last executing test programs:

3m13.307950244s ago: executing program 3 (id=4484):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f0000000540)={0x5, &(0x7f0000000500)=[{0x4, 0x4, 0x3, 0xe}, {0x3, 0x7, 0xd1, 0x7}, {0x8, 0xd, 0x4, 0x5}, {0x5, 0xa, 0x1, 0x1f9}, {0x8, 0x0, 0x34, 0xfffffff7}]})
r1 = socket$inet(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000300), &(0x7f0000000380)=0x68)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
arch_prctl$ARCH_GET_CPUID(0x1011)

3m13.176149707s ago: executing program 3 (id=4486):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='kmem_cache_free\x00', r0, 0x0, 0x1}, 0x18)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000480)={0x0, 0xaee5, 0x800, 0x2, 0x1f6}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r1, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r1, 0x47f6, 0x3, 0x0, 0x0, 0x0)

3m12.759254154s ago: executing program 3 (id=4493):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000580)='./file0\x00', 0x0, &(0x7f0000000300)={[{@i_version}, {@mblk_io_submit}, {@noquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7f}}, {@grpid}, {@abort}, {@nodelalloc}]}, 0x1, 0x539, &(0x7f0000000600)="$eJzs3c1rHGUYAPBnZrPWttFU/EA9FbRUKd2kTYvk1hw8VqrBo8Sw2YaQSTZkN7UJObTgXUFBUQT15N2riPgHeBbRf0ARGyytt5XJ7qY1X6616Wrm94PZfT+GPO+b2edlZ5hhAyis4/lLGvFMRFxKIobu6huITufx9n631teqt9fXqkm0WhO/JZFExM31tWp3/6TzfjQirkXE0xHxbTniVLo9bmNldW4qy2pLnfpwc35xuLGyenp2fmqmNlNbGB07PzY69tLYudH7NteJybFXT/zwSvJ1Mv7yzU/euJHEhRjs9N09j/up/T8px4Ut7ef2I1gfJf0eAPek1MnzckQ8GUNR6mQ9cPC1DkW0gIJK5D8UVPd7QH7+290e5PePX8fbJyB53Fudrd0z0L42EQ9vnJsc+T35y5lJfr557EEOlAPp2vWIGBkY2P75Tzqfv3s3cj8GyL76Zrx9oLYf/3Rz/Ykd1p/B7rXTf6m7/t3atv7diV/aZf271GOMhbHvnto1/vWIZ3eMn2zGT3aIn0bEmz3Gn/jyl89362t9FnEydo7flex9fXj48mxWG2m/7hjjnddGvthr/kd2iX9hj/nnbYs9zj9ef/zHa3vEf+G5vY//TvEPR8S7PYb/6aP33t6tL48/vcv894qft33aY/wTL3413uOuAAAAAAAAAADAP5Bu3MuWpJXNcppWKu1neJ+II2lWbzRPXa4vL0y373k7FuW0e6fVULue5PUznftxu/WzW+qjEfFYRLxfOrxRr1Tr2XS/Jw8AAAAAAAAAAAAAAAAAAAD/EUe3PP9/s9R+/h8oCD/5DcUl/6G45D8Ul/yH4pL/UFzyH4pL/kNxyX8oLvkPxSX/objkPwAAAAAAAAAAAAAAAAAAAAAAAAAA7ItLFy/mW+v2+lo1r09fWVmeq185PV1rzFXml6uVan1psTJTr89ktUq1Pv93fy+r1xfPx8Ly1eFmrdEcbqysTs7Xlxeak7PzUzO1yVr5gcwKAAAAAAAAAAAAAAAAAAAA/l8GN7YkrUREulFO00ol4pGIOBbl5PJsVhuJiEcj4vtS+VBeP9PvQQMAAAAAAAAAAAAAAAAAAMAB01hZnZvKstqSgoKCwmah3ysTAAAAAAAAAAAAAAAAAAAUz52Hfvs9EgAAAAAAAAAAAAAAAAAAACiy9OdWq9VKIuLk0PODW3sfSv4obbxHxFsfT3xwdarZXDqTt9/YbG9+2Gk/24/xA73q5mk3jwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA7Giurc1NZVlvax0K/5wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwL/4MAAD//7HA27Q=")
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
r2 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x140000}], 0x1, 0x7800, 0x0, 0x3)

3m12.516217639s ago: executing program 3 (id=4497):
set_mempolicy(0x1, &(0x7f0000000000)=0x9, 0x2)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@init_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6(0x2d, 0x2, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r2, 0x11d, 0x32, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='mm_page_alloc\x00', r4, 0x0, 0x100001034}, 0x18)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = timerfd_create(0x0, 0x0)
r7 = syz_io_uring_setup(0x58f8, &(0x7f0000000000)={0x0, 0x7d02, 0x10100, 0x0, 0x104a}, &(0x7f0000000180)=<r8=>0x0, &(0x7f0000000240)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r6, 0x0, 0x0, 0x0, 0x665afcfac13c1a68})
io_uring_enter(r7, 0x1f82, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
sendmsg$key(r1, &(0x7f00000007c0)={0x300, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020a06000300000028bd7008fcd1df25010018"], 0x18}}, 0x40)
syz_clone(0x40ac8000, 0x0, 0x0, 0x0, 0x0, 0x0)

3m11.943295011s ago: executing program 3 (id=4501):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
pipe2(&(0x7f0000001cc0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r5}}]}})

3m11.687041075s ago: executing program 3 (id=4506):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000c10, &(0x7f0000000180)={[{@nobh}, {@abort}, {@nogrpid}, {@nodiscard}, {@user_xattr}]}, 0xff, 0x25c, &(0x7f0000000bc0)="$eJzs3TFoHXUcB/Dv3XvPmvYhVRdB1IKIaCDUTXCpi0JBShERVKiIuCitUFvcGqcuDjqrdHIp4mZ0lCzBRRGcomaIi6DBweCgw8l7l0DyEjXhPe9K7vOBx90ld///70i+/7vh3f0DdNbJJGeS9JLMJxkkKXbucKr+nNzavDG3ciGpqmd/K8b71du17eNOJFlM8niS5bLI6/3k6tKL63+sPv3wu1cGD3289MJcoye5ZWN97ZnNj85d/+zsY1e/+e6Xc0XOZLjrvGav2Odn/SK56//o7BZR9NuugIM4//an349yf3eSB8f5H6RM/cd77/Jty4M8+uE/Hfv+r9/e22StwOxV1WB0DVysgM4pkwxTlAtJ6vWyXFio7+F/6B0v37h0+a351y5dufhq2yMVMCvDZO2pL459fmIi/z/36vwDR9co/8+dv/njaH2z13Y1QCPuqxej/M+/fO2RyD90jvxDd8k/dNch8+8bHXCEuP5Dd/1L/m9vqyagGXvzP2i7JKAh7v+hk6qqqg6a/+tNFgY0w/Ufumtn/gGAbqmOtf0EMtCWtscfAAAAAAAAAAAAAAAAAABgrxtzKxe2P2noJeBffZBsPFnPLjLZf9Ibz0e8Xcnx34tdk5AUM5iU5KUHpmxgSp+0/PT1HT+12//X97fb/7WLyeI7SU73+3v//4qUp6Zr/87/+P3glenaP6xiYvuJ55vtf9JfN9vt/+xq8uVo/Dm93/hT5p7xcv/xZziDN6a/+eeUDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCYvwMAAP//Rq9yAw==") (async)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="020000000100000001000000000000000000000010000000000000002000000000000000"], 0x24, 0x0) (async)
open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x10) (async)
getresuid(&(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
lsetxattr$system_posix_acl(&(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x1}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x2}, {0x20, 0x7}}, 0x2c, 0x3) (async)
write$binfmt_format(r0, &(0x7f0000000000)='-1\x00', 0x3)

3m11.684457905s ago: executing program 32 (id=4506):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000c10, &(0x7f0000000180)={[{@nobh}, {@abort}, {@nogrpid}, {@nodiscard}, {@user_xattr}]}, 0xff, 0x25c, &(0x7f0000000bc0)="$eJzs3TFoHXUcB/Dv3XvPmvYhVRdB1IKIaCDUTXCpi0JBShERVKiIuCitUFvcGqcuDjqrdHIp4mZ0lCzBRRGcomaIi6DBweCgw8l7l0DyEjXhPe9K7vOBx90ld///70i+/7vh3f0DdNbJJGeS9JLMJxkkKXbucKr+nNzavDG3ciGpqmd/K8b71du17eNOJFlM8niS5bLI6/3k6tKL63+sPv3wu1cGD3289MJcoye5ZWN97ZnNj85d/+zsY1e/+e6Xc0XOZLjrvGav2Odn/SK56//o7BZR9NuugIM4//an349yf3eSB8f5H6RM/cd77/Jty4M8+uE/Hfv+r9/e22StwOxV1WB0DVysgM4pkwxTlAtJ6vWyXFio7+F/6B0v37h0+a351y5dufhq2yMVMCvDZO2pL459fmIi/z/36vwDR9co/8+dv/njaH2z13Y1QCPuqxej/M+/fO2RyD90jvxDd8k/dNch8+8bHXCEuP5Dd/1L/m9vqyagGXvzP2i7JKAh7v+hk6qqqg6a/+tNFgY0w/Ufumtn/gGAbqmOtf0EMtCWtscfAAAAAAAAAAAAAAAAAABgrxtzKxe2P2noJeBffZBsPFnPLjLZf9Ibz0e8Xcnx34tdk5AUM5iU5KUHpmxgSp+0/PT1HT+12//X97fb/7WLyeI7SU73+3v//4qUp6Zr/87/+P3glenaP6xiYvuJ55vtf9JfN9vt/+xq8uVo/Dm93/hT5p7xcv/xZziDN6a/+eeUDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCYvwMAAP//Rq9yAw==") (async)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="020000000100000001000000000000000000000010000000000000002000000000000000"], 0x24, 0x0) (async)
open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x10) (async)
getresuid(&(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
lsetxattr$system_posix_acl(&(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x1}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x2}, {0x20, 0x7}}, 0x2c, 0x3) (async)
write$binfmt_format(r0, &(0x7f0000000000)='-1\x00', 0x3)

2m46.119612946s ago: executing program 4 (id=4918):
openat$tun(0xffffffffffffff9c, 0x0, 0xc2300, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f00000001c0)=0x7, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000002780)=ANY=[@ANYBLOB="1c0008200203000014"], 0xfb5)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r4, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
r5 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(0x0, r6)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, 0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c", @ANYRES16=r7, @ANYBLOB="010026bd70003c02000002000000", @ANYRES32], 0x1c}}, 0x0)
write$nci(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="41040101040403"], 0x7)

2m45.843758041s ago: executing program 4 (id=4925):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x1c, &(0x7f0000001ac0)=""/7, &(0x7f0000005bc0)=0x7)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x1, @perf_config_ext={0x7, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setpriority(0x2, 0xff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = gettid()
syz_clone(0xb44040, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigaction(0x1b, &(0x7f0000000040)={0xfffffffffffffffc, 0x4c000000, 0x0, {[0x8000000000005a]}}, 0x0, 0x8, &(0x7f00000001c0))
tkill(r3, 0x1b)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x18)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x5)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f0000000100)={0xfffffff8, 0xaeb, 0x657, 0x6f, 0x7, "3ce6920887000000000000000d00", 0x4, 0x1ff})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x8)

2m44.936914419s ago: executing program 4 (id=4940):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000a0200000010000000000000009500"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x64}, 0x94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kmem_cache_free\x00', r3, 0x0, 0x9}, 0x18)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f0000000000)="f2435f010008800000000085080044", 0xf, 0x24000800, &(0x7f0000000200)={0x11, 0x17, r5, 0x1, 0x0, 0x6, @random="af1cf756fb76"}, 0x14)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x8, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x9, 0x3ff}]}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa424e1aa2e0d4080045000014"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x43}, 0x94)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2m44.824882111s ago: executing program 4 (id=4947):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, r1, 0xfc5, 0x0, 0x0, {{0x11}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

2m44.791784222s ago: executing program 4 (id=4949):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)

2m44.671440174s ago: executing program 4 (id=4951):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x803030, &(0x7f0000000100)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@barrier}, {@nodioread_nolock}, {@grpquota}, {@max_batch_time={'max_batch_time', 0x3d, 0x9}}]}, 0x1, 0x5af, &(0x7f0000000500)="$eJzs3U9oHPUeAPDvzGb7N6/pg/fgvUcP5SlUKN0k/aPVU3sVC4UeCl5q2GxDyCYbshttQsD0XsQeRKWXetODR8WDB/EiePHqRfEsFBsUmh40sv/SNtmNm5pk0+znA5Od3/xm5/v7zex3MjPMMAH0rOPVP2nEfyPichIx8FhdXzQqj9fnW15ayD9cWsgnsbJy5Zckkoh4sLSQb86fND4PR8RiRPwnIr7ORpxM18ctz81PjBSLhZlGebAyOT1Ynps/NT45MlYYK0ydeenlc+fPnhs+Pdy+8dnN9fXWj7ffufXdq3dvf/LpscX8eyNJXIj+Rt3j/dhK9XWSjQtrpp/djmBdlHS7ATyVTCPPq6n07xiITCPrW1kZ2NGmAdtsZX/EymYki5uaHdjNks3lP7BnNI8Dque/zeGJA4RMmwOH/Vtz/HHvYv0EpBp3uTHUa/rq1ybiQO3c5NCvyRNnJtXzzaNb0wR62OLNiBjq61v/+08av7+nN7QVDWRbfXWxvqHWb/90df8TLfY//c1rp39Tc/+3vG7/9yh+ps3+7/K6pe1rGeP313/6sG38mxH/axk/WY2ftIifRsQbHfbxztUvzrere/ujiBPROn5TsvH14cHr48XCUP1vyxhfnjj2ykb9P9Qmfv2a7YHav5lW63+6w/5//s1n/1/cIP4Lz228/Vut/4MR8W6H8f/54OPX2tXdu5ncrx4FbHb7V6fd7TD+ixeO/9Cm6mCHiwAAAAAAAAAAAFpIa/eyJWludTxNc7n6M7z/ikNpsVSunLxemp0ard/zdjSyafNOq4F6OamWhxv34zbLp9eUzzTvI84crJVz+VJxtMt9BwAAAAAAAAAAAAAAAAAAgN3icET0p7H6/P9vmdrz/2tfVw3sVe1f+Q3sdfIfeteT+Z+0eLnv5E42B9hBj+X/w262A9hxK47/oXfJf+hd8h96l/yH3iX/oXfJf+hd8h8AAAAAAAAAAAAAAAAAAAAAAAAAALbF5UuXqsPKw6WFfLU82jc3O1F689RooTyRm5zN5/KlmencWKk0Vizk8qW/fA9osVSaHoqp2RuDlUK5Mliem782WZqdqlwbnxwZK1wrZHekVwAAAAAAAAAAAAAAAAAAAPBs6a8NSZqLiLQ2nqa5XMQ/IuJoZJPr48XCUEQciYjvM9n91fJwtxsNAAAAAAAAAAAAAAAAAAAAe0x5bn5ipFgszPTISN+6Kd+2nzkiFre2GdUlbvpb2ca22i3r8FkbObLxPJnoegt340iXd0wAAAAAAAAAAAAAAAAAANCDHj302+k3/tjeBgEAAAAAAAAAAAAAAAAAAEBPSn9OIqI6nBh4vn9t7b5kOVP7jIi37lx5/8ZIpTIzXJ1+vzn9QOWDxvTTnUW8uuV9ADrRzNNmHgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPlOfmJ0aKxcLMNo50u48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT+PPAAAA///FCtgw")
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x200980)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x6)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x40, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x400000, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = inotify_init()
inotify_add_watch(r4, &(0x7f0000000000)='.\x00', 0x400017e)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000700000e0000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a01080000000000000000010000000900020073797a32000000003400038030000080080003400000000224000b80200001800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30"], 0xe4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a010100000000000000000100000009000300040000000000000014000480080002400000000008000140000000000900010073797a300000000060000000060a010400000000000000000100000038000480240001800b00010072656a65637400001400028008000140000000000500020000000000100001800a000100726564697200000008000b40000000000900010073797a300000000014000000110001"], 0xe8}}, 0x0)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r11, 0x0, 0xf7}, 0x18)
sendmsg$tipc(r9, &(0x7f0000000080)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x3, 0x0, {0x0, 0xf5ff}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x140400c0}, 0x2000081)
r12 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r12, 0x0)

2m39.637527132s ago: executing program 2 (id=5013):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff0000d8b4b7080100000000007b8af0ff00000000bfa100000000000007010000f8ff0200bfa400000000000007040000f0ffffffb702000000000004182300006206939f4a40b5061ee68ce7eb0857b738cf84f501da8c7c4adafcc27b85a359ad77e64473ea806e4a7f64bdaae2c006f80062b6672b871776a6ca7065eb04d9c92bd96847bbe17b471011055ab4e901933f2d7dd6c2ddbffff1c53201c469dc2223d28b76c4df765048680d4d408226d8c5f38481b803e39101ffa76fdcfd13cf19b4923648c19c306f620ee4f6a2d8daf0aff1382862497d42efc18bce5ac974d81bd64b11f72c6c7be63d632ba4a2e9afb5d146bffa05db50455b72a2651237addeb271a3da1ad7df5c5a7cfea8151ab76eeb679b23785b7d3eab68a16255f968", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
gettid()
timer_create(0x0, &(0x7f0000000280)={0x0, 0x100033, 0x800000000004, @thr={&(0x7f0000000300)="50a707d26198e6cec325b09e4be328a62aea5c31398d42918217e17393e36d", &(0x7f0000000380)="3a3f731498fac07d47520286e9d33b775b161d1165058d90321153cccb5d8105a29e8f7268f8e57ca69f766b08d42a1b25f07d5bc0"}}, &(0x7f0000bbdffc))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd51, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f00000002c0)='cpu.weight\x00', 0x2, 0x0)
write$cgroup_subtree(r3, 0x0, 0x8)
write$cgroup_int(r3, &(0x7f0000000000)=0x4, 0x12)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$sndseq(r6, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
read$snapshot(r6, 0x0, 0xffffffbf)
read$watch_queue(r6, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
alarm(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syslog(0x9, 0x0, 0x0)

2m38.544289474s ago: executing program 2 (id=5028):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000040)='./file1\x00', 0x40)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = accept$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x0, @dev}, &(0x7f00000004c0)=0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r1, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x6, 0x2, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0], 0x0, 0x91, &(0x7f0000000640)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x26, 0x8, 0x8, &(0x7f0000000740)}}, 0x10)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000900)={@empty, @initdev={0xac, 0x1e, 0x1, 0x0}, r6}, 0xc)
r7 = fsmount(r4, 0x1, 0x0)
fchmodat(r7, &(0x7f0000000000)='.\x00', 0xe0)

2m37.470629105s ago: executing program 2 (id=5035):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000000), 0xfffffd26)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x401c5820, &(0x7f00000001c0)=0x8)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0x8000}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x40502, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r4 = gettid()
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = fsopen(&(0x7f0000000000)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000080)='name', &(0x7f00000000c0)='\x00\x1f\"\f\x00\x00\"\x00\x04\x00\x00', 0x0)
readv(r6, &(0x7f0000001b80)=[{&(0x7f0000001c00)=""/4069, 0xfe5}, {0x0}], 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000073b1e7932aa0340000000000000000000f000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m37.19179165s ago: executing program 2 (id=5039):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={@private2, @private=0xa010101, 0x1f, 0xd}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c757466383d302c696f636861727365743d63703836302c696f636861727365743d6d616363726f617469616e2c756e695f786c6174653d312c747a3d5554432c6e6f6e756d7461696c3d302c756e695f786c6174653d312c696f636861727365743d63703433372c73686f72746e616d653d77696e6e742c726f6469722c73686f72746e616d653d6d697865642c6e6f636173652c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c6572726f72733d72656d6f756e742d726f2c6e6f6e756d7461696c3d302c736d61636b66736465663d757466383d302c64697273796e632c736d61636b66736861743d262c657569643e807d6dc634ae06b292a3825c7626caa45b7a39a81660437a556646a082c54e8cf9c81260f6a760b9f06d5738818ee5a4503b0364b0f4c56abfe2", @ANYRESDEC=0x0, @ANYBLOB="2c6f626a5f726f6c653d2c686173682ca8ea26de004d2208fc414d630834ec2191519244adb53cec31ddc7b9b58f32238fac4fbdc332b1719e34"], 0x25, 0x34f, &(0x7f0000000840)="$eJzs3T9sG2UUAPDnXhKnESUekCqYDBsSqpogBpgSVUWqyABFFv8WLJryJzaVYmEpDHG8gComEAsSTGwdYOyMGBBiY2ClSKiAWOhWqRGHbJ/tc+xQZ3Boxe83RE/v+9597y6n3CVKvrzeiq1L83H51q2bsbhYiLm1c2txuxClOBFJ9OzFRB8tTM4DAPe422kaf6U9d5/9yVI/8uwHgPtX9/n/5qlhoniE4qsPzKIlAGDGpvz+//mJ2SszawsAmKGx5/9jI8MHfsw/N/idAADg/vXiK68+t74RcbFcXoyof9isNCvxzHB8/XK8HbXYjLOxHPsRvReF3ttC5+OzFzbOny13/FaKSqeiWYmot5qV3pvCetKtL8ZKLEcpq08H9UmnfqVbX46IvVZ3/agXmpX5WMrW/3kpNmM1luOhsfqICxvnV8vZASr1fn0roh2L/ZPo9H8mluPHN+JK1OJSdGqH/e+ulMvn0o2R+ua1YnceAAAAAAAAAAAAAAAAAAAAAADMwpnyQGmw/01abzU/uHhwQmlkf5xKbzjbH6jd2x8oLfZ357maHNwfaHR/nmZlLk78p2cOAAAAAAAAAAAAAAAAAAAA947GzkJUa7XN7cbO+1v5oJXLvPv9V9+ejP7QXFb6TjKsiiw5cpz+xNyRkxgskQ7K02RkThYkEf3Je9Vr1wcd5+cUB2cxVt4JimNDhaynaq126tFfP59U9Xcn2Otmkhi7LKNBIVs/N1R/sJNYjIj9w6oOD1bvMudGmqaHle9+Nl4VhYi5OHIbUwTf3Xzr4Scbp5/qZr7JNn14/Inll258+uUfW9VatHtXplZb2G7sp1McudPr+FCSu38K2XUuTLgTJgftYaa93dipJj/9+fIjH/9wYHIy+f5J85n3Dl/r64OZhV5QiCj1L8K/tTo/4eafHLx2Z3D3Hv0Td/qLter13V9+n7Yq90XCRh0AAAAAAAAAAAAAAAAAAHAscn8rfgRPvzC7jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+A3//38uaI9lpgnutGJ8qLi53Th08ZPHeqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyP/RMAAP//rShzCQ==")
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0xf1311, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0xc, 0x2, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r1, 0x21, &(0x7f00000001c0)={0x0, 0xbf77, 0x400, 0x1, 0x36, 0x0, r1}, 0x1)
ptrace(0x10, r2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071114200000000008510000002000000850000000500000095000d00000000009500a50000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
ptrace$setregs(0xf, r2, 0x1, &(0x7f0000000500)="77dcf02117ff113b9f4c1c8f3c3c4180b3b87c9e414805c5c07f4b06e350d460a882f276f4d496ee2b6b4dec92d7ba37f2c84803f576616827000a37fdccb7bba64a17cb4bfbedc445565aacb2f6cf7d8b21c821343365368cce8b9e4d6372c56d4f6c6f58995d54a2b3f7b39c20d5029b845f06e7e63633a1b769f83c949549388336152bf4782416808cb6a08cef9f38e603dfc8ac01586bb2270e593c41")
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r3, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001b40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x8, 0x0, 0x0}}, 0x10)
ptrace$setregs(0xd, r2, 0x9, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4204, r2, 0x1, &(0x7f0000000340)={&(0x7f0000000240)=""/204, 0xcc})
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="040029bd7000fcdbdf250100000008000600", @ANYRES32=r4, @ANYBLOB="05003300000000100800010000040000000039000800000008003900040000000000300000000000693b54c7aa2d944626cdab41d48f50c76b3b4f5f28b8064a68651e3f08f3711b574ea0f931be8df0ae12e5bde3aa3e3c5cc2cde0905672ac4adeaa09afbf75f30b434d94a277389979a2480d043cee0f7aedcf9e87c26994c08a735e1e269218f4fbc4abc1d7c9ad03e45f23760cb79f60fb0f6e5834bc71b941dfa9ba0cbd448bdea261361d1932c539a0da2935034f01d350cb71e3d15ac27c46f0ad937500"/215], 0x3f}, 0x1, 0x0, 0x0, 0x4004001}, 0x20040040)

2m35.073530822s ago: executing program 2 (id=5055):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000a0200000010000000000000009500"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x64}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kmem_cache_free\x00', r2, 0x0, 0x9}, 0x18)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000080))
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x8, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x9, 0x3ff}]}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa424e1aa2e0d4080045000014"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x43}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2m34.059689321s ago: executing program 2 (id=5066):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='kmem_cache_free\x00', r0, 0x0, 0x1}, 0x18)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000480)={0x0, 0xaee5, 0x800, 0x2, 0x1f6}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r1, 0x47f6, 0x3, 0x0, 0x0, 0x0)

2m34.059471402s ago: executing program 33 (id=5066):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='kmem_cache_free\x00', r0, 0x0, 0x1}, 0x18)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000480)={0x0, 0xaee5, 0x800, 0x2, 0x1f6}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r1, 0x47f6, 0x3, 0x0, 0x0, 0x0)

2m29.648420378s ago: executing program 34 (id=4951):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x803030, &(0x7f0000000100)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@barrier}, {@nodioread_nolock}, {@grpquota}, {@max_batch_time={'max_batch_time', 0x3d, 0x9}}]}, 0x1, 0x5af, &(0x7f0000000500)="$eJzs3U9oHPUeAPDvzGb7N6/pg/fgvUcP5SlUKN0k/aPVU3sVC4UeCl5q2GxDyCYbshttQsD0XsQeRKWXetODR8WDB/EiePHqRfEsFBsUmh40sv/SNtmNm5pk0+znA5Od3/xm5/v7zex3MjPMMAH0rOPVP2nEfyPichIx8FhdXzQqj9fnW15ayD9cWsgnsbJy5Zckkoh4sLSQb86fND4PR8RiRPwnIr7ORpxM18ctz81PjBSLhZlGebAyOT1Ynps/NT45MlYYK0ydeenlc+fPnhs+Pdy+8dnN9fXWj7ffufXdq3dvf/LpscX8eyNJXIj+Rt3j/dhK9XWSjQtrpp/djmBdlHS7ATyVTCPPq6n07xiITCPrW1kZ2NGmAdtsZX/EymYki5uaHdjNks3lP7BnNI8Dque/zeGJA4RMmwOH/Vtz/HHvYv0EpBp3uTHUa/rq1ybiQO3c5NCvyRNnJtXzzaNb0wR62OLNiBjq61v/+08av7+nN7QVDWRbfXWxvqHWb/90df8TLfY//c1rp39Tc/+3vG7/9yh+ps3+7/K6pe1rGeP313/6sG38mxH/axk/WY2ftIifRsQbHfbxztUvzrere/ujiBPROn5TsvH14cHr48XCUP1vyxhfnjj2ykb9P9Qmfv2a7YHav5lW63+6w/5//s1n/1/cIP4Lz228/Vut/4MR8W6H8f/54OPX2tXdu5ncrx4FbHb7V6fd7TD+ixeO/9Cm6mCHiwAAAAAAAAAAAFpIa/eyJWludTxNc7n6M7z/ikNpsVSunLxemp0ard/zdjSyafNOq4F6OamWhxv34zbLp9eUzzTvI84crJVz+VJxtMt9BwAAAAAAAAAAAAAAAAAAgN3icET0p7H6/P9vmdrz/2tfVw3sVe1f+Q3sdfIfeteT+Z+0eLnv5E42B9hBj+X/w262A9hxK47/oXfJf+hd8h96l/yH3iX/oXfJf+hd8h8AAAAAAAAAAAAAAAAAAAAAAAAAALbF5UuXqsPKw6WFfLU82jc3O1F689RooTyRm5zN5/KlmencWKk0Vizk8qW/fA9osVSaHoqp2RuDlUK5Mliem782WZqdqlwbnxwZK1wrZHekVwAAAAAAAAAAAAAAAAAAAPBs6a8NSZqLiLQ2nqa5XMQ/IuJoZJPr48XCUEQciYjvM9n91fJwtxsNAAAAAAAAAAAAAAAAAAAAe0x5bn5ipFgszPTISN+6Kd+2nzkiFre2GdUlbvpb2ca22i3r8FkbObLxPJnoegt340iXd0wAAAAAAAAAAAAAAAAAANCDHj302+k3/tjeBgEAAAAAAAAAAAAAAAAAAEBPSn9OIqI6nBh4vn9t7b5kOVP7jIi37lx5/8ZIpTIzXJ1+vzn9QOWDxvTTnUW8uuV9ADrRzNNmHgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPlOfmJ0aKxcLMNo50u48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT+PPAAAA///FCtgw")
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x200980)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x6)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x40, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x400000, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = inotify_init()
inotify_add_watch(r4, &(0x7f0000000000)='.\x00', 0x400017e)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000700000e0000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a01080000000000000000010000000900020073797a32000000003400038030000080080003400000000224000b80200001800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30"], 0xe4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a010100000000000000000100000009000300040000000000000014000480080002400000000008000140000000000900010073797a300000000060000000060a010400000000000000000100000038000480240001800b00010072656a65637400001400028008000140000000000500020000000000100001800a000100726564697200000008000b40000000000900010073797a300000000014000000110001"], 0xe8}}, 0x0)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r11, 0x0, 0xf7}, 0x18)
sendmsg$tipc(r9, &(0x7f0000000080)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x3, 0x0, {0x0, 0xf5ff}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x140400c0}, 0x2000081)
r12 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r12, 0x0)

2.021155411s ago: executing program 5 (id=7307):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
truncate(&(0x7f0000000080)='./file1\x00', 0xc1a)
unlinkat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0)

1.804351815s ago: executing program 5 (id=7313):
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0xa, 0x0, 0x1, 0x7, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x20}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4, 0x0, 0x5}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}]}}, 0x0, 0x26, 0x0, 0x8}, 0x28)
mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0xf}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x34}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c0007800a0001006c696d69740000001c0002800c00024000000000000000050c000140000000000000000414000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
syz_io_uring_setup(0x218f, &(0x7f0000000440)={0x0, 0x1064, 0x1, 0x600003, 0x1b1}, &(0x7f00000001c0), &(0x7f00000000c0))
close(r0)

1.352124954s ago: executing program 5 (id=7319):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff0000d8b4b7080100000000007b8af0ff00000000bfa100000000000007010000f8ff0200bfa400000000000007040000f0ffffffb702000000000004182300006206939f4a40b5061ee68ce7eb0857b738cf84f501da8c7c4adafcc27b85a359ad77e64473ea806e4a7f64bdaae2c006f80062b6672b871776a6ca7065eb04d9c92bd96847bbe17b471011055ab4e901933f2d7dd6c2ddbffff1c53201c469dc2223d28b76c4df765048680d4d408226d8c5f38481b803e39101ffa76fdcfd13cf19b4923648c19c306f620ee4f6a2d8daf0aff1382862497d42efc18bce5ac974d81bd64b11f72c6c7be63d632ba4a2e9afb5d146bffa05db50455b72a2651237addeb271a3da1ad7df5c5a7cfea8151ab76eeb679b23785b7d3eab68a16255f968", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
gettid()
timer_create(0x0, &(0x7f0000000280)={0x0, 0x100033, 0x800000000004, @thr={&(0x7f0000000300)="50a707d26198e6cec325b09e4be328a62aea5c31398d42918217e17393e36d", &(0x7f0000000380)="3a3f731498fac07d47520286e9d33b775b161d1165058d90321153cccb5d8105a29e8f7268f8e57ca69f766b08d42a1b25f07d5bc0"}}, &(0x7f0000bbdffc))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd51, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f00000002c0)='cpu.weight\x00', 0x2, 0x0)
write$cgroup_subtree(r2, 0x0, 0x8)
write$cgroup_int(r2, &(0x7f0000000000)=0x4, 0x12)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
read$snapshot(r5, 0x0, 0xffffffbf)
read$watch_queue(r5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
alarm(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syslog(0x9, 0x0, 0x0)

1.094857609s ago: executing program 1 (id=7329):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x140341)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000380), &(0x7f00000005c0)=r2}, 0x20)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

1.01273399s ago: executing program 1 (id=7331):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
mq_notify(0xffffffffffffffff, 0x0)

985.070771ms ago: executing program 1 (id=7333):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x140341)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

935.756222ms ago: executing program 6 (id=7335):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)

934.565182ms ago: executing program 6 (id=7337):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0xc2}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0xb, 0x518, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20007, 0xc8, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usbip_server_init(0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x115}, 0x18)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000008000)=ANY=[@ANYBLOB="850000000000000007000000000000009604000000000000"], &(0x7f0000000040)='GPL\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, r2, 0x14, &(0x7f00000000c0), 0x1, 0x10, &(0x7f0000000000), 0xa, 0x0, 0xffffffffffffffff, 0x4c}, 0x70)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)

925.291532ms ago: executing program 1 (id=7338):
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0) (fail_nth: 2)

815.659764ms ago: executing program 1 (id=7341):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=@gettaction={0x30, 0x32, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10001}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004010}, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
sendfile(r2, r0, 0x0, 0x3ffff)
sendfile(r2, r0, 0x0, 0x7ffff000)

502.67667ms ago: executing program 5 (id=7347):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket(0x10, 0x803, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})

464.942001ms ago: executing program 5 (id=7349):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000010640)={'tunl0\x00', &(0x7f00000007c0)=@ethtool_per_queue_op={0x4b, 0xe, [0x8, 0x0, 0x0, 0x8, 0xffff, 0x7, 0x1, 0x40, 0x18a, 0x3, 0x80, 0x9, 0x9, 0xffff, 0x421a, 0xfffffff7, 0x6, 0x4, 0x6, 0x7fffffff, 0x101, 0x80, 0xf8000000, 0x4, 0x9, 0x0, 0xfffffffd, 0x5, 0x1, 0x400, 0x3e, 0x6, 0x4, 0x3, 0x4, 0x2, 0x7, 0x40, 0x80, 0x4, 0x5, 0x6, 0x0, 0xa, 0x726, 0x80000001, 0x15, 0x2751, 0x1, 0x7, 0xa, 0x1, 0x81, 0x8, 0x2, 0x3, 0x5, 0x1, 0x7, 0x0, 0x4, 0x8, 0x7fffffff, 0x9, 0x7, 0x1, 0xffff, 0x1, 0x3, 0x9, 0xc0, 0x2, 0x4, 0x5, 0x6, 0x3, 0x46, 0x1, 0x7f, 0x8, 0x5, 0x6b36, 0x10, 0x3, 0x6, 0x6, 0x80, 0x80000001, 0x0, 0x0, 0x3ff, 0x8, 0x1, 0x551, 0x7, 0x4000002, 0xa61, 0x5, 0x6, 0x4, 0x12e, 0xd, 0x400, 0xee37, 0xe, 0xd, 0x4, 0xc1, 0x1, 0x3, 0x7, 0x294c1d11, 0x3ff, 0x6, 0x6, 0x40, 0x2, 0x6, 0x237, 0x9e, 0x957, 0x0, 0x10, 0x0, 0xcd1, 0x0, 0xff, 0x6]}})
bpf$MAP_CREATE(0x0, &(0x7f0000001880)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS(r1, 0x4b72, &(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0xb, "0060930000efa4890200"})

464.367041ms ago: executing program 5 (id=7350):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500de0000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0e00000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="3d330a9b58aefa07338ba3d4f76d8598e5290000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x8}, 0x94)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/8, 0x8}], 0x1, &(0x7f00000001c0)=""/163, 0xa3}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000000))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
io_setup(0x58, &(0x7f00000001c0)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
listen(0xffffffffffffffff, 0x0)
write(r5, 0x0, 0x0)
recvmmsg$unix(r5, &(0x7f00000031c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x180, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000001400010000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x10)
connect$unix(r6, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
r10 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r10, 0x2)
r11 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r11, 0x2)

437.075541ms ago: executing program 7 (id=7352):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff5b, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kmem_cache_free\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ff"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
gettid()
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000000c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
getdents64(r3, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000300), 0x450080)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r6, 0xc02054a5, &(0x7f00000003c0)={0x9, 0xffffffffffffffff, 'id0\x00'})
setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r7=>0x0})
bind$can_raw(r5, &(0x7f00000000c0)={0x1d, r7}, 0x10)
close(r5)

374.981903ms ago: executing program 7 (id=7354):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="070000000400000020"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0xfed7, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001"], 0x0)

353.655733ms ago: executing program 7 (id=7357):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r2}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
msgsnd(0x0, 0x0, 0x8, 0x0)
setgid(0x0)

312.887384ms ago: executing program 7 (id=7358):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000050000000000000000001811", @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(0x0, 0x0, 0x0)

290.193805ms ago: executing program 7 (id=7359):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000040)='./file1\x00', 0x40)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000580)={0x8, 0x8, 0xde0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = accept$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x0, @dev}, &(0x7f00000004c0)=0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r1, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[0x0, 0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x6, 0x2, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0], 0x0, 0x91, &(0x7f0000000640)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x26, 0x8, 0x8, &(0x7f0000000740)}}, 0x10)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000900)={@empty, @initdev={0xac, 0x1e, 0x1, 0x0}, r6}, 0xc)
r7 = fsmount(r4, 0x1, 0x0)
fchmodat(r7, &(0x7f0000000000)='.\x00', 0xe0)

284.937114ms ago: executing program 1 (id=7360):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff0000d8b4b7080100000000007b8af0ff00000000bfa100000000000007010000f8ff0200bfa400000000000007040000f0ffffffb702000000000004182300006206939f4a40b5061ee68ce7eb0857b738cf84f501da8c7c4adafcc27b85a359ad77e64473ea806e4a7f64bdaae2c006f80062b6672b871776a6ca7065eb04d9c92bd96847bbe17b471011055ab4e901933f2d7dd6c2ddbffff1c53201c469dc2223d28b76c4df765048680d4d408226d8c5f38481b803e39101ffa76fdcfd13cf19b4923648c19c306f620ee4f6a2d8daf0aff1382862497d42efc18bce5ac974d81bd64b11f72c6c7be63d632ba4a2e9afb5d146bffa05db50455b72a2651237addeb271a3da1ad7df5c5a7cfea8151ab76eeb679b23785b7d3eab68a16255f968", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
gettid()
timer_create(0x0, &(0x7f0000000280)={0x0, 0x100033, 0x800000000004, @thr={&(0x7f0000000300)="50a707d26198e6cec325b09e4be328a62aea5c31398d42918217e17393e36d", &(0x7f0000000380)="3a3f731498fac07d47520286e9d33b775b161d1165058d90321153cccb5d8105a29e8f7268f8e57ca69f766b08d42a1b25f07d5bc0"}}, &(0x7f0000bbdffc))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd51, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f00000002c0)='cpu.weight\x00', 0x2, 0x0)
write$cgroup_subtree(r2, 0x0, 0x8)
write$cgroup_int(r2, &(0x7f0000000000)=0x4, 0x12)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
read$snapshot(r5, 0x0, 0xffffffbf)
read$watch_queue(r5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
alarm(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syslog(0x9, 0x0, 0x0)

234.923745ms ago: executing program 6 (id=7362):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000010640)={'tunl0\x00', &(0x7f00000007c0)=@ethtool_per_queue_op={0x4b, 0xe, [0x8, 0x0, 0x0, 0x8, 0xffff, 0x7, 0x1, 0x40, 0x18a, 0x3, 0x80, 0x9, 0x9, 0xffff, 0x421a, 0xfffffff7, 0x6, 0x4, 0x6, 0x7fffffff, 0x101, 0x80, 0xf8000000, 0x4, 0x9, 0x0, 0xfffffffd, 0x5, 0x1, 0x400, 0x3e, 0x6, 0x4, 0x3, 0x4, 0x2, 0x7, 0x40, 0x80, 0x4, 0x5, 0x6, 0x0, 0xa, 0x726, 0x80000001, 0x15, 0x2751, 0x1, 0x7, 0xa, 0x1, 0x81, 0x8, 0x2, 0x3, 0x5, 0x1, 0x7, 0x0, 0x4, 0x8, 0x7fffffff, 0x9, 0x7, 0x1, 0xffff, 0x1, 0x3, 0x9, 0xc0, 0x2, 0x4, 0x5, 0x6, 0x3, 0x46, 0x1, 0x7f, 0x8, 0x5, 0x6b36, 0x10, 0x3, 0x6, 0x6, 0x80, 0x80000001, 0x0, 0x0, 0x3ff, 0x8, 0x1, 0x551, 0x7, 0x4000002, 0xa61, 0x5, 0x6, 0x4, 0x12e, 0xd, 0x400, 0xee37, 0xe, 0xd, 0x4, 0xc1, 0x1, 0x3, 0x7, 0x294c1d11, 0x3ff, 0x6, 0x6, 0x40, 0x2, 0x6, 0x237, 0x9e, 0x957, 0x0, 0x10, 0x0, 0xcd1, 0x0, 0xff, 0x6]}})
bpf$MAP_CREATE(0x0, &(0x7f0000001880)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS(r1, 0x4b72, &(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0xb, "0060930000efa4890200"})

233.957625ms ago: executing program 6 (id=7364):
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0xa, 0x0, 0x1, 0x7, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x20}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4, 0x0, 0x5}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}]}}, 0x0, 0x26, 0x0, 0x8}, 0x28)
mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0xf}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x34}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c0007800a0001006c696d69740000001c0002800c00024000000000000000050c000140000000000000000414000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x2, &(0x7f0000000040)={[0x9]}, 0x8)

202.372946ms ago: executing program 0 (id=7366):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
mq_notify(0xffffffffffffffff, 0x0)

184.832146ms ago: executing program 0 (id=7367):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c0007800a0001006c696d69740000001c0002800c00024000000000000000050c000140000000000000000414000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
close(r0)

168.220657ms ago: executing program 0 (id=7368):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x5}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = dup(r2)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000940)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x2c, 0x0, 0x10, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x800}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1ff}]}, 0x2c}}, 0x4008001)
poll(&(0x7f00000003c0)=[{0xffffffffffffffff, 0x2100}, {0xffffffffffffffff, 0x211}, {0xffffffffffffffff, 0xe000}, {r0, 0x1000}, {0xffffffffffffffff, 0x6200}, {r1, 0x1322}, {0xffffffffffffffff, 0x104}, {r3, 0x2}], 0x8, 0x8)

154.696007ms ago: executing program 6 (id=7369):
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x108100, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffed}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='signal_generate\x00'}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00"/11], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x545, &(0x7f0000001300)="$eJzs3c9vHFcdAPDvrL2Okzi1CxygUktFi5IKshvXtLU4lCIhOFVClHsw9saysvZG9rqNrQo2fwESQoDECS5ckPgDkFAkLhwRUiQ4g1QEQpCCBIfSQbM7G5v1rL0xa2+8/nykybw3v77f5/iNZ3aeZgM4t56PiDci4sM0TV+KiNl8eSmfotWZsu3ef/jucjYlkaZv/S2JJF+WbZamado95uV8t+mI+NpXIr6Z7As4nc93dm8v1eu1zbxaba7fqW7t7F5fW19ara3WNhYW5l9dfG3xlcUbQ2nnlYh4/Ut/+v53fvrl13/52Xf+ePMv176VpTWTr++24xgmD1vZaXr5wnTPDpvHDPYkytpT/iCvXBxsn3snmRAAAH1l1/gfiYhPRcRLMRsTh1/OAgAAAGdQ+oWZ+CDpPL8rMNVnOQAAAHCGlNpjYJNSJR8LMBOlUqXSGcP7sbhUqje2mp+51djeWOmMlZ2LcunWWr12Ix8rPBflJKvPt8t79Zd76gsR8XREfG/2YrteWW7UV0b94QcAAACcE5d77v//Odu5/z9ccjrJAQAAAMMzN+oEAAAAgBPn/h8AAADGWnnUCQAAAAAn7qtvvplNaff7r1fe3tm+3Xj7+kpt63ZlfXu5stzYvFNZbTRW2+/sWz/qePVG487nYmP7brVZ22pWr+zs3lxvbG80b67F9Kk0CAAAADjg6U/e/30SEa3PX2xPmalRJwWcislHpe47PQt6/x+e6szfO6WkgFMxMcA2710oXu46Ac62yd4Fffo6MH6M/weO+kaPvoN3ftOZlYacDwAAMHxXP1H8/P/o6/mWS34443RiOL96nv+ns6NKBDh17ef/gw7kcbEAY6U80AhAYJz9v8//j5amj5UQAAAwdDPtKSlV8o/3ZqJUqlQirrS/FrCc3Fqr125ExFMR8bvZ8oWsPt/eMznyngEAAAAAAAAAAAAAAAAAAAAAAAAA6EjTJFIAAABgrEWU/pz8qvMu/6uzL870fj4wlfