RTntvRNxXd0zqUW6eJ//irHhj/+f7rjyQuqxLrmcrqf/3ZL62NbP/V1u/6GnLY9vK9e/ITp4eHdmfX5Pe6NiU4v2Np65Nq33xzA8ftMq/WNf/S5+Uf7UvmJfj1/ZZE3TDg+ODt1vvqptvli/slcb6Z9GeVUMROyJi5xLOn67Z6cc+2d1qf63+bXH9RKpnQ/3fb33y9iUUaJbSRxGPVu7/ZMyqf9KZh/rGz77WN3bp8hOn69cn+48cHjjUtzlGR/b3VZ+KRt98d/X5PNgwjJj//q+sdP//1fT5r61c9mT167Vji8/j6o13W45plvr8d2YvlsOd+baLg+PjF/ojOrPJxu0D/xx7cbBrRvpU/969zdv/9oi/qovbuyIiPcT3R8QDEbEnL/uDEfFQROydo/5fPf3wq62GkHfC/R9e1P1vFXjq24jmu9rOfPlZQ8bvFRdY/3T/D5ZDvfmW4cHx+X6txFwlrQ/c9gUEAACAu8CeiNgaWWFfPse5NQqFffsittRmUMbGHz95/vVzw5V3BHqio1Cd6equmw/tz+eGUzwdNVAXT/sPlOeNS6VSqSvF0/h9dNvaVh02vC0t2n/yi+/9w/q3qHW0Vm+0AXelpa+jL/8XMoDVtQzfowHuUto/bFwLbv8r9RYcsGaatf8rEbfWoCjAKmvW/l9ag3IAq8/4HzYu7R82Lu0fNqQFvSS/hMD247O31OWVta9Mpq0DhZj7rwD0RFS3VL/gOPcJfypELE8J25a1pl0z7mmhaZrNsRx5RWHeNO2L+EMMqxso3BnFqAQ2RcQ8T2/tYbtSDVxe6YKVG8HHa/u/EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO37OwAA//8GPdEz")
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299b000)
r8 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f00000001c0)=r9}, 0x20)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r11, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x2a8, 0xffffffff, 0x98, 0x98, 0x130, 0xffffffff, 0xffffffff, 0x210, 0x210, 0x210, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@ip={@private, @multicast1, 0x0, 0x0, 'ip6gre0\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x64}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'wlan1\x00'}, 0x0, 0xb0, 0xe0, 0x0, {}, [@common=@set={{0x40}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
r12 = open_tree(r7, &(0x7f0000000300)='./file0\x00', 0x8001)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x6, 0x0, r10, 0x1d55edad, '\x00', r4, r12, 0x5, 0x2, 0x2}, 0x50)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r8, 0x40045402, 0x0)

0s ago: executing program 4 (id=5922):
gettid()
timer_create(0x1, 0x0, &(0x7f0000000000))
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
readv(r0, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

kernel console output (not intermixed with test programs):

7.009927][T21602]  should_fail_ex+0x265/0x280
[  337.010024][T21602]  should_fail+0xb/0x20
[  337.010059][T21602]  should_fail_usercopy+0x1a/0x20
[  337.010168][T21602]  _copy_from_user+0x1c/0xb0
[  337.010190][T21602]  ___sys_sendmsg+0xc1/0x1d0
[  337.010240][T21602]  __x64_sys_sendmsg+0xd4/0x160
[  337.010276][T21602]  x64_sys_call+0x2999/0x2fb0
[  337.010298][T21602]  do_syscall_64+0xd2/0x200
[  337.010317][T21602]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  337.010402][T21602]  ? clear_bhb_loop+0x40/0x90
[  337.010422][T21602]  ? clear_bhb_loop+0x40/0x90
[  337.010444][T21602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.010512][T21602] RIP: 0033:0x7f108041e9a9
[  337.010528][T21602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  337.010544][T21602] RSP: 002b:00007f107ea7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  337.010564][T21602] RAX: ffffffffffffffda RBX: 00007f1080645fa0 RCX: 00007f108041e9a9
[  337.010577][T21602] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000003
[  337.010589][T21602] RBP: 00007f107ea7f090 R08: 0000000000000000 R09: 0000000000000000
[  337.010602][T21602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  337.010620][T21602] R13: 0000000000000000 R14: 00007f1080645fa0 R15: 00007ffd658017b8
[  337.010679][T21602]  </TASK>
[  337.201811][T21585] netlink: 'syz.0.5276': attribute type 13 has an invalid length.
[  337.235189][T21615] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  337.265240][T21615] pim6reg: entered allmulticast mode
[  337.283896][T21615] pim6reg: left allmulticast mode
[  337.364620][T21632] loop6: detected capacity change from 0 to 164
[  337.383281][T21632] Unable to read rock-ridge attributes
[  337.392579][T21622] Unable to read rock-ridge attributes
[  337.414068][T21638] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5293'.
[  337.415882][T21622] netlink: 'syz.6.5288': attribute type 1 has an invalid length.
[  337.430902][T21622] netlink: 224 bytes leftover after parsing attributes in process `syz.6.5288'.
[  337.443972][T21630] loop5: detected capacity change from 0 to 164
[  337.453789][T21630] Unable to read rock-ridge attributes
[  337.463730][T21630] Unable to read rock-ridge attributes
[  337.472397][T21630] netlink: 'syz.5.5291': attribute type 1 has an invalid length.
[  337.480185][T21630] netlink: 224 bytes leftover after parsing attributes in process `syz.5.5291'.
[  337.675264][T21659] netlink: 80 bytes leftover after parsing attributes in process `syz.0.5299'.
[  337.714227][T21668] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  337.848371][T21683] 9pnet_fd: Insufficient options for proto=fd
[  337.866922][   T23] tipc: Node number set to 2886997007
[  337.912493][T21686] loop6: detected capacity change from 0 to 2048
[  337.938880][T21686] EXT4-fs: Ignoring removed mblk_io_submit option
[  337.975050][T21686] EXT4-fs: quotafile must be on filesystem root
[  338.015441][   T29] kauditd_printk_skb: 1006 callbacks suppressed
[  338.015457][   T29] audit: type=1326 audit(864.957:37561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.045441][   T29] audit: type=1326 audit(864.957:37562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.068403][   T29] audit: type=1326 audit(864.957:37563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.092152][   T29] audit: type=1326 audit(864.957:37564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.115162][   T29] audit: type=1326 audit(864.957:37565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.138861][   T29] audit: type=1326 audit(864.957:37566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.161919][   T29] audit: type=1326 audit(864.957:37567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.185481][   T29] audit: type=1326 audit(864.957:37568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.208630][   T29] audit: type=1326 audit(864.957:37569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.208658][   T29] audit: type=1326 audit(864.957:37570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21685 comm="syz.6.5306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  338.213518][T21699] netlink: 'syz.5.5305': attribute type 2 has an invalid length.
[  338.329735][T21714] new mount options do not match the existing superblock, will be ignored
[  338.413151][T21727] loop5: detected capacity change from 0 to 8192
[  338.415809][T21730] lo speed is unknown, defaulting to 1000
[  338.422766][T21727] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  338.432680][T21730] lo speed is unknown, defaulting to 1000
[  338.534566][T21711] FAULT_INJECTION: forcing a failure.
[  338.534566][T21711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  338.547750][T21711] CPU: 1 UID: 0 PID: 21711 Comm: syz.4.5312 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  338.547821][T21711] Tainted: [W]=WARN
[  338.547827][T21711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  338.547878][T21711] Call Trace:
[  338.547885][T21711]  <TASK>
[  338.547892][T21711]  __dump_stack+0x1d/0x30
[  338.547911][T21711]  dump_stack_lvl+0xe8/0x140
[  338.547927][T21711]  dump_stack+0x15/0x1b
[  338.547950][T21711]  should_fail_ex+0x265/0x280
[  338.547979][T21711]  should_fail+0xb/0x20
[  338.548005][T21711]  should_fail_usercopy+0x1a/0x20
[  338.548030][T21711]  _copy_from_user+0x1c/0xb0
[  338.548102][T21711]  kstrtouint_from_user+0x69/0xf0
[  338.548148][T21711]  ? 0xffffffff81000000
[  338.548162][T21711]  ? selinux_file_permission+0x1e4/0x320
[  338.548249][T21711]  proc_fail_nth_write+0x50/0x160
[  338.548307][T21711]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  338.548394][T21711]  vfs_write+0x269/0x8e0
[  338.548420][T21711]  ? vfs_read+0x47f/0x6f0
[  338.548451][T21711]  ? __rcu_read_unlock+0x4f/0x70
[  338.548473][T21711]  ? __fget_files+0x184/0x1c0
[  338.548504][T21711]  ksys_write+0xda/0x1a0
[  338.548533][T21711]  __x64_sys_write+0x40/0x50
[  338.548581][T21711]  x64_sys_call+0x2cdd/0x2fb0
[  338.548601][T21711]  do_syscall_64+0xd2/0x200
[  338.548620][T21711]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  338.548667][T21711]  ? clear_bhb_loop+0x40/0x90
[  338.548684][T21711]  ? clear_bhb_loop+0x40/0x90
[  338.548739][T21711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.548759][T21711] RIP: 0033:0x7efca024d45f
[  338.548775][T21711] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  338.548793][T21711] RSP: 002b:00007efc9e8b7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  338.548812][T21711] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efca024d45f
[  338.548875][T21711] RDX: 0000000000000001 RSI: 00007efc9e8b70a0 RDI: 0000000000000005
[  338.548888][T21711] RBP: 00007efc9e8b7090 R08: 0000000000000000 R09: 0000000000000000
[  338.548933][T21711] R10: ffffffffffffffff R11: 0000000000000293 R12: 0000000000000002
[  338.548946][T21711] R13: 0000000000000000 R14: 00007efca0475fa0 R15: 00007ffe533b6c08
[  338.548965][T21711]  </TASK>
[  339.259998][T21783] netlink: 'syz.4.5324': attribute type 1 has an invalid length.
[  339.437246][T21798] lo speed is unknown, defaulting to 1000
[  339.462210][T21798] lo speed is unknown, defaulting to 1000
[  339.503115][T21806] bridge: RTM_NEWNEIGH with invalid ether address
[  339.510355][T21807] lo speed is unknown, defaulting to 1000
[  339.557653][T21807] lo speed is unknown, defaulting to 1000
[  339.639867][T21837] batman_adv: batadv0: Removing interface: batadv_slave_0
[  339.659173][T21837] batman_adv: batadv0: Removing interface: batadv_slave_1
[  339.958569][T21886] loop6: detected capacity change from 0 to 512
[  339.983493][T21886] EXT4-fs: Ignoring removed bh option
[  339.997715][T21886] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  340.006863][T21886] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem
[  340.081803][T21886] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended
[  340.091739][T21901] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  340.099948][T21886] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e002e01c, mo2=0006]
[  340.109223][T21886] System zones: 0-2, 18-18, 34-35
[  340.118184][T21886] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  340.206634][T21908] __nla_validate_parse: 10 callbacks suppressed
[  340.206653][T21908] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5345'.
[  340.229794][T21903] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 353: padding at end of block bitmap is not set
[  340.491553][T21920] lo speed is unknown, defaulting to 1000
[  340.539912][T21920] lo speed is unknown, defaulting to 1000
[  340.841801][T21943] xt_CT: You must specify a L4 protocol and not use inversions on it
[  340.853828][T18817] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.949380][T21919] loop5: detected capacity change from 0 to 32768
[  340.960616][T21959] validate_nla: 1 callbacks suppressed
[  340.960630][T21959] netlink: 'syz.4.5354': attribute type 4 has an invalid length.
[  340.977392][T21959] netlink: 'syz.4.5354': attribute type 4 has an invalid length.
[  341.044090][T21954] loop6: detected capacity change from 0 to 164
[  341.055892][T21919]  loop5: p1 p2 p3 < >
[  341.060178][T21919] loop5: p1 size 242222080 extends beyond EOD, truncated
[  341.060576][T21954] Unable to read rock-ridge attributes
[  341.068489][T21919] loop5: p2 start 4294967295 is beyond EOD, truncated
[  341.079577][T21954] Unable to read rock-ridge attributes
[  341.081373][T21954] netlink: 'syz.6.5351': attribute type 1 has an invalid length.
[  341.093847][T21954] netlink: 224 bytes leftover after parsing attributes in process `syz.6.5351'.
[  341.348724][T21997] netlink: 'syz.4.5360': attribute type 4 has an invalid length.
[  341.356594][T21997] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5360'.
[  341.415395][T22004] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=22004 comm=syz.6.5361
[  341.469749][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.488362][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.495835][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.503308][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.511103][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.518484][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.525968][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.533461][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.541003][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.548511][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.556115][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.564226][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.571992][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.578911][T22012] 9pnet_fd: Insufficient options for proto=fd
[  341.579433][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.593138][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.600547][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.608021][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.615534][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.622973][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.630355][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.637796][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.645199][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.652646][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.660042][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.667774][    T9] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  341.692907][    T9] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v8.00 Device [syz1] on syz0
[  341.713239][T22027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.722548][T22027] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.777585][T22027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.802454][T22035] loop6: detected capacity change from 0 to 8192
[  341.806991][T22027] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.834409][T22027] 8021q: adding VLAN 0 to HW filter on device bond0
[  341.841813][T22027] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  341.853179][T22027] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  341.868528][T22048] pimreg: entered allmulticast mode
[  341.925178][T22057] lo speed is unknown, defaulting to 1000
[  341.932543][T22057] lo speed is unknown, defaulting to 1000
[  342.020896][T22057] netlink: 'syz.6.5373': attribute type 13 has an invalid length.
[  342.523902][T22108] netlink: 'syz.1.5382': attribute type 4 has an invalid length.
[  342.523925][T22108] netlink: 17 bytes leftover after parsing attributes in process `syz.1.5382'.
[  342.533135][T22110] bridge0: entered allmulticast mode
[  342.533692][T22110] bridge0: port 3(team0) entered disabled state
[  342.543568][T22110] bridge_slave_1: left allmulticast mode
[  342.543657][T22110] bridge_slave_1: left promiscuous mode
[  342.543812][T22110] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.548213][T22110] bridge_slave_0: left allmulticast mode
[  342.548244][T22110] bridge_slave_0: left promiscuous mode
[  342.548335][T22110] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.597854][T22041] pimreg: left allmulticast mode
[  342.607496][T22119] siw: device registration error -23
[  342.676164][T22122] hub 2-0:1.0: USB hub found
[  342.737664][T22122] hub 2-0:1.0: 8 ports detected
[  342.752594][   T29] kauditd_printk_skb: 443 callbacks suppressed
[  342.752608][   T29] audit: type=1326 audit(870.043:38014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22126 comm="syz.0.5386" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d8befe9a9 code=0x0
[  342.780104][T22125] lo speed is unknown, defaulting to 1000
[  342.797310][T22087] 9pnet: p9_errstr2errno: server reported unknown error 
[  342.804903][T22125] lo speed is unknown, defaulting to 1000
[  342.842893][T22131] netlink: 'syz.5.5385': attribute type 13 has an invalid length.
[  342.889818][T22156] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5387'.
[  342.949095][T22164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  342.964859][T22164] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.973311][   T29] audit: type=1326 audit(870.289:38015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  342.997071][   T29] audit: type=1326 audit(870.289:38016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.026850][   T29] audit: type=1326 audit(870.289:38017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.050534][   T29] audit: type=1326 audit(870.289:38018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.073897][   T29] audit: type=1326 audit(870.289:38019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.097497][   T29] audit: type=1326 audit(870.289:38020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.120719][   T29] audit: type=1326 audit(870.289:38021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.143816][   T29] audit: type=1326 audit(870.289:38022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.167341][   T29] audit: type=1326 audit(870.289:38023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.6.5390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  343.191182][T22172] loop6: detected capacity change from 0 to 164
[  343.197713][T22172] Unable to read rock-ridge attributes
[  343.207920][T22168] Unable to read rock-ridge attributes
[  343.215232][T22168] netlink: 'syz.6.5390': attribute type 1 has an invalid length.
[  343.223143][T22168] netlink: 224 bytes leftover after parsing attributes in process `syz.6.5390'.
[  343.302926][T22182] vhci_hcd: invalid port number 96
[  343.308086][T22182] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  343.338424][T22184] netlink: 'syz.4.5394': attribute type 4 has an invalid length.
[  343.346291][T22184] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5394'.
[  343.425971][T22188] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5396'.
[  343.572257][T22211] siw: device registration error -23
[  343.778714][T22224] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5404'.
[  343.818275][T22224] SET target dimension over the limit!
[  344.285283][T22236] lo speed is unknown, defaulting to 1000
[  344.300041][T22236] lo speed is unknown, defaulting to 1000
[  344.406146][T22241] netlink: 'syz.1.5409': attribute type 1 has an invalid length.
[  344.414670][T22241] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5409'.
[  344.628903][T22271] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  344.931937][T22304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5421'.
[  344.941054][T22304] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (40192)
[  344.951102][T22288] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  344.960111][T22288] ref_ctr decrement failed for inode: 0x948 offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff88810a2c1b80
[  344.972974][T22288] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  344.981380][T22288] ref_ctr decrement failed for inode: 0x948 offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff88810a2c1b80
[  344.994630][T22288] uprobe: syz.1.5415:22288 failed to unregister, leaking uprobe
[  345.019417][T22310] xt_TCPMSS: Only works on TCP SYN packets
[  345.322750][T22326] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5429'.
[  345.873559][T22352] FAULT_INJECTION: forcing a failure.
[  345.873559][T22352] name failslab, interval 1, probability 0, space 0, times 0
[  345.886992][T22352] CPU: 1 UID: 0 PID: 22352 Comm: syz.1.5435 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  345.887029][T22352] Tainted: [W]=WARN
[  345.887035][T22352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  345.887045][T22352] Call Trace:
[  345.887052][T22352]  <TASK>
[  345.887060][T22352]  __dump_stack+0x1d/0x30
[  345.887080][T22352]  dump_stack_lvl+0xe8/0x140
[  345.887098][T22352]  dump_stack+0x15/0x1b
[  345.887113][T22352]  should_fail_ex+0x265/0x280
[  345.887141][T22352]  should_failslab+0x8c/0xb0
[  345.887161][T22352]  kmem_cache_alloc_noprof+0x50/0x310
[  345.887184][T22352]  ? mas_dup_build+0x1f6/0xd30
[  345.887205][T22352]  mas_dup_build+0x1f6/0xd30
[  345.887223][T22352]  ? css_rstat_updated+0xcd/0x5b0
[  345.887250][T22352]  ? mod_memcg_state+0x1eb/0x2c0
[  345.887270][T22352]  __mt_dup+0xc6/0x180
[  345.887292][T22352]  dup_mmap+0x266/0xf20
[  345.887308][T22352]  ? __list_add_valid_or_report+0x38/0xe0
[  345.887333][T22352]  copy_mm+0x11a/0x370
[  345.887356][T22352]  copy_process+0xcf1/0x1f90
[  345.887385][T22352]  kernel_clone+0x16c/0x5b0
[  345.887407][T22352]  ? vfs_write+0x75e/0x8e0
[  345.887435][T22352]  __x64_sys_clone+0xe6/0x120
[  345.887463][T22352]  x64_sys_call+0x2c59/0x2fb0
[  345.887481][T22352]  do_syscall_64+0xd2/0x200
[  345.887498][T22352]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  345.887520][T22352]  ? clear_bhb_loop+0x40/0x90
[  345.887538][T22352]  ? clear_bhb_loop+0x40/0x90
[  345.887557][T22352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.887575][T22352] RIP: 0033:0x7fc12ac1e9a9
[  345.887589][T22352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.887605][T22352] RSP: 002b:00007fc12927efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  345.887622][T22352] RAX: ffffffffffffffda RBX: 00007fc12ae45fa0 RCX: 00007fc12ac1e9a9
[  345.887635][T22352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000004240000
[  345.887647][T22352] RBP: 00007fc12927f090 R08: 0000000000000000 R09: 0000000000000000
[  345.887659][T22352] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  345.887670][T22352] R13: 0000000000000000 R14: 00007fc12ae45fa0 R15: 00007fffbe332528
[  345.887688][T22352]  </TASK>
[  346.271907][T22362] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5440'.
[  346.281298][T22362] netem: change failed
[  346.304565][T22366] netlink: 'syz.4.5439': attribute type 3 has an invalid length.
[  346.358995][T22376] netlink: 164 bytes leftover after parsing attributes in process `syz.4.5445'.
[  346.527648][T22401] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  346.537357][T22403] can0: slcan on ttyS3.
[  346.555280][T22411] netlink: 'syz.0.5457': attribute type 4 has an invalid length.
[  346.563136][T22411] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5457'.
[  346.582656][T22403] can0 (unregistered): slcan off ttyS3.
[  346.621509][T22418] bridge0: entered allmulticast mode
[  346.654669][T22419] can0: slcan on ttyS3.
[  346.672063][T22424] loop6: detected capacity change from 0 to 512
[  346.679264][T22424] EXT4-fs: Ignoring removed orlov option
[  346.685125][T22424] EXT4-fs: Ignoring removed nomblk_io_submit option
[  346.694253][T22424] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.756929][T18817] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.795783][T22402] can0 (unregistered): slcan off ttyS3.
[  346.821189][T22449] loop6: detected capacity change from 0 to 512
[  346.830348][T22449] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.5466: Failed to acquire dquot type 1
[  346.843978][T22449] EXT4-fs (loop6): 1 truncate cleaned up
[  346.850775][T22449] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.874109][T22449] EXT4-fs error (device loop6): ext4_lookup:1791: inode #2: comm syz.6.5466: deleted inode referenced: 12
[  346.900117][T18817] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.943202][T22471] netlink: 'syz.4.5470': attribute type 4 has an invalid length.
[  346.951182][T22471] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5470'.
[  346.988166][T22473] lo speed is unknown, defaulting to 1000
[  346.994775][T22473] lo speed is unknown, defaulting to 1000
[  347.068143][T22499] FAULT_INJECTION: forcing a failure.
[  347.068143][T22499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.081312][T22499] CPU: 0 UID: 0 PID: 22499 Comm: syz.1.5473 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  347.081343][T22499] Tainted: [W]=WARN
[  347.081349][T22499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  347.081360][T22499] Call Trace:
[  347.081408][T22499]  <TASK>
[  347.081414][T22499]  __dump_stack+0x1d/0x30
[  347.081433][T22499]  dump_stack_lvl+0xe8/0x140
[  347.081449][T22499]  dump_stack+0x15/0x1b
[  347.081463][T22499]  should_fail_ex+0x265/0x280
[  347.081486][T22499]  should_fail+0xb/0x20
[  347.081573][T22499]  should_fail_usercopy+0x1a/0x20
[  347.081600][T22499]  strncpy_from_user+0x25/0x230
[  347.081665][T22499]  ? __kmalloc_cache_noprof+0x189/0x320
[  347.081691][T22499]  __se_sys_memfd_create+0x1ff/0x590
[  347.081718][T22499]  __x64_sys_memfd_create+0x31/0x40
[  347.081802][T22499]  x64_sys_call+0x122f/0x2fb0
[  347.081824][T22499]  do_syscall_64+0xd2/0x200
[  347.081842][T22499]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  347.081883][T22499]  ? clear_bhb_loop+0x40/0x90
[  347.081903][T22499]  ? clear_bhb_loop+0x40/0x90
[  347.081979][T22499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.081999][T22499] RIP: 0033:0x7fc12ac1e9a9
[  347.082112][T22499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.082129][T22499] RSP: 002b:00007fc12927ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  347.082191][T22499] RAX: ffffffffffffffda RBX: 0000000000001237 RCX: 00007fc12ac1e9a9
[  347.082204][T22499] RDX: 00007fc12927eef0 RSI: 0000000000000000 RDI: 00007fc12aca16fc
[  347.082218][T22499] RBP: 00002000000006c0 R08: 00007fc12927ebb7 R09: 00007fc12927ee40
[  347.082231][T22499] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000280
[  347.082307][T22499] R13: 00007fc12927eef0 R14: 00007fc12927eeb0 R15: 0000200000000240
[  347.082327][T22499]  </TASK>
[  347.089491][T22500] xt_hashlimit: size too large, truncated to 1048576
[  347.306309][T22505] lo speed is unknown, defaulting to 1000
[  347.341312][T22505] lo speed is unknown, defaulting to 1000
[  347.368354][T22503] nfs: Unknown parameter ''
[  347.483720][T22513] lo speed is unknown, defaulting to 1000
[  347.521909][T22513] lo speed is unknown, defaulting to 1000
[  347.560229][   T29] kauditd_printk_skb: 703 callbacks suppressed
[  347.560246][   T29] audit: type=1326 audit(875.182:38725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.568743][T22544] netlink: 'syz.0.5476': attribute type 13 has an invalid length.
[  347.589486][   T29] audit: type=1326 audit(875.182:38726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589531][   T29] audit: type=1326 audit(875.182:38727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589593][   T29] audit: type=1326 audit(875.182:38728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589619][   T29] audit: type=1326 audit(875.182:38729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589697][   T29] audit: type=1326 audit(875.182:38730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589725][   T29] audit: type=1326 audit(875.182:38731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589752][   T29] audit: type=1326 audit(875.192:38732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589815][   T29] audit: type=1326 audit(875.192:38733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.589923][   T29] audit: type=1326 audit(875.192:38734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22539 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  347.937635][T22560] netlink: 'syz.6.5478': attribute type 12 has an invalid length.
[  347.945651][T22560] netlink: 'syz.6.5478': attribute type 29 has an invalid length.
[  347.953591][T22560] netlink: 148 bytes leftover after parsing attributes in process `syz.6.5478'.
[  347.962739][T22560] netlink: 51 bytes leftover after parsing attributes in process `syz.6.5478'.
[  347.993512][T22560] loop6: detected capacity change from 0 to 2048
[  348.058233][T22560] Alternate GPT is invalid, using primary GPT.
[  348.064605][T22560]  loop6: p1 p2 p3
[  348.153896][T22593] netlink: 'syz.6.5482': attribute type 4 has an invalid length.
[  348.161698][T22593] netlink: 17 bytes leftover after parsing attributes in process `syz.6.5482'.
[  348.173959][T22594] lo speed is unknown, defaulting to 1000
[  348.180425][T22594] lo speed is unknown, defaulting to 1000
[  348.224486][T22603] loop5: detected capacity change from 0 to 128
[  348.234752][T22602] lo speed is unknown, defaulting to 1000
[  348.250510][T22602] lo speed is unknown, defaulting to 1000
[  348.356687][T22603] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  348.371357][T22618] vhci_hcd: invalid port number 96
[  348.376565][T22618] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  348.537719][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  348.557678][T22668] lo speed is unknown, defaulting to 1000
[  348.563880][T22668] lo speed is unknown, defaulting to 1000
[  348.637821][T22696] netlink: 'syz.1.5492': attribute type 13 has an invalid length.
[  348.643851][T22697] netlink: 'syz.4.5490': attribute type 13 has an invalid length.
[  348.674560][T22699] netlink: 'syz.6.5496': attribute type 4 has an invalid length.
[  348.683055][T22699] netlink: 17 bytes leftover after parsing attributes in process `syz.6.5496'.
