last executing test programs:

2m7.054297945s ago: executing program 4 (id=1658):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000380), &(0x7f0000000a80)=0x4) (async)
r1 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1063, 0x80, 0x4, 0x1af}, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)='d', 0x1}], 0x1, &(0x7f0000000500)=ANY=[@ANYBLOB='('], 0x28}, 0x0, 0x4800, 0x1}) (async)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4) (async)
openat(0xffffffffffffffff, &(0x7f0000000ac0)='./file0\x00', 0x8000, 0x8) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async, rerun: 64)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000100)=""/5, 0x5}, {&(0x7f0000000140)=""/29, 0x1d}, {&(0x7f0000000640)=""/196, 0xc4}, {&(0x7f0000000400)=""/66, 0x42}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000000580)=""/116, 0x74}, {&(0x7f0000000740)=""/70, 0x46}, {&(0x7f00000007c0)=""/226, 0xe2}, {&(0x7f00000008c0)=""/254, 0xfe}], 0x9, &(0x7f0000000180)=""/27, 0x1b}}], 0x1, 0x40, 0x0) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0x10) (async, rerun: 64)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) (async, rerun: 64)
r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0) (async, rerun: 64)
ioctl$LOOP_CHANGE_FD(r6, 0x4c00, r7) (async, rerun: 64)
sendfile(r6, r6, 0x0, 0x24002deb) (async)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x1, 0x0, 0x4, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35fc10101933bdb6fd7ff7f00009ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x400, 0x7]}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2b, 0x2001, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0x8}, {0x4, 0xffff}, {0x5, 0xd}}}, 0x24}}, 0x0) (async)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="380000002100010000000000000000000a0000ffff000000000000001400030076657468305f746f5f626f6e64000000080006"], 0x38}}, 0x0) (async)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$LOOP_CLR_FD(r6, 0x4c01) (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000007440), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r9, &(0x7f0000007580)={0x0, 0x0, &(0x7f0000007540)={&(0x7f0000007480)={0x3c, r10, 0x1, 0x70bd28, 0x25dfdc00, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x200480c4) (async, rerun: 64)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000000)={0x1, &(0x7f00000003c0)=[{0x200000000006, 0x10, 0x0, 0x77fc1ffb}]}) (async, rerun: 64)
setgroups(0x0, 0x0) (async, rerun: 64)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async, rerun: 64)
io_uring_enter(r1, 0x47f8, 0x0, 0x0, 0x0, 0x0)

2m7.038099525s ago: executing program 4 (id=1659):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x58, &(0x7f0000000b40)={[{@inode_readahead_blks}, {@grpquota}, {@nomblk_io_submit}, {@stripe={'stripe', 0x3d, 0x4ffff}}, {@norecovery}, {@errors_remount}, {@grpquota}], [{@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@uid_lt}]}, 0xfe, 0x799, &(0x7f00000001c0)="$eJzs3c1rHGUYAPBnNp+m1UYQbL00Jy2UbtoaWwWh8SSChYKebcNmG2I22ZLdlCbkYBFBEEGLB0Evnv2oN28ievZv8CIiLVXTYsWDrMx+JJtukm7TTdI2vx9M8r4zs/PMs7Pzvu/uDLsB7FpD6Z9MxIGI+CiJ2Fefn0RET7XUHTFaW+/20mIunZKoVN74M6muc2tpMRdNj0ntqVf2R8SP70UczrTGLc0vTI0VCvnZen24PH1huDS/cGRyemwiP5GfOXFsZOT4yRdOnuhcrn//vLD3+sevPvfN6L/vPn31w5+SGI299WXNeXTKUAzVn5Oe9Cms+b7TUR4MyU7vAJuSnppdtbM8DsS+6KqWAIBHWdr/VwCAXSbR/wPALtP4HODW0mKuMe3sJxLb68YrEdFfy79xfbO2pLt+za6/eh104Fay6spIEhGDHYi/PyI+/+6tr9Iptug6JMBa3rkcEecGh1rb/2TlnoVNOtrGOkN31LV/sH1+SMc/L641/sssj39ijfFP3xrn7mYMRfTWN1fVev5nrq0K2nCqA8Hr47+Xa/e2pYk2jf+Wb1ob7KrXHk8rByNispBP27YnIuJQ9PSdnyzkj20Q49DN/26ut2yoafz315W3v0zjp/9X1shc6+5b/ZjxsfLY/eTc7MbliGe6V+7tu93S/jeOeuv498xGGz64Unztpfc/W2+1NP8038bUmv/WqnwR8WysnX9DsuH9icPp4T9a+7t2jG9//XRgvfjNxz+d0viN9wLbIT3+AxvnP5g0369Z6mz8u+e//Ppf3qH09d+bvFkt99bnXRorl2ePRfQmr7fOP76ytUa9sX6af23Di72xKv+V9i9Zo/1L3xOeazPH7ut/fL35/LdWmv/4PR3/ey9cvT3VtV789o7/SLV0qD6nnfav3R28n+cOAAAAAAAAAAAAAAAAAAAAAAAAANqViYi9kWSyy+VMJput/Yb3UzGQKRRL5cPni3Mz41H9rezB6Mk0vupyX62eNL7/dLCpfvyO+vMR8WREfNL3WLWezRUL4zudPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU7Vnn9/9Tv/ft9N4BAFumv2VOpVKpNNdv5jdcDAA8dFr7fwDgUaf/B4DdR/8PALuP/h8Adh/9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvszOnT6VT5Z2kxl9bHL87PTRUvHhnPl6ay03O5bK44eyE7USxOFPLZXHH6btsrFIsXRmJm7tJwOV8qD5fmF85OF+dmymcnp8dOxdl8z7ZkBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3pjS/MDVWKORnH4nCBxHxAOyGQmcLvx35Zf9G61y5y8t4tI1Y/fUT4gFJeecLO9wwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwk/g8AAP//Ez0kyA==")
r0 = open(0x0, 0x0, 0x0)
unlinkat(r0, &(0x7f0000000c40)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000001180)=ANY=[@ANYBLOB="398b842a33f8511d379610f18ca598399e264107d4c00000aa946df05bb83b"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$packet(0x11, 0xa, 0x300)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
syz_emit_ethernet(0x1d9, &(0x7f0000000f80)={@local, @broadcast, @void, {@ipv6={0x86dd, @tipc_packet={0x5, 0x6, "699fa6", 0x1a3, 0x6, 0x1, @empty, @remote, {[@routing={0x2, 0xc, 0x2, 0x69, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, @empty, @empty, @remote, @mcast1]}, @srh={0x0, 0x8, 0x4, 0x4, 0x3, 0x0, 0x3, [@empty, @private2={0xfc, 0x2, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01']}, @routing={0x29, 0x6, 0x2, 0x4, 0x0, [@private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1b}, @loopback]}, @routing={0x4, 0x10, 0x1, 0x5, 0x0, [@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, @ipv4={'\x00', '\xff\xff', @local}, @dev={0xfe, 0x80, '\x00', 0x2d}, @dev={0xfe, 0x80, '\x00', 0x2d}, @loopback, @local]}], @payload_mcast={{{{{{0x33, 0x0, 0x1, 0x0, 0x1, 0xb, 0x0, 0x2, 0x8, 0x0, 0x1, 0x1, 0x3, 0x1, 0xffff, 0x80, 0x3, 0x4e23, 0x4e24}, 0x0, 0x2}, 0x2, 0x2}, 0x1}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}}, 0x0)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="44000000100001000000000000ce000000000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a8018000a8014000700fc0100000000000000000000000000000800040000000000"], 0x44}}, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000cc0)={0x0, r6}, 0x8)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000400)={r7, 0x0, 0x0}, 0x10)
shutdown(r1, 0x1)
recvfrom(r1, &(0x7f0000000480)=""/110, 0x28000, 0x734, 0x0, 0xfffffffffffffecb)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000f40)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000f00)={&(0x7f00000012c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=0x0, @ANYBLOB="000129bd7000fedbdf2513f200000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099006ddb00007f0000000600360005000000f700ac00f5eeb9c38c021630bda4bfb1aa5c7ab7f18d99efe0f0045d75b151f426dfc189ad9476ddf83a295ae3c304ba6e03470837474a2c89c60d141d52d1ac940d4eb82cf3f0a0722673dbbb3c94e28b9831f9e871075e7621f5d5e8b1652872997cbb8598fe352938d17fce4e518d94559d43c4d058aac29fb58f10fb385d34f4fa928af762d5491ff445317e0e7bb0d947d2d6fed317c9c42625f80f9de41ca7ac91c44d6b4be919438cca26c0aa80402811e7d2ad3c50eaeb79ef824b915201ec04105216db2e78c303238cb2f969cebec45b4d6e291d322f6397469ab77d58d39a97ec7d83d485186abe132dc8d5cdcbc56e7e5e00050029000c000000"], 0x130}, 0x1, 0x0, 0x0, 0x24000054}, 0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x3c, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2c}}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e20, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x200000}]}, &(0x7f0000000100)=0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000001240)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@quota}], [{@uid_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}]}, 0x1, 0x4fa, &(0x7f0000001400)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000c00)={0xffffffffffffffff, 0x58, &(0x7f0000000ac0)}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})

2m6.75315873s ago: executing program 4 (id=1663):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000400)={0xa, 0x4f24, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}, 0x1c)
writev(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0xb, 0x4, 0xa0, 0x4100b, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x4, 0x2, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), 0x0, 0x20075, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000005, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10282, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0xa}, 0x0, 0x0, 0x0, 0x8, 0xaed0}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
rt_sigsuspend(0x0, 0x0)
r2 = syz_clone(0x4a000, 0x0, 0xfffffffffffffe6f, 0x0, 0x0, 0x0)
setpgid(r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x5f, 0x0, 0x0, 0xe9, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000007, 0x0, @perf_config_ext={0x7ffffffffffffc, 0x1000005}, 0x101000, 0x3, 0x80000001, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x721c}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, &(0x7f0000000040)={0x2, 0x1, 0x1d, 0x7, 0x106, &(0x7f0000000a00)="2690b7c6ce5d15ac913113087796e52f1ea197892461df2e9cad33958f0d93fb84c0225006d38b63d07b370755ad5caf012f7b2b8956dd3670b070a75142da4c212ef1b13e7f444a4d2ed800ffc692976059ffa9f09a23706b479ffff77f132c0386976117f9491f94b1dd9359c1c71bb46b617da10dd9d1cf7145d58345efe9d45dfdebdd7610fbac34ce1dd1b88fd15e366b99a2c3c7407b5357cfdd061492290ad4a1d625382c46556b4f9741a0f378594368f8c243934497656e98cb3569ccbe22dab3f69ebcfe24853cca8e850c31cebf76267ad67ea95d10838484246373337e986c44b80a637e6990219f30985c10007a1df82a226c377555d24ae5d32fa4acc2af2742507688a38b0a74b874f577c39354bc1bb76095dcf385a7d2956a58b821e4a78f8036c4d6041eca497aff939f71576e1fd16a12d4d7c7b42ec6320d4f39a1446961366d1a4a64d7948c9c7d6d7cd6c87164c25118f449b20fd261d342547f6184076833025d5f1336255d56a284aedae3843978a9eca5f5a41652ac70389f80408fb62f3c9cdf27fe839f2eefc44366c99f782704fdfd8bd15776512b491f9a12add1c42bdb80c7737fac1f0890eff9887c7a374329655d300d9f9eac805f3e3ba2d132f29401ea7e2634c77d09c23ed3a0152ab8146e407967c652f38c2c67df074f655afe210fe160e32ece73699d56bc0ff1ffbcaf7c08d538a09cfa4432ac895df81363096907cbc25221e9ac85cff7462cd30c9309c84da5fe4165a6ab3ed05e6fddf736f3f0b9f29726ce8f205d3a64ed3cff824685f1c06e30771d6ca66f1c80e2420d49eecbbf6d8dbc2dde64184292e89d6a3391bb1d53443bd9eb740395d65a908b2ee22d74f85c66b65f8f21b49cc8926af30ebbe680a7a9583a3eb300717fff9901a4a545cdd7fa8f7db7b14026d68ddeb9741fb290df2e4488b016cd502803c3902231b076fb1be3430a7ef571c3235a94f4760643811f8a38181d2e57cb9cea2c78e479001c4e8d380f0b14160875daf0d3538331b25a80d23980d4e34889cdfe11d79d31eb9650f3a85b5aa735380435a10a6ab7d0a498a1ca9d117a4096fd506f812e7b0895bc87c6f021c367ac2e3fd2d38ae42cd5df4a41cd1ccc699e9a1815fa1b647467e07c29e82e6ef2627b5a5763ed702f9212472ac0b8ce7d5e9eb3dfe202c0e94d70478e13a692d6b48df31d1d706b303ce4702edaa1e61df21222a88632e1e698f8f4a3d49972c9df385dc44c862c19400e45dfc6e68ba0e75db36e0e4e86f2fe18770ca8c6d44847b3c8c8d7b29407793ff9deee1f5a703b647346109d200cb5f6b5ec7367e64572b6d3628305f2cb7a7c684a73b1f8ce233791b952cda9c82ffa6dbc5295d74470918e42cb90ea39bbcfcec8c53a50b3e79dd874738173f6f5c14972b1a8d9e145149e5588"})
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x10001}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000031d0851000000600000018040000", @ANYRES32, @ANYBLOB="0000000000000000060000000000000018000000000000000000000000000000950000000000000018010000202070250000000000202020db1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b502000050000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r5 = open(&(0x7f0000000080)='./file1\x00', 0x141142, 0x0)
r6 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
recvmsg$unix(r6, &(0x7f0000000680)={&(0x7f0000000480), 0x6e, &(0x7f0000000640)=[{&(0x7f0000000540)=""/251, 0xfb}], 0x1}, 0x40000042)
ioctl$FS_IOC_FSGETXATTR(r5, 0x801c581f, &(0x7f0000001040)={0x240, 0x9, 0x5770, 0x0, 0x6})
ioctl$SG_NEXT_CMD_LEN(r5, 0x2283, &(0x7f00000002c0)=0x84)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000500)={0x54, 0x8, 0x4, 0x6, 0x4, 0x81})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000780)={'vcan0\x00'})
remap_file_pages(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xa, 0x8000000000000000, 0x800)

2m6.604706042s ago: executing program 4 (id=1669):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@abort}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0))
rename(&(0x7f0000000180)='./file1\x00', &(0x7f0000000a00)='./bus/file0\x00')
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x1, 0x0, 0xd66}, 0x0)
sendmsg$tipc(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000140)="dea1", 0x2}], 0x1}, 0x93)
close(0x4)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01000000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800025837864000000002080001"], 0x88}}, 0x0)
ptrace$setsig(0x4203, r1, 0x200000000000003, &(0x7f0000000080)={0xf, 0x100, 0xf7ff})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = syz_clone3(&(0x7f0000000400)={0x100020400, &(0x7f0000000140), &(0x7f00000001c0), &(0x7f0000000240), {0x27}, &(0x7f0000000300)=""/16, 0x10, &(0x7f0000000340)=""/81, &(0x7f00000003c0)=[r1], 0x1}, 0x58)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000540)={0x0, &(0x7f0000000500)})
ptrace$getsig(0x4202, r3, 0x4, &(0x7f0000000480))
sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x800, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x5f}, @void, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8005}, 0x4)

2m5.695005286s ago: executing program 4 (id=1681):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x80000000000}, 0x18)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/anycast6\x00')
syz_usb_connect(0x6, 0x36, &(0x7f00000005c0)=ANY=[], 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

2m5.49899055s ago: executing program 4 (id=1686):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0)
fcntl$dupfd(r1, 0x0, r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {}, {0x9}}}, 0x24}}, 0x0)

2m5.498798289s ago: executing program 32 (id=1686):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0)
fcntl$dupfd(r1, 0x0, r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0200}]})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1b, &(0x7f0000002140)={0x1, &(0x7f00000000c0)=[{0x6}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x200, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {}, {0x9}}}, 0x24}}, 0x0)

43.175913152s ago: executing program 3 (id=3289):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

43.161422183s ago: executing program 3 (id=3290):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0) (fail_nth: 1)

42.935145576s ago: executing program 3 (id=3292):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f0000000300)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c100000000000224e0000", 0x58}], 0x1)

41.666792986s ago: executing program 3 (id=3325):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001300), 0xff, 0x551, &(0x7f0000000cc0)="$eJzs3d9vU1UcAPDv7Tp+KyMhJPpgFnkQg3Rs8wcmPuCjUSKJvmOzXRaylpK1I2ySCA/y4oshJsZIYvwDfPeR+A/4V5AoCTFk0Qdfam53ywprt9EVNuznk9xyzj23nHt67vdwbs8lDWBojWcvhYhXIuLbJOJwR1kx8sLx1eNWHl6fybYkms3P/koiyfe1j0/yPw+2M8WI376OOFl4rMqx7KW+tDxfrlTShXznRKN6ZaK+tHzqUrU8l86ll6emp8+8Mz31/nvvDqytb57/54dP73505pvjK9//cv/I7STOxqG8rLMd23CjMzMe4/lnMhpnnzhwcgCV7SbJTp8AfRnJ43w0sjHgcIzkUQ/8/30VEU1gSCXiH4ZUex7Qvrcf0H3wC+PBh6s3QOvbX1z9biT2te6NDqwkj90ZJe0vMrYpq+PXP+/czrYY3PcQAJu6cTMiTheL68e/JB//+nd6C8c8WYfxD56fu9n8561u85/Co/lPdJn/HOwSu/3YPP4L9wdQTU/Z/O+DrvPffNFqLMZG8txLrexocvFSJc3Gtpcj4kSM7s3yG63nnFm51+xV1jn/y7as/vZcMD+P+8W9j79nttwob6/Vax7cjHi16/w3edT/SZf+zz6P81us41h657VeZZu3/9lq/hzxRtf+X1vRSjZen5xoXQ8T7ativb9vHfu9V/073f6s/w9s3P6xpHO9tv70dfy079+0V1m/1/+e5PNWek++71q50ViYjNiTfLJ+/9Tae9v59vFZ+08c33j863b974+IL7bY/ltHb/U8dFv9P4BF16z9s0/V/0+fuPfxlz/23/6s/99upU7ke7Yy/m31BLfz2QEAAAAAAMBuU4iIQ5EUSo/ShUKptPp8x9E4UKjU6o2TF2uvR6us9fxDob3SfbjjeYjJ/HnYdn7qifx0RByJiO9G9rfypZlaZXanGw8AAAAAAAAAAAAAAAAAAAC7xMEe//8/88fITp8d8Mz5yW8YXpvG/yB+6QnYlfz7D8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8wvMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAADNT5c+eyrbny8PpMlp+9urQ4X7t6ajatz5eqizOlmdrCldJcrTZXSUsztepmf1+lVrsyORWL1yYaab0xUV9avlCtLV5uXLhULc+lF9LR59IqAAAAAAAAAAAAAAAAAAAAeLHUl5bny5VKuiAh0VeiuDtOQ2LAiZ0emQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgzX8BAAD//7VBN58=")
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2240, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x201000, 0x0)
r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x400, 0x1, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x3, r1, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
listen(r1, 0xfffffff7)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]})
close_range(r5, 0xffffffffffffffff, 0x0)
preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x66)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x1, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000380)='%', 0x0, 0xfffffffd, 0x0, 0x0, 0x0})
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r8, 0x0, 0xf7}, 0x18)
r9 = memfd_create(0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="757466382c626c6f636b3d307830303030303030303030303030323030006e6f726f636b2c63727566742c6d61703d6f66662c646d6f64653d3078303430303030303030303030303063664173657373696f6e3d3078303030303030303030303030303033382c756e686964652c756e686964652c6769643d29e0cd5c372ab078c28fb05c6421428d066455368833565fd726743513f4466efa8d4fba06d57341875f5775ab343c0f6bc59fbde784ec3597e0e286d8d0dbf360afa3bc5c145b6e4f8b0305932fb55ff13f9fcb5035769f5fca33ac02bdeacb24c58103edc3d8b46df7614aa493952584ee662174309b11a4ad19e64dcdeeca1c148170b8d1aaf26082364b0d90d63d8502ffa63dde945e4612ac134315f389af667a04931ad25ff10b9b5107e517dbbcf5dcb60f564f54b344218d9325b53e829c38c96c69adc9e745202923a1b8124333cce0a8f1c748d42a272eb3e5502051090f1ac34fe5e8f038", @ANYRESHEX=0x0, @ANYRESOCT=r9], 0x12, 0x699, &(0x7f0000000140)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk2VkbxxMCl01dHInlbSiBm52FBY0o29hMjZNkmh8c3WN/0D2yfQu970og+i0Ot9Fr0pLSztXaE3KnNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADle1XVLjupBc2fXTOZVo7AxZX26t0XdTBduzuxXcpL/VCjoQtp04Zsnq88n/7uuS+mzSyokDwUdvXP+3XvfyOd6209J6MvQaXf49PnRo/udzv6Tl4hd0Kl3/yYp11taycZkTNCW3wziMGhUtnwTxKHZ3Nhwb2/XYlML6n68F7f9hvEiP9cOI7Pm3TSlzc114xf3wp3mVrVS93uNd79Tdt0N84PldKAlFWNvO6jXg+aWjUlWJzF3zWc/TgP8SsOYg4ed/fVZR5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu4vWnzNzOeNG5iDXFL//+pIdRXU1I52Zcb+eKoqUqjGhPWZXv1/77Y/td/B+t+r8hek72WrL8rW/yvpsyuT6v+EXIyM3WDcGmdC++l+Fm1GRk/1XEd6pPvqqKN9PZnDvo3M1bns5Qx+tuSrqUCxQgVqqGJbTNZitKkNbcjVh9pWTbGMagpUl69Ye4rVlm9fUZ4i+aqorVCRjNbk6aaMStrUptZl5KuoPYXaUVNbqqqif3e73QM9tOd9fUqO6gWVJgQsDwaVp+xpUv3/yafp6zSr/y71/22Vvg6W04fPp8UAXwHd7Pp/UG72ZldfX0YAAAAAAGDeHPvbd8f+7f6ypK5qQd1333RaAAAAAABgjhx1l3VJTnL9L+myHK7/AQAAAAD4X+PYe+wcSav2Q/3OyZ1QL/NLgIUzSBEAAAAAALwie+f/lSWpayetuCrnVNf/AAAAAADga+A3A3Ps53tz7HZ7f9bPSYpby86f/7msaNE5bu1+yzmsJGsqh1nMyCcA2rWLzrlsol77sCTJPvP8S07WWzYJZn/ewS8OZs3170QvJLC0MLiDCQk4Sc8b+eyZPtO1dJNr2TzzD45ysmvSXlZrQd0vemH9XkmVyrlc299t//zxw19IUf84Dx529osffdJ5YHM5TpqOD5OdfjqUTm78yTjJ5Zmdb8HeczHuiFdU63X522Zj1bH9ur3jX1DlMDfY0bQBOOnzV7qejtn11TR29ag/435y/IXk+EtFO2RDRx8tOidZlF488nEDMSGLgs3iRhpzY+2Gyn9Ll/ujkHMK316QysXRMRjKojyYxexz4fxr5FwMZGEfemsGzsV6ksVfkh1NyGL9dFmMjAgAvCkHuiz7LnRZdhLzfhUqZHW3Vx56b2pfqu7Mru4fDFf3Z7/vdu0GC1I++9vE1F4KSt7R1xxbh5bSQ8pfHPOO7mZ1paAJ7+juK1S3pK8/nXwHUpb2SBb/6Xa790q239+9UFX/MNTdSL9xvbyQnMLbzw5/aifAT3y8//H+43J5fcN933XvlLVoDyN7WBC1BwAwYvZ37MyMcN7XtTTi2oN/vJcuDVW8/+9/pKCoj/SJOnqgW72vELg6fq+rAx9DuJVetWrgqtWcf/ee/V664diSbk28qrO1dCC23I9dVG+T4Up9Erv+mkcBAICzdX1GHR5f/wtD9f+W1tKItYtjr7uHa3l2ddy/pJ8UW5qd/AfzPhsAALwd/OgLZ7X9ayeKgtaHpc3NUqW97Zso9H5ooqC65Zug2fYjb7vS3PJNKwrboRfWTSvSclD1YxPvtFph1Da1MDKtMA527Te/m+yr32O/UWm2Ay9u1f1K7BsvbLYrXttUg9gzrZ3v14N424/sxnHL94Ja4FXaQdg0cbgTeX7RmNj3BwKDqt9sB7UgWWyaVhQ0KtGe+VFY32n4purHXhS02mG6w15fQbMWRg2722K+O+7zAgAAvHWePj96dL/T2X/y4sJKcmmethxrQszowpKePk+uypOWfLaKOYIAAPiKOSngp9io8BoTAgAAAAAAAAAAAAAAAAAAAAAAI2bf0nfKhcVxNwtK/Zafncta9Eud3GI4sh9H807sNAu5027VuyXi6NHnU4JX+i290z8Yc3xmB/j3/5PesS1KW/Lz72tlyuC+joXvHqRndGJMsnLsquX+WOTn/88hWXj8xwmrut1ud/rmy8PncGnaAQ4v5CU9WXqFITj79yIAZ+u/AQAA//9b5DOa")
io_uring_setup(0x45b3, &(0x7f0000000840)={0x0, 0x2c46, 0x1000, 0x3, 0xd4})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r10, &(0x7f0000000080)='notify_on_release\x00', 0x2, 0x0)

41.466974139s ago: executing program 3 (id=3331):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x11, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)

41.456724099s ago: executing program 3 (id=3332):
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
acct(0x0)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r2, 0x2)

41.368871281s ago: executing program 33 (id=3332):
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
acct(0x0)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r2, 0x2)

2.394018712s ago: executing program 6 (id=4280):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10)
listen(r0, 0x3)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x100000000, 0x8}, 0x8, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0)

2.321735953s ago: executing program 6 (id=4281):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/FH50/9GTqJCAqqp7ypiIPbdaAjNKKBUS4sITjmWY2dtrEzVpNwCwJvuuimf9cVRAhCdBEEYhddhRLeddGdd15kV0lEJ+Y0N5tapk7y/brYHvZ8P4fv+bPD9h1s+vjda9GwY4TNlFTXV0l1u+RktkqapVoW5OTI9ZH3+85duHg6EAx2nFXtDHT7/KradGC09+bwobHUjvMvm17XyXjzpekZ/9T47vE909+7r0YcjTgai6fU1L54PGX22Zb233eihuoZ2zIdSyMxx0qW9MN2PJHIqBnrb2xIJC3HUTOW0aiV0VRcU8mMmlfMSEwNw9DGBsHKhtOPAst3Q89nXVdmUu9cty4nruvmX6zfxOmhwubOv+sWnf87lZ4SNlHRTb1exB5Kh9KhwnOhHwhLRGyxpFW88k3y14j7eMSdu1Tyjzf8I8HJo2/fqGqzDNrZ+Xw2HfKU5n3idT2FTEGh7jwV7PBpQWn+P2kozvvFK7vK5/1l87VyuKUob4hXJi9LXGyZGD34Zapr6MFCftCneqIruCT/v/QvHqZnnyt0fgAAAAAAAAAAWAtDfyq7fm/kB9weUNXGJf1CvtzvA0vX51vLrs/XyN6ayu47AAAAAADbhZMZiJq2bSX/ssh/lV+P7fx7xZNbvz94f+fKY1raPBPtH3KJrbBff1B87dkS0ygtZH71abXBnnV+pywWn9ZlO1Xz81t+zMnejy9W3U7tL8dnOWMbf1cCAAAAsBEWP/S3STb8Kp3tOXav0nMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGC7WcNfjk08LNfSfLHzablWpfcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgJT8CAAD//wva0Pw=")
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
renameat2(r3, &(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x104)

2.294538094s ago: executing program 6 (id=4282):
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = getpid()
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

2.232923115s ago: executing program 6 (id=4284):
socket$inet6(0xa, 0x5, 0x6)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x200c0d2, &(0x7f0000000140)={[{@user_xattr}]}, 0x21, 0x549, &(0x7f0000001800)="$eJzs3c9vI1cdAPDvTH65222zCz1ABewChQWt1t5421XVS8sFhKpKiIoD4rANiTcKseMQO6UJkUj/BpBA4gR/AgckDkg9ceDGEYkDQpQDUoEItEHiYDRjJ+smNmtqx+7Gn480O/Pmzcz3PWdn3vNz4hfA1LoeEQcRMR8Rb0TEYmd/0lnilfaSHffgcH/l6HB/JYlW6/W/J3l+ti+6zsk82blmISK+/pWIbydn4zZ29zaWq9XKdiddata2So3dvVvrteW1ylpls1y+u3T39ot3XiiPrK7Xar9478vrr37j17/65Lu/O/ji97NiXe7kdddjlNpVnzuJk5mNiFfPI9gEzHTW8xMuBx9MGhEfiYjP5Pf/Yszk/zsBgIus1VqM1mJ3GgC46NJ8DCxJixGRpp1OQLE9hvdMXEqr9Ubz5v36zuZqe6zsSsyl99erldtXF/7w3fzguSRLL+V5eX6eLp9K34mIqxHxo4Un8nRxpV5dnUyXBwCm3pPd7X9E/GshTYvFgU7t8akeAPDYKEy6AADA2Gn/AWD6aP8BYPoM0P53Puw/OPeyAADj4f0/AEwf7T8ATB/tPwBMla+99lq2tI4633+9+ubuzkb9zVurlcZGsbazUlypb28V1+r1tfw7e2qPul61Xt9aej523io1K41mqbG7d69W39ls3su/1/teZW4stQIA/per1975fRIRBy89kS/RNZeDthoutnSERwGPl5lhTtZBgMea2b5geg3UhOedhN+ee1mAyej5Zd6Fnpvv95P/I4jfM4IPlRsfH3z83xzPcLEY2Yfp9cHG/18eeTmA8TP+D9Or1UpOz/k/f5IFAFxIQ/wKX+sHo+qEABP1qMm8R/L5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwwlyPiO5GkxXwu8DT7Ny0WI56KiCsxl9xfr1ZuR8TTcS0i5hay9NKkCw0ADCn9a9KZ/+vG4nOXT+fOJ/9eyNcR8b2fvv7jt5abze2lbP8/TvYvHE8fVn543hDzCgIAg/vzIAfl7Xe5s+56I//gcH/leDnHMp7x3pdOJh9dOTrcz5d2zmy0Wq1WRCHvS1z6ZxKznXMKEfFsRMyMIP7B2xHxsV71T/KxkSudmU+740cn9lNjjZ++L36a57XX2cv30RGUBabNO9nz55Ve918a1/N17/u/kD+hhpc//woRx8++o674s51IMz3iZ/f89UFjPP+br57Z2Vps570d8exsr/jJSfykT/znBoz/x0986ocv98lr/SziRvSO3x2r1KxtlRq7e7fWa8trlbXKZrl8d+nu7RfvvFAu5WPUpeOR6rP+9tLNp/uVLav/pT7xCz3rP39y7ucGrP/P//PGtz79MLlwOv4XPtv75/9Mz/htWZv4+QHjL1/6Zd/pu7P4q33q/6if/80B47/7l73VAQ8FAMagsbu3sVytVraH2sjehY7iOmc2siIOdvBxd3G4oH+KfGNEL0ufjawzNsjBc+f1qp77xuxJX3G0V/5mdsUxVycdeS2G2ngwrliTeyYB4/Hwpp90SQAAAAAAAAAAAAAAgH7G8adLk64jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9d/AwAA//8+JMPM")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x42)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10)

2.050067198s ago: executing program 1 (id=4288):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/FH50/9GTqJCAqqp7ypiIPbdaAjNKKBUS4sITjmWY2dtrEzVpNwCwJvuuimf9cVRAhCdBEEYhddhRLeddGdd15kV0lEJ+Y0N5tapk7y/brYHvZ8P4fv+bPD9h1s+vjda9GwY4TNlFTXV0l1u+RktkqapVoW5OTI9ZH3+85duHg6EAx2nFXtDHT7/KradGC09+bwobHUjvMvm17XyXjzpekZ/9T47vE909+7r0YcjTgai6fU1L54PGX22Zb233eihuoZ2zIdSyMxx0qW9MN2PJHIqBnrb2xIJC3HUTOW0aiV0VRcU8mMmlfMSEwNw9DGBsHKhtOPAst3Q89nXVdmUu9cty4nruvmX6zfxOmhwubOv+sWnf87lZ4SNlHRTb1exB5Kh9KhwnOhHwhLRGyxpFW88k3y14j7eMSdu1Tyjzf8I8HJo2/fqGqzDNrZ+Xw2HfKU5n3idT2FTEGh7jwV7PBpQWn+P2kozvvFK7vK5/1l87VyuKUob4hXJi9LXGyZGD34Zapr6MFCftCneqIruCT/v/QvHqZnnyt0fgAAAAAAAAAAWAtDfyq7fm/kB9weUNXGJf1CvtzvA0vX51vLrs/XyN6ayu47AAAAAADbhZMZiJq2bSX/ssh/lV+P7fx7xZNbvz94f+fKY1raPBPtH3KJrbBff1B87dkS0ygtZH71abXBnnV+pywWn9ZlO1Xz81t+zMnejy9W3U7tL8dnOWMbf1cCAAAAsBEWP/S3STb8Kp3tOXav0nMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGC7WcNfjk08LNfSfLHzablWpfcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgJT8CAAD//wva0Pw=")
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
renameat2(r3, &(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1)

2.043035768s ago: executing program 1 (id=4289):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000080), &(0x7f00000001c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 3)

1.763032012s ago: executing program 1 (id=4291):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)

1.762547052s ago: executing program 1 (id=4292):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10)
listen(r0, 0x3)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x100000000, 0x8}, 0x8, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0)

1.742808203s ago: executing program 6 (id=4293):
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10002, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000400), &(0x7f00000004c0)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r2, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r4}, 0x10)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @remote}})
ioctl$sock_inet_SIOCSIFADDR(r3, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})

1.671453784s ago: executing program 1 (id=4294):
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x7b74, 0x0, 0x0, 0x0, 0xf}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x8)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x4008000)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x1058, [{0x11}, {0x0, 0x100000000000000}]}, 0x68)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)

1.461119457s ago: executing program 5 (id=4301):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0x13}, 0x400, 0xffffffff, 0x6, 0x6, 0x0, 0x1, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0)

1.389401468s ago: executing program 5 (id=4302):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3}, 0x18)
connect$can_j1939(r2, &(0x7f0000000080)={0x1d, r3, 0x0, {0x1, 0xf0}, 0x1}, 0x18)
sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x500)

802.029397ms ago: executing program 6 (id=4305):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe0}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000001340)="6dcb05f2e48e61674ebd89769f9b927046079a4c6ab892d9f86b4055e41f9354be76dac275a1f97b8ae4a5a32ef98168f544f231803f620017a7a9faa294c78047e4ca39d474942f867f63510b836739483f0abaca269f0e173855387e16996e23c2482f194dd78e17f67aeeda5d35a842c298f9972314014c439d57cd74cb190e527db50d4760e4a54c12735b8e98871b0c7bd10748e969ef864f65381d4db90528adcbdf460d31074d34b27770933de479090331e728e8434347c93c52f985105a3d57f766486ea16428a7e8054cff9dbec74e9c77fe4c483e306e1042874ae8e5", 0xe2}, {&(0x7f0000000640)="0590ab7c5379d4fc3e9f9cd7dbeebfa58219a6820d9af837dbcbb2e713865c85f980a1ef4eecbf07c2a0f45d118c3f334e39e74064f379244309ac82016ccc31d15441ba1fc6e673239bfbf58a8ff42206", 0x51}, {&(0x7f0000000000)="195954405d070d1fff60070f9216", 0xe}, {&(0x7f00000006c0)="7be02767d8579dea4ccb83a128b87f01f3ff83ecebf1b92655f3329a8b5f631313aaaf8df9cd1b87a3d5bb30a5444f003445a8d96e4e88b7e94b8e342161b3927daebc3dc249ccac6357ddf21ac7312840c0d8fe", 0x54}], 0x4}}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000000d00)="eb5ab84f63a3517d3618292b4ac1c3f98bad4e232370016d1a77cbc3bcfdfaf47084debfb2cfe2d2910b600a46da20e4d9d162b95c37a2f7362be4aee1b96ec27c6014366cb3e06feb6fdf3128008590136f1d2781f0c4bae67dfc2e5e90db8affd0f9dfdff5c7d4543ba46409faf1ed3e7e6ce5281d59906fa8390b05377edd602eac7f2355b9cb81cf7525e72e1c3ae911f3f79c15ea7ac5f66cb39aa01ff256619823723957b6d4307be4c0f0960afbb98e8255b65d88b4c3a7d1aa2ac1b67bdee8c264d87b0299cf15a4d793d16f1915b8ef2df3c576da4846193b", 0xdd}, {&(0x7f0000000e00)="d584132c6710c94c4fbf0cbd772bc95ecb4f7c2c6dbf979b1583404a7778cb520be332e623ad5378e40d7d7cc801f1f1f39db7058ddcff7d98d6a4160eb55c0e323d0d979d31e829fdbbb8e07cb27bdf060d9f8909549ec8a05ecf2a3f7f56b35682f23b24d98841173ac3fb95c5bcf1ba0bb0d2cb44abf5a7cdc13b6b2f064e53ee5bd71668c9c977c16aa59d06d034ae7e53f77adeac09bd64ccf1a827dc5733c0cf95678d79c909af85e61929f7ee60ea27be4cc898f1fccaf2d2c160ad88fc0eb5594f89da17bff25539da950c29b99356688d97d9d188dc44a0a6671781873ee856a69a3ee9f1a5049cea8d61250c6d2b96", 0xf4}, {&(0x7f0000001440)="f4dc08ee7fa5fd7d3baac1bee05a3f318506186dc280efebc122194f78cdbca80c5a99e66f1b7ab557bbd4b5eca07295eab7f6aaf5472df079febb2b3865a99a274526131c02d09005bfa777b08b1ebb51cd5d3ea3897d0a43d373192e4e10056e548457bd3d589d6d541ee4464c22a5ccef005cfa48b0578a5eab422aea8287f097a3a74b725a14751cc2e20dd1f80bfd2f2892abf723424717d5e44042a526a297fa93b68c1006c65cb13e141d6f12cbc80bb62895792ccd0903983359213769f2c3483226aab05f045317bcb388f31937786063f2bd10f0cd4c4a95e6601b26e2df44e87e0f89090929502df693e00e818e2c406eb6dc59f13a1c5dc5e4bf6d097be8515208e2ab56c5da706c79c3e4b0ddc449b61134d9675d9f1cf74d12a41383d0a02a00f4c057ac51045482c667efeac2d4986b37a1be5282fde1129945c6f1ba3b3e2248ceb995f1f9fc38dbda721d608fa61c68f7e137c6d17e7900", 0x160}], 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB="30000000000000000000000007000000890d622b81b2bf68770eab6a9c9403a78907f2ffffffff07076fac14142401001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="e0000002e0000001000000001400000000000000000000000100000008000000000000001c"], 0x88}}], 0x2, 0xc0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf652c618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

726.547939ms ago: executing program 1 (id=4307):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000003500)=[{{0x0, 0x0, 0x0}, 0x9a}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x120, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xeb, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/16, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2010008, &(0x7f00000003c0), 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5")

726.154509ms ago: executing program 2 (id=4308):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000008000000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000080), &(0x7f0000000180)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x6}, 0x18)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="540000000008010100000000000000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000)

725.476329ms ago: executing program 2 (id=4310):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000008000000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000080), &(0x7f0000000180)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x6}, 0x18)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="540000000008010100000000000000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000)

695.869699ms ago: executing program 2 (id=4311):
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f00000001c0)='%-5lx  \x00'}, 0x20)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000400))
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000000)=0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000240)={'veth1_to_bond\x00', &(0x7f0000000080)=@ethtool_perm_addr={0x4b, 0x13, "43b8b83e72133030cc12b382442e6fe86eb307"}})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x80000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r3}, 0x18)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
perf_event_open(&(0x7f00000008c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x42}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x400e, &(0x7f0000000240)={[{@i_version}, {@nodiscard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@jqfmt_vfsold}, {@quota}]}, 0x2, 0x447, &(0x7f0000000500)="$eJzs28+PE1UcAPDvTLfA8kOqwR/8UFfRSPyxCwsiBy8aTTxoYqIHPK67C0EKa9iaCCGKxuDRkHg3Hk38CzzpxagnE694NyTEcAE91Uw7s9uWdtld2y3azycZ+t7MK+99++a1b+btBDCyJrJ/kojtEXE1InY2s+0FJpovt25cnP3rxsXZJOr1t/5MGuVu3rg4WxQt3retyIxFpJ8lsbdLvYvnL5yeqVbnz+X5qdqZ96cWz194bktEzJ+cPzt97NiRw4deODr9fF/izOK6ueejhX27X3vnyhuzx6+8+/O3SRF/Rxx9MrHSwSfr9T5XN1w7WtLJ2BAbwpqUmsM0yo3xvzNKsdx5O+PVT4faOGCg6vV6/YHehy/Vgf+xJIbdAmA4ih/67Pq32DZo6nFXuP5S8wIoi/tWvjWPjEWalyl3XN/200REHL/091fZFoO5DwEA0Ob7bP7zbLf5Xxqt94XuyddQKhFxb0TcFxFHI2JXRNwf0Sj7YEQ8tMb6OxdJbp//pNfWFdgqZfO/F/O1reZWzPqK16iU8tyORvzlxgrVwfwzORDlzSdOVecPdfm/r+avP7zy2xe96m+d/2Vb1oZiLpi349rY5vb3zM3UZv5l2EuufxKxZ6w1/uLzT5ZWApKI2B0Re9ZZx6mnv9nX61iX+OultvhX0Id1pvrXEU81+/9SdMRfSFrXJ0+dmTnZvj45tSWq8wensrPgYNc6fvn18pu96r9z/w9W1v9bo3v/5ypJ63rt4trruPz75z2vadZ7/m9K3m7b9+FMrXbuUMSm5PVmo5f2l2rnpjvKTS+Xz+I/sL9b/GnjO674JPZGRHYSPxwRj0TEo3nbH4uIxyNi/wrx//TyE++tP/7ByuKfW1P/Lyc2Reee7onS6R+/a6u0spb4s/4/0kgdyPes5vtvNe1a39kMAAAA/z1pRGyPJJ1cSqfp5GTzb/h3xda0urBYe+bEwgdn55rPCFSinBZ3upr3g8tJcf+z0pKf7sgfzu8bf1kab+QnZxeqc8MOHkbcth7jP/NHaditAwbO81owuox/GF3GP4wu4x9GV5fxPz4+jIYAG67b7//HQ2gHsPE6xr9lPxghrv9hdBn/MLqMfxhJi+Nx54fkJSRuS0R6VzRDYkCJYX8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Mc/AQAA//8AOOPp")
truncate(&(0x7f0000000080)='./file1\x00', 0xf62)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x169)
write$binfmt_elf64(r5, 0x0, 0x78)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32=r3, @ANYBLOB, @ANYRES32=0x0, @ANYRES64=r4, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4a, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x807ff, @void, @value}, 0x94)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000400)={0x2, 0x1, 0x10, 0x0, 0x2}, 0xc)
setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="17000000000000"], 0x50)

415.350734ms ago: executing program 2 (id=4315):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)

381.568054ms ago: executing program 2 (id=4317):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/FH50/9GTqJCAqqp7ypiIPbdaAjNKKBUS4sITjmWY2dtrEzVpNwCwJvuuimf9cVRAhCdBEEYhddhRLeddGdd15kV0lEJ+Y0N5tapk7y/brYHvZ8P4fv+bPD9h1s+vjda9GwY4TNlFTXV0l1u+RktkqapVoW5OTI9ZH3+85duHg6EAx2nFXtDHT7/KradGC09+bwobHUjvMvm17XyXjzpekZ/9T47vE909+7r0YcjTgai6fU1L54PGX22Zb233eihuoZ2zIdSyMxx0qW9MN2PJHIqBnrb2xIJC3HUTOW0aiV0VRcU8mMmlfMSEwNw9DGBsHKhtOPAst3Q89nXVdmUu9cty4nruvmX6zfxOmhwubOv+sWnf87lZ4SNlHRTb1exB5Kh9KhwnOhHwhLRGyxpFW88k3y14j7eMSdu1Tyjzf8I8HJo2/fqGqzDNrZ+Xw2HfKU5n3idT2FTEGh7jwV7PBpQWn+P2kozvvFK7vK5/1l87VyuKUob4hXJi9LXGyZGD34Zapr6MFCftCneqIruCT/v/QvHqZnnyt0fgAAAAAAAAAAWAtDfyq7fm/kB9weUNXGJf1CvtzvA0vX51vLrs/XyN6ayu47AAAAAADbhZMZiJq2bSX/ssh/lV+P7fx7xZNbvz94f+fKY1raPBPtH3KJrbBff1B87dkS0ygtZH71abXBnnV+pywWn9ZlO1Xz81t+zMnejy9W3U7tL8dnOWMbf1cCAAAAsBEWP/S3STb8Kp3tOXav0nMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGC7WcNfjk08LNfSfLHzablWpfcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgJT8CAAD//wva0Pw=")
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
renameat2(r2, &(0x7f0000000140)='./file1\x00', r2, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1)

360.073975ms ago: executing program 0 (id=4318):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8ff0000000000ff000044850000000e0000003f0000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffff7, @void, @value}, 0x94)
r1 = open(0x0, 0x4000, 0x0)
preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)

359.687955ms ago: executing program 2 (id=4319):
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x7b74, 0x0, 0x0, 0x0, 0xf}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x8)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x4008000)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x1058, [{0x11}, {0x0, 0x100000000000000}]}, 0x68)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)

254.935816ms ago: executing program 0 (id=4320):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pipe(&(0x7f0000000080))
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r4, &(0x7f0000000140)={0x0, 0x20d302, 0x0}, 0x0)
r5 = dup3(r3, r4, 0x0)
write$qrtrtun(r5, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r5, 0x10f, 0x88)

201.393517ms ago: executing program 0 (id=4321):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=0x0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=0x0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000080)='./file1\x00', 0x8014, &(0x7f0000000000)=ANY=[], 0x3, 0x7c9, &(0x7f0000000200)="$eJzs3U1oHPfZAPBnZMlxFDAm74vfYBxn7OQFBxxltXKUV+SQbFYjeZLVrthdvdiUkppYDsJyEpKGNr4kppC0paX01GOaa2+9tRRa6KEfl0Jz6KW3QE4lhX6REgoqM7srS9Zn/CEn9e8nrPnvzPOf/zOz63l2VruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+uVMaTaOTNhbPp1urT7dbcNssH6/vFusk6z6wbNyIp/sWBA/HJ33rz/vva4sPFrxNxtHfraBwoJgfiyn2HDz31X8NDg/7bJHSjju8yLol4u0jq0vnl5cXX0nTodiSzR779s8/c5Z8rxe/ZrJl3Ip+rzWZp3mmlU5OTlcfPzHTSmbyRdc51utlcWm9ntW6rnZ6sP5qOT01NpNnYudZCc3a61sgGM598rFqpTKbPjc1ntXan1Xz8uejUz+SNRt6cLWOqla9FEfNk8UB8Pu+m3aw2l6YXl5YXJ3ZKtQga32zBvt5ddvSRQx+98eFflxaLB+RWK0n6D8zq+Hi1Oj75xNQTT1Yqw9VKdf2MynViNSKGIoqI2/Kg5Qvk1h7A4SYM9et/NCKPZizE2Ug3+RmJekxHO1oxV9z+w8iGiL5B/f/fx//8u+3GXVv/B1X+gWuLj0RZ/4/1bh3bqv5vmute/rweb8aVuBTnYzmWYzFeu+MZ7fAzdLNrSNbdmo0smpFHJ1qRx1zUyjlpf04aUzEZk1GJF+JMzEQn0piJPBqRRSfORSe6kZWPqHq0I4tadKMV7UjjZNTj0UhjPKZiKiYijSzG4ly0YiGaMRvTUSvXcjGWyv0+cV2Wh++Nn770+4/eK9qrQePbbVbxZK4I+ss2QRvK/bb1f2WleL5wfYT6fxfYv93C23AUhxuzMqj/AAAAwH+spHz1vTj/H4kHy9ZM3si+dKfTAgAAAG6h8i//R4vJSNF6MJLi/L+ySeQHe54bAAAAcGsk5WfskogYjYd6rYuxFG/HYmz2IkBEHNrrFAEAAICbVP79/1gxGY14q5wxuFzKFuf/AAAAwBfNN7e6xv6Hg2vsdubvSX4+EhEjydX5s48kl2tFXO3yvl6//uT/V9fYnTmSHOyvpJxMDl+5L4mI4Xp2NBlc/fJf9/SmH5e/jwyvdt/qWv9Ju71tArF9AuWt+E4c78Ucv1BO7ut3GU56o4zO5I1srN5qPFVeErH4133j5aWvRxSjf6s5dzCJi0vLi2MvvrJ8oczlatH96uX+BRQ3XEdxm1xW+nsgHtx8i0fKD2L0xx3tjVtZu/1Dve5D24+ZrB3znTjRizkx2puODpb0xjxQjDk+9tR41GoHh7rZ2e4bK2u2vp/F+OqWj9zQlr8TD/diHj75cG+ySRbVdVm8vDGL6tr9v7t9sess3jv+1tl//KqVZBM7ZTHxGbJY2RdxfRYAd8rF8qo/16rQvWUV+nSlp6j/vbpbFKtaL6BvF8fav18bZfVZxqD/mlo3HNdX96HVA+PuqvtK9I7oJ3sxJ3vPJ4aPbFJXKpsc0V9devXX/SP66R/94IdfPvabH5fj3kh1e+SZ357uxTzaj73/l1vU2GKbv3tdVX2/6PH+luN2GtUkrkbs++rlV+Pw629eeWzp8vmXFl9afLlanZisnK5Unqju78eOlM8YtqmAANy9dv6OnS0jBnUmOX3dWXVcWF937199S8FYvBivxHJciFPlpw0i4qHNxx1d8zaEUzuctY6u+YaXUzucW16LrW6MTWKL2Ik1e+x/vl9OPrktdwcA7IkTO9Thber/6ivzp3Y4715fy/unxYOz49i6lm/m/27r3gCAu0PW/jgZ7b6btNv5/AvjU1Pjte6ZLG236s+n7Xx6NkvzZjdr18/UmrNZOt9udVv1wQvH01kn7SzMz7fa3XSm1U5jqJOfLb/5Pe1/9Xsnm6s1u3m9M9/Iap0srbea3Vq9m07nnXo6v/BsI++cydpl5858Vs9n8nqtm7eaaae10K5nY2naybI1gfl01uzmM3nRbKbz7Xyu1r4aEY2FuSydzjr1dj7fbfVWOBgrb8602nPlasc2bv6f9np/A8DnwetvXrl0fnl58bUba/xxN8F3ehsBgPVUaQAAAAAAAAAAAAAA+Pxbff//oUGjmHsTnwj8bI174rYPcdc2ijvyc5DGnW185emnL20V8+xbD5zZ3Xpit5+UjXcPRuz/yfd6c57ZOvgb/f9/t2ZLP4iIG+i+kmyy6NOVXmPdYWL/3h+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCjfwcAAP//wmpdDQ==") (async)
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000080)='./file1\x00', 0x8014, &(0x7f0000000000)=ANY=[], 0x3, 0x7c9, &(0x7f0000000200)="$eJzs3U1oHPfZAPBnZMlxFDAm74vfYBxn7OQFBxxltXKUV+SQbFYjeZLVrthdvdiUkppYDsJyEpKGNr4kppC0paX01GOaa2+9tRRa6KEfl0Jz6KW3QE4lhX6REgoqM7srS9Zn/CEn9e8nrPnvzPOf/zOz63l2VruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+uVMaTaOTNhbPp1urT7dbcNssH6/vFusk6z6wbNyIp/sWBA/HJ33rz/vva4sPFrxNxtHfraBwoJgfiyn2HDz31X8NDg/7bJHSjju8yLol4u0jq0vnl5cXX0nTodiSzR779s8/c5Z8rxe/ZrJl3Ip+rzWZp3mmlU5OTlcfPzHTSmbyRdc51utlcWm9ntW6rnZ6sP5qOT01NpNnYudZCc3a61sgGM598rFqpTKbPjc1ntXan1Xz8uejUz+SNRt6cLWOqla9FEfNk8UB8Pu+m3aw2l6YXl5YXJ3ZKtQga32zBvt5ddvSRQx+98eFflxaLB+RWK0n6D8zq+Hi1Oj75xNQTT1Yqw9VKdf2MynViNSKGIoqI2/Kg5Qvk1h7A4SYM9et/NCKPZizE2Ug3+RmJekxHO1oxV9z+w8iGiL5B/f/fx//8u+3GXVv/B1X+gWuLj0RZ/4/1bh3bqv5vmute/rweb8aVuBTnYzmWYzFeu+MZ7fAzdLNrSNbdmo0smpFHJ1qRx1zUyjlpf04aUzEZk1GJF+JMzEQn0piJPBqRRSfORSe6kZWPqHq0I4tadKMV7UjjZNTj0UhjPKZiKiYijSzG4ly0YiGaMRvTUSvXcjGWyv0+cV2Wh++Nn770+4/eK9qrQePbbVbxZK4I+ss2QRvK/bb1f2WleL5wfYT6fxfYv93C23AUhxuzMqj/AAAAwH+spHz1vTj/H4kHy9ZM3si+dKfTAgAAAG6h8i//R4vJSNF6MJLi/L+ySeQHe54bAAAAcGsk5WfskogYjYd6rYuxFG/HYmz2IkBEHNrrFAEAAICbVP79/1gxGY14q5wxuFzKFuf/AAAAwBfNN7e6xv6Hg2vsdubvSX4+EhEjydX5s48kl2tFXO3yvl6//uT/V9fYnTmSHOyvpJxMDl+5L4mI4Xp2NBlc/fJf9/SmH5e/jwyvdt/qWv9Ju71tArF9AuWt+E4c78Ucv1BO7ut3GU56o4zO5I1srN5qPFVeErH4133j5aWvRxSjf6s5dzCJi0vLi2MvvrJ8oczlatH96uX+BRQ3XEdxm1xW+nsgHtx8i0fKD2L0xx3tjVtZu/1Dve5D24+ZrB3znTjRizkx2puODpb0xjxQjDk+9tR41GoHh7rZ2e4bK2u2vp/F+OqWj9zQlr8TD/diHj75cG+ySRbVdVm8vDGL6tr9v7t9sess3jv+1tl//KqVZBM7ZTHxGbJY2RdxfRYAd8rF8qo/16rQvWUV+nSlp6j/vbpbFKtaL6BvF8fav18bZfVZxqD/mlo3HNdX96HVA+PuqvtK9I7oJ3sxJ3vPJ4aPbFJXKpsc0V9devXX/SP66R/94IdfPvabH5fj3kh1e+SZ357uxTzaj73/l1vU2GKbv3tdVX2/6PH+luN2GtUkrkbs++rlV+Pw629eeWzp8vmXFl9afLlanZisnK5Unqju78eOlM8YtqmAANy9dv6OnS0jBnUmOX3dWXVcWF937199S8FYvBivxHJciFPlpw0i4qHNxx1d8zaEUzuctY6u+YaXUzucW16LrW6MTWKL2Ik1e+x/vl9OPrktdwcA7IkTO9Thber/6ivzp3Y4715fy/unxYOz49i6lm/m/27r3gCAu0PW/jgZ7b6btNv5/AvjU1Pjte6ZLG236s+n7Xx6NkvzZjdr18/UmrNZOt9udVv1wQvH01kn7SzMz7fa3XSm1U5jqJOfLb/5Pe1/9Xsnm6s1u3m9M9/Iap0srbea3Vq9m07nnXo6v/BsI++cydpl5858Vs9n8nqtm7eaaae10K5nY2naybI1gfl01uzmM3nRbKbz7Xyu1r4aEY2FuSydzjr1dj7fbfVWOBgrb8602nPlasc2bv6f9np/A8DnwetvXrl0fnl58bUba/xxN8F3ehsBgPVUaQAAAAAAAAAAAAAA+Pxbff//oUGjmHsTnwj8bI174rYPcdc2ijvyc5DGnW185emnL20V8+xbD5zZ3Xpit5+UjXcPRuz/yfd6c57ZOvgb/f9/t2ZLP4iIG+i+kmyy6NOVXmPdYWL/3h+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCjfwcAAP//wmpdDQ==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) (async)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x38, &(0x7f00000000c0)=0x2009, 0x4)
sendto$inet6(r2, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c)

169.278287ms ago: executing program 0 (id=4322):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xbc2b, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r2}, 0x10)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
close(r3)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x6, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r4}, &(0x7f0000000500), &(0x7f0000000540)='%pi6   \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x18)

152.075868ms ago: executing program 0 (id=4323):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0x13}, 0x400, 0xffffffff, 0x6, 0x6, 0x0, 0x1, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0)

71.580879ms ago: executing program 0 (id=4324):
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10002, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000400), &(0x7f00000004c0)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r2, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x4000000)
setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r4}, 0x10)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @remote}})
ioctl$sock_inet_SIOCSIFADDR(r3, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})

71.220389ms ago: executing program 5 (id=4325):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x6}, 0x18)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="540000000008010100000000000000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000)

70.845259ms ago: executing program 5 (id=4326):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10)
listen(r0, 0x3)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x100000000, 0x8}, 0x8, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0)

31.132179ms ago: executing program 5 (id=4327):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)

0s ago: executing program 5 (id=4328):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x45)
r2 = syz_io_uring_setup(0x44f, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f0000000440)='./file0\x00')
readlink(&(0x7f00000012c0)='./file0/../file0\x00', &(0x7f0000001580)=""/84, 0x54)
syz_io_uring_setup(0x1725, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(r2, 0x2dbe, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 6 (id=4329):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f00000002c0)={0x5, &(0x7f0000000280)=[{0x0, 0xa5, 0xf, 0x5}, {0x7f, 0xe, 0x80, 0xd}, {0xa4c9, 0x4, 0x9, 0x1f0}, {0x1, 0x2b, 0x7, 0x8}, {0x3, 0x3, 0x9, 0x7}]}) (async)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r2 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000080)={'some', 0x20, 0x8, 0x20, 0x6}, 0x2f) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c00050800000000fddbdf2507000000", @ANYRES32=r3, @ANYBLOB="400000060a000200aa"], 0x28}, 0x1, 0x0, 0x0, 0x40051}, 0x40c0) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
socket$xdp(0x2c, 0x3, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) (async)
fsync(0xffffffffffffffff)

kernel console output (not intermixed with test programs):

ip=0x7f192410e169 code=0x7ffc0000
[  213.761259][T12643] FAULT_INJECTION: forcing a failure.
[  213.761259][T12643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  213.774447][T12643] CPU: 0 UID: 0 PID: 12643 Comm: syz.5.3351 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  213.774479][T12643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  213.774530][T12643] Call Trace:
[  213.774536][T12643]  <TASK>
[  213.774544][T12643]  dump_stack_lvl+0xf6/0x150
[  213.774571][T12643]  dump_stack+0x15/0x1a
[  213.774590][T12643]  should_fail_ex+0x261/0x270
[  213.774617][T12643]  should_fail+0xb/0x10
[  213.774651][T12643]  should_fail_usercopy+0x1a/0x20
[  213.774708][T12643]  _copy_from_iter+0xd8/0xd10
[  213.774733][T12643]  ? kmalloc_reserve+0x16e/0x190
[  213.774755][T12643]  ? __build_skb_around+0x199/0x1f0
[  213.774885][T12643]  ? __alloc_skb+0x227/0x320
[  213.774910][T12643]  ? __virt_addr_valid+0x1ed/0x250
[  213.774927][T12643]  ? __check_object_size+0x367/0x510
[  213.775020][T12643]  netlink_sendmsg+0x492/0x720
[  213.775048][T12643]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.775075][T12643]  __sock_sendmsg+0x140/0x180
[  213.775103][T12643]  ____sys_sendmsg+0x350/0x4e0
[  213.775128][T12643]  __sys_sendmsg+0x1a0/0x240
[  213.775255][T12643]  __x64_sys_sendmsg+0x46/0x50
[  213.775276][T12643]  x64_sys_call+0x26f3/0x2e10
[  213.775294][T12643]  do_syscall_64+0xc9/0x1a0
[  213.775316][T12643]  ? clear_bhb_loop+0x25/0x80
[  213.775336][T12643]  ? clear_bhb_loop+0x25/0x80
[  213.775360][T12643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.775382][T12643] RIP: 0033:0x7f0471e5e169
[  213.775394][T12643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.775410][T12643] RSP: 002b:00007f04704c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.775429][T12643] RAX: ffffffffffffffda RBX: 00007f0472085fa0 RCX: 00007f0471e5e169
[  213.775489][T12643] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  213.775500][T12643] RBP: 00007f04704c7090 R08: 0000000000000000 R09: 0000000000000000
[  213.775509][T12643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.775519][T12643] R13: 0000000000000000 R14: 00007f0472085fa0 R15: 00007ffe10bfb8e8
[  213.775535][T12643]  </TASK>
[  213.779766][T12586] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.997606][T12586] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.005394][T12586] bridge_slave_0: entered allmulticast mode
[  214.011849][T12586] bridge_slave_0: entered promiscuous mode
[  214.018766][T12586] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.025901][T12586] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.033146][T12586] bridge_slave_1: entered allmulticast mode
[  214.040885][T12586] bridge_slave_1: entered promiscuous mode
[  214.057336][T12651] hsr_slave_0: left promiscuous mode
[  214.063112][T12651] hsr_slave_1: left promiscuous mode
[  214.086114][T12586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.112056][T12586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  214.207859][T12586] team0: Port device team_slave_0 added
[  214.216308][T12586] team0: Port device team_slave_1 added
[  214.289293][T12586] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.296315][T12586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.322342][T12586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.340842][T12586] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.347949][T12586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.373913][T12586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  214.442141][T12586] hsr_slave_0: entered promiscuous mode
[  214.502809][T12586] hsr_slave_1: entered promiscuous mode
[  214.905383][T12683] loop5: detected capacity change from 0 to 128
[  214.983924][T12586] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  214.983985][T12683] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  215.003529][T12683] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.006408][T12586] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  215.023056][T12586] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  215.032229][T12586] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  215.053943][ T7975] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  215.091523][T12586] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.104591][T12586] 8021q: adding VLAN 0 to HW filter on device team0
[  215.114054][ T9781] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.121174][ T9781] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.134251][ T9781] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.141410][ T9781] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.186284][T12696] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  215.194800][T12696] tipc: Enabled bearer <udp:syz1>, priority 10
[  215.221529][T12586] 8021q: adding VLAN 0 to HW filter on device batadv0
[  215.377450][T12718] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.3370' sets config #1
[  215.383403][T12586] veth0_vlan: entered promiscuous mode
[  215.403616][T12586] veth1_vlan: entered promiscuous mode
[  215.421663][T12586] veth0_macvtap: entered promiscuous mode
[  215.446165][T12586] veth1_macvtap: entered promiscuous mode
[  215.461354][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.472020][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.481886][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.492395][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.502258][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.512838][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.522895][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.533475][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.544229][T12586] batman_adv: batadv0: Interface activated: batadv_slave_0
[  215.557232][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.567833][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.577760][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.588232][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.598076][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.608729][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.618688][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.629146][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.643542][T12586] batman_adv: batadv0: Interface activated: batadv_slave_1
[  215.654285][T12586] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  215.663077][T12586] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  215.671857][T12586] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  215.680738][T12586] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.808693][T12731] __nla_validate_parse: 5 callbacks suppressed
[  215.808723][T12731] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3333'.
[  215.946937][T12744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.955637][T12744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.963533][T12745] openvswitch: netlink: Message has 6 unknown bytes.
[  216.054566][T12745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3377'.
[  216.222214][T12752] loop5: detected capacity change from 0 to 4096
[  216.231417][T12752] EXT4-fs: Ignoring removed nomblk_io_submit option
[  216.241286][T12752] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  216.340809][T12762] FAULT_INJECTION: forcing a failure.
[  216.340809][T12762] name failslab, interval 1, probability 0, space 0, times 0
[  216.353634][T12762] CPU: 0 UID: 0 PID: 12762 Comm: syz.2.3386 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  216.353663][T12762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  216.353674][T12762] Call Trace:
[  216.353681][T12762]  <TASK>
[  216.353697][T12762]  dump_stack_lvl+0xf6/0x150
[  216.353726][T12762]  dump_stack+0x15/0x1a
[  216.353754][T12762]  should_fail_ex+0x261/0x270
[  216.353784][T12762]  should_failslab+0x8f/0xb0
[  216.353804][T12762]  kmem_cache_alloc_noprof+0x59/0x340
[  216.353913][T12762]  ? getname_flags+0x81/0x3b0
[  216.353941][T12762]  ? vfs_write+0x669/0x950
[  216.353959][T12762]  getname_flags+0x81/0x3b0
[  216.353981][T12762]  user_path_at+0x26/0x140
[  216.354008][T12762]  __se_sys_utime+0xbf/0x1d0
[  216.354041][T12762]  __x64_sys_utime+0x31/0x40
[  216.354142][T12762]  x64_sys_call+0x2b71/0x2e10
[  216.354167][T12762]  do_syscall_64+0xc9/0x1a0
[  216.354197][T12762]  ? clear_bhb_loop+0x25/0x80
[  216.354297][T12762]  ? clear_bhb_loop+0x25/0x80
[  216.354322][T12762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.354347][T12762] RIP: 0033:0x7f8ce291e169
[  216.354366][T12762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.354388][T12762] RSP: 002b:00007f8ce0f87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000084
[  216.354410][T12762] RAX: ffffffffffffffda RBX: 00007f8ce2b45fa0 RCX: 00007f8ce291e169
[  216.354424][T12762] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000200000000140
[  216.354434][T12762] RBP: 00007f8ce0f87090 R08: 0000000000000000 R09: 0000000000000000
[  216.354462][T12762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.354473][T12762] R13: 0000000000000001 R14: 00007f8ce2b45fa0 R15: 00007ffcbda95718
[  216.354491][T12762]  </TASK>
[  216.568854][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.593783][T12767] loop5: detected capacity change from 0 to 1024
[  216.600963][T12767] EXT4-fs: test_dummy_encryption option not supported
[  216.747513][T12774] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3391'.
[  216.818683][T12791] FAULT_INJECTION: forcing a failure.
[  216.818683][T12791] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.831829][T12791] CPU: 1 UID: 0 PID: 12791 Comm: syz.0.3396 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  216.831873][T12791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  216.831935][T12791] Call Trace:
[  216.831941][T12791]  <TASK>
[  216.831951][T12791]  dump_stack_lvl+0xf6/0x150
[  216.831977][T12791]  dump_stack+0x15/0x1a
[  216.831997][T12791]  should_fail_ex+0x261/0x270
[  216.832025][T12791]  should_fail+0xb/0x10
[  216.832098][T12791]  should_fail_usercopy+0x1a/0x20
[  216.832129][T12791]  _copy_from_user+0x1c/0xa0
[  216.832239][T12791]  __sys_bpf+0x16a/0x800
[  216.832274][T12791]  __x64_sys_bpf+0x43/0x50
[  216.832299][T12791]  x64_sys_call+0x23da/0x2e10
[  216.832321][T12791]  do_syscall_64+0xc9/0x1a0
[  216.832391][T12791]  ? clear_bhb_loop+0x25/0x80
[  216.832412][T12791]  ? clear_bhb_loop+0x25/0x80
[  216.832433][T12791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.832453][T12791] RIP: 0033:0x7f192410e169
[  216.832467][T12791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.832485][T12791] RSP: 002b:00007f1922777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  216.832503][T12791] RAX: ffffffffffffffda RBX: 00007f1924335fa0 RCX: 00007f192410e169
[  216.832526][T12791] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 0000000000000018
[  216.832537][T12791] RBP: 00007f1922777090 R08: 0000000000000000 R09: 0000000000000000
[  216.832549][T12791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.832560][T12791] R13: 0000000000000000 R14: 00007f1924335fa0 R15: 00007ffef9b31518
[  216.832578][T12791]  </TASK>
[  216.840027][T12789] tipc: Started in network mode
[  217.006100][T12789] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  217.015609][T12789] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  217.023999][T12789] tipc: Enabled bearer <udp:syz1>, priority 10
[  217.120992][T12812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3405'.
[  217.173993][T12820] netlink: 'syz.0.3407': attribute type 1 has an invalid length.
[  217.182159][T12820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3407'.
[  217.321928][T12840] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3417'.
[  217.467701][T12848] netlink: 'syz.5.3420': attribute type 1 has an invalid length.
[  217.593205][T12873] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3430'.
[  217.647669][T12869] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3427'.
[  217.765936][T12888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3435'.
[  217.801695][T12898] FAULT_INJECTION: forcing a failure.
[  217.801695][T12898] name failslab, interval 1, probability 0, space 0, times 0
[  217.814743][T12898] CPU: 1 UID: 0 PID: 12898 Comm: syz.2.3439 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  217.814777][T12898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  217.814791][T12898] Call Trace:
[  217.814797][T12898]  <TASK>
[  217.814806][T12898]  dump_stack_lvl+0xf6/0x150
[  217.814907][T12898]  dump_stack+0x15/0x1a
[  217.814925][T12898]  should_fail_ex+0x261/0x270
[  217.814954][T12898]  should_failslab+0x8f/0xb0
[  217.815049][T12898]  kmem_cache_alloc_noprof+0x59/0x340
[  217.815079][T12898]  ? alloc_empty_file+0x78/0x200
[  217.815109][T12898]  alloc_empty_file+0x78/0x200
[  217.815140][T12898]  path_openat+0x6f/0x2000
[  217.815233][T12898]  ? mntput+0x49/0x70
[  217.815330][T12898]  ? path_openat+0x1ab2/0x2000
[  217.815365][T12898]  ? _parse_integer_limit+0x167/0x180
[  217.815410][T12898]  do_filp_open+0x115/0x240
[  217.815457][T12898]  do_open_execat+0xd5/0x280
[  217.815572][T12898]  alloc_bprm+0x2a/0x680
[  217.815601][T12898]  do_execveat_common+0x12b/0x7e0
[  217.815623][T12898]  ? getname_flags+0x15a/0x3b0
[  217.815652][T12898]  __x64_sys_execveat+0x75/0x90
[  217.815725][T12898]  x64_sys_call+0x2ac7/0x2e10
[  217.815821][T12898]  do_syscall_64+0xc9/0x1a0
[  217.815876][T12898]  ? clear_bhb_loop+0x25/0x80
[  217.815896][T12898]  ? clear_bhb_loop+0x25/0x80
[  217.815915][T12898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.815933][T12898] RIP: 0033:0x7f8ce291e169
[  217.815978][T12898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.815999][T12898] RSP: 002b:00007f8ce0f87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  217.816018][T12898] RAX: ffffffffffffffda RBX: 00007f8ce2b45fa0 RCX: 00007f8ce291e169
[  217.816029][T12898] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  217.816040][T12898] RBP: 00007f8ce0f87090 R08: 0000000000001000 R09: 0000000000000000
[  217.816098][T12898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.816111][T12898] R13: 0000000000000000 R14: 00007f8ce2b45fa0 R15: 00007ffcbda95718
[  217.816128][T12898]  </TASK>
[  218.037288][   T36] tipc: Node number set to 1
[  218.047709][   T29] kauditd_printk_skb: 39 callbacks suppressed
[  218.047727][   T29] audit: type=1400 audit(1745144973.057:18213): avc:  denied  { bind } for  pid=12901 comm="syz.0.3441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  218.076728][   T29] audit: type=1400 audit(1745144973.077:18214): avc:  denied  { listen } for  pid=12904 comm="syz.6.3442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  218.097001][   T29] audit: type=1400 audit(1745144973.077:18215): avc:  denied  { accept } for  pid=12904 comm="syz.6.3442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  218.117150][   T29] audit: type=1400 audit(1745144973.097:18216): avc:  denied  { read } for  pid=12901 comm="syz.0.3441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  218.140575][T12892] loop5: detected capacity change from 0 to 128
[  218.157839][   T29] audit: type=1326 audit(1745144973.167:18217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12904 comm="syz.6.3442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab80eae169 code=0x7ffc0000
[  218.181770][   T29] audit: type=1326 audit(1745144973.167:18218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12904 comm="syz.6.3442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fab80eae169 code=0x7ffc0000
[  218.205660][   T29] audit: type=1326 audit(1745144973.167:18219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12904 comm="syz.6.3442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab80eae169 code=0x7ffc0000
[  218.229318][   T29] audit: type=1326 audit(1745144973.167:18220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12904 comm="syz.6.3442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fab80eae169 code=0x7ffc0000
[  218.252979][   T29] audit: type=1400 audit(1745144973.167:18221): avc:  denied  { wake_alarm } for  pid=12904 comm="syz.6.3442" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  218.274399][   T29] audit: type=1326 audit(1745144973.167:18222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12904 comm="syz.6.3442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab80eae169 code=0x7ffc0000
[  218.300665][T12911] program syz.1.3443 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  218.312613][T12911] smc: net device bond0 applied user defined pnetid SYZ0
[  218.320226][T12911] smc: net device bond0 erased user defined pnetid SYZ0
[  218.341750][T12892] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  218.366513][T12892] ext4 filesystem being mounted at /347/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  218.423080][T12925] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3448'.
[  218.432851][ T7975] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  218.470844][T12935] loop6: detected capacity change from 0 to 128
[  218.599098][T12954] loop6: detected capacity change from 0 to 128
[  219.041464][T12970] loop5: detected capacity change from 0 to 128
[  219.100234][T12974] loop5: detected capacity change from 0 to 2048
[  219.134737][T12974]  loop5: p1 < > p4
[  219.139329][T12974] loop5: p4 size 8388608 extends beyond EOD, truncated
[  219.265358][T12985] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  219.286281][T12986] loop5: detected capacity change from 0 to 2048
[  219.457506][T12986]  loop5: p1 < > p4
[  219.462280][T12986] loop5: p4 size 8388608 extends beyond EOD, truncated
[  219.480698][T12994] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  219.552541][T13005] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  219.556233][T13006] FAULT_INJECTION: forcing a failure.
[  219.556233][T13006] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.573032][T13006] CPU: 1 UID: 0 PID: 13006 Comm: syz.1.3480 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  219.573127][T13006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  219.573139][T13006] Call Trace:
[  219.573144][T13006]  <TASK>
[  219.573150][T13006]  dump_stack_lvl+0xf6/0x150
[  219.573187][T13006]  dump_stack+0x15/0x1a
[  219.573204][T13006]  should_fail_ex+0x261/0x270
[  219.573266][T13006]  should_fail+0xb/0x10
[  219.573285][T13006]  should_fail_usercopy+0x1a/0x20
[  219.573313][T13006]  _copy_from_user+0x1c/0xa0
[  219.573345][T13006]  copy_msghdr_from_user+0x54/0x2b0
[  219.573373][T13006]  ? __fget_files+0x186/0x1c0
[  219.573408][T13006]  __sys_sendmsg+0x141/0x240
[  219.573448][T13006]  __x64_sys_sendmsg+0x46/0x50
[  219.573471][T13006]  x64_sys_call+0x26f3/0x2e10
[  219.573490][T13006]  do_syscall_64+0xc9/0x1a0
[  219.573634][T13006]  ? clear_bhb_loop+0x25/0x80
[  219.573666][T13006]  ? clear_bhb_loop+0x25/0x80
[  219.573686][T13006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.573779][T13006] RIP: 0033:0x7fc05ecae169
[  219.573796][T13006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.573818][T13006] RSP: 002b:00007fc05d317038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  219.573841][T13006] RAX: ffffffffffffffda RBX: 00007fc05eed5fa0 RCX: 00007fc05ecae169
[  219.573855][T13006] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000003
[  219.573927][T13006] RBP: 00007fc05d317090 R08: 0000000000000000 R09: 0000000000000000
[  219.573942][T13006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.573955][T13006] R13: 0000000000000000 R14: 00007fc05eed5fa0 R15: 00007fffef11c958
[  219.573975][T13006]  </TASK>
[  219.759329][T13008] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  219.804670][T13019] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.3484' sets config #1
[  219.823249][T13015] syz.5.3478 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  219.854074][T13015] 0猉功D: renamed from gretap0 (while UP)
[  219.868337][T13015] 0猉功D: entered allmulticast mode
[  219.881745][T13015] A link change request failed with some changes committed already. Interface 
30猉功D may have been left with an inconsistent configuration, please check.
[  219.917006][T13030] netlink: 'syz.5.3478': attribute type 1 has an invalid length.
[  220.030723][T13042] block device autoloading is deprecated and will be removed.
[  220.038348][T13042] syz.6.3493: attempt to access beyond end of device
[  220.038348][T13042] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  220.062844][T13043] loop5: detected capacity change from 0 to 128
[  220.086175][T13046] loop6: detected capacity change from 0 to 128
[  220.150378][T13050] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  220.199151][T13061] FAULT_INJECTION: forcing a failure.
[  220.199151][T13061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.212388][T13061] CPU: 1 UID: 0 PID: 13061 Comm: syz.5.3500 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  220.212421][T13061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  220.212436][T13061] Call Trace:
[  220.212442][T13061]  <TASK>
[  220.212450][T13061]  dump_stack_lvl+0xf6/0x150
[  220.212480][T13061]  dump_stack+0x15/0x1a
[  220.212499][T13061]  should_fail_ex+0x261/0x270
[  220.212586][T13061]  should_fail+0xb/0x10
[  220.212611][T13061]  should_fail_usercopy+0x1a/0x20
[  220.212642][T13061]  _copy_from_user+0x1c/0xa0
[  220.212692][T13061]  copy_msghdr_from_user+0x54/0x2b0
[  220.212790][T13061]  ? __fget_files+0x186/0x1c0
[  220.212820][T13061]  __sys_sendmsg+0x141/0x240
[  220.212941][T13061]  __x64_sys_sendmsg+0x46/0x50
[  220.212970][T13061]  x64_sys_call+0x26f3/0x2e10
[  220.212996][T13061]  do_syscall_64+0xc9/0x1a0
[  220.213027][T13061]  ? clear_bhb_loop+0x25/0x80
[  220.213072][T13061]  ? clear_bhb_loop+0x25/0x80
[  220.213096][T13061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.213230][T13061] RIP: 0033:0x7f0471e5e169
[  220.213247][T13061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.213264][T13061] RSP: 002b:00007f04704c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  220.213281][T13061] RAX: ffffffffffffffda RBX: 00007f0472085fa0 RCX: 00007f0471e5e169
[  220.213295][T13061] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000003
[  220.213311][T13061] RBP: 00007f04704c7090 R08: 0000000000000000 R09: 0000000000000000
[  220.213325][T13061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.213338][T13061] R13: 0000000000000000 R14: 00007f0472085fa0 R15: 00007ffe10bfb8e8
[  220.213423][T13061]  </TASK>
[  220.462736][T13076] Cannot find add_set index 0 as target
[  220.473166][T13076] loop6: detected capacity change from 0 to 1024
[  220.499863][T13076] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.531505][T13064] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.3501: Allocating blocks 497-513 which overlap fs metadata
[  220.546728][T13064] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[  220.559320][T13064] EXT4-fs (loop6): This should not happen!! Data will be lost
[  220.559320][T13064] 
[  220.579348][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.727513][T13101] loop5: detected capacity change from 0 to 2048
[  220.752932][T13105] FAULT_INJECTION: forcing a failure.
[  220.752932][T13105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.766180][T13105] CPU: 1 UID: 0 PID: 13105 Comm: syz.6.3518 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  220.766272][T13105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  220.766290][T13105] Call Trace:
[  220.766296][T13105]  <TASK>
[  220.766304][T13105]  dump_stack_lvl+0xf6/0x150
[  220.766333][T13105]  dump_stack+0x15/0x1a
[  220.766370][T13105]  should_fail_ex+0x261/0x270
[  220.766396][T13105]  should_fail+0xb/0x10
[  220.766438][T13105]  should_fail_usercopy+0x1a/0x20
[  220.766468][T13105]  _copy_from_user+0x1c/0xa0
[  220.766582][T13105]  __sys_bpf+0x16a/0x800
[  220.766638][T13105]  __x64_sys_bpf+0x43/0x50
[  220.766669][T13105]  x64_sys_call+0x23da/0x2e10
[  220.766721][T13105]  do_syscall_64+0xc9/0x1a0
[  220.766814][T13105]  ? clear_bhb_loop+0x25/0x80
[  220.766839][T13105]  ? clear_bhb_loop+0x25/0x80
[  220.766864][T13105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.766887][T13105] RIP: 0033:0x7fab80eae169
[  220.766905][T13105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.766948][T13105] RSP: 002b:00007fab7f517038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  220.766971][T13105] RAX: ffffffffffffffda RBX: 00007fab810d5fa0 RCX: 00007fab80eae169
[  220.766997][T13105] RDX: 0000000000000048 RSI: 0000200000000140 RDI: 0000000000000000
[  220.767062][T13105] RBP: 00007fab7f517090 R08: 0000000000000000 R09: 0000000000000000
[  220.767079][T13105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.767093][T13105] R13: 0000000000000000 R14: 00007fab810d5fa0 R15: 00007ffed7e51ba8
[  220.767116][T13105]  </TASK>
[  220.775129][T13101]  loop5: p1 < > p4
[  220.823994][T13107] tipc: Started in network mode
[  220.828907][T13109] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.3519' sets config #1
[  220.830504][T13107] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  220.845327][T13101] loop5: p4 size 8388608 extends beyond EOD, 
[  220.870169][T13107] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  220.888094][T13101] truncated
[  220.896767][T13107] tipc: Enabled bearer <udp:syz1>, priority 10
[  221.102800][T13127] loop5: detected capacity change from 0 to 512
[  221.111849][T13118] __nla_validate_parse: 7 callbacks suppressed
[  221.111868][T13118] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3524'.
[  221.129239][T13127] EXT4-fs: Ignoring removed nomblk_io_submit option
[  221.159306][T13127] EXT4-fs: Ignoring removed mblk_io_submit option
[  221.205790][T13127] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  221.215096][T13127] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2
[  221.223658][T13127] EXT4-fs (loop5): 1 truncate cleaned up
[  221.231050][T13127] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.266312][T13112] loop6: detected capacity change from 0 to 512
[  221.286069][T13141] netlink: 'syz.2.3526': attribute type 1 has an invalid length.
[  221.286347][T13112] EXT4-fs: Ignoring removed i_version option
[  221.326566][T13112] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  221.352457][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.373827][T13112] EXT4-fs (loop6): 1 truncate cleaned up
[  221.403818][T13112] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.410653][T13151] syz.2.3531: attempt to access beyond end of device
[  221.410653][T13151] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  221.458346][T13109] pim6reg: entered allmulticast mode
[  221.480146][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.573025][T13167] tipc: Started in network mode
[  221.578068][T13167] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  221.605689][T13169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3537'.
[  221.764996][T13167] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  221.773370][T13167] tipc: Enabled bearer <udp:syz1>, priority 10
[  221.894381][   T23] tipc: Node number set to 1
[  221.926718][T13175] loop5: detected capacity change from 0 to 2048
[  221.958021][T13175] EXT4-fs: Ignoring removed i_version option
[  222.057377][T13175] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.070585][T13179] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3539'.
[  222.091766][T13183] FAULT_INJECTION: forcing a failure.
[  222.091766][T13183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  222.105055][T13183] CPU: 1 UID: 0 PID: 13183 Comm: syz.0.3541 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  222.105088][T13183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  222.105142][T13183] Call Trace:
[  222.105149][T13183]  <TASK>
[  222.105159][T13183]  dump_stack_lvl+0xf6/0x150
[  222.105188][T13183]  dump_stack+0x15/0x1a
[  222.105211][T13183]  should_fail_ex+0x261/0x270
[  222.105236][T13183]  should_fail+0xb/0x10
[  222.105268][T13183]  should_fail_usercopy+0x1a/0x20
[  222.105293][T13183]  _copy_to_user+0x20/0xa0
[  222.105329][T13183]  simple_read_from_buffer+0xb2/0x130
[  222.105374][T13183]  proc_fail_nth_read+0x103/0x140
[  222.105431][T13183]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  222.105496][T13183]  vfs_read+0x1b2/0x710
[  222.105514][T13183]  ? __rcu_read_unlock+0x4e/0x70
[  222.105538][T13183]  ? __fget_files+0x186/0x1c0
[  222.105645][T13183]  ksys_read+0xeb/0x1b0
[  222.105664][T13183]  __x64_sys_read+0x42/0x50
[  222.105718][T13183]  x64_sys_call+0x2a3b/0x2e10
[  222.105744][T13183]  do_syscall_64+0xc9/0x1a0
[  222.105774][T13183]  ? clear_bhb_loop+0x25/0x80
[  222.105794][T13183]  ? clear_bhb_loop+0x25/0x80
[  222.105813][T13183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.105877][T13183] RIP: 0033:0x7f192410cb7c
[  222.105895][T13183] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  222.105966][T13183] RSP: 002b:00007f1922777030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  222.105985][T13183] RAX: ffffffffffffffda RBX: 00007f1924335fa0 RCX: 00007f192410cb7c
[  222.106038][T13183] RDX: 000000000000000f RSI: 00007f19227770a0 RDI: 0000000000000007
[  222.106053][T13183] RBP: 00007f1922777090 R08: 0000000000000000 R09: 0000000000000000
[  222.106065][T13183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  222.106076][T13183] R13: 0000000000000000 R14: 00007f1924335fa0 R15: 00007ffef9b31518
[  222.106177][T13183]  </TASK>
[  222.369209][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.396628][T13187] loop5: detected capacity change from 0 to 128
[  222.474024][T13185] loop6: detected capacity change from 0 to 128
[  222.483934][T13185] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  222.513492][T13185] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  222.577526][T13200] loop0: detected capacity change from 0 to 128
[  222.596982][T13198] loop5: detected capacity change from 0 to 2048
[  222.635804][T13198]  loop5: p1 < > p4
[  222.640428][T13198] loop5: p4 size 8388608 extends beyond EOD, truncated
[  222.727331][T12586] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  222.793710][T13217] loop0: detected capacity change from 0 to 512
[  222.817266][T13217] EXT4-fs warning (device loop0): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  222.842395][T13217] EXT4-fs (loop0): mount failed
[  222.854579][T13222] IPv6: NLM_F_CREATE should be specified when creating new route
[  222.874161][   T36] tipc: Node number set to 1
[  222.918727][T13229] smc: net device bond0 applied user defined pnetid SYZ0
[  222.946878][T13229] smc: net device bond0 erased user defined pnetid SYZ0
[  223.015838][T13243] loop5: detected capacity change from 0 to 128
[  223.669228][T13283] loop5: detected capacity change from 0 to 128
[  223.709336][T13285] loop0: detected capacity change from 0 to 2048
[  223.754703][T13285]  loop0: p1 < > p4
[  223.759333][T13285] loop0: p4 size 8388608 extends beyond EOD, truncated
[  223.915022][T13304] loop0: detected capacity change from 0 to 512
[  223.949278][T13304] __quota_error: 185 callbacks suppressed
[  223.949299][T13304] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6).
[  223.968165][T13304] EXT4-fs warning (device loop0): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  223.983230][T13304] EXT4-fs (loop0): mount failed
[  224.084068][   T29] audit: type=1400 audit(1745144979.097:18407): avc:  denied  { bind } for  pid=13322 comm="syz.5.3594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  224.104673][   T29] audit: type=1400 audit(1745144979.127:18408): avc:  denied  { setopt } for  pid=13322 comm="syz.5.3594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  224.212803][T13339] loop6: detected capacity change from 0 to 128
[  224.237108][T13345] loop5: detected capacity change from 0 to 128
[  224.267287][T13349] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.3605' sets config #1
[  224.278765][T13347] netlink: 'syz.6.3604': attribute type 21 has an invalid length.
[  224.280005][T13351] loop5: detected capacity change from 0 to 2048
[  224.294953][T13347] netlink: 'syz.6.3604': attribute type 1 has an invalid length.
[  224.302711][T13347] netlink: 144 bytes leftover after parsing attributes in process `syz.6.3604'.
[  224.335636][T13351]  loop5: p1 < > p4
[  224.340987][T13351] loop5: p4 size 8388608 extends beyond EOD, truncated
[  224.443859][T13363] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3611'.
[  224.461074][T13365] loop5: detected capacity change from 0 to 128
[  224.545663][T13371] netlink: 'syz.6.3614': attribute type 1 has an invalid length.
[  224.591760][T13373] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3613'.
[  224.626596][T13379] loop5: detected capacity change from 0 to 128
[  224.669925][T13375] loop6: detected capacity change from 0 to 128
[  224.713436][T13375] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  224.738241][T13375] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.750652][T13396] loop5: detected capacity change from 0 to 128
[  224.769979][T13395] loop0: detected capacity change from 0 to 512
[  224.789879][T13395] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.803993][T13395] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.817744][T13395] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #2: comm syz.0.3622: corrupted inode contents
[  224.830151][T13395] EXT4-fs error (device loop0): ext4_dirty_inode:6103: inode #2: comm syz.0.3622: mark_inode_dirty error
[  224.844251][T13405] netlink: 'syz.1.3626': attribute type 1 has an invalid length.
[  224.853723][T13395] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #2: comm syz.0.3622: corrupted inode contents
[  224.867496][T13395] EXT4-fs error (device loop0): __ext4_ext_dirty:207: inode #2: comm syz.0.3622: mark_inode_dirty error
[  224.899456][T10860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.926950][T12586] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  224.927917][T13411] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3629'.
[  224.961469][   T29] audit: type=1326 audit(1745144979.967:18409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.2.3631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  224.985236][   T29] audit: type=1326 audit(1745144979.967:18410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.2.3631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  225.008866][   T29] audit: type=1326 audit(1745144979.967:18411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.2.3631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  225.032703][   T29] audit: type=1326 audit(1745144979.967:18412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.2.3631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  225.056460][   T29] audit: type=1326 audit(1745144979.967:18413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.2.3631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  225.080201][   T29] audit: type=1326 audit(1745144979.967:18414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.2.3631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  225.103882][   T29] audit: type=1326 audit(1745144979.967:18415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13414 comm="syz.2.3631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  225.150169][T13424] loop5: detected capacity change from 0 to 512
[  225.204498][T13424] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  225.225301][T13424] EXT4-fs (loop5): mount failed
[  225.253777][T13439] loop6: detected capacity change from 0 to 512
[  225.279273][T13448] netlink: 'syz.0.3640': attribute type 1 has an invalid length.
[  225.299437][T13450] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  225.309632][T13439] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.352835][T13439] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  225.366163][T13459] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3643'.
[  225.381742][T13439] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.3639: corrupted inode contents
[  225.412689][T13439] EXT4-fs error (device loop6): ext4_dirty_inode:6103: inode #2: comm syz.6.3639: mark_inode_dirty error
[  225.457355][T13465] loop0: detected capacity change from 0 to 128
[  225.470162][T13439] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.3639: corrupted inode contents
[  225.504472][T13439] EXT4-fs error (device loop6): __ext4_ext_dirty:207: inode #2: comm syz.6.3639: mark_inode_dirty error
[  225.563258][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.605070][T13477] loop6: detected capacity change from 0 to 128
[  225.618900][T13479] netlink: 'syz.0.3653': attribute type 1 has an invalid length.
[  225.675791][T13482] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3654'.
[  225.685253][T13482] 0猉功D: renamed from gretap0 (while UP)
[  225.694033][T13482] 0猉功D: entered allmulticast mode
[  225.701346][T13482] A link change request failed with some changes committed already. Interface 
30猉功D may have been left with an inconsistent configuration, please check.
[  225.723529][T13485] loop6: detected capacity change from 0 to 2048
[  225.731913][T13482] program syz.0.3654 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  225.741928][T13482] IPv6: NLM_F_CREATE should be specified when creating new route
[  225.775985][T13485]  loop6: p1 < > p4
[  225.780314][T13485] loop6: p4 size 8388608 extends beyond EOD, truncated
[  225.895656][T13507] netlink: 'syz.0.3665': attribute type 1 has an invalid length.
[  225.968913][T13516] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3668'.
[  225.971617][T13519] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1793 sclass=netlink_route_socket pid=13519 comm=syz.0.3669
[  226.122850][T13542] loop6: detected capacity change from 0 to 512
[  226.152707][T13542] EXT4-fs warning (device loop6): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  226.192105][T13542] EXT4-fs (loop6): mount failed
[  226.310517][T13565] __nla_validate_parse: 2 callbacks suppressed
[  226.310680][T13565] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3681'.
[  226.556954][T13590] FAULT_INJECTION: forcing a failure.
[  226.556954][T13590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  226.570156][T13590] CPU: 0 UID: 0 PID: 13590 Comm: syz.1.3694 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  226.570191][T13590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  226.570208][T13590] Call Trace:
[  226.570216][T13590]  <TASK>
[  226.570226][T13590]  dump_stack_lvl+0xf6/0x150
[  226.570258][T13590]  dump_stack+0x15/0x1a
[  226.570327][T13590]  should_fail_ex+0x261/0x270
[  226.570355][T13590]  should_fail+0xb/0x10
[  226.570378][T13590]  should_fail_usercopy+0x1a/0x20
[  226.570409][T13590]  _copy_from_user+0x1c/0xa0
[  226.570501][T13590]  br_ioctl_stub+0x1ef/0x880
[  226.570538][T13590]  ? __mutex_lock+0x266/0xa00
[  226.570568][T13590]  ? __pfx_br_ioctl_stub+0x10/0x10
[  226.570604][T13590]  sock_ioctl+0x330/0x630
[  226.570648][T13590]  ? __pfx_sock_ioctl+0x10/0x10
[  226.570671][T13590]  __se_sys_ioctl+0xc9/0x140
[  226.570697][T13590]  __x64_sys_ioctl+0x43/0x50
[  226.570782][T13590]  x64_sys_call+0x168d/0x2e10
[  226.570877][T13590]  do_syscall_64+0xc9/0x1a0
[  226.570900][T13590]  ? clear_bhb_loop+0x25/0x80
[  226.570919][T13590]  ? clear_bhb_loop+0x25/0x80
[  226.570938][T13590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.570958][T13590] RIP: 0033:0x7fc05ecae169
[  226.570971][T13590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.571059][T13590] RSP: 002b:00007fc05d2f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  226.571080][T13590] RAX: ffffffffffffffda RBX: 00007fc05eed6080 RCX: 00007fc05ecae169
[  226.571095][T13590] RDX: 0000200000000040 RSI: 00000000000089a1 RDI: 0000000000000004
[  226.571109][T13590] RBP: 00007fc05d2f6090 R08: 0000000000000000 R09: 0000000000000000
[  226.571124][T13590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.571216][T13590] R13: 0000000000000000 R14: 00007fc05eed6080 R15: 00007fffef11c958
[  226.571270][T13590]  </TASK>
[  226.786847][T13594] netlink: 'syz.5.3696': attribute type 21 has an invalid length.
[  226.795203][T13594] netlink: 'syz.5.3696': attribute type 1 has an invalid length.
[  226.803057][T13594] netlink: 144 bytes leftover after parsing attributes in process `syz.5.3696'.
[  226.930344][T13609] netlink: 'syz.5.3703': attribute type 21 has an invalid length.
[  226.949563][T13609] netlink: 144 bytes leftover after parsing attributes in process `syz.5.3703'.
[  226.968811][T13616] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  227.038182][T13620] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.3708' sets config #1
[  227.057193][T13618] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.3707' sets config #1
[  227.109782][T13623] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3709'.
[  227.308497][T13620] loop5: detected capacity change from 0 to 512
[  227.403550][T13620] EXT4-fs: Ignoring removed i_version option
[  227.426156][T13618] loop6: detected capacity change from 0 to 512
[  227.465305][T13620] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  227.503359][T13618] EXT4-fs: Ignoring removed i_version option
[  227.528802][T13618] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  227.532880][T13620] EXT4-fs (loop5): 1 truncate cleaned up
[  227.553689][T13620] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.598458][T13618] EXT4-fs (loop6): 1 truncate cleaned up
[  227.625388][T13618] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.689311][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.715165][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.743154][T13652] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3721'.
[  227.854427][T13658] loop6: detected capacity change from 0 to 2048
[  227.861479][T13663] loop5: detected capacity change from 0 to 2048
[  227.886498][T13663] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  227.899289][T13663] ext4 filesystem being mounted at /418/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  227.910568][T13658]  loop6: p1 < > p4
[  227.915075][T13658] loop6: p4 size 8388608 extends beyond EOD, truncated
[  227.962019][T13674] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.3730' sets config #1
[  228.111197][T13683] loop6: detected capacity change from 0 to 2048
[  228.132291][T13683] ext4: Unknown parameter 'euid'
[  228.354338][T13674] loop0: detected capacity change from 0 to 512
[  228.373568][T13674] EXT4-fs: Ignoring removed i_version option
[  228.387942][T13674] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  228.438000][T13674] EXT4-fs (loop0): 1 truncate cleaned up
[  228.472740][T13674] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.654757][T10860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.803692][T13659] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3725: bg 0: block 345: padding at end of block bitmap is not set
[  228.844528][T13659] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  228.977554][T13719] loop6: detected capacity change from 0 to 512
[  228.985586][T13719] ext2: Unknown parameter 'noacl'
[  228.992843][T13721] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.3747' sets config #1
[  229.125051][T13663] syz.5.3725 (13663) used greatest stack depth: 6120 bytes left
[  229.143748][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.223518][T13726] audit_log_lost: 211 callbacks suppressed
[  229.223545][T13726] audit: audit_lost=9 audit_rate_limit=0 audit_backlog_limit=64
[  229.237314][T13726] audit: out of memory in audit_log_start
[  229.259388][T13726] SELinux: failed to load policy
[  229.308798][   T29] audit: type=1326 audit(1745144984.327:18625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.1.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.359717][   T29] audit: type=1326 audit(1745144984.367:18626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.1.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.383419][   T29] audit: type=1326 audit(1745144984.367:18627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.1.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.407440][   T29] audit: type=1326 audit(1745144984.367:18628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.1.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.554711][T13745] loop5: detected capacity change from 0 to 128
[  229.570403][   T29] audit: type=1326 audit(1745144984.587:18629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13747 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.594268][   T29] audit: type=1326 audit(1745144984.587:18630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13747 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.638489][   T29] audit: type=1326 audit(1745144984.647:18631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13747 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.662217][   T29] audit: type=1326 audit(1745144984.647:18632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13747 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  229.845389][T13754] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3762'.
[  229.992240][T13766] loop0: detected capacity change from 0 to 128
[  230.276522][T13783] loop0: detected capacity change from 0 to 128
[  230.368000][T13799] loop0: detected capacity change from 0 to 512
[  230.402440][T13799] EXT4-fs warning (device loop0): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  230.425496][T13799] EXT4-fs (loop0): mount failed
[  230.537661][T13805] validate_nla: 6 callbacks suppressed
[  230.537740][T13805] netlink: 'syz.5.3782': attribute type 1 has an invalid length.
[  230.732391][T13813] loop5: detected capacity change from 0 to 512
[  230.756849][T13813] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  230.815472][T13813] EXT4-fs (loop5): mount failed
[  231.199515][T13836] netlink: 'syz.0.3794': attribute type 1 has an invalid length.
[  231.668765][T13855] loop5: detected capacity change from 0 to 128
[  231.761454][T13866] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.3805' sets config #1
[  232.068975][T13866] loop0: detected capacity change from 0 to 512
[  232.083861][T13866] EXT4-fs: Ignoring removed i_version option
[  232.094038][T13866] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  232.138829][T13866] EXT4-fs (loop0): 1 truncate cleaned up
[  232.149256][T13866] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.214313][T10860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.435608][T13897] loop0: detected capacity change from 0 to 2048
[  232.584449][T13897]  loop0: p1 < > p4
[  232.588977][T13897] loop0: p4 size 8388608 extends beyond EOD, truncated
[  232.650561][T13902] loop5: detected capacity change from 0 to 128
[  232.747909][T13911] smc: net device bond0 applied user defined pnetid SYZ0
[  232.759665][T13911] smc: net device bond0 erased user defined pnetid SYZ0
[  232.841980][T13933] loop0: detected capacity change from 0 to 128
[  232.855806][T13934] netlink: 'syz.1.3832': attribute type 1 has an invalid length.
[  232.912272][T13945] smc: net device bond0 applied user defined pnetid SYZ0
[  232.921091][T13945] smc: net device bond0 erased user defined pnetid SYZ0
[  232.950621][T13950] FAULT_INJECTION: forcing a failure.
[  232.950621][T13950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.963792][T13950] CPU: 0 UID: 0 PID: 13950 Comm: syz.1.3840 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  232.963826][T13950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  232.963842][T13950] Call Trace:
[  232.963851][T13950]  <TASK>
[  232.963862][T13950]  dump_stack_lvl+0xf6/0x150
[  232.963941][T13950]  dump_stack+0x15/0x1a
[  232.963962][T13950]  should_fail_ex+0x261/0x270
[  232.964050][T13950]  should_fail+0xb/0x10
[  232.964069][T13950]  should_fail_usercopy+0x1a/0x20
[  232.964105][T13950]  _copy_from_iter+0xd8/0xd10
[  232.964137][T13950]  ? __alloc_skb+0x1bd/0x320
[  232.964204][T13950]  ? kmalloc_reserve+0x16e/0x190
[  232.964225][T13950]  ? __build_skb_around+0x199/0x1f0
[  232.964290][T13950]  ? __alloc_skb+0x227/0x320
[  232.964312][T13950]  ? __virt_addr_valid+0x1ed/0x250
[  232.964333][T13950]  ? __check_object_size+0x367/0x510
[  232.964420][T13950]  netlink_sendmsg+0x492/0x720
[  232.964451][T13950]  ? __pfx_netlink_sendmsg+0x10/0x10
[  232.964542][T13950]  __sock_sendmsg+0x140/0x180
[  232.964572][T13950]  ____sys_sendmsg+0x350/0x4e0
[  232.964602][T13950]  __sys_sendmsg+0x1a0/0x240
[  232.964746][T13950]  __x64_sys_sendmsg+0x46/0x50
[  232.964777][T13950]  x64_sys_call+0x26f3/0x2e10
[  232.964799][T13950]  do_syscall_64+0xc9/0x1a0
[  232.964840][T13950]  ? clear_bhb_loop+0x25/0x80
[  232.964866][T13950]  ? clear_bhb_loop+0x25/0x80
[  232.964889][T13950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.964909][T13950] RIP: 0033:0x7fc05ecae169
[  232.964928][T13950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.964950][T13950] RSP: 002b:00007fc05d317038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  232.965002][T13950] RAX: ffffffffffffffda RBX: 00007fc05eed5fa0 RCX: 00007fc05ecae169
[  232.965014][T13950] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  232.965027][T13950] RBP: 00007fc05d317090 R08: 0000000000000000 R09: 0000000000000000
[  232.965042][T13950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.965056][T13950] R13: 0000000000000000 R14: 00007fc05eed5fa0 R15: 00007fffef11c958
[  232.965078][T13950]  </TASK>
[  233.298777][T13973] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  233.316000][T13968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3847'.
[  233.380947][T13980] smc: net device bond0 applied user defined pnetid SYZ0
[  233.419162][T13980] smc: net device bond0 erased user defined pnetid SYZ0
[  233.541120][T13999] netlink: 'syz.2.3860': attribute type 1 has an invalid length.
[  233.938683][T14010] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3862'.
[  234.049655][T14020] smc: net device bond0 applied user defined pnetid SYZ0
[  234.069720][T14020] smc: net device bond0 erased user defined pnetid SYZ0
[  234.167351][T14027] FAULT_INJECTION: forcing a failure.
[  234.167351][T14027] name failslab, interval 1, probability 0, space 0, times 0
[  234.180271][T14027] CPU: 0 UID: 0 PID: 14027 Comm: syz.6.3869 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  234.180303][T14027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  234.180318][T14027] Call Trace:
[  234.180326][T14027]  <TASK>
[  234.180335][T14027]  dump_stack_lvl+0xf6/0x150
[  234.180362][T14027]  dump_stack+0x15/0x1a
[  234.180381][T14027]  should_fail_ex+0x261/0x270
[  234.180445][T14027]  should_failslab+0x8f/0xb0
[  234.180470][T14027]  kmem_cache_alloc_lru_noprof+0x5e/0x330
[  234.180569][T14027]  ? alloc_inode+0x6e/0x170
[  234.180592][T14027]  alloc_inode+0x6e/0x170
[  234.180612][T14027]  path_from_stashed+0x117/0x520
[  234.180658][T14027]  open_namespace+0x58/0x110
[  234.180691][T14027]  pidfd_ioctl+0xbe9/0xcf0
[  234.180719][T14027]  ? putname+0xe1/0x100
[  234.180744][T14027]  ? __pfx_pidfd_ioctl+0x10/0x10
[  234.180850][T14027]  __se_sys_ioctl+0xc9/0x140
[  234.180942][T14027]  __x64_sys_ioctl+0x43/0x50
[  234.180974][T14027]  x64_sys_call+0x168d/0x2e10
[  234.181017][T14027]  do_syscall_64+0xc9/0x1a0
[  234.181048][T14027]  ? clear_bhb_loop+0x25/0x80
[  234.181079][T14027]  ? clear_bhb_loop+0x25/0x80
[  234.181113][T14027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.181137][T14027] RIP: 0033:0x7fab80eae169
[  234.181154][T14027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.181233][T14027] RSP: 002b:00007fab7f517038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  234.181254][T14027] RAX: ffffffffffffffda RBX: 00007fab810d5fa0 RCX: 00007fab80eae169
[  234.181267][T14027] RDX: 0000000000000000 RSI: 000000000000ff03 RDI: 0000000000000003
[  234.181278][T14027] RBP: 00007fab7f517090 R08: 0000000000000000 R09: 0000000000000000
[  234.181289][T14027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.181300][T14027] R13: 0000000000000000 R14: 00007fab810d5fa0 R15: 00007ffed7e51ba8
[  234.181320][T14027]  </TASK>
[  234.520493][T14035] loop6: detected capacity change from 0 to 128
[  234.522235][   T29] kauditd_printk_skb: 138 callbacks suppressed
[  234.522253][   T29] audit: type=1326 audit(1745144989.537:18769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.556872][   T29] audit: type=1326 audit(1745144989.537:18770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.585573][   T29] audit: type=1326 audit(1745144989.607:18771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.609315][   T29] audit: type=1326 audit(1745144989.607:18772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.633004][   T29] audit: type=1326 audit(1745144989.607:18773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.656656][   T29] audit: type=1326 audit(1745144989.607:18774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.680638][   T29] audit: type=1326 audit(1745144989.707:18775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.704318][   T29] audit: type=1326 audit(1745144989.707:18776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.728547][   T29] audit: type=1326 audit(1745144989.757:18777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.752220][   T29] audit: type=1326 audit(1745144989.757:18778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14037 comm="syz.2.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce291e169 code=0x7ffc0000
[  234.874644][T14046] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3877'.
[  234.923391][T14061] smc: net device bond0 applied user defined pnetid SYZ0
[  234.955576][T14061] smc: net device bond0 erased user defined pnetid SYZ0
[  235.076343][T14068] smc: net device bond0 applied user defined pnetid SYZ0
[  235.085277][T14068] smc: net device bond0 erased user defined pnetid SYZ0
[  235.503344][T14085] loop0: detected capacity change from 0 to 128
[  235.558237][T14088] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3893'.
[  235.600464][T14094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3895'.
[  235.616617][T14099] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3894'.
[  235.648803][T14102] loop0: detected capacity change from 0 to 2048
[  235.656034][T14097] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  235.663500][T14097] vhci_hcd: default hub control req: 6011 v8001 i0001 l0
[  235.705878][T14102]  loop0: p1 < > p4
[  235.711015][T14102] loop0: p4 size 8388608 extends beyond EOD, truncated
[  235.925135][T14123] loop5: detected capacity change from 0 to 128
[  235.969398][T14125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3906'.
[  236.846162][T14166] Invalid ELF header magic: != ELF
[  236.949229][T14171] loop5: detected capacity change from 0 to 2048
[  237.002405][T14178] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3924'.
[  237.014796][T14178] netlink: 'syz.6.3924': attribute type 10 has an invalid length.
[  237.022684][T14178] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3924'.
[  237.025042][T14171]  loop5: p1 < > p4
[  237.032161][T14178] batadv0: entered promiscuous mode
[  237.040770][T14178] batadv0: entered allmulticast mode
[  237.046425][T14171] loop5: p4 size 8388608 extends beyond EOD, truncated
[  237.047433][T14178] bridge0: port 3(batadv0) entered blocking state
[  237.059981][T14178] bridge0: port 3(batadv0) entered disabled state
[  237.067389][T14178] bridge0: port 3(batadv0) entered blocking state
[  237.073944][T14178] bridge0: port 3(batadv0) entered forwarding state
[  237.085624][T14178] batman_adv: batadv0: Adding interface: dummy0
[  237.091916][T14178] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.117268][T14178] batman_adv: batadv0: Interface activated: dummy0
[  237.163835][T14186] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3925'.
[  237.185621][T14184] batadv0: mtu less than device minimum
[  237.191588][T14184] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  237.202342][T14184] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  237.213368][T14184] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  237.224201][T14184] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  237.227976][T14178] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  237.235029][T14184] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  237.241007][T14178] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  237.251775][T14184] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  237.268564][T14184] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  237.452523][T14204] loop5: detected capacity change from 0 to 128
[  237.544664][ T9789] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  237.554151][ T9789] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  237.589727][T14211] loop5: detected capacity change from 0 to 2048
[  237.666682][T14211]  loop5: p1 < > p4
[  237.671047][T14211] loop5: p4 size 8388608 extends beyond EOD, truncated
[  237.951459][T14241] Invalid ELF header magic: != ELF
[  238.382271][T14274] __nla_validate_parse: 7 callbacks suppressed
[  238.382290][T14274] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3955'.
[  238.619941][T14293] Cannot find del_set index 2 as target
[  238.626327][T14290] loop5: detected capacity change from 0 to 2048
[  238.695282][T14290]  loop5: p1 < > p4
[  238.699853][T14290] loop5: p4 size 8388608 extends beyond EOD, truncated
[  238.738418][T14296] loop6: detected capacity change from 0 to 128
[  238.748990][T14296] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  238.775424][T14296] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.873880][T12586] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  238.922104][T14317] loop6: detected capacity change from 0 to 128
[  239.719813][T14338] FAULT_INJECTION: forcing a failure.
[  239.719813][T14338] name failslab, interval 1, probability 0, space 0, times 0
[  239.732638][T14338] CPU: 1 UID: 0 PID: 14338 Comm: syz.0.3980 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  239.732791][T14338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  239.732804][T14338] Call Trace:
[  239.732810][T14338]  <TASK>
[  239.732817][T14338]  dump_stack_lvl+0xf6/0x150
[  239.732901][T14338]  dump_stack+0x15/0x1a
[  239.732920][T14338]  should_fail_ex+0x261/0x270
[  239.732950][T14338]  should_failslab+0x8f/0xb0
[  239.732977][T14338]  __kvmalloc_node_noprof+0x12c/0x520
[  239.733029][T14338]  ? xt_alloc_table_info+0x3d/0x80
[  239.733115][T14338]  ? should_fail_ex+0xd7/0x270
[  239.733145][T14338]  xt_alloc_table_info+0x3d/0x80
[  239.733244][T14338]  do_ip6t_set_ctl+0x597/0x840
[  239.733277][T14338]  ? kstrtouint+0x7b/0xc0
[  239.733306][T14338]  nf_setsockopt+0x195/0x1b0
[  239.733328][T14338]  ipv6_setsockopt+0x10f/0x130
[  239.733351][T14338]  tcp_setsockopt+0x93/0xb0
[  239.733462][T14338]  sock_common_setsockopt+0x64/0x80
[  239.733500][T14338]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  239.733616][T14338]  __sys_setsockopt+0x187/0x200
[  239.733643][T14338]  __x64_sys_setsockopt+0x66/0x80
[  239.733672][T14338]  x64_sys_call+0x2a09/0x2e10
[  239.733699][T14338]  do_syscall_64+0xc9/0x1a0
[  239.733726][T14338]  ? clear_bhb_loop+0x25/0x80
[  239.733803][T14338]  ? clear_bhb_loop+0x25/0x80
[  239.733824][T14338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.733849][T14338] RIP: 0033:0x7f192410e169
[  239.733880][T14338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.733898][T14338] RSP: 002b:00007f1922777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  239.733916][T14338] RAX: ffffffffffffffda RBX: 00007f1924335fa0 RCX: 00007f192410e169
[  239.733932][T14338] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006
[  239.733947][T14338] RBP: 00007f1922777090 R08: 00000000000003d0 R09: 0000000000000000
[  239.733962][T14338] R10: 0000200000000b00 R11: 0000000000000246 R12: 0000000000000001
[  239.733976][T14338] R13: 0000000000000000 R14: 00007f1924335fa0 R15: 00007ffef9b31518
[  239.734004][T14338]  </TASK>
[  240.003147][T14343] FAULT_INJECTION: forcing a failure.
[  240.003147][T14343] name failslab, interval 1, probability 0, space 0, times 0
[  240.015935][T14343] CPU: 1 UID: 0 PID: 14343 Comm: syz.2.3983 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  240.015977][T14343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  240.015993][T14343] Call Trace:
[  240.016003][T14343]  <TASK>
[  240.016012][T14343]  dump_stack_lvl+0xf6/0x150
[  240.016037][T14343]  dump_stack+0x15/0x1a
[  240.016053][T14343]  should_fail_ex+0x261/0x270
[  240.016077][T14343]  should_failslab+0x8f/0xb0
[  240.016168][T14343]  kmem_cache_alloc_noprof+0x59/0x340
[  240.016196][T14343]  ? getname_flags+0x81/0x3b0
[  240.016220][T14343]  getname_flags+0x81/0x3b0
[  240.016245][T14343]  user_path_at+0x26/0x140
[  240.016349][T14343]  __se_sys_mount+0x25e/0x2e0
[  240.016370][T14343]  __x64_sys_mount+0x67/0x80
[  240.016389][T14343]  x64_sys_call+0xd11/0x2e10
[  240.016417][T14343]  do_syscall_64+0xc9/0x1a0
[  240.016445][T14343]  ? clear_bhb_loop+0x25/0x80
[  240.016466][T14343]  ? clear_bhb_loop+0x25/0x80
[  240.016514][T14343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.016541][T14343] RIP: 0033:0x7f8ce291e169
[  240.016559][T14343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.016581][T14343] RSP: 002b:00007f8ce0f87038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  240.016601][T14343] RAX: ffffffffffffffda RBX: 00007f8ce2b45fa0 RCX: 00007f8ce291e169
[  240.016612][T14343] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  240.016676][T14343] RBP: 00007f8ce0f87090 R08: 0000200000000200 R09: 0000000000000000
[  240.016691][T14343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.016706][T14343] R13: 0000000000000000 R14: 00007f8ce2b45fa0 R15: 00007ffcbda95718
[  240.016728][T14343]  </TASK>
[  240.230139][T14340] loop5: detected capacity change from 0 to 128
[  240.276308][T14347] loop0: detected capacity change from 0 to 128
[  240.287492][T14356] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  240.314575][T14340] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  240.328260][T14340] ext4 filesystem being mounted at /465/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  240.347733][T14359] loop6: detected capacity change from 0 to 2048
[  240.377759][T14363] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  240.404912][T14359]  loop6: p1 < > p4
[  240.411781][T14359] loop6: p4 size 8388608 extends beyond EOD, truncated
[  240.502536][   T29] kauditd_printk_skb: 90 callbacks suppressed
[  240.502612][   T29] audit: type=1400 audit(1745144995.517:18867): avc:  denied  { getopt } for  pid=14374 comm="syz.0.3996" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  240.529284][   T29] audit: type=1400 audit(1745144995.517:18868): avc:  denied  { bind } for  pid=14374 comm="syz.0.3996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  240.555148][ T7975] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  240.579858][   T29] audit: type=1400 audit(1745144995.577:18869): avc:  denied  { read } for  pid=14374 comm="syz.0.3996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  240.599395][   T29] audit: type=1400 audit(1745144995.577:18870): avc:  denied  { ioctl } for  pid=14374 comm="syz.0.3996" path="socket:[44080]" dev="sockfs" ino=44080 ioctlcmd=0x8980 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  240.737109][T14389] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.4001' sets config #1
[  240.883165][T14398] netlink: 'syz.1.4005': attribute type 1 has an invalid length.
[  240.899085][T14399] loop0: detected capacity change from 0 to 512
[  240.913728][T14401] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  240.925522][T14399] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6).
[  240.935654][T14399] EXT4-fs warning (device loop0): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  240.951878][T14399] EXT4-fs (loop0): mount failed
[  240.988878][T14405] FAULT_INJECTION: forcing a failure.
[  240.988878][T14405] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  241.003698][T14405] CPU: 1 UID: 0 PID: 14405 Comm: syz.1.4007 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  241.003730][T14405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  241.003765][T14405] Call Trace:
[  241.003773][T14405]  <TASK>
[  241.003781][T14405]  dump_stack_lvl+0xf6/0x150
[  241.003811][T14405]  dump_stack+0x15/0x1a
[  241.003864][T14405]  should_fail_ex+0x261/0x270
[  241.003894][T14405]  should_fail+0xb/0x10
[  241.003919][T14405]  should_fail_usercopy+0x1a/0x20
[  241.003950][T14405]  _copy_from_user+0x1c/0xa0
[  241.004087][T14405]  do_handle_open+0x2a5/0x640
[  241.004111][T14405]  __x64_sys_open_by_handle_at+0x46/0x50
[  241.004136][T14405]  x64_sys_call+0xe55/0x2e10
[  241.004220][T14405]  do_syscall_64+0xc9/0x1a0
[  241.004250][T14405]  ? clear_bhb_loop+0x25/0x80
[  241.004277][T14405]  ? clear_bhb_loop+0x25/0x80
[  241.004343][T14405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.004369][T14405] RIP: 0033:0x7fc05ecae169
[  241.004387][T14405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.004448][T14405] RSP: 002b:00007fc05d317038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[  241.004508][T14405] RAX: ffffffffffffffda RBX: 00007fc05eed5fa0 RCX: 00007fc05ecae169
[  241.004523][T14405] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  241.004538][T14405] RBP: 00007fc05d317090 R08: 0000000000000000 R09: 0000000000000000
[  241.004553][T14405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  241.004567][T14405] R13: 0000000000000000 R14: 00007fc05eed5fa0 R15: 00007fffef11c958
[  241.004589][T14405]  </TASK>
[  241.176432][T14389] loop5: detected capacity change from 0 to 512
[  241.191670][T14389] EXT4-fs: Ignoring removed i_version option
[  241.206388][T14389] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  241.231400][T14389] EXT4-fs (loop5): 1 truncate cleaned up
[  241.241780][   T29] audit: type=1326 audit(1745144996.257:18871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14410 comm="syz.1.4009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  241.246544][T14389] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.270558][   T29] audit: type=1326 audit(1745144996.287:18872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14410 comm="syz.1.4009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  241.301776][   T29] audit: type=1326 audit(1745144996.287:18873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14410 comm="syz.1.4009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  241.325421][   T29] audit: type=1326 audit(1745144996.287:18874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14410 comm="syz.1.4009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  241.349023][   T29] audit: type=1326 audit(1745144996.287:18875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14410 comm="syz.1.4009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  241.446198][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.477165][T14425] netlink: 'syz.2.4016': attribute type 1 has an invalid length.
[  241.498612][T14427] loop5: detected capacity change from 0 to 128
[  241.633504][T14434] batadv_slave_1: entered promiscuous mode
[  241.641968][T14433] batadv_slave_1: left promiscuous mode
[  241.693903][T14444] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.4025' sets config #1
[  241.748519][T14450] loop0: detected capacity change from 0 to 128
[  241.807173][T14453] FAULT_INJECTION: forcing a failure.
[  241.807173][T14453] name failslab, interval 1, probability 0, space 0, times 0
[  241.819900][T14453] CPU: 1 UID: 0 PID: 14453 Comm: syz.0.4028 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  241.819932][T14453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  241.819948][T14453] Call Trace:
[  241.819957][T14453]  <TASK>
[  241.819966][T14453]  dump_stack_lvl+0xf6/0x150
[  241.820060][T14453]  dump_stack+0x15/0x1a
[  241.820084][T14453]  should_fail_ex+0x261/0x270
[  241.820185][T14453]  should_failslab+0x8f/0xb0
[  241.820207][T14453]  __kmalloc_cache_node_noprof+0x58/0x340
[  241.820283][T14453]  ? page_pool_create_percpu+0x4d/0x660
[  241.820340][T14453]  page_pool_create_percpu+0x4d/0x660
[  241.820391][T14453]  ? __kvmalloc_node_noprof+0x27f/0x520
[  241.820505][T14453]  ? bpf_test_run_xdp_live+0x120/0x1050
[  241.820534][T14453]  page_pool_create+0x1a/0x20
[  241.820585][T14453]  bpf_test_run_xdp_live+0x13a/0x1050
[  241.820611][T14453]  ? synchronize_rcu_expedited+0x6d5/0x790
[  241.820646][T14453]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  241.820717][T14453]  ? __pfx_autoremove_wake_function+0x10/0x10
[  241.820820][T14453]  ? 0xffffffffa00038c0
[  241.820838][T14453]  ? synchronize_rcu+0x4a/0x320
[  241.820940][T14453]  ? 0xffffffffa00038c0
[  241.820958][T14453]  ? 0xffffffffa00038c0
[  241.820981][T14453]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  241.821018][T14453]  bpf_prog_test_run_xdp+0x526/0x8e0
[  241.821044][T14453]  ? __rcu_read_unlock+0x4e/0x70
[  241.821113][T14453]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  241.821139][T14453]  bpf_prog_test_run+0x20e/0x3a0
[  241.821177][T14453]  __sys_bpf+0x440/0x800
[  241.821216][T14453]  __x64_sys_bpf+0x43/0x50
[  241.821260][T14453]  x64_sys_call+0x23da/0x2e10
[  241.821288][T14453]  do_syscall_64+0xc9/0x1a0
[  241.821320][T14453]  ? clear_bhb_loop+0x25/0x80
[  241.821372][T14453]  ? clear_bhb_loop+0x25/0x80
[  241.821398][T14453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.821464][T14453] RIP: 0033:0x7f192410e169
[  241.821513][T14453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.821534][T14453] RSP: 002b:00007f1922777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  241.821558][T14453] RAX: ffffffffffffffda RBX: 00007f1924335fa0 RCX: 00007f192410e169
[  241.821573][T14453] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  241.821587][T14453] RBP: 00007f1922777090 R08: 0000000000000000 R09: 0000000000000000
[  241.821602][T14453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  241.821616][T14453] R13: 0000000000000000 R14: 00007f1924335fa0 R15: 00007ffef9b31518
[  241.821708][T14453]  </TASK>
[  242.187878][T14461] loop0: detected capacity change from 0 to 128
[  242.221407][T14444] loop6: detected capacity change from 0 to 512
[  242.236470][T14444] EXT4-fs: Ignoring removed i_version option
[  242.248105][T14444] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  242.270284][T14464] bridge0: port 3(
30猉功D) entered blocking state
[  242.276952][T14464] bridge0: port 3(
30猉功D) entered disabled state
[  242.285457][T14464] 0猉功D: entered promiscuous mode
[  242.290815][T14464] bridge0: port 3(
30猉功D) entered blocking state
[  242.292224][T14444] EXT4-fs (loop6): 1 truncate cleaned up
[  242.297503][T14464] bridge0: port 3(
30猉功D) entered forwarding state
[  242.299211][T14465] 0猉功D: left promiscuous mode
[  242.299417][T14465] bridge0: port 3(
30猉功D) entered disabled state
[  242.315591][T14444] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.351532][T14469] bridge0: port 3(bond0) entered blocking state
[  242.358007][T14469] bridge0: port 3(bond0) entered disabled state
[  242.364446][T14469] bond0: entered allmulticast mode
[  242.369584][T14469] bond_slave_0: entered allmulticast mode
[  242.375358][T14469] bond_slave_1: entered allmulticast mode
[  242.382126][T14469] bond0: entered promiscuous mode
[  242.387205][T14469] bond_slave_0: entered promiscuous mode
[  242.393141][T14469] bond_slave_1: entered promiscuous mode
[  242.411038][T14469] bridge0: port 3(bond0) entered blocking state
[  242.417455][T14469] bridge0: port 3(bond0) entered forwarding state
[  242.478080][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.497742][T14482] warn_alloc: 1 callbacks suppressed
[  242.497795][T14482] syz.0.4035: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  242.517695][T14482] CPU: 1 UID: 0 PID: 14482 Comm: syz.0.4035 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  242.517732][T14482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  242.517797][T14482] Call Trace:
[  242.517806][T14482]  <TASK>
[  242.517818][T14482]  dump_stack_lvl+0xf6/0x150
[  242.517847][T14482]  dump_stack+0x15/0x1a
[  242.517865][T14482]  warn_alloc+0x145/0x1b0
[  242.517897][T14482]  ? __vmalloc_node_range_noprof+0x8a/0xe80
[  242.517944][T14482]  __vmalloc_node_range_noprof+0xac/0xe80
[  242.517993][T14482]  ? __pfx_futex_wake_mark+0x10/0x10
[  242.518026][T14482]  ? __rcu_read_unlock+0x4e/0x70
[  242.518045][T14482]  ? avc_has_perm_noaudit+0x1cc/0x210
[  242.518069][T14482]  ? should_fail_ex+0x31/0x270
[  242.518148][T14482]  ? should_failslab+0x8f/0xb0
[  242.518175][T14482]  vmalloc_user_noprof+0x59/0x70
[  242.518197][T14482]  ? xskq_create+0x79/0xd0
[  242.518337][T14482]  xskq_create+0x79/0xd0
[  242.518366][T14482]  xsk_init_queue+0x82/0xd0
[  242.518393][T14482]  xsk_setsockopt+0x37d/0x550
[  242.518415][T14482]  ? __pfx_xsk_setsockopt+0x10/0x10
[  242.518513][T14482]  __sys_setsockopt+0x187/0x200
[  242.518543][T14482]  __x64_sys_setsockopt+0x66/0x80
[  242.518630][T14482]  x64_sys_call+0x2a09/0x2e10
[  242.518659][T14482]  do_syscall_64+0xc9/0x1a0
[  242.518691][T14482]  ? clear_bhb_loop+0x25/0x80
[  242.518719][T14482]  ? clear_bhb_loop+0x25/0x80
[  242.518748][T14482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.518773][T14482] RIP: 0033:0x7f192410e169
[  242.518791][T14482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.518813][T14482] RSP: 002b:00007f1922756038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  242.518837][T14482] RAX: ffffffffffffffda RBX: 00007f1924336080 RCX: 00007f192410e169
[  242.518853][T14482] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000b
[  242.518908][T14482] RBP: 00007f1924190a68 R08: 0000000000000004 R09: 0000000000000000
[  242.518923][T14482] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  242.518937][T14482] R13: 0000000000000000 R14: 00007f1924336080 R15: 00007ffef9b31518
[  242.518959][T14482]  </TASK>
[  242.518967][T14482] Mem-Info:
[  242.578536][T14488] loop6: detected capacity change from 0 to 512
[  242.579152][T14491] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4035'.
[  242.583626][T14482] active_anon:6272 inactive_anon:2 isolated_anon:0
[  242.583626][T14482]  active_file:10009 inactive_file:12553 isolated_file:0
[  242.583626][T14482]  unevictable:0 dirty:367 writeback:0
[  242.583626][T14482]  slab_reclaimable:2971 slab_unreclaimable:14332
[  242.583626][T14482]  mapped:31947 shmem:3390 pagetables:844
[  242.583626][T14482]  sec_pagetables:0 bounce:0
[  242.583626][T14482]  kernel_misc_reclaimable:0
[  242.583626][T14482]  free:1833637 free_pcp:61627 free_cma:0
[  242.589048][T14491] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4035'.
[  242.591679][T14492] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4038'.
[  242.593836][T14482] Node 0 active_anon:25088kB inactive_anon:8kB active_file:40036kB inactive_file:50212kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127788kB dirty:1468kB writeback:0kB shmem:13560kB writeback_tmp:0kB kernel_stack:3360kB pagetables:3376kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  242.626393][T14488] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.626921][T14482] Node 0 
[  242.631933][T14488] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  242.636861][T14482] DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  242.654960][T14488] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4039: corrupted inode contents
[  242.655643][T14482] lowmem_reserve[]:
[  242.662078][T14488] EXT4-fs error (device loop6): ext4_dirty_inode:6103: inode #2: comm syz.6.4039: mark_inode_dirty error
[  242.665933][T14482]  0 2882 7860 7860
[  242.687176][T14498] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  242.693988][T14482] 
[  242.693999][T14482] Node 0 
[  242.702403][T14498] vhci_hcd: default hub control req: 6011 v8001 i0001 l0
[  242.710227][T14482] DMA32 free:2947780kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951308kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB
[  242.737630][T14488] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4039: corrupted inode contents
[  242.740466][T14482] lowmem_reserve[]: 0 0 4978 4978
[  242.740594][T14482] Node 0 Normal free:4371292kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB active_anon:25088kB inactive_anon:8kB active_file:40036kB inactive_file:50212kB unevictable:0kB writepending:1468kB present:5242880kB managed:5098244kB mlocked:0kB bounce:0kB free_pcp:242644kB local_pcp:77044kB free_cma:0kB
[  242.740718][T14482] lowmem_reserve[]: 0
[  242.747353][T14488] EXT4-fs error (device loop6): __ext4_ext_dirty:207: inode #2: comm syz.6.4039: mark_inode_dirty error
[  242.755949][T14482]  0 0 0
[  242.755988][T14482] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  243.056481][T14482] Node 0 DMA32: 5*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947780kB
[  243.072847][T14482] Node 0 Normal: 1056*4kB (UM) 804*8kB (UM) 399*16kB (UME) 329*32kB (UME) 144*64kB (UME) 65*128kB (UM) 63*256kB (UME) 56*512kB (UM) 45*1024kB (UME) 66*2048kB (UME) 1001*4096kB (UM) = 4371248kB
[  243.092000][T14482] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  243.101711][T14482] 27983 total pagecache pages
[  243.106412][T14482] 2 pages in swap cache
[  243.110581][T14482] Free swap  = 124988kB
[  243.114772][T14482] Total swap = 124996kB
[  243.118966][T14482] 2097051 pages RAM
[  243.122765][T14482] 0 pages HighMem/MovableOnly
[  243.127469][T14482] 80823 pages reserved
[  243.140703][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.383938][T14526] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.4050' sets config #1
[  243.458479][T14530] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4052'.
[  243.713799][T14549] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  243.715501][T14547] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4058'.
[  243.742785][T14526] pim6reg: entered allmulticast mode
[  244.080512][T14580] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  244.092337][T14587] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.4074' sets config #1
[  244.272911][T14603] netlink: 'syz.1.4079': attribute type 1 has an invalid length.
[  244.404393][T14587] loop5: detected capacity change from 0 to 512
[  244.427902][T14617] netlink: 'syz.1.4083': attribute type 1 has an invalid length.
[  244.439597][T14587] EXT4-fs: Ignoring removed i_version option
[  244.452990][T14587] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  244.491564][T14624] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  244.501803][T14587] EXT4-fs (loop5): 1 truncate cleaned up
[  244.540752][T14587] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  244.588199][T14626] netlink: 'syz.6.4087': attribute type 13 has an invalid length.
[  244.652892][T14634] SELinux: ebitmap: truncated map
[  244.658544][T14634] SELinux: failed to load policy
[  244.658644][T14626] bridge0: port 3(batadv0) entered disabled state
[  244.670056][T14626] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.677318][T14626] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.697417][T14626] batman_adv: batadv0: Interface deactivated: dummy0
[  244.710874][T14641] netlink: 'syz.1.4092': attribute type 1 has an invalid length.
[  244.754799][T14626] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.770171][T14626] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  244.823551][T14626] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  244.832623][T14626] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  244.841748][T14626] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  244.850838][T14626] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  244.954810][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.965335][T14657] FAULT_INJECTION: forcing a failure.
[  244.965335][T14657] name failslab, interval 1, probability 0, space 0, times 0
[  244.978036][T14657] CPU: 0 UID: 0 PID: 14657 Comm: syz.0.4098 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  244.978088][T14657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  244.978109][T14657] Call Trace:
[  244.978116][T14657]  <TASK>
[  244.978125][T14657]  dump_stack_lvl+0xf6/0x150
[  244.978154][T14657]  dump_stack+0x15/0x1a
[  244.978174][T14657]  should_fail_ex+0x261/0x270
[  244.978233][T14657]  should_failslab+0x8f/0xb0
[  244.978272][T14657]  __kmalloc_node_noprof+0xaf/0x420
[  244.978384][T14657]  ? __vmalloc_node_range_noprof+0x3e1/0xe80
[  244.978430][T14657]  __vmalloc_node_range_noprof+0x3e1/0xe80
[  244.978547][T14657]  ? _parse_integer_limit+0x167/0x180
[  244.978575][T14657]  ? _parse_integer+0x27/0x30
[  244.978630][T14657]  ? sel_write_load+0x15b/0x3c0
[  244.978658][T14657]  vmalloc_noprof+0x5e/0x70
[  244.978678][T14657]  ? sel_write_load+0x15b/0x3c0
[  244.978796][T14657]  sel_write_load+0x15b/0x3c0
[  244.978823][T14657]  ? __pfx_sel_write_load+0x10/0x10
[  244.978852][T14657]  vfs_write+0x295/0x950
[  244.978907][T14657]  ? putname+0xe1/0x100
[  244.978933][T14657]  ? __fget_files+0x186/0x1c0
[  244.978977][T14657]  ksys_write+0xeb/0x1b0
[  244.979000][T14657]  __x64_sys_write+0x42/0x50
[  244.979023][T14657]  x64_sys_call+0x2a45/0x2e10
[  244.979050][T14657]  do_syscall_64+0xc9/0x1a0
[  244.979095][T14657]  ? clear_bhb_loop+0x25/0x80
[  244.979119][T14657]  ? clear_bhb_loop+0x25/0x80
[  244.979144][T14657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.979245][T14657] RIP: 0033:0x7f192410e169
[  244.979262][T14657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.979283][T14657] RSP: 002b:00007f1922777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  244.979336][T14657] RAX: ffffffffffffffda RBX: 00007f1924335fa0 RCX: 00007f192410e169
[  244.979350][T14657] RDX: 0000000000002000 RSI: 0000200000000000 RDI: 0000000000000004
[  244.979365][T14657] RBP: 00007f1922777090 R08: 0000000000000000 R09: 0000000000000000
[  244.979379][T14657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.979393][T14657] R13: 0000000000000000 R14: 00007f1924335fa0 R15: 00007ffef9b31518
[  244.979414][T14657]  </TASK>
[  245.240255][T14666] loop6: detected capacity change from 0 to 2048
[  245.284669][T14666]  loop6: p1 < > p4
[  245.289006][T14666] loop6: p4 size 8388608 extends beyond EOD, truncated
[  245.318241][T14683] loop5: detected capacity change from 0 to 128
[  245.337941][T14686] Cannot find del_set index 2 as target
[  245.360443][T14690] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4105'.
[  245.369649][T14690] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4105'.
[  245.388095][T14692] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4112'.
[  245.402572][T14695] loop6: detected capacity change from 0 to 128
[  245.485544][T14692] loop5: detected capacity change from 0 to 1024
[  245.498519][T14699] loop6: detected capacity change from 0 to 512
[  245.505753][T14690] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  245.513231][T14690] vhci_hcd: default hub control req: 6011 v8001 i0001 l0
[  245.536370][T14692] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  245.586632][T14692] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #3: comm syz.5.4112: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 3(4), depth 0(0)
[  245.612680][T14699] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.626393][T14699] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.637597][T14692] EXT4-fs error (device loop5): ext4_quota_enable:7129: comm syz.5.4112: Bad quota inode: 3, type: 0
[  245.640677][T14699] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4114: corrupted inode contents
[  245.663645][T14692] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  245.681927][T14692] EXT4-fs (loop5): mount failed
[  245.693596][T14707] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  245.705021][T14699] EXT4-fs error (device loop6): ext4_dirty_inode:6103: inode #2: comm syz.6.4114: mark_inode_dirty error
[  245.731593][T14699] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4114: corrupted inode contents
[  245.748948][T14692] netlink: 100 bytes leftover after parsing attributes in process `syz.5.4112'.
[  245.762645][T14699] EXT4-fs error (device loop6): __ext4_ext_dirty:207: inode #2: comm syz.6.4114: mark_inode_dirty error
[  245.836327][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.867197][T14710] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  245.876329][T14710] vhci_hcd: default hub control req: 6011 v8001 i0001 l0
[  245.939568][T14681] net_ratelimit: 12 callbacks suppressed
[  245.939587][T14681] Set syz1 is full, maxelem 65536 reached
[  245.952260][T14715] netlink: 'syz.1.4119': attribute type 12 has an invalid length.
[  245.969024][   T29] kauditd_printk_skb: 129 callbacks suppressed
[  245.969039][   T29] audit: type=1400 audit(1745145000.987:19005): avc:  denied  { bind } for  pid=14714 comm="syz.1.4119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  246.005912][T14718] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4116'.
[  246.019290][   T29] audit: type=1400 audit(1745145000.987:19006): avc:  denied  { name_bind } for  pid=14714 comm="syz.1.4119" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  246.039124][T14721] loop5: detected capacity change from 0 to 2048
[  246.040415][   T29] audit: type=1400 audit(1745145000.987:19007): avc:  denied  { node_bind } for  pid=14714 comm="syz.1.4119" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[  246.067691][   T29] audit: type=1400 audit(1745145000.987:19008): avc:  denied  { listen } for  pid=14714 comm="syz.1.4119" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  246.088433][   T29] audit: type=1400 audit(1745145000.987:19009): avc:  denied  { connect } for  pid=14714 comm="syz.1.4119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  246.108215][   T29] audit: type=1400 audit(1745145000.987:19010): avc:  denied  { name_connect } for  pid=14714 comm="syz.1.4119" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  246.144520][T14721]  loop5: p1 < > p4
[  246.160530][   T29] audit: type=1400 audit(1745145001.177:19011): avc:  denied  { getopt } for  pid=14722 comm="syz.0.4121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  246.164496][T14721] loop5: p4 size 8388608 extends beyond EOD, truncated
[  246.182630][T14723] loop0: detected capacity change from 0 to 128
[  246.212835][   T29] audit: type=1326 audit(1745145001.227:19012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.1.4122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  246.237109][T14723] +}[@: attempt to access beyond end of device
[  246.237109][T14723] loop0: rw=2049, sector=145, nr_sectors = 8 limit=128
[  246.256864][T14723] +}[@: attempt to access beyond end of device
[  246.256864][T14723] loop0: rw=2049, sector=161, nr_sectors = 8 limit=128
[  246.270275][   T29] audit: type=1326 audit(1745145001.267:19013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.1.4122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  246.293840][   T29] audit: type=1326 audit(1745145001.267:19014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14724 comm="syz.1.4122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05ecae169 code=0x7ffc0000
[  246.317548][T14723] +}[@: attempt to access beyond end of device
[  246.317548][T14723] loop0: rw=2049, sector=177, nr_sectors = 8 limit=128
[  246.317599][T14723] +}[@: attempt to access beyond end of device
[  246.317599][T14723] loop0: rw=2049, sector=193, nr_sectors = 8 limit=128
[  246.317647][T14723] +}[@: attempt to access beyond end of device
[  246.317647][T14723] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128
[  246.361960][T14731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4125'.
[  246.373411][T14733] FAULT_INJECTION: forcing a failure.
[  246.373411][T14733] name failslab, interval 1, probability 0, space 0, times 0
[  246.386216][T14733] CPU: 0 UID: 0 PID: 14733 Comm: syz.2.4126 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  246.386247][T14733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  246.386262][T14733] Call Trace:
[  246.386256][T14723] +}[@: attempt to access beyond end of device
[  246.386256][T14723] loop0: rw=2049, sector=225, nr_sectors = 8 limit=128
[  246.386271][T14733]  <TASK>
[  246.386281][T14733]  dump_stack_lvl+0xf6/0x150
[  246.386381][T14733]  dump_stack+0x15/0x1a
[  246.386403][T14733]  should_fail_ex+0x261/0x270
[  246.386436][T14733]  should_failslab+0x8f/0xb0
[  246.386465][T14733]  kmem_cache_alloc_noprof+0x59/0x340
[  246.386596][T14733]  ? skb_clone+0x154/0x1f0
[  246.386628][T14733]  skb_clone+0x154/0x1f0
[  246.386656][T14733]  __netlink_deliver_tap+0x2bd/0x4f0
[  246.386681][T14733]  netlink_unicast+0x69e/0x6c0
[  246.386734][T14733]  netlink_sendmsg+0x609/0x720
[  246.386765][T14733]  ? __pfx_netlink_sendmsg+0x10/0x10
[  246.386792][T14733]  __sock_sendmsg+0x140/0x180
[  246.386831][T14733]  ____sys_sendmsg+0x350/0x4e0
[  246.386948][T14733]  __sys_sendmsg+0x1a0/0x240
[  246.386996][T14733]  __x64_sys_sendmsg+0x46/0x50
[  246.387033][T14733]  x64_sys_call+0x26f3/0x2e10
[  246.387066][T14733]  do_syscall_64+0xc9/0x1a0
[  246.387098][T14733]  ? clear_bhb_loop+0x25/0x80
[  246.387210][T14733]  ? clear_bhb_loop+0x25/0x80
[  246.387238][T14733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.387264][T14733] RIP: 0033:0x7f8ce291e169
[  246.387284][T14733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.387306][T14733] RSP: 002b:00007f8ce0f87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  246.387330][T14733] RAX: ffffffffffffffda RBX: 00007f8ce2b45fa0 RCX: 00007f8ce291e169
[  246.387424][T14733] RDX: 0000000000040000 RSI: 0000200000001080 RDI: 0000000000000003
[  246.387439][T14733] RBP: 00007f8ce0f87090 R08: 0000000000000000 R09: 0000000000000000
[  246.387455][T14733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.387470][T14733] R13: 0000000000000000 R14: 00007f8ce2b45fa0 R15: 00007ffcbda95718
[  246.387493][T14733]  </TASK>
[  246.600370][T14723] +}[@: attempt to access beyond end of device
[  246.600370][T14723] loop0: rw=2049, sector=241, nr_sectors = 8 limit=128
[  246.600784][T14744] smc: net device bond0 applied user defined pnetid SYZ0
[  246.613462][T14723] +}[@: attempt to access beyond end of device
[  246.613462][T14723] loop0: rw=2049, sector=257, nr_sectors = 8 limit=128
[  246.633466][T14723] +}[@: attempt to access beyond end of device
[  246.633466][T14723] loop0: rw=2049, sector=273, nr_sectors = 8 limit=128
[  246.648008][T14723] +}[@: attempt to access beyond end of device
[  246.648008][T14723] loop0: rw=2049, sector=289, nr_sectors = 8 limit=128
[  246.649026][T14744] smc: net device bond0 erased user defined pnetid SYZ0
[  246.773530][T14762] loop0: detected capacity change from 0 to 128
[  246.802379][T14766] loop0: detected capacity change from 0 to 128
[  246.851144][T14770] loop0: detected capacity change from 0 to 2048
[  246.874735][T14770]  loop0: p1 < > p4
[  246.879097][T14770] loop0: p4 size 8388608 extends beyond EOD, truncated
[  246.994849][T14784] netlink: 'syz.0.4144': attribute type 1 has an invalid length.
[  247.019107][T14786] netlink: 'syz.0.4145': attribute type 1 has an invalid length.
[  247.040998][T14788] FAULT_INJECTION: forcing a failure.
[  247.040998][T14788] name failslab, interval 1, probability 0, space 0, times 0
[  247.053721][T14788] CPU: 0 UID: 0 PID: 14788 Comm: syz.0.4146 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  247.053784][T14788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  247.053799][T14788] Call Trace:
[  247.053806][T14788]  <TASK>
[  247.053815][T14788]  dump_stack_lvl+0xf6/0x150
[  247.053880][T14788]  dump_stack+0x15/0x1a
[  247.053902][T14788]  should_fail_ex+0x261/0x270
[  247.053933][T14788]  should_failslab+0x8f/0xb0
[  247.054012][T14788]  __kmalloc_noprof+0xad/0x410
[  247.054042][T14788]  ? hashtab_duplicate+0x59/0x370
[  247.054145][T14788]  hashtab_duplicate+0x59/0x370
[  247.054224][T14788]  ? should_failslab+0x8f/0xb0
[  247.054300][T14788]  ? __kmalloc_noprof+0x1eb/0x410
[  247.054324][T14788]  ? cond_policydb_dup+0xa0/0x500
[  247.054346][T14788]  ? __pfx_cond_bools_copy+0x10/0x10
[  247.054376][T14788]  ? __pfx_cond_bools_destroy+0x10/0x10
[  247.054469][T14788]  cond_policydb_dup+0xd9/0x500
[  247.054495][T14788]  security_set_bools+0xa8/0x350
[  247.054593][T14788]  sel_commit_bools_write+0x1ed/0x270
[  247.054618][T14788]  vfs_writev+0x3f3/0x880
[  247.054681][T14788]  ? get_pid_task+0x94/0xd0
[  247.054698][T14788]  ? __pfx_sel_commit_bools_write+0x10/0x10
[  247.054774][T14788]  ? mutex_lock+0xd/0x40
[  247.054793][T14788]  do_writev+0xf7/0x230
[  247.054816][T14788]  __x64_sys_writev+0x45/0x50
[  247.054833][T14788]  x64_sys_call+0x1d68/0x2e10
[  247.054852][T14788]  do_syscall_64+0xc9/0x1a0
[  247.054880][T14788]  ? clear_bhb_loop+0x25/0x80
[  247.054899][T14788]  ? clear_bhb_loop+0x25/0x80
[  247.054917][T14788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.054935][T14788] RIP: 0033:0x7f192410e169
[  247.054947][T14788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.055032][T14788] RSP: 002b:00007f1922777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  247.055099][T14788] RAX: ffffffffffffffda RBX: 00007f1924335fa0 RCX: 00007f192410e169
[  247.055116][T14788] RDX: 0000000000000002 RSI: 0000200000000080 RDI: 0000000000000003
[  247.055126][T14788] RBP: 00007f1922777090 R08: 0000000000000000 R09: 0000000000000000
[  247.055137][T14788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.055148][T14788] R13: 0000000000000000 R14: 00007f1924335fa0 R15: 00007ffef9b31518
[  247.055165][T14788]  </TASK>
[  247.597850][T14802] netlink: 'syz.1.4152': attribute type 1 has an invalid length.
[  247.644880][T14804] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  247.653477][T14804] vhci_hcd: default hub control req: 6011 v8001 i0001 l0
[  247.672106][T14811] loop6: detected capacity change from 0 to 512
[  247.714894][T14811] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.729468][T14811] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  247.736766][T14817] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4157'.
[  247.750988][T14811] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4156: corrupted inode contents
[  247.772189][T14811] EXT4-fs error (device loop6): ext4_dirty_inode:6103: inode #2: comm syz.6.4156: mark_inode_dirty error
[  247.786442][T14811] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4156: corrupted inode contents
[  247.790154][T14826] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  247.813595][T14811] EXT4-fs error (device loop6): __ext4_ext_dirty:207: inode #2: comm syz.6.4156: mark_inode_dirty error
[  247.841013][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.901138][T14834] loop6: detected capacity change from 0 to 2048
[  247.938457][T14840] 9pnet_fd: p9_fd_create_unix (14840): problem connecting socket: ./file0: -2
[  247.949952][T14834]  loop6: p1 < > p4
[  247.954500][T14834] loop6: p4 size 8388608 extends beyond EOD, truncated
[  247.968388][T14842] netlink: 'syz.5.4167': attribute type 1 has an invalid length.
[  248.037043][T14851] netlink: 'syz.6.4168': attribute type 1 has an invalid length.
[  248.084782][T14849] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  248.092496][T14849] vhci_hcd: default hub control req: 6011 v8001 i0001 l0
[  248.221582][T14874] loop6: detected capacity change from 0 to 2048
[  248.275736][T14874]  loop6: p1 < > p4
[  248.287457][T14874] loop6: p4 size 8388608 extends beyond EOD, truncated
[  248.291826][T14858] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4172'.
[  248.475563][T14893] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  248.493559][T14893] vhci_hcd: default hub control req: 6011 v8001 i0001 l0
[  248.511738][T14900] loop6: detected capacity change from 0 to 512
[  248.518896][T14900] EXT4-fs: Ignoring removed nobh option
[  248.557350][T14900] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #16: comm syz.6.4188: corrupted inode contents
[  248.569494][T14900] EXT4-fs (loop6): Remounting filesystem read-only
[  248.577480][T14900] EXT4-fs (loop6): 1 truncate cleaned up
[  248.583699][T14900] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.597406][T14900] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.621541][ T9797] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  248.632158][ T9797] EXT4-fs (loop6): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  248.657425][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.689632][ T9797] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[  248.720076][T14913] loop5: detected capacity change from 0 to 512
[  248.766577][T14913] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.789355][T14913] ext4 filesystem being mounted at /499/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.808085][T14913] EXT4-fs error (device loop5): ext4_do_update_inode:5211: inode #2: comm syz.5.4193: corrupted inode contents
[  248.821570][T14913] EXT4-fs error (device loop5): ext4_dirty_inode:6103: inode #2: comm syz.5.4193: mark_inode_dirty error
[  248.835841][T14913] EXT4-fs error (device loop5): ext4_do_update_inode:5211: inode #2: comm syz.5.4193: corrupted inode contents
[  248.843789][T14935] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4196'.
[  248.849892][T14913] EXT4-fs error (device loop5): __ext4_ext_dirty:207: inode #2: comm syz.5.4193: mark_inode_dirty error
[  248.897244][T14937] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  248.906953][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.951156][T14943] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4203'.
[  248.953948][T14947] loop5: detected capacity change from 0 to 1024
[  248.967128][T14947] EXT4-fs: Ignoring removed i_version option
[  248.973176][T14947] EXT4-fs: dax option not supported
[  248.973969][T14945] loop6: detected capacity change from 0 to 2048
[  248.984390][T14947] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=14947 comm=syz.5.4205
[  249.062788][T14945]  loop6: p1 < > p4
[  249.067599][T14945] loop6: p4 size 8388608 extends beyond EOD, truncated
[  249.129579][T14961] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.4211' sets config #1
[  249.156978][T14964] smc: net device bond0 applied user defined pnetid SYZ0
[  249.165760][T14964] smc: net device bond0 erased user defined pnetid SYZ0
[  249.195859][T14969] loop5: detected capacity change from 0 to 128
[  249.214666][T14971] smc: net device bond0 applied user defined pnetid SYZ0
[  249.222816][T14971] smc: net device bond0 erased user defined pnetid SYZ0
[  249.250828][T14973] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  249.389342][T14986] loop6: detected capacity change from 0 to 2048
[  249.434556][T14986]  loop6: p1 < > p4
[  249.439909][T14986] loop6: p4 size 8388608 extends beyond EOD, truncated
[  249.461677][T14961] loop0: detected capacity change from 0 to 512
[  249.476769][T14961] EXT4-fs: Ignoring removed i_version option
[  249.500339][T14961] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  249.555854][T14994] loop5: detected capacity change from 0 to 128
[  249.562852][T14961] EXT4-fs (loop0): 1 truncate cleaned up
[  249.582254][T14961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.644181][T15003] smc: net device bond0 applied user defined pnetid SYZ0
[  249.658792][T15003] smc: net device bond0 erased user defined pnetid SYZ0
[  249.679904][T10860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.817129][T15027] loop5: detected capacity change from 0 to 128
[  249.879362][T15033] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.4239' sets config #1
[  249.967655][T15039] xt_TPROXY: Can be used only with -p tcp or -p udp
[  249.980485][T15039] loop0: detected capacity change from 0 to 128
[  249.987527][T15039] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  250.001877][T15039] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  250.154382][T15033] loop5: detected capacity change from 0 to 512
[  250.170871][T15033] EXT4-fs: Ignoring removed i_version option
[  250.181309][T15033] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  250.218177][T15033] EXT4-fs (loop5): 1 truncate cleaned up
[  250.238300][T15033] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.296629][ T7975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.376632][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.385646][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.394736][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.411943][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.420945][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.430299][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.453304][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.462324][T15054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4246'.
[  250.616873][T15076] loop5: detected capacity change from 0 to 128
[  250.697475][T15082] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.4257' sets config #1
[  250.714174][T15086] loop5: detected capacity change from 0 to 128
[  251.024973][   T29] kauditd_printk_skb: 99 callbacks suppressed
[  251.024989][   T29] audit: type=1326 audit(1745145006.047:19108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.061819][T15082] loop6: detected capacity change from 0 to 512
[  251.063117][   T29] audit: type=1326 audit(1745145006.047:19109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.077530][T15082] EXT4-fs: Ignoring removed i_version option
[  251.092126][   T29] audit: type=1326 audit(1745145006.047:19110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.092164][   T29] audit: type=1326 audit(1745145006.047:19111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.092247][   T29] audit: type=1326 audit(1745145006.047:19112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.092287][   T29] audit: type=1326 audit(1745145006.047:19113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.092319][   T29] audit: type=1326 audit(1745145006.047:19114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.092353][   T29] audit: type=1326 audit(1745145006.047:19115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.092387][   T29] audit: type=1326 audit(1745145006.047:19116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.092480][   T29] audit: type=1326 audit(1745145006.047:19117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15111 comm="syz.5.4272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0471e5e169 code=0x7ffc0000
[  251.308156][T15082] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  251.372818][T15122] loop5: detected capacity change from 0 to 128
[  251.385953][T15082] EXT4-fs (loop6): 1 truncate cleaned up
[  251.402153][T15082] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.445335][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.479541][T15130] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  251.488488][T15131] loop5: detected capacity change from 0 to 512
[  251.505404][T15131] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  251.520320][T15131] EXT4-fs (loop5): mount failed
[  251.549027][T15135] loop6: detected capacity change from 0 to 128
[  251.623526][T15139] smc: net device bond0 applied user defined pnetid SYZ0
[  251.632847][T15139] smc: net device bond0 erased user defined pnetid SYZ0
[  251.694317][T15146] validate_nla: 2 callbacks suppressed
[  251.694337][T15146] netlink: 'syz.1.4286': attribute type 1 has an invalid length.
[  251.723437][T15143] loop6: detected capacity change from 0 to 512
[  251.752424][T15143] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.765931][T15143] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.780315][T15143] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4284: corrupted inode contents
[  251.805913][T15143] EXT4-fs error (device loop6): ext4_dirty_inode:6103: inode #2: comm syz.6.4284: mark_inode_dirty error
[  251.825789][T15143] EXT4-fs error (device loop6): ext4_do_update_inode:5211: inode #2: comm syz.6.4284: corrupted inode contents
[  251.839115][T15156] FAULT_INJECTION: forcing a failure.
[  251.839115][T15156] name failslab, interval 1, probability 0, space 0, times 0
[  251.851877][T15156] CPU: 0 UID: 0 PID: 15156 Comm: syz.1.4289 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  251.851916][T15156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  251.851937][T15156] Call Trace:
[  251.851944][T15156]  <TASK>
[  251.851954][T15156]  dump_stack_lvl+0xf6/0x150
[  251.851982][T15156]  dump_stack+0x15/0x1a
[  251.852003][T15156]  should_fail_ex+0x261/0x270
[  251.852092][T15156]  should_failslab+0x8f/0xb0
[  251.852119][T15156]  __kmalloc_noprof+0xad/0x410
[  251.852153][T15156]  ? security_prepare_creds+0x53/0x120
[  251.852180][T15156]  security_prepare_creds+0x53/0x120
[  251.852204][T15156]  prepare_creds+0x368/0x4e0
[  251.852264][T15156]  copy_creds+0x90/0x3f0
[  251.852313][T15156]  copy_process+0x63f/0x1f60
[  251.852353][T15156]  ? __rcu_read_unlock+0x4e/0x70
[  251.852376][T15156]  kernel_clone+0x168/0x5d0
[  251.852411][T15156]  __x64_sys_clone+0xe9/0x120
[  251.852503][T15156]  x64_sys_call+0x2dc9/0x2e10
[  251.852529][T15156]  do_syscall_64+0xc9/0x1a0
[  251.852634][T15156]  ? clear_bhb_loop+0x25/0x80
[  251.852659][T15156]  ? clear_bhb_loop+0x25/0x80
[  251.852685][T15156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.852712][T15156] RIP: 0033:0x7fc05ecae169
[  251.852730][T15156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  251.852768][T15156] RSP: 002b:00007fc05d316fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  251.852791][T15156] RAX: ffffffffffffffda RBX: 00007fc05eed5fa0 RCX: 00007fc05ecae169
[  251.852805][T15156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000
[  251.852816][T15156] RBP: 00007fc05d317090 R08: 0000000000000000 R09: 0000000000000000
[  251.852867][T15156] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  251.852882][T15156] R13: 0000000000000000 R14: 00007fc05eed5fa0 R15: 00007fffef11c958
[  251.852905][T15156]  </TASK>
[  252.045728][T15143] EXT4-fs error (device loop6): __ext4_ext_dirty:207: inode #2: comm syz.6.4284: mark_inode_dirty error
[  252.076997][T15161] smc: net device bond0 applied user defined pnetid SYZ0
[  252.085314][T15161] smc: net device bond0 erased user defined pnetid SYZ0
[  252.112410][T15163] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  252.124205][T12586] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.296360][T15176] loop5: detected capacity change from 0 to 128
[  252.318189][T15173] IPv6: NLM_F_CREATE should be specified when creating new route
[  252.358138][T15180] loop5: detected capacity change from 0 to 128
[  253.121149][T15201] netlink: 'syz.2.4308': attribute type 1 has an invalid length.
[  253.148868][T15206] netlink: 'syz.2.4310': attribute type 1 has an invalid length.
[  253.158174][T15205] loop0: detected capacity change from 0 to 2048
[  253.175885][T15209] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.4311' sets config #1
[  253.194927][T15205]  loop0: p1 < > p4
[  253.199516][T15205] loop0: p4 size 8388608 extends beyond EOD, truncated
[  253.438773][T15220] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  253.455934][T15222] smc: net device bond0 applied user defined pnetid SYZ0
[  253.464283][T15222] smc: net device bond0 erased user defined pnetid SYZ0
[  253.506114][T15228] loop0: detected capacity change from 0 to 2048
[  253.544665][T15228]  loop0: p1 < > p4
[  253.548932][T15228] loop0: p4 size 8388608 extends beyond EOD, truncated
[  253.672504][T15239] loop0: detected capacity change from 0 to 764
[  253.733940][    C0] vxcan1: j1939_tp_rxtimer: 0xffff88811a3ede00: rx timeout, send abort
[  253.742372][    C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff88811a3ede00: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  253.776953][T15249] netlink: 'syz.5.4325': attribute type 1 has an invalid length.
[  253.802109][T15251] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  253.840378][T15254] smc: net device bond0 applied user defined pnetid SYZ0
[  253.848477][T15254] smc: net device bond0 erased user defined pnetid SYZ0
[  253.881139][T15259] ==================================================================
[  253.889283][T15259] BUG: KCSAN: data-race in mas_replace_node / mtree_range_walk
[  253.896854][T15259] 
[  253.899194][T15259] write to 0xffff888117075f00 of 8 bytes by task 15257 on cpu 1:
[  253.906918][T15259]  mas_replace_node+0x1b8/0x430
[  253.911785][T15259]  mas_wr_store_entry+0x1e80/0x2460
[  253.916993][T15259]  mas_store_prealloc+0x6d5/0x960
[  253.922113][T15259]  vma_iter_store_new+0x1d3/0x210
[  253.927238][T15259]  vma_complete+0x12b/0x570
[  253.931750][T15259]  __split_vma+0x56c/0x630
[  253.936178][T15259]  vma_modify+0x105/0x200
[  253.940521][T15259]  vma_modify_flags+0x10a/0x140
[  253.945384][T15259]  mprotect_fixup+0x30f/0x5d0
[  253.950072][T15259]  do_mprotect_pkey+0x6ce/0x9a0
[  253.954939][T15259]  __x64_sys_mprotect+0x48/0x60
[  253.959804][T15259]  x64_sys_call+0x272f/0x2e10
[  253.964490][T15259]  do_syscall_64+0xc9/0x1a0
[  253.969001][T15259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.974897][T15259] 
[  253.977229][T15259] read to 0xffff888117075f00 of 8 bytes by task 15259 on cpu 0:
[  253.984859][T15259]  mtree_range_walk+0x347/0x460
[  253.989716][T15259]  mas_walk+0x16e/0x320
[  253.993874][T15259]  lock_vma_under_rcu+0xa7/0x340
[  253.998821][T15259]  exc_page_fault+0x150/0x6a0
[  254.003500][T15259]  asm_exc_page_fault+0x26/0x30
[  254.008354][T15259] 
[  254.010676][T15259] value changed: 0xffff888117075a0e -> 0xffff888117075f00
[  254.017781][T15259] 
[  254.020363][T15259] Reported by Kernel Concurrency Sanitizer on:
[  254.026515][T15259] CPU: 0 UID: 0 PID: 15259 Comm: syz.6.4329 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(voluntary) 
[  254.039016][T15259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  254.049077][T15259] ==================================================================