[  348.743232][T22664] lo speed is unknown, defaulting to 1000
[  348.761343][T22664] lo speed is unknown, defaulting to 1000
[  348.895006][T22735] vhci_hcd: invalid port number 96
[  348.900197][T22735] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  348.919474][T22739] lo speed is unknown, defaulting to 1000
[  348.926353][T22739] lo speed is unknown, defaulting to 1000
[  349.241913][T22797] batman_adv: batadv0: Removing interface: batadv_slave_0
[  349.253429][T22797] batman_adv: batadv0: Removing interface: batadv_slave_1
[  349.269223][T22797] 
: (slave batadv0): Releasing backup interface
[  349.319645][T22790] lo speed is unknown, defaulting to 1000
[  349.344136][T22790] lo speed is unknown, defaulting to 1000
[  349.610587][T22844] lo speed is unknown, defaulting to 1000
[  349.617608][T22848] __nla_validate_parse: 2 callbacks suppressed
[  349.617623][T22848] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5521'.
[  349.635186][T22844] lo speed is unknown, defaulting to 1000
[  349.641705][T22857] loop5: detected capacity change from 0 to 128
[  349.689768][T22857] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  349.840914][T22895] FAULT_INJECTION: forcing a failure.
[  349.840914][T22895] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  349.854137][T22895] CPU: 0 UID: 0 PID: 22895 Comm: syz.6.5527 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  349.854233][T22895] Tainted: [W]=WARN
[  349.854240][T22895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  349.854253][T22895] Call Trace:
[  349.854260][T22895]  <TASK>
[  349.854269][T22895]  __dump_stack+0x1d/0x30
[  349.854291][T22895]  dump_stack_lvl+0xe8/0x140
[  349.854312][T22895]  dump_stack+0x15/0x1b
[  349.854364][T22895]  should_fail_ex+0x265/0x280
[  349.854389][T22895]  should_fail+0xb/0x20
[  349.854476][T22895]  should_fail_usercopy+0x1a/0x20
[  349.854501][T22895]  copy_fpstate_to_sigframe+0x628/0x7d0
[  349.854526][T22895]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  349.854570][T22895]  ? x86_task_fpu+0x36/0x60
[  349.854630][T22895]  get_sigframe+0x34d/0x490
[  349.854648][T22895]  ? get_signal+0xdc8/0xf70
[  349.854719][T22895]  x64_setup_rt_frame+0xa8/0x580
[  349.854738][T22895]  arch_do_signal_or_restart+0x27c/0x480
[  349.854825][T22895]  exit_to_user_mode_loop+0x7a/0x100
[  349.854850][T22895]  do_syscall_64+0x1d6/0x200
[  349.854869][T22895]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  349.854893][T22895]  ? clear_bhb_loop+0x40/0x90
[  349.854912][T22895]  ? clear_bhb_loop+0x40/0x90
[  349.854937][T22895]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.854959][T22895] RIP: 0033:0x7f108041e9a9
[  349.854975][T22895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.854992][T22895] RSP: 002b:00007f107ea7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  349.855088][T22895] RAX: 0000000000000000 RBX: 00007f1080645fa0 RCX: 00007f108041e9a9
[  349.855099][T22895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  349.855109][T22895] RBP: 00007f107ea7f090 R08: 0000000000000000 R09: 0000000000000000
[  349.855119][T22895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.855167][T22895] R13: 0000000000000000 R14: 00007f1080645fa0 R15: 00007ffd658017b8
[  349.855187][T22895]  </TASK>
[  350.076772][T22902] netlink: 5 bytes leftover after parsing attributes in process `syz.0.5529'.
[  350.096285][T22902] 0�X��D: renamed from gretap0
[  350.101593][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  350.121865][T22902] 0�X��D: entered allmulticast mode
[  350.156773][T22902] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[  350.215743][T22911] loop5: detected capacity change from 0 to 8192
[  350.232013][T22911] FAULT_INJECTION: forcing a failure.
[  350.232013][T22911] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  350.245341][T22911] CPU: 0 UID: 0 PID: 22911 Comm: syz.5.5530 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  350.245374][T22911] Tainted: [W]=WARN
[  350.245381][T22911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  350.245393][T22911] Call Trace:
[  350.245400][T22911]  <TASK>
[  350.245420][T22911]  __dump_stack+0x1d/0x30
[  350.245441][T22911]  dump_stack_lvl+0xe8/0x140
[  350.245488][T22911]  dump_stack+0x15/0x1b
[  350.245504][T22911]  should_fail_ex+0x265/0x280
[  350.245532][T22911]  should_fail_alloc_page+0xf2/0x100
[  350.245556][T22911]  alloc_pages_bulk_noprof+0xef/0x540
[  350.245652][T22911]  copy_splice_read+0xf3/0x5f0
[  350.245682][T22911]  ? __pfx_filemap_splice_read+0x10/0x10
[  350.245716][T22911]  splice_direct_to_actor+0x290/0x680
[  350.245750][T22911]  ? __pfx_direct_splice_actor+0x10/0x10
[  350.245825][T22911]  do_splice_direct+0xda/0x150
[  350.245850][T22911]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  350.245894][T22911]  do_sendfile+0x380/0x650
[  350.245919][T22911]  __x64_sys_sendfile64+0x105/0x150
[  350.245989][T22911]  x64_sys_call+0xb39/0x2fb0
[  350.246009][T22911]  do_syscall_64+0xd2/0x200
[  350.246027][T22911]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  350.246073][T22911]  ? clear_bhb_loop+0x40/0x90
[  350.246094][T22911]  ? clear_bhb_loop+0x40/0x90
[  350.246221][T22911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.246246][T22911] RIP: 0033:0x7f82d725e9a9
[  350.246272][T22911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.246338][T22911] RSP: 002b:00007f82d58bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  350.246397][T22911] RAX: ffffffffffffffda RBX: 00007f82d7485fa0 RCX: 00007f82d725e9a9
[  350.246415][T22911] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[  350.246425][T22911] RBP: 00007f82d58bf090 R08: 0000000000000000 R09: 0000000000000000
[  350.246515][T22911] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001
[  350.246525][T22911] R13: 0000000000000000 R14: 00007f82d7485fa0 R15: 00007ffe2f9ea2c8
[  350.246540][T22911]  </TASK>
[  350.632197][T22949] loop6: detected capacity change from 0 to 128
[  350.641670][T22941] lo speed is unknown, defaulting to 1000
[  350.649259][T22949] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  350.682091][T22941] lo speed is unknown, defaulting to 1000
[  350.849083][T18817] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  350.863832][T22996] SELinux:  Context system_u:object_r:usbmon_device_t:s0 is not valid (left unmapped).
[  351.105027][T23003] vlan2: entered allmulticast mode
[  351.110174][T23003] vlan1: entered allmulticast mode
[  351.115386][T23003] veth0_vlan: entered allmulticast mode
[  351.776103][T23032] loop5: detected capacity change from 0 to 512
[  351.783329][T23029] lo speed is unknown, defaulting to 1000
[  351.789612][T23029] lo speed is unknown, defaulting to 1000
[  351.798190][T23032] EXT4-fs: Ignoring removed nomblk_io_submit option
[  351.812122][T23038] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5556'.
[  351.845758][T23038] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5556'.
[  351.864170][T23063] random: crng reseeded on system resumption
[  351.876698][T23032] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  351.948858][T23029] validate_nla: 2 callbacks suppressed
[  351.948872][T23029] netlink: 'syz.0.5557': attribute type 13 has an invalid length.
[  352.200675][T23085] lo speed is unknown, defaulting to 1000
[  352.207370][T23085] lo speed is unknown, defaulting to 1000
[  352.264010][T23110] bridge0: port 3(hsr0) entered blocking state
[  352.271132][T23110] bridge0: port 3(hsr0) entered disabled state
[  352.278149][T23110] hsr0: entered allmulticast mode
[  352.283215][T23110] hsr_slave_0: entered allmulticast mode
[  352.288971][T23110] hsr_slave_1: entered allmulticast mode
[  352.311381][T23110] hsr0: entered promiscuous mode
[  352.429258][   T29] kauditd_printk_skb: 1666 callbacks suppressed
[  352.429271][   T29] audit: type=1400 audit(880.428:40395): avc:  denied  { getopt } for  pid=23115 comm="syz.4.5566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  352.492706][T23117] syzkaller0: entered promiscuous mode
[  352.498218][T23117] syzkaller0: entered allmulticast mode
[  352.510227][   T29] audit: type=1400 audit(880.514:40396): avc:  denied  { relabelfrom } for  pid=23115 comm="syz.4.5566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  352.530413][   T29] audit: type=1400 audit(880.514:40397): avc:  denied  { relabelto } for  pid=23115 comm="syz.4.5566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  352.561302][T15027] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.577157][   T29] audit: type=1400 audit(880.589:40398): avc:  denied  { unmount } for  pid=15027 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  352.686426][T23134] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5567'.
[  352.720836][   T29] audit: type=1400 audit(880.739:40399): avc:  denied  { append } for  pid=23138 comm="syz.4.5569" name="ptp0" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  352.760667][T23141] lo speed is unknown, defaulting to 1000
[  352.767153][T23141] lo speed is unknown, defaulting to 1000
[  352.863210][   T29] audit: type=1404 audit(880.890:40400): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[  352.885754][   T29] audit: type=1404 audit(880.911:40401): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[  352.917047][   T29] audit: type=1400 audit(880.943:40402): avc:  denied  { read write } for  pid=15027 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  352.940934][   T29] audit: type=1400 audit(880.943:40403): avc:  denied  { open } for  pid=15027 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  352.964697][   T29] audit: type=1400 audit(880.943:40404): avc:  denied  { ioctl } for  pid=15027 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=105 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  352.997638][T23173] FAULT_INJECTION: forcing a failure.
[  352.997638][T23173] name failslab, interval 1, probability 0, space 0, times 0
[  353.010305][T23173] CPU: 0 UID: 0 PID: 23173 Comm: syz.5.5574 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  353.010412][T23173] Tainted: [W]=WARN
[  353.010420][T23173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  353.010433][T23173] Call Trace:
[  353.010440][T23173]  <TASK>
[  353.010449][T23173]  __dump_stack+0x1d/0x30
[  353.010551][T23173]  dump_stack_lvl+0xe8/0x140
[  353.010572][T23173]  dump_stack+0x15/0x1b
[  353.010589][T23173]  should_fail_ex+0x265/0x280
[  353.010620][T23173]  should_failslab+0x8c/0xb0
[  353.010639][T23173]  kmem_cache_alloc_noprof+0x50/0x310
[  353.010719][T23173]  ? prepare_creds+0x37/0x4c0
[  353.010743][T23173]  prepare_creds+0x37/0x4c0
[  353.010763][T23173]  join_session_keyring+0x19/0x2a0
[  353.010847][T23173]  lookup_user_key+0x399/0xd10
[  353.010871][T23173]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  353.010905][T23173]  __se_sys_add_key+0x263/0x350
[  353.010930][T23173]  __x64_sys_add_key+0x67/0x80
[  353.010949][T23173]  x64_sys_call+0x1d0d/0x2fb0
[  353.010966][T23173]  do_syscall_64+0xd2/0x200
[  353.010982][T23173]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  353.011065][T23173]  ? clear_bhb_loop+0x40/0x90
[  353.011083][T23173]  ? clear_bhb_loop+0x40/0x90
[  353.011165][T23173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.011186][T23173] RIP: 0033:0x7f82d725e9a9
[  353.011203][T23173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.011335][T23173] RSP: 002b:00007f82d58bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  353.011356][T23173] RAX: ffffffffffffffda RBX: 00007f82d7485fa0 RCX: 00007f82d725e9a9
[  353.011370][T23173] RDX: 00002000000000c0 RSI: 0000000000000000 RDI: 0000200000000040
[  353.011383][T23173] RBP: 00007f82d58bf090 R08: fffffffffffffffd R09: 0000000000000000
[  353.011400][T23173] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[  353.011412][T23173] R13: 0000000000000000 R14: 00007f82d7485fa0 R15: 00007ffe2f9ea2c8
[  353.011430][T23173]  </TASK>
[  353.287531][T23189] random: crng reseeded on system resumption
[  353.294469][T23192] loop6: detected capacity change from 0 to 256
[  353.317057][T23189] lo speed is unknown, defaulting to 1000
[  353.324128][T23189] lo speed is unknown, defaulting to 1000
[  353.404566][T23212] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.412716][T23212] 8021q: adding VLAN 0 to HW filter on device team0
[  353.425087][T23212] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  353.629836][T23221] SELinux: syz.4.5582 (23221) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  354.016626][T23252] FAULT_INJECTION: forcing a failure.
[  354.016626][T23252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  354.030490][T23252] CPU: 1 UID: 0 PID: 23252 Comm: syz.5.5591 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  354.030518][T23252] Tainted: [W]=WARN
[  354.030523][T23252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  354.030533][T23252] Call Trace:
[  354.030539][T23252]  <TASK>
[  354.030546][T23252]  __dump_stack+0x1d/0x30
[  354.030567][T23252]  dump_stack_lvl+0xe8/0x140
[  354.030628][T23252]  dump_stack+0x15/0x1b
[  354.030641][T23252]  should_fail_ex+0x265/0x280
[  354.030667][T23252]  should_fail+0xb/0x20
[  354.030693][T23252]  should_fail_usercopy+0x1a/0x20
[  354.030725][T23252]  _copy_from_user+0x1c/0xb0
[  354.030746][T23252]  ___sys_sendmsg+0xc1/0x1d0
[  354.030872][T23252]  __x64_sys_sendmsg+0xd4/0x160
[  354.030907][T23252]  x64_sys_call+0x2999/0x2fb0
[  354.030929][T23252]  do_syscall_64+0xd2/0x200
[  354.030946][T23252]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  354.031032][T23252]  ? clear_bhb_loop+0x40/0x90
[  354.031054][T23252]  ? clear_bhb_loop+0x40/0x90
[  354.031076][T23252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.031183][T23252] RIP: 0033:0x7f82d725e9a9
[  354.031197][T23252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.031215][T23252] RSP: 002b:00007f82d58bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  354.031235][T23252] RAX: ffffffffffffffda RBX: 00007f82d7485fa0 RCX: 00007f82d725e9a9
[  354.031246][T23252] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  354.031257][T23252] RBP: 00007f82d58bf090 R08: 0000000000000000 R09: 0000000000000000
[  354.031271][T23252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.031355][T23252] R13: 0000000000000000 R14: 00007f82d7485fa0 R15: 00007ffe2f9ea2c8
[  354.031394][T23252]  </TASK>
[  354.326186][T23266] netlink: 'syz.1.5592': attribute type 1 has an invalid length.
[  354.334035][T23266] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5592'.
[  354.433300][T23274] lo speed is unknown, defaulting to 1000
[  354.439880][T23274] lo speed is unknown, defaulting to 1000
[  354.471782][T23312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5599'.
[  354.480738][T23312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5599'.
[  354.490147][T23312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5599'.
[  354.501376][T23302] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5605'.
[  354.511380][T23302] netlink: 'syz.5.5605': attribute type 5 has an invalid length.
[  354.519465][T23314] sch_tbf: burst 0 is lower than device lo mtu (81) !
[  354.534143][T23302] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5605'.
[  354.545660][T23321] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  354.586142][T23324] lo speed is unknown, defaulting to 1000
[  354.592496][T23324] lo speed is unknown, defaulting to 1000
[  354.679811][T23324] netlink: 'syz.6.5608': attribute type 13 has an invalid length.
[  354.682447][T23356] vhci_hcd: invalid port number 96
[  354.692811][T23356] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  354.762717][T23363] loop6: detected capacity change from 0 to 8192
[  354.794433][T23370] loop5: detected capacity change from 0 to 164
[  354.801107][T23320] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  354.809505][T23320] ref_ctr decrement failed for inode: 0xb2a offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff888103ead280
[  354.809762][T23370] Unable to read rock-ridge attributes
[  354.822068][T23372] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5615'.
[  354.833985][T23320] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  354.843973][T23320] ref_ctr decrement failed for inode: 0xb2a offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff888103ead280
[  354.847003][T23372] loop6: detected capacity change from 0 to 512
[  354.856465][T23320] uprobe: syz.0.5607:23320 failed to unregister, leaking uprobe
[  354.862093][T23361] Unable to read rock-ridge attributes
[  354.873133][T23372] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  354.878979][T23361] netlink: 'syz.5.5613': attribute type 1 has an invalid length.
[  354.886800][T23372] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it
[  354.893774][T23361] netlink: 224 bytes leftover after parsing attributes in process `syz.5.5613'.
[  354.913233][T23372] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm +}[@: Corrupt directory, running e2fsck is recommended
[  354.926242][T23372] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[  354.934736][T23372] EXT4-fs error (device loop6): ext4_iget_extra_inode:5035: inode #15: comm +}[@: corrupted in-inode xattr: invalid ea_ino
[  354.948510][T23372] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm +}[@: couldn't read orphan inode 15 (err -117)
[  354.961300][T23372] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.032724][T23379] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  355.044361][T23379] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it
[  355.052641][T23380] netlink: 'syz.1.5616': attribute type 1 has an invalid length.
[  355.054463][T23379] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.5615: Corrupt directory, running e2fsck is recommended
[  355.054590][T23379] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz.6.5615: path /120/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[  355.054891][T23379] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 64: comm syz.6.5615: path /120/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  355.116448][T23380] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5616'.
[  355.229844][T18817] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.329219][T23407] netlink: 'syz.4.5625': attribute type 4 has an invalid length.
[  355.337263][T23407] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5625'.
[  355.363551][T23413] FAULT_INJECTION: forcing a failure.
[  355.363551][T23413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.376744][T23413] CPU: 1 UID: 0 PID: 23413 Comm: syz.5.5627 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  355.376843][T23413] Tainted: [W]=WARN
[  355.376849][T23413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  355.376985][T23413] Call Trace:
[  355.376991][T23413]  <TASK>
[  355.376999][T23413]  __dump_stack+0x1d/0x30
[  355.377019][T23413]  dump_stack_lvl+0xe8/0x140
[  355.377037][T23413]  dump_stack+0x15/0x1b
[  355.377052][T23413]  should_fail_ex+0x265/0x280
[  355.377120][T23413]  should_fail+0xb/0x20
[  355.377170][T23413]  should_fail_usercopy+0x1a/0x20
[  355.377196][T23413]  _copy_from_user+0x1c/0xb0
[  355.377258][T23413]  ___sys_sendmsg+0xc1/0x1d0
[  355.377300][T23413]  __x64_sys_sendmsg+0xd4/0x160
[  355.377380][T23413]  x64_sys_call+0x2999/0x2fb0
[  355.377470][T23413]  do_syscall_64+0xd2/0x200
[  355.377489][T23413]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  355.377514][T23413]  ? clear_bhb_loop+0x40/0x90
[  355.377562][T23413]  ? clear_bhb_loop+0x40/0x90
[  355.377582][T23413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.377604][T23413] RIP: 0033:0x7f82d725e9a9
[  355.377620][T23413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.377635][T23413] RSP: 002b:00007f82d58bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  355.377652][T23413] RAX: ffffffffffffffda RBX: 00007f82d7485fa0 RCX: 00007f82d725e9a9
[  355.377664][T23413] RDX: 0000000004000000 RSI: 0000200000000300 RDI: 0000000000000007
[  355.377681][T23413] RBP: 00007f82d58bf090 R08: 0000000000000000 R09: 0000000000000000
[  355.377692][T23413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.377702][T23413] R13: 0000000000000000 R14: 00007f82d7485fa0 R15: 00007ffe2f9ea2c8
[  355.377718][T23413]  </TASK>
[  355.580598][T23418] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23418 comm=syz.0.5629
[  355.621278][T23427] netlink: 'syz.4.5628': attribute type 1 has an invalid length.
[  355.675933][T23431] lo speed is unknown, defaulting to 1000
[  355.682581][T23431] lo speed is unknown, defaulting to 1000
[  355.740653][T23431] loop5: detected capacity change from 0 to 128
[  355.781410][T23431] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  355.872741][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  356.125964][T23484] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  356.134420][T23484] ref_ctr decrement failed for inode: 0x69d offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff88810a2c3c80
[  356.167326][T23484] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  356.175985][T23484] ref_ctr decrement failed for inode: 0x69d offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff88810a2c3c80
[  356.200131][T23484] uprobe: syz.5.5640:23484 failed to unregister, leaking uprobe
[  356.212178][T23511] syzkaller0: entered promiscuous mode
[  356.217809][T23511] syzkaller0: entered allmulticast mode
[  356.327454][T23521] lo speed is unknown, defaulting to 1000
[  356.333547][T23521] lo speed is unknown, defaulting to 1000
[  356.524742][T23551] lo speed is unknown, defaulting to 1000
[  356.545626][T23551] lo speed is unknown, defaulting to 1000
[  356.739583][T23589] lo speed is unknown, defaulting to 1000
[  356.745662][T23589] lo speed is unknown, defaulting to 1000
[  356.806343][T23619] rdma_op ffff8881200ad980 conn xmit_rdma 0000000000000000
[  356.875881][T23629] hsr_slave_0 (unregistering): left promiscuous mode
[  356.968562][T23646] netlink: 'syz.4.5662': attribute type 1 has an invalid length.
[  356.997132][T23648] lo speed is unknown, defaulting to 1000
[  357.003809][T23648] lo speed is unknown, defaulting to 1000
[  357.154989][T23682] audit_log_lost: 449 callbacks suppressed
[  357.155002][T23682] audit: audit_lost=10 audit_rate_limit=0 audit_backlog_limit=64
[  357.168673][T23682] audit: out of memory in audit_log_start
[  357.175409][T23682] sd 0:0:1:0: device reset
[  357.179978][   T29] audit: type=1326 audit(886.493:40854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efca024e9a9 code=0x7ffc0000
[  357.203222][   T29] audit: type=1326 audit(886.493:40855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7efca024e9a9 code=0x7ffc0000
[  357.226532][   T29] audit: type=1326 audit(886.493:40856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efca024e9a9 code=0x7ffc0000
[  357.249618][   T29] audit: type=1326 audit(886.493:40857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efca024e9a9 code=0x7ffc0000
[  357.272795][   T29] audit: type=1326 audit(886.493:40858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efca024e9a9 code=0x7ffc0000
[  357.295924][   T29] audit: type=1326 audit(886.493:40859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efca024d310 code=0x7ffc0000
[  357.319187][   T29] audit: type=1326 audit(886.493:40860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efca024e9a9 code=0x7ffc0000
[  357.342602][   T29] audit: type=1326 audit(886.493:40861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23680 comm="syz.4.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efca024d310 code=0x7ffc0000
[  357.406469][T23676] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  357.415545][T23676] ref_ctr decrement failed for inode: 0xb7f offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff888103eaf380
[  357.465921][T23689] batadv_slave_0: entered promiscuous mode
[  357.473855][T23676] ref_ctr going negative. vaddr: 0x200000002082, curr val: 0, delta: -1
[  357.482332][T23676] ref_ctr decrement failed for inode: 0xb7f offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff888103eaf380
[  357.502516][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.510592][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.518148][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.525613][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.532656][T23676] uprobe: syz.0.5667:23676 failed to unregister, leaking uprobe
[  357.533698][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.548095][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.555551][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.563000][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x4
[  357.571078][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.578644][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.586189][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.593751][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.601832][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x2
[  357.609368][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.616782][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.624244][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.632266][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.639702][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.647241][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.655308][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.662692][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.670248][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.677717][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.685818][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.693379][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.700910][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.708313][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.716402][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.723864][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.731509][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.739651][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.747132][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.754663][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.762164][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.770271][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.777732][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.785337][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.792790][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.800994][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.808514][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.815943][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.824275][ T3386] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  357.835739][ T3386] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  357.908310][T23712] FAULT_INJECTION: forcing a failure.
[  357.908310][T23712] name failslab, interval 1, probability 0, space 0, times 0
[  357.921098][T23712] CPU: 0 UID: 0 PID: 23712 Comm: syz.1.5674 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  357.921130][T23712] Tainted: [W]=WARN
[  357.921136][T23712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.921146][T23712] Call Trace:
[  357.921152][T23712]  <TASK>
[  357.921160][T23712]  __dump_stack+0x1d/0x30
[  357.921182][T23712]  dump_stack_lvl+0xe8/0x140
[  357.921251][T23712]  dump_stack+0x15/0x1b
[  357.921268][T23712]  should_fail_ex+0x265/0x280
[  357.921298][T23712]  should_failslab+0x8c/0xb0
[  357.921319][T23712]  kmem_cache_alloc_noprof+0x50/0x310
[  357.921365][T23712]  ? alloc_empty_file+0x76/0x200
[  357.921389][T23712]  alloc_empty_file+0x76/0x200
[  357.921412][T23712]  path_openat+0x68/0x2170
[  357.921484][T23712]  ? kernelmode_fixup_or_oops+0x59/0xb0
[  357.921553][T23712]  ? _parse_integer_limit+0x170/0x190
[  357.921583][T23712]  ? kstrtoull+0x111/0x140
[  357.921651][T23712]  ? kstrtouint+0x76/0xc0
[  357.921678][T23712]  do_filp_open+0x109/0x230
[  357.921713][T23712]  do_sys_openat2+0xa6/0x110
[  357.921740][T23712]  __x64_sys_openat+0xf2/0x120
[  357.921762][T23712]  x64_sys_call+0x1af/0x2fb0
[  357.921786][T23712]  do_syscall_64+0xd2/0x200
[  357.921806][T23712]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  357.921831][T23712]  ? clear_bhb_loop+0x40/0x90
[  357.921860][T23712]  ? clear_bhb_loop+0x40/0x90
[  357.921942][T23712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.921963][T23712] RIP: 0033:0x7fc12ac1e9a9
[  357.922045][T23712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.922063][T23712] RSP: 002b:00007fc12927f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  357.922084][T23712] RAX: ffffffffffffffda RBX: 00007fc12ae45fa0 RCX: 00007fc12ac1e9a9
[  357.922096][T23712] RDX: 0000000000143842 RSI: 0000200000000040 RDI: 0000000000000003
[  357.922110][T23712] RBP: 00007fc12927f090 R08: 0000000000000000 R09: 0000000000000000
[  357.922123][T23712] R10: 00000000000000e3 R11: 0000000000000246 R12: 0000000000000001
[  357.922136][T23712] R13: 0000000000000000 R14: 00007fc12ae45fa0 R15: 00007fffbe332528
[  357.922180][T23712]  </TASK>
[  358.141608][T23698] syzkaller0: entered promiscuous mode
[  358.147221][T23698] syzkaller0: entered allmulticast mode
[  358.160124][T23678] batadv_slave_0: left promiscuous mode
[  358.303550][T23729] vhci_hcd vhci_hcd.0: pdev(6) rhport(1) sockfd(12)
[  358.310226][T23729] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  358.318278][T23729] vhci_hcd vhci_hcd.0: Device attached
[  358.341827][T23728] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(9)
[  358.348424][T23728] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  358.356676][T23728] vhci_hcd vhci_hcd.0: Device attached
[  358.373251][T23720] netlink: 'syz.1.5675': attribute type 1 has an invalid length.
[  358.394431][T23720] 8021q: adding VLAN 0 to HW filter on device bond1
[  358.447956][T23733] vhci_hcd: connection closed
[  358.448194][T23734] vhci_hcd: connection closed
[  358.455464][ T3425] vhci_hcd: stop threads
[  358.464504][ T3425] vhci_hcd: release socket
[  358.469187][ T3425] vhci_hcd: disconnect device
[  358.493435][ T3386] vhci_hcd: vhci_device speed not set
[  358.500851][ T3425] vhci_hcd: stop threads
[  358.505898][ T3425] vhci_hcd: release socket
[  358.510399][ T3425] vhci_hcd: disconnect device
[  358.531881][T23783] loop6: detected capacity change from 0 to 164
[  358.550006][ T3386] usb 13-2: new full-speed USB device number 2 using vhci_hcd
[  358.557593][ T3386] usb 13-2: enqueue for inactive port 1
[  358.567024][T23783] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  358.578886][T23783] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  358.595444][ T3386] usb 13-2: enqueue for inactive port 1
[  358.613151][ T3386] usb 13-2: enqueue for inactive port 1
[  358.620795][T23783] rock: directory entry would overflow storage
[  358.627016][T23783] rock: sig=0x4f50, size=4, remaining=3
[  358.627272][T23788] siw: device registration error -23
[  358.632649][T23783] iso9660: Corrupted directory entry in block 4 of inode 1792
[  358.696623][T23807] loop6: detected capacity change from 0 to 2048
[  358.705173][T23808] syzkaller0: entered promiscuous mode
[  358.711668][T23808] syzkaller0: entered allmulticast mode
[  358.717508][ T3386] vhci_hcd: vhci_device speed not set
[  358.729634][T23807] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities
[  358.748787][T23820] netlink: 'syz.4.5686': attribute type 1 has an invalid length.
[  358.758746][T23807] xt_hashlimit: max too large, truncated to 1048576
[  358.809359][T23829] lo speed is unknown, defaulting to 1000
[  358.818613][T23829] lo speed is unknown, defaulting to 1000
[  358.880292][T23862] syzkaller1: entered promiscuous mode
[  358.886366][T23862] syzkaller1: entered allmulticast mode
[  358.918961][T23866] loop5: detected capacity change from 0 to 2048
[  358.923334][T23829] netlink: 'syz.6.5690': attribute type 13 has an invalid length.
[  358.954042][T23866] EXT4-fs (loop5): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  358.968845][T23866] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  358.984258][T23866] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  358.996645][T23866] EXT4-fs (loop5): This should not happen!! Data will be lost
[  358.996645][T23866] 
[  359.006494][T23866] EXT4-fs (loop5): Total free blocks count 0
[  359.012618][T23866] EXT4-fs (loop5): Free/Dirty block details
[  359.018551][T23866] EXT4-fs (loop5): free_blocks=2415919104
[  359.024510][T23866] EXT4-fs (loop5): dirty_blocks=16
[  359.029627][T23866] EXT4-fs (loop5): Block reservation details
[  359.035648][T23866] EXT4-fs (loop5): i_reserved_data_blocks=1
[  359.038750][T23884] FAULT_INJECTION: forcing a failure.
[  359.038750][T23884] name failslab, interval 1, probability 0, space 0, times 0
[  359.054989][T23884] CPU: 1 UID: 0 PID: 23884 Comm: syz.1.5698 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  359.055023][T23884] Tainted: [W]=WARN
[  359.055030][T23884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.055042][T23884] Call Trace:
[  359.055053][T23884]  <TASK>
[  359.055061][T23884]  __dump_stack+0x1d/0x30
[  359.055141][T23884]  dump_stack_lvl+0xe8/0x140
[  359.055161][T23884]  dump_stack+0x15/0x1b
[  359.055178][T23884]  should_fail_ex+0x265/0x280
[  359.055238][T23884]  should_failslab+0x8c/0xb0
[  359.055260][T23884]  __kmalloc_noprof+0xa5/0x3e0
[  359.055284][T23884]  ? sock_kmalloc+0x85/0xc0
[  359.055302][T23884]  ? __account_obj_stock+0x211/0x350
[  359.055345][T23884]  sock_kmalloc+0x85/0xc0
[  359.055365][T23884]  ____sys_sendmsg+0xf8/0x4e0
[  359.055399][T23884]  __sys_sendmsg_sock+0x28/0x40
[  359.055472][T23884]  io_sendmsg+0x163/0x4b0
[  359.055552][T23884]  __io_issue_sqe+0xfb/0x2e0
[  359.055576][T23884]  ? io_assign_file+0x159/0x200
[  359.055609][T23884]  io_issue_sqe+0x53/0x970
[  359.055636][T23884]  io_submit_sqes+0x667/0xfd0
[  359.055683][T23884]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  359.055710][T23884]  ? 0xffffffff81000000
[  359.055723][T23884]  ? __rcu_read_unlock+0x4f/0x70
[  359.055745][T23884]  ? get_pid_task+0x96/0xd0
[  359.055776][T23884]  ? proc_fail_nth_write+0x12d/0x160
[  359.055806][T23884]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  359.055835][T23884]  ? vfs_write+0x75e/0x8e0
[  359.055920][T23884]  ? __rcu_read_unlock+0x4f/0x70
[  359.055956][T23884]  ? __fget_files+0x184/0x1c0
[  359.055976][T23884]  ? fput+0x8f/0xc0
[  359.056000][T23884]  __x64_sys_io_uring_enter+0x78/0x90
[  359.056027][T23884]  x64_sys_call+0x28c8/0x2fb0
[  359.056048][T23884]  do_syscall_64+0xd2/0x200
[  359.056120][T23884]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  359.056144][T23884]  ? clear_bhb_loop+0x40/0x90
[  359.056208][T23884]  ? clear_bhb_loop+0x40/0x90
[  359.056230][T23884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.056257][T23884] RIP: 0033:0x7fc12ac1e9a9
[  359.056272][T23884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.056358][T23884] RSP: 002b:00007fc12927f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  359.056378][T23884] RAX: ffffffffffffffda RBX: 00007fc12ae45fa0 RCX: 00007fc12ac1e9a9
[  359.056389][T23884] RDX: 0000000000003ec0 RSI: 0000000000003516 RDI: 0000000000000005
[  359.056401][T23884] RBP: 00007fc12927f090 R08: 0000000000000000 R09: 0000000000000000
[  359.056433][T23884] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  359.056446][T23884] R13: 0000000000000000 R14: 00007fc12ae45fa0 R15: 00007fffbe332528
[  359.056466][T23884]  </TASK>
[  359.086555][T23878] __nla_validate_parse: 6 callbacks suppressed
[  359.086571][T23878] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5697'.
[  359.131260][T23875] siw: device registration error -23
[  359.253721][ T3425] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  359.416706][T23889] FAULT_INJECTION: forcing a failure.
[  359.416706][T23889] name failslab, interval 1, probability 0, space 0, times 0
[  359.429509][T23889] CPU: 0 UID: 0 PID: 23889 Comm: syz.1.5700 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  359.429542][T23889] Tainted: [W]=WARN
[  359.429606][T23889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.429617][T23889] Call Trace:
[  359.429624][T23889]  <TASK>
[  359.429633][T23889]  __dump_stack+0x1d/0x30
[  359.429654][T23889]  dump_stack_lvl+0xe8/0x140
[  359.429675][T23889]  dump_stack+0x15/0x1b
[  359.429692][T23889]  should_fail_ex+0x265/0x280
[  359.429778][T23889]  should_failslab+0x8c/0xb0
[  359.429801][T23889]  __kmalloc_noprof+0xa5/0x3e0
[  359.429822][T23889]  ? copy_splice_read+0xc2/0x5f0
[  359.429845][T23889]  copy_splice_read+0xc2/0x5f0
[  359.429910][T23889]  ? __pfx_shmem_file_splice_read+0x10/0x10
[  359.429933][T23889]  splice_direct_to_actor+0x290/0x680
[  359.429960][T23889]  ? __pfx_direct_splice_actor+0x10/0x10
[  359.430141][T23889]  do_splice_direct+0xda/0x150
[  359.430168][T23889]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  359.430246][T23889]  do_sendfile+0x380/0x650
[  359.430282][T23889]  __x64_sys_sendfile64+0x105/0x150
[  359.430379][T23889]  x64_sys_call+0xb39/0x2fb0
[  359.430472][T23889]  do_syscall_64+0xd2/0x200
[  359.430491][T23889]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  359.430513][T23889]  ? clear_bhb_loop+0x40/0x90
[  359.430587][T23889]  ? clear_bhb_loop+0x40/0x90
[  359.430606][T23889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.430624][T23889] RIP: 0033:0x7fc12ac1e9a9
[  359.430637][T23889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.430673][T23889] RSP: 002b:00007fc12927f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  359.430727][T23889] RAX: ffffffffffffffda RBX: 00007fc12ae45fa0 RCX: 00007fc12ac1e9a9
[  359.430740][T23889] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[  359.430759][T23889] RBP: 00007fc12927f090 R08: 0000000000000000 R09: 0000000000000000
[  359.430772][T23889] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001
[  359.430785][T23889] R13: 0000000000000000 R14: 00007fc12ae45fa0 R15: 00007fffbe332528
[  359.430804][T23889]  </TASK>
[  359.665652][T23800] Process accounting resumed
[  359.771885][T23905] netlink: 'syz.0.5704': attribute type 7 has an invalid length.
[  359.780372][T23905] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5704'.
[  359.801388][T23907] Cannot find del_set index 2 as target
[  359.959702][T23921] FAULT_INJECTION: forcing a failure.
[  359.959702][T23921] name failslab, interval 1, probability 0, space 0, times 0
[  359.972408][T23921] CPU: 1 UID: 0 PID: 23921 Comm: syz.4.5702 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  359.972500][T23921] Tainted: [W]=WARN
[  359.972507][T23921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.972518][T23921] Call Trace:
[  359.972526][T23921]  <TASK>
[  359.972534][T23921]  __dump_stack+0x1d/0x30
[  359.972631][T23921]  dump_stack_lvl+0xe8/0x140
[  359.972660][T23921]  dump_stack+0x15/0x1b
[  359.972676][T23921]  should_fail_ex+0x265/0x280
[  359.972707][T23921]  should_failslab+0x8c/0xb0
[  359.972738][T23921]  __kmalloc_noprof+0xa5/0x3e0
[  359.972815][T23921]  ? security_prepare_creds+0x52/0x120
[  359.972835][T23921]  security_prepare_creds+0x52/0x120
[  359.972854][T23921]  prepare_creds+0x34a/0x4c0
[  359.972941][T23921]  copy_creds+0x8f/0x3f0
[  359.972959][T23921]  copy_process+0x658/0x1f90
[  359.972999][T23921]  ? kstrtouint+0x76/0xc0
[  359.973028][T23921]  ? plist_check_list+0x1cf/0x210
[  359.973133][T23921]  ? __rcu_read_unlock+0x4f/0x70
[  359.973159][T23921]  kernel_clone+0x16c/0x5b0
[  359.973188][T23921]  __x64_sys_clone+0xe6/0x120
[  359.973216][T23921]  x64_sys_call+0x2c59/0x2fb0
[  359.973265][T23921]  do_syscall_64+0xd2/0x200
[  359.973283][T23921]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  359.973321][T23921]  ? clear_bhb_loop+0x40/0x90
[  359.973343][T23921]  ? clear_bhb_loop+0x40/0x90
[  359.973363][T23921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.973381][T23921] RIP: 0033:0x7efca024e9a9
[  359.973501][T23921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.973515][T23921] RSP: 002b:00007efc9e874fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  359.973531][T23921] RAX: ffffffffffffffda RBX: 00007efca0476160 RCX: 00007efca024e9a9
[  359.973543][T23921] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000025000
[  359.973625][T23921] RBP: 00007efc9e875090 R08: 0000000000000000 R09: 0000000000000000
[  359.973636][T23921] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  359.973646][T23921] R13: 0000000000000000 R14: 00007efca0476160 R15: 00007ffe533b6c08
[  359.973666][T23921]  </TASK>
[  360.210173][T23916] lo speed is unknown, defaulting to 1000
[  360.218715][T23916] lo speed is unknown, defaulting to 1000
[  360.317435][T23916] netlink: 'syz.1.5707': attribute type 13 has an invalid length.
[  360.559522][T23976] macsec1: entered allmulticast mode
[  360.564966][T23976] ip6gretap0: entered allmulticast mode
[  360.610506][T23976] ip6gretap0: left allmulticast mode
[  360.974837][T23984] syzkaller0: entered promiscuous mode
[  360.980347][T23984] syzkaller0: entered allmulticast mode
[  361.152961][T24001] loop5: detected capacity change from 0 to 764
[  361.242973][T24001] rock: directory entry would overflow storage
[  361.249172][T24001] rock: sig=0x4654, size=5, remaining=4
[  361.282482][T24001] random: crng reseeded on system resumption
[  361.302908][T24013] FAULT_INJECTION: forcing a failure.
[  361.302908][T24013] name failslab, interval 1, probability 0, space 0, times 0
[  361.315743][T24013] CPU: 1 UID: 0 PID: 24013 Comm: syz.6.5719 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  361.315774][T24013] Tainted: [W]=WARN
[  361.315782][T24013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  361.315794][T24013] Call Trace:
[  361.315801][T24013]  <TASK>
[  361.315809][T24013]  __dump_stack+0x1d/0x30
[  361.315831][T24013]  dump_stack_lvl+0xe8/0x140
[  361.315885][T24013]  dump_stack+0x15/0x1b
[  361.315911][T24013]  should_fail_ex+0x265/0x280
[  361.315937][T24013]  should_failslab+0x8c/0xb0
[  361.315956][T24013]  kmem_cache_alloc_node_noprof+0x57/0x320
[  361.315983][T24013]  ? __alloc_skb+0x101/0x320
[  361.316044][T24013]  __alloc_skb+0x101/0x320
[  361.316066][T24013]  netlink_ack+0xfd/0x500
[  361.316091][T24013]  ? __pfx_ethnl_set_features+0x10/0x10
[  361.316171][T24013]  netlink_rcv_skb+0x192/0x220
[  361.316199][T24013]  ? __pfx_genl_rcv_msg+0x10/0x10
[  361.316290][T24013]  genl_rcv+0x28/0x40
[  361.316312][T24013]  netlink_unicast+0x5a8/0x680
[  361.316450][T24013]  netlink_sendmsg+0x58b/0x6b0
[  361.316469][T24013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  361.316549][T24013]  __sock_sendmsg+0x145/0x180
[  361.316594][T24013]  ____sys_sendmsg+0x31e/0x4e0
[  361.316626][T24013]  ___sys_sendmsg+0x17b/0x1d0
[  361.316691][T24013]  __x64_sys_sendmsg+0xd4/0x160
[  361.316721][T24013]  x64_sys_call+0x2999/0x2fb0
[  361.316752][T24013]  do_syscall_64+0xd2/0x200
[  361.316814][T24013]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  361.316840][T24013]  ? clear_bhb_loop+0x40/0x90
[  361.316865][T24013]  ? clear_bhb_loop+0x40/0x90
[  361.316920][T24013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.316939][T24013] RIP: 0033:0x7f108041e9a9
[  361.316954][T24013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  361.316970][T24013] RSP: 002b:00007f107ea7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  361.316989][T24013] RAX: ffffffffffffffda RBX: 00007f1080645fa0 RCX: 00007f108041e9a9
[  361.317001][T24013] RDX: 000000000004a0c8 RSI: 0000200000001980 RDI: 0000000000000004
[  361.317013][T24013] RBP: 00007f107ea7f090 R08: 0000000000000000 R09: 0000000000000000
[  361.317082][T24013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  361.317095][T24013] R13: 0000000000000000 R14: 00007f1080645fa0 R15: 00007ffd658017b8
[  361.317115][T24013]  </TASK>
[  361.584390][T24001] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5715'.
[  361.625110][T24016] lo speed is unknown, defaulting to 1000
[  361.632313][T24022] loop6: detected capacity change from 0 to 128
[  361.641299][T24016] lo speed is unknown, defaulting to 1000
[  361.655752][T24022] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  361.681020][T24026] netlink: 'syz.4.5721': attribute type 13 has an invalid length.
[  361.720465][T24019] lo speed is unknown, defaulting to 1000
[  361.728757][T24019] lo speed is unknown, defaulting to 1000
[  361.953137][T24058] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5723'.
[  361.983317][   T29] kauditd_printk_skb: 167 callbacks suppressed
[  361.983332][   T29] audit: type=1400 audit(891.675:41029): avc:  denied  { create } for  pid=24076 comm="syz.5.5724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  362.012423][T18817] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  362.026851][   T29] audit: type=1400 audit(891.675:41030): avc:  denied  { write } for  pid=24076 comm="syz.5.5724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  362.046708][   T29] audit: type=1400 audit(891.686:41031): avc:  denied  { ioctl } for  pid=24076 comm="syz.5.5724" path="socket:[66749]" dev="sockfs" ino=66749 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  362.071162][   T29] audit: type=1400 audit(891.707:41032): avc:  denied  { setopt } for  pid=24081 comm="syz.1.5722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  362.103753][T24099] FAULT_INJECTION: forcing a failure.
[  362.103753][T24099] name failslab, interval 1, probability 0, space 0, times 0
[  362.116562][T24099] CPU: 0 UID: 0 PID: 24099 Comm: syz.1.5727 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  362.116607][T24099] Tainted: [W]=WARN
[  362.116613][T24099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  362.116623][T24099] Call Trace:
[  362.116630][T24099]  <TASK>
[  362.116638][T24099]  __dump_stack+0x1d/0x30
[  362.116660][T24099]  dump_stack_lvl+0xe8/0x140
[  362.116679][T24099]  dump_stack+0x15/0x1b
[  362.116774][T24099]  should_fail_ex+0x265/0x280
[  362.116803][T24099]  should_failslab+0x8c/0xb0
[  362.116824][T24099]  kmem_cache_alloc_node_noprof+0x57/0x320
[  362.116849][T24099]  ? __alloc_skb+0x101/0x320
[  362.116887][T24099]  ? fixup_exception+0x72e/0xd00
[  362.116905][T24099]  __alloc_skb+0x101/0x320
[  362.116987][T24099]  tipc_msg_build+0xbe/0x840
[  362.117053][T24099]  ? kernelmode_fixup_or_oops+0x59/0xb0
[  362.117083][T24099]  ? __rcu_read_unlock+0x4f/0x70
[  362.117105][T24099]  __tipc_sendmsg+0x140f/0x1b00
[  362.117127][T24099]  ? selinux_socket_sendmsg+0x175/0x1b0
[  362.117173][T24099]  ? __pfx_woken_wake_function+0x10/0x10
[  362.117193][T24099]  ? lock_sock_nested+0x112/0x140
[  362.117266][T24099]  tipc_sendmsg+0x3e/0x60
[  362.117288][T24099]  ? __pfx_tipc_sendmsg+0x10/0x10
[  362.117325][T24099]  __sock_sendmsg+0x145/0x180
[  362.117364][T24099]  ____sys_sendmsg+0x31e/0x4e0
[  362.117397][T24099]  ___sys_sendmsg+0x17b/0x1d0
[  362.117438][T24099]  __x64_sys_sendmsg+0xd4/0x160
[  362.117497][T24099]  x64_sys_call+0x2999/0x2fb0
[  362.117517][T24099]  do_syscall_64+0xd2/0x200
[  362.117536][T24099]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  362.117559][T24099]  ? clear_bhb_loop+0x40/0x90
[  362.117608][T24099]  ? clear_bhb_loop+0x40/0x90
[  362.117626][T24099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.117704][T24099] RIP: 0033:0x7fc12ac1e9a9
[  362.117720][T24099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  362.117738][T24099] RSP: 002b:00007fc12927f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  362.117764][T24099] RAX: ffffffffffffffda RBX: 00007fc12ae45fa0 RCX: 00007fc12ac1e9a9
[  362.117777][T24099] RDX: 0000000000000840 RSI: 0000200000000200 RDI: 0000000000000003
[  362.117789][T24099] RBP: 00007fc12927f090 R08: 0000000000000000 R09: 0000000000000000
[  362.117801][T24099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  362.117814][T24099] R13: 0000000000000000 R14: 00007fc12ae45fa0 R15: 00007fffbe332528
[  362.117841][T24099]  </TASK>
[  362.135966][   T29] audit: type=1326 audit(891.825:41033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24100 comm="syz.4.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efca0245967 code=0x7ffc0000
[  362.249879][T24105] audit: audit_backlog=65 > audit_backlog_limit=64
[  362.251336][   T29] audit: type=1326 audit(891.857:41034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24100 comm="syz.4.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efca01eab89 code=0x7ffc0000
[  362.255644][T24105] audit: audit_lost=11 audit_rate_limit=0 audit_backlog_limit=64
[  362.261134][   T29] audit: type=1326 audit(891.857:41035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24100 comm="syz.4.5728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efca0245967 code=0x7ffc0000
[  362.265168][T24105] audit: backlog limit exceeded
[  362.464862][T24111] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5730'.
[  362.474454][T24111] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5730'.
[  362.476672][T24105] ������: renamed from vlan1
[  362.505836][T24118] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24118 comm=syz.5.5731
[  362.538398][T24113] netlink: 'syz.1.5729': attribute type 1 has an invalid length.
[  362.546175][T24113] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5729'.
[  362.563424][T24118] syzkaller0: entered promiscuous mode
[  362.569084][T24118] syzkaller0: entered allmulticast mode
[  362.580064][T24118] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5731'.
[  362.618054][T24133] lo speed is unknown, defaulting to 1000
[  362.624878][T24133] lo speed is unknown, defaulting to 1000
[  362.661259][T24150] netlink: 'syz.4.5733': attribute type 1 has an invalid length.
[  362.669031][T24150] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5733'.
[  362.792513][T24168] loop7: detected capacity change from 0 to 7
[  362.798883][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  362.808029][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  362.815971][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  362.825152][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  362.833153][T24168]  loop7: unable to read partition table
[  362.840615][T24168] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  363.110166][T24202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5746'.
[  363.278140][T24218] team_slave_0 (unregistering): left promiscuous mode
[  363.284997][T24218] team_slave_0 (unregistering): left allmulticast mode
[  363.298968][T24218] team0: Port device team_slave_0 removed
[  363.373961][T24230] tmpfs: Bad value for 'mpol'
[  363.436915][T24237] can0: slcan on ttyS3.
[  363.554245][T24237] can0 (unregistered): slcan off ttyS3.
[  363.608335][T24252] loop6: detected capacity change from 0 to 2048
[  363.649963][T24254] lo speed is unknown, defaulting to 1000
[  363.656290][T24254] lo speed is unknown, defaulting to 1000
[  363.744528][T24252] EXT4-fs (loop6): failed to initialize system zone (-117)
[  363.775629][T24252] EXT4-fs (loop6): mount failed
[  363.835212][T24282] bond0: (slave bond_slave_0): Releasing backup interface
[  363.844611][T24282] bond0: (slave bond_slave_1): Releasing backup interface
[  363.860538][T24282] team_slave_0: left promiscuous mode
[  363.866075][T24282] team_slave_0: left allmulticast mode
[  363.903106][T24282] team0: Port device team_slave_0 removed
[  363.924576][T24282] team_slave_1: left promiscuous mode
[  363.931024][T24282] team_slave_1: left allmulticast mode
[  363.970392][T24282] team0: Port device team_slave_1 removed
[  363.991512][T24282] batman_adv: batadv0: Removing interface: batadv_slave_0
[  364.020958][T24282] batman_adv: batadv0: Removing interface: batadv_slave_1
[  364.131457][T24294] loop5: detected capacity change from 0 to 1024
[  364.138189][T24294] EXT4-fs: Ignoring removed mblk_io_submit option
[  364.154556][T24294] EXT4-fs (loop5): can't mount with data_err=abort, fs mounted w/o journal
[  364.190515][T24306] FAULT_INJECTION: forcing a failure.
[  364.190515][T24306] name failslab, interval 1, probability 0, space 0, times 0
[  364.203224][T24306] CPU: 1 UID: 0 PID: 24306 Comm: syz.4.5767 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  364.203328][T24306] Tainted: [W]=WARN
[  364.203335][T24306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  364.203353][T24306] Call Trace:
[  364.203474][T24306]  <TASK>
[  364.203483][T24306]  __dump_stack+0x1d/0x30
[  364.203509][T24306]  dump_stack_lvl+0xe8/0x140
[  364.203527][T24306]  dump_stack+0x15/0x1b
[  364.203545][T24306]  should_fail_ex+0x265/0x280
[  364.203574][T24306]  should_failslab+0x8c/0xb0
[  364.203594][T24306]  __kmalloc_noprof+0xa5/0x3e0
[  364.203616][T24306]  ? sock_kmalloc+0x85/0xc0
[  364.203665][T24306]  ? __account_obj_stock+0x211/0x350
[  364.203685][T24306]  sock_kmalloc+0x85/0xc0
[  364.203703][T24306]  ____sys_sendmsg+0xf8/0x4e0
[  364.203746][T24306]  __sys_sendmsg_sock+0x28/0x40
[  364.203774][T24306]  io_sendmsg+0x163/0x4b0
[  364.203803][T24306]  __io_issue_sqe+0xfb/0x2e0
[  364.203980][T24306]  ? io_assign_file+0x159/0x200
[  364.204005][T24306]  io_issue_sqe+0x53/0x970
[  364.204027][T24306]  io_submit_sqes+0x667/0xfd0
[  364.204064][T24306]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  364.204090][T24306]  ? 0xffffffff81000000
[  364.204101][T24306]  ? __rcu_read_unlock+0x4f/0x70
[  364.204127][T24306]  ? get_pid_task+0x96/0xd0
[  364.204147][T24306]  ? proc_fail_nth_write+0x12d/0x160
[  364.204213][T24306]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  364.204241][T24306]  ? vfs_write+0x75e/0x8e0
[  364.204267][T24306]  ? __rcu_read_unlock+0x4f/0x70
[  364.204285][T24306]  ? __fget_files+0x184/0x1c0
[  364.204304][T24306]  ? fput+0x8f/0xc0
[  364.204327][T24306]  __x64_sys_io_uring_enter+0x78/0x90
[  364.204417][T24306]  x64_sys_call+0x28c8/0x2fb0
[  364.204439][T24306]  do_syscall_64+0xd2/0x200
[  364.204487][T24306]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  364.204536][T24306]  ? clear_bhb_loop+0x40/0x90
[  364.204558][T24306]  ? clear_bhb_loop+0x40/0x90
[  364.204580][T24306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.204674][T24306] RIP: 0033:0x7efca024e9a9
[  364.204688][T24306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.204704][T24306] RSP: 002b:00007efc9e8b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  364.204793][T24306] RAX: ffffffffffffffda RBX: 00007efca0475fa0 RCX: 00007efca024e9a9
[  364.204806][T24306] RDX: 0000000000003ec0 RSI: 0000000000003516 RDI: 0000000000000005
[  364.204817][T24306] RBP: 00007efc9e8b7090 R08: 0000000000000000 R09: 0000000000000000
[  364.204898][T24306] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  364.204909][T24306] R13: 0000000000000000 R14: 00007efca0475fa0 R15: 00007ffe533b6c08
[  364.204926][T24306]  </TASK>
[  364.480716][T24308] loop5: detected capacity change from 0 to 2048
[  364.487525][T24308] EXT4-fs: Ignoring removed mblk_io_submit option
[  364.523501][T24308] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  364.541308][T24308] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  364.567148][T24315] lo speed is unknown, defaulting to 1000
[  364.575912][T24315] lo speed is unknown, defaulting to 1000
[  364.614555][T15027] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.679890][T24353] lo speed is unknown, defaulting to 1000
[  364.687033][T24353] lo speed is unknown, defaulting to 1000
[  364.710383][T24359] lo speed is unknown, defaulting to 1000
[  364.727337][T24315] netlink: 'syz.0.5771': attribute type 13 has an invalid length.
[  364.743114][T24386] loop5: detected capacity change from 0 to 128
[  364.756752][T24388] netlink: 'syz.1.5773': attribute type 13 has an invalid length.
[  364.773267][T24359] lo speed is unknown, defaulting to 1000
[  364.812745][T24386] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  364.833900][T24385] lo speed is unknown, defaulting to 1000
[  364.839972][T24385] lo speed is unknown, defaulting to 1000
[  364.958761][T24443] xt_policy: neither incoming nor outgoing policy selected
[  364.973574][T24443] wg0: entered allmulticast mode
[  365.011906][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  365.502039][T24464] FAULT_INJECTION: forcing a failure.
[  365.502039][T24464] name failslab, interval 1, probability 0, space 0, times 0
[  365.515351][T24464] CPU: 1 UID: 0 PID: 24464 Comm: syz.4.5781 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  365.515385][T24464] Tainted: [W]=WARN
[  365.515392][T24464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  365.515467][T24464] Call Trace:
[  365.515475][T24464]  <TASK>
[  365.515483][T24464]  __dump_stack+0x1d/0x30
[  365.515504][T24464]  dump_stack_lvl+0xe8/0x140
[  365.515524][T24464]  dump_stack+0x15/0x1b
[  365.515542][T24464]  should_fail_ex+0x265/0x280
[  365.515592][T24464]  should_failslab+0x8c/0xb0
[  365.515615][T24464]  __kmalloc_noprof+0xa5/0x3e0
[  365.515639][T24464]  ? sk_prot_alloc+0xa8/0x190
[  365.515705][T24464]  sk_prot_alloc+0xa8/0x190
[  365.515735][T24464]  sk_alloc+0x34/0x360
[  365.515762][T24464]  ? __pfx_genl_release+0x10/0x10
[  365.515833][T24464]  ? __pfx_genl_release+0x10/0x10
[  365.515852][T24464]  netlink_create+0x32a/0x460
[  365.515869][T24464]  ? __pfx_genl_unbind+0x10/0x10
[  365.515907][T24464]  ? __pfx_genl_bind+0x10/0x10
[  365.515931][T24464]  __sock_create+0x2ec/0x5b0
[  365.515958][T24464]  __sys_socket+0xb0/0x180
[  365.515983][T24464]  __x64_sys_socket+0x3f/0x50
[  365.516110][T24464]  x64_sys_call+0x285a/0x2fb0
[  365.516127][T24464]  do_syscall_64+0xd2/0x200
[  365.516170][T24464]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  365.516196][T24464]  ? clear_bhb_loop+0x40/0x90
[  365.516270][T24464]  ? clear_bhb_loop+0x40/0x90
[  365.516287][T24464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.516307][T24464] RIP: 0033:0x7efca02508c7
[  365.516329][T24464] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.516343][T24464] RSP: 002b:00007efc9e8b5fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[  365.516360][T24464] RAX: ffffffffffffffda RBX: 00007efca0475fa0 RCX: 00007efca02508c7
[  365.516424][T24464] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  365.516435][T24464] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[  365.516498][T24464] R10: 00002000000003c0 R11: 0000000000000286 R12: 0000000000000001
[  365.516511][T24464] R13: 0000000000000000 R14: 00007efca0475fa0 R15: 00007ffe533b6c08
[  365.516531][T24464]  </TASK>
[  365.851454][T24469] hub 6-0:1.0: USB hub found
[  365.860437][T24469] hub 6-0:1.0: 8 ports detected
[  365.963891][T24488] lo speed is unknown, defaulting to 1000
[  365.981593][T24488] lo speed is unknown, defaulting to 1000
[  366.206937][T24525] 9pnet_fd: Insufficient options for proto=fd
[  366.277235][T24529] lo speed is unknown, defaulting to 1000
[  366.283348][T24529] lo speed is unknown, defaulting to 1000
[  366.305774][T24533] loop6: detected capacity change from 0 to 164
[  366.313135][T24533] Unable to read rock-ridge attributes
[  366.320553][T24533] Unable to read rock-ridge attributes
[  366.332441][T24533] netlink: 'syz.6.5793': attribute type 1 has an invalid length.
[  366.340201][T24533] __nla_validate_parse: 3 callbacks suppressed
[  366.340267][T24533] netlink: 224 bytes leftover after parsing attributes in process `syz.6.5793'.
[  366.365252][T24555] bridge0: entered allmulticast mode
[  366.404546][T24561] loop5: detected capacity change from 0 to 512
[  366.411667][T24561] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  366.425533][T24561] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  366.796894][   T29] kauditd_printk_skb: 350 callbacks suppressed
[  366.796908][   T29] audit: type=1400 audit(896.836:41386): avc:  denied  { mounton } for  pid=24591 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  366.824927][T24586] lo speed is unknown, defaulting to 1000
[  366.841714][T24586] lo speed is unknown, defaulting to 1000
[  366.862110][T15027] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.907658][T24610] loop5: detected capacity change from 0 to 128
[  366.939335][T24610] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  366.986329][   T29] audit: type=1400 audit(897.050:41387): avc:  denied  { append } for  pid=24609 comm="syz.5.5806" path="/329/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/cpu.stat" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  367.054335][   T29] audit: type=1400 audit(897.050:41388): avc:  denied  { ioctl } for  pid=24609 comm="syz.5.5806" path="/329/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/cpu.stat" dev="loop5" ino=12 ioctlcmd=0x583b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  367.137840][   T29] audit: type=1326 audit(897.211:41389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24620 comm="syz.1.5805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  367.160973][   T29] audit: type=1326 audit(897.211:41390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24620 comm="syz.1.5805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  367.186557][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  367.198965][   T29] audit: type=1326 audit(897.276:41391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24620 comm="syz.1.5805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  367.238961][T24624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5805'.
[  367.248074][T24624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5805'.
[  367.260636][   T29] audit: type=1326 audit(897.308:41392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24620 comm="syz.1.5805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  367.283902][   T29] audit: type=1326 audit(897.308:41393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24620 comm="syz.1.5805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  367.306996][   T29] audit: type=1326 audit(897.308:41394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24620 comm="syz.1.5805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  367.330007][   T29] audit: type=1326 audit(897.308:41395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24620 comm="syz.1.5805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12ac1e9a9 code=0x7ffc0000
[  367.511687][T24655] syz_tun: entered allmulticast mode
[  367.520438][T24655] syz_tun: left allmulticast mode
[  367.526933][T24591] lo speed is unknown, defaulting to 1000
[  367.532713][T24655] netlink: 'syz.5.5814': attribute type 3 has an invalid length.
[  367.547483][T24591] lo speed is unknown, defaulting to 1000
[  367.630349][T24591] chnl_net:caif_netlink_parms(): no params data found
[  367.828839][T24779] loop5: detected capacity change from 0 to 512
[  367.842532][T24779] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.5819: Failed to acquire dquot type 1
[  367.854668][T24779] EXT4-fs (loop5): 1 truncate cleaned up
[  367.861480][T24779] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  367.878079][T24779] EXT4-fs error (device loop5): ext4_lookup:1791: inode #2: comm syz.5.5819: deleted inode referenced: 12
[  367.898868][T15027] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.933208][   T12] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[  367.944138][   T12] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[  367.953762][   T12] 
 (unregistering): (slave dummy0): Releasing backup interface
[  367.972649][   T12] 
 (unregistering): Released all slaves
[  368.033411][T24591] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.040755][T24591] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.051671][T24789] siw: device registration error -23
[  368.057243][T24591] bridge_slave_0: entered allmulticast mode
[  368.069948][T24591] bridge_slave_0: entered promiscuous mode
[  368.090448][   T12] tipc: Disabling bearer <eth:team0>
[  368.096166][   T12] tipc: Left network mode
[  368.100754][T24591] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.108557][T24591] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.115899][T24591] bridge_slave_1: entered allmulticast mode
[  368.130060][T24591] bridge_slave_1: entered promiscuous mode
[  368.170162][   T12] hsr_slave_0: left promiscuous mode
[  368.176024][   T12] hsr_slave_1: left promiscuous mode
[  368.239332][   T12] team0 (unregistering): Port device team_slave_1 removed
[  368.252369][   T12] team0 (unregistering): Port device team_slave_0 removed
[  368.309681][T24591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.347857][T24591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.416510][T24909] loop6: detected capacity change from 0 to 128
[  368.426268][T24879] lo speed is unknown, defaulting to 1000
[  368.441943][T24591] team0: Port device team_slave_0 added
[  368.458362][T24591] team0: Port device team_slave_1 added
[  368.468205][T24909] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  368.510593][T24591] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.517671][T24591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.543802][T24591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.568285][T24879] lo speed is unknown, defaulting to 1000
[  368.585731][T24591] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.592819][T24591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.619682][T24591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.682715][T24591] hsr_slave_0: entered promiscuous mode
[  368.688811][T24591] hsr_slave_1: entered promiscuous mode
[  368.695210][T24591] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  368.703975][T24591] Cannot create hsr debugfs directory
[  368.734986][T18817] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  368.951818][T25069] lo speed is unknown, defaulting to 1000
[  368.965834][T25069] lo speed is unknown, defaulting to 1000
[  368.986441][T25077] loop5: detected capacity change from 0 to 128
[  369.056944][T25077] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  369.074610][T25102] netlink: 48 bytes leftover after parsing attributes in process `wޣ�'.
[  369.138418][T25106] lo speed is unknown, defaulting to 1000
[  369.144664][T25106] lo speed is unknown, defaulting to 1000
[  369.194085][T25108] loop6: detected capacity change from 0 to 128
[  369.206948][T25108] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  369.283142][T24591] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  369.295156][T24591] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  369.314568][T24591] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  369.335564][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  369.353008][T24591] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  369.405941][T25170] lo speed is unknown, defaulting to 1000
[  369.414770][T18817] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  369.422052][T25170] lo speed is unknown, defaulting to 1000
[  369.445382][T25180] loop5: detected capacity change from 0 to 128
[  369.448118][T24591] 8021q: adding VLAN 0 to HW filter on device bond0
[  369.466142][T25188] netlink: 'syz.1.5838': attribute type 1 has an invalid length.
[  369.468836][T24591] 8021q: adding VLAN 0 to HW filter on device team0
[  369.474009][T25188] netlink: 224 bytes leftover after parsing attributes in process `syz.1.5838'.
[  369.499162][ T3444] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.506328][ T3444] bridge0: port 1(bridge_slave_0) entered forwarding state
[  369.521839][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.528971][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  369.538606][T25180] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  369.581987][T24591] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  369.592394][T24591] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  369.716375][T24591] 8021q: adding VLAN 0 to HW filter on device batadv0
[  369.796110][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  369.861030][T24591] veth0_vlan: entered promiscuous mode
[  369.877224][T24591] veth1_vlan: entered promiscuous mode
[  369.916535][T24591] veth0_macvtap: entered promiscuous mode
[  369.923993][T24591] veth1_macvtap: entered promiscuous mode
[  369.935777][T24591] batman_adv: batadv0: Interface activated: batadv_slave_0
[  369.969353][T24591] batman_adv: batadv0: Interface activated: batadv_slave_1
[  369.990720][T24591] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.999620][T24591] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  370.008509][T24591] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  370.017294][T24591] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  370.052126][T25254] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=25254 comm=syz.0.5848
[  370.064798][T25254] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=25254 comm=syz.0.5848
[  370.131671][T25257] lo speed is unknown, defaulting to 1000
[  370.138518][T25257] lo speed is unknown, defaulting to 1000
[  370.485669][T25321] netlink: 'syz.4.5854': attribute type 1 has an invalid length.
[  370.492513][T25318] lo speed is unknown, defaulting to 1000
[  370.494108][T25321] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5854'.
[  370.500130][T25318] lo speed is unknown, defaulting to 1000
[  370.520899][T25328] loop5: detected capacity change from 0 to 128
[  370.550240][T25328] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  370.596733][T25301] lo speed is unknown, defaulting to 1000
[  370.617123][T25354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5859'.
[  370.628099][T25301] lo speed is unknown, defaulting to 1000
[  370.734726][T25301] chnl_net:caif_netlink_parms(): no params data found
[  370.756979][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  370.795173][ T1576] geneve1 (unregistering): left promiscuous mode
[  370.801720][ T1576] geneve1 (unregistering): left allmulticast mode
[  370.813034][ T1576] team0: Port device geneve1 removed
[  370.825888][T25489] loop6: detected capacity change from 0 to 512
[  370.834198][T25489] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  370.847306][T25489] FAT-fs (loop6): FAT read failed (blocknr 1568)
[  370.956660][ T1576] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.968205][ T1576] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.978057][ T1576] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  370.987274][ T1576] bond0 (unregistering): Released all slaves
[  371.057689][T25551] netlink: 'syz.5.5866': attribute type 13 has an invalid length.
[  371.076706][ T1576] hsr_slave_1: left promiscuous mode
[  371.086747][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.102032][ T1576] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.138731][ T1576] team_slave_1 (unregistering): left promiscuous mode
[  371.145598][ T1576] team_slave_1 (unregistering): left allmulticast mode
[  371.153914][ T1576] team0 (unregistering): Port device team_slave_1 removed
[  371.163310][T25504] FAT-fs (loop6): FAT read failed (blocknr 1568)
[  371.228859][T25301] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.236282][T25301] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.248441][T25301] bridge_slave_0: entered allmulticast mode
[  371.255273][T25301] bridge_slave_0: entered promiscuous mode
[  371.273209][T25503] lo speed is unknown, defaulting to 1000
[  371.287903][T25301] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.295015][T25301] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.307727][T25301] bridge_slave_1: entered allmulticast mode
[  371.314469][T25301] bridge_slave_1: entered promiscuous mode
[  371.433730][T25301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  371.457315][T25589] lo speed is unknown, defaulting to 1000
[  371.465264][T25301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  371.614044][T25301] team0: Port device team_slave_0 added
[  371.627869][T25301] team0: Port device team_slave_1 added
[  371.675640][T25301] batman_adv: batadv0: Adding interface: batadv_slave_0
[  371.682745][T25301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.685325][   T29] kauditd_printk_skb: 325 callbacks suppressed
[  371.685339][   T29] audit: type=1400 audit(902.093:41719): avc:  denied  { mounton } for  pid=25711 comm="syz.6.5873" path="/syzcgroup/cpu/syz6/cgroup.procs" dev="cgroup" ino=690 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  371.708951][T25301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  371.710471][T25301] batman_adv: batadv0: Adding interface: batadv_slave_1
[  371.757608][T25301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.783756][T25301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  371.810970][T25301] hsr_slave_0: entered promiscuous mode
[  371.816798][T25744] loop6: detected capacity change from 0 to 512
[  371.819833][T25744] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  371.836257][T25301] hsr_slave_1: entered promiscuous mode
[  371.857511][T25301] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  371.865494][T25301] Cannot create hsr debugfs directory
[  371.887493][T25748] vhci_hcd: invalid port number 224
[  371.916375][   T29] audit: type=1400 audit(902.307:41720): avc:  denied  { setopt } for  pid=25747 comm="syz.5.5874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  371.936134][   T29] audit: type=1400 audit(902.307:41721): avc:  denied  { bind } for  pid=25747 comm="syz.5.5874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  371.955131][   T29] audit: type=1400 audit(902.307:41722): avc:  denied  { name_bind } for  pid=25747 comm="syz.5.5874" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  371.976237][   T29] audit: type=1400 audit(902.307:41723): avc:  denied  { node_bind } for  pid=25747 comm="syz.5.5874" saddr=fe80::aa src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  372.056065][T25817] netlink: 'syz.4.5875': attribute type 3 has an invalid length.
[  372.100511][T25823] siw: device registration error -23
[  372.214682][   T29] audit: type=1400 audit(902.662:41724): avc:  denied  { execute } for  pid=25828 comm="syz.1.5879" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=68335 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  372.241768][   T29] audit: type=1400 audit(902.662:41725): avc:  denied  { bind } for  pid=25828 comm="syz.1.5879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  372.261466][   T29] audit: type=1400 audit(902.662:41726): avc:  denied  { listen } for  pid=25828 comm="syz.1.5879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  372.263889][ T3386] hid-generic 0004:0006:020A.0023: unknown main item tag 0x4
[  372.289195][ T3386] hid-generic 0004:0006:020A.0023: item fetching failed at offset 5/6
[  372.300101][ T3386] hid-generic 0004:0006:020A.0023: probe with driver hid-generic failed with error -22
[  372.398693][T25301] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  372.407727][T25301] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  372.416514][T25301] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  372.425295][T25301] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  372.470654][T18817] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.480137][T25301] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.494958][T25301] 8021q: adding VLAN 0 to HW filter on device team0
[  372.510873][   T29] audit: type=1326 audit(902.973:41727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25870 comm="syz.6.5882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  372.514475][  T152] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.533994][   T29] audit: type=1326 audit(902.973:41728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25870 comm="syz.6.5882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f108041e9a9 code=0x7ffc0000
[  372.541052][  T152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.569172][  T152] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.578639][  T152] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.598098][T25301] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  372.608712][T25301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  372.672526][T25880] lo speed is unknown, defaulting to 1000
[  372.705123][T25904] loop5: detected capacity change from 0 to 128
[  372.714163][T25301] 8021q: adding VLAN 0 to HW filter on device batadv0
[  372.719053][T25904] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  372.740569][T25911] netlink: 'syz.6.5884': attribute type 13 has an invalid length.
[  372.752373][T25877] lo speed is unknown, defaulting to 1000
[  372.808329][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  372.921884][T25301] veth0_vlan: entered promiscuous mode
[  372.959933][T25301] veth1_vlan: entered promiscuous mode
[  372.998449][T25301] veth0_macvtap: entered promiscuous mode
[  373.018520][T25301] veth1_macvtap: entered promiscuous mode
[  373.034703][T25301] batman_adv: batadv0: Interface activated: batadv_slave_0
[  373.052711][T25301] batman_adv: batadv0: Interface activated: batadv_slave_1
[  373.064159][T25301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  373.073576][T25301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  373.082407][T25301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  373.091195][T25301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  373.118517][T25956] vhci_hcd: default hub control req: a101 v0000 i0000 l0
[  373.260616][T25967] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14)
[  373.267319][T25967] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  373.275572][T25967] vhci_hcd vhci_hcd.0: Device attached
[  373.533317][T25971] loop6: detected capacity change from 0 to 2048
[  373.583462][T25971]  loop6: p1 < > p4
[  373.588011][T25971] loop6: p4 size 8388608 extends beyond EOD, truncated
[  373.715932][T25992] lo speed is unknown, defaulting to 1000
[  373.753353][T26015] loop5: detected capacity change from 0 to 128
[  373.764059][T26015] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  373.849302][T15027] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  373.964822][T25968] vhci_hcd: connection closed
[  373.969013][   T12] vhci_hcd: stop threads
[  373.978130][   T12] vhci_hcd: release socket
[  373.982554][   T12] vhci_hcd: disconnect device
[  374.524249][T26040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5901'.
[  374.696212][T26059] netlink: 'syz.5.5907': attribute type 15 has an invalid length.
[  374.704760][T26059] netlink: 'syz.5.5907': attribute type 7 has an invalid length.
[  374.723120][T26059] loop5: detected capacity change from 0 to 2048
[  374.740809][T26059] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  374.794259][T26059] loop5: detected capacity change from 2048 to 0
[  374.801281][T26059] bio_check_eod: 3 callbacks suppressed
[  374.801293][T26059] syz.5.5907: attempt to access beyond end of device
[  374.801293][T26059] loop5: rw=524288, sector=16, nr_sectors = 4 limit=0
[  374.823759][T26059] syz.5.5907: attempt to access beyond end of device
[  374.823759][T26059] loop5: rw=524288, sector=20, nr_sectors = 4 limit=0
[  374.849901][T26059] syz.5.5907: attempt to access beyond end of device
[  374.849901][T26059] loop5: rw=524288, sector=28, nr_sectors = 4 limit=0
[  374.865195][T26059] syz.5.5907: attempt to access beyond end of device
[  374.865195][T26059] loop5: rw=524288, sector=32, nr_sectors = 4 limit=0
[  374.887382][T26059] syz.5.5907: attempt to access beyond end of device
[  374.887382][T26059] loop5: rw=12288, sector=24, nr_sectors = 4 limit=0
[  374.901712][T26059] EXT4-fs error (device loop5): ext4_get_inode_loc:4930: inode #18: block 6: comm syz.5.5907: unable to read itable block
[  374.915290][T26059] syz.5.5907: attempt to access beyond end of device
[  374.915290][T26059] loop5: rw=145409, sector=0, nr_sectors = 4 limit=0
[  374.928582][T26059] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  374.934661][T25907] ext4lazyinit: attempt to access beyond end of device
[  374.934661][T25907] loop5: rw=536576, sector=8, nr_sectors = 4 limit=0
[  374.938750][T26059] EXT4-fs (loop5): I/O error while writing superblock
[  374.958997][T26059] syz.5.5907: attempt to access beyond end of device
[  374.958997][T26059] loop5: rw=524288, sector=16, nr_sectors = 4 limit=0
[  374.973774][T26059] syz.5.5907: attempt to access beyond end of device
[  374.973774][T26059] loop5: rw=524288, sector=20, nr_sectors = 4 limit=0
[  374.987709][T26059] syz.5.5907: attempt to access beyond end of device
[  374.987709][T26059] loop5: rw=524288, sector=28, nr_sectors = 4 limit=0
[  375.002521][T26059] EXT4-fs error (device loop5): ext4_get_inode_loc:4930: inode #18: block 6: comm syz.5.5907: unable to read itable block
[  375.015503][T26059] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  375.024475][T26059] EXT4-fs (loop5): I/O error while writing superblock
[  375.031937][T26059] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6255: IO failure
[  375.079686][T26059] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  375.099946][T26059] EXT4-fs (loop5): I/O error while writing superblock
[  375.106832][T26059] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #18: comm syz.5.5907: mark_inode_dirty error
[  375.119572][T26059] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  375.131251][T25907] EXT4-fs error (device loop5): ext4_wait_block_bitmap:584: comm ext4lazyinit: Cannot read block bitmap - block_group = 0, block_bitmap = 2
[  375.147044][T26059] EXT4-fs (loop5): I/O error while writing superblock
[  375.154632][T26059] EXT4-fs error (device loop5): ext4_get_inode_loc:4930: inode #18: block 6: comm syz.5.5907: unable to read itable block
[  375.169113][T25907] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  375.178404][T26059] EXT4-fs (loop5): previous I/O error to superblock detected
[  375.186676][T26059] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  375.195697][T25907] EXT4-fs (loop5): I/O error while writing superblock
[  375.257045][   T31] EXT4-fs error (device loop5): __ext4_get_inode_loc_noinmem:4915: inode #18: block 6: comm kworker/u8:1: unable to read itable block
[  375.271515][   T31] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  375.281295][   T31] EXT4-fs (loop5): I/O error while writing superblock
[  375.289178][T16229] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.299277][T16229] Buffer I/O error on dev loop5, logical block 0, lost sync page write
[  375.308292][T16229] EXT4-fs (loop5): I/O error while writing superblock
[  375.315458][T26063] Buffer I/O error on dev loop5, logical block 64, lost sync page write
[  375.433479][T26087] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  375.475269][T26087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5912'.
[  375.590383][T26116] bond2: entered promiscuous mode
[  375.595536][T26116] bond2: entered allmulticast mode
[  375.602167][T26116] 8021q: adding VLAN 0 to HW filter on device bond2
[  375.612124][T26116] bond2 (unregistering): Released all slaves
[  375.644241][T26096] lo speed is unknown, defaulting to 1000
[  375.656869][T26123] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5918'.
[  375.792388][T26288] netlink: 'syz.1.5921': attribute type 1 has an invalid length.
[  375.804873][T26096] chnl_net:caif_netlink_parms(): no params data found
[  375.825268][T26288] 8021q: adding VLAN 0 to HW filter on device bond2
[  375.869177][T26288] ipt_REJECT: TCP_RESET invalid for non-tcp
[  375.885101][   T31] ==================================================================
[  375.893199][   T31] BUG: KCSAN: data-race in copy_process / free_pid
[  375.899695][   T31] 
[  375.902006][   T31] read-write to 0xffffffff868608e0 of 4 bytes by task 26351 on cpu 1:
[  375.910142][   T31]  free_pid+0x77/0x180
[  375.914197][   T31]  free_pids+0x7a/0xb0
[  375.918258][   T31]  release_task+0x9a9/0xb60
[  375.922761][   T31]  do_exit+0xd81/0x1590
[  375.926918][   T31]  call_usermodehelper_exec_async+0x247/0x250
[  375.932980][   T31]  ret_from_fork+0xda/0x150
[  375.937471][   T31]  ret_from_fork_asm+0x1a/0x30
[  375.942221][   T31] 
[  375.944530][   T31] read to 0xffffffff868608e0 of 4 bytes by task 31 on cpu 0:
[  375.951975][   T31]  copy_process+0x1790/0x1f90
[  375.956648][   T31]  kernel_clone+0x16c/0x5b0
[  375.961139][   T31]  user_mode_thread+0x7d/0xb0
[  375.965836][   T31]  call_usermodehelper_exec_work+0x41/0x160
[  375.971725][   T31]  process_scheduled_works+0x4cb/0x9d0
[  375.977178][   T31]  worker_thread+0x582/0x770
[  375.981766][   T31]  kthread+0x489/0x510
[  375.985822][   T31]  ret_from_fork+0xda/0x150
[  375.990324][   T31]  ret_from_fork_asm+0x1a/0x30
[  375.995087][   T31] 
[  375.997411][   T31] value changed: 0x800000ca -> 0x800000c9
[  376.003110][   T31] 
[  376.005463][   T31] Reported by Kernel Concurrency Sanitizer on:
[  376.011602][   T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u8:1 Tainted: G        W           6.16.0-rc7-syzkaller #0 PREEMPT(voluntary) 
[  376.023923][   T31] Tainted: [W]=WARN
[  376.027714][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  376.037931][   T31] Workqueue: events_unbound call_usermodehelper_exec_work
[  376.045043][   T31] ==================================================================
[  376.063635][T26096] bridge0: port 1(bridge_slave_0) entered blocking state
[  376.070709][T26096] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.078056][T26096] bridge_slave_0: entered allmulticast mode
[  376.084620][T26096] bridge_slave_0: entered promiscuous mode
[  376.091806][T26096] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.098944][T26096] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.106217][T26096] bridge_slave_1: entered allmulticast mode
[  376.112775][T26096] bridge_slave_1: entered promiscuous mode
[  376.131418][T26096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  376.141733][T26096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  376.161420][T26096] team0: Port device team_slave_0 added
[  376.168373][T26096] team0: Port device team_slave_1 added
[  376.184109][T26096] batman_adv: batadv0: Adding interface: batadv_slave_0
[  376.191169][T26096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.217340][T26096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  376.228629][T26096] batman_adv: batadv0: Adding interface: batadv_slave_1
[  376.236303][T26096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.262782][T26096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.292454][T26096] hsr_slave_0: entered promiscuous mode
[  376.298637][T26096] hsr_slave_1: entered promiscuous mode
[  376.304499][T26096] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  376.312083][T26096] Cannot create hsr debugfs directory
[  376.392764][T26096] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  376.401684][T26096] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  376.410570][T26096] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  376.419200][T26096] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  376.452570][T26096] 8021q: adding VLAN 0 to HW filter on device bond0
[  376.465499][T26096] 8021q: adding VLAN 0 to HW filter on device team0
[  376.475311][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  376.482402][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  376.494485][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.501648][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  376.558944][T26096] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.648461][T26096] veth0_vlan: entered promiscuous mode
[  376.656823][T26096] veth1_vlan: entered promiscuous mode
[  376.672944][T26096] veth0_macvtap: entered promiscuous mode
[  376.681114][T26096] veth1_macvtap: entered promiscuous mode
[  376.692246][T26096] batman_adv: batadv0: Interface activated: batadv_slave_0
[  376.703640][T26096] batman_adv: batadv0: Interface activated: batadv_slave_1
[  376.713290][T26096] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  376.722088][T26096] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  376.730912][T26096] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  376.739664][T26096] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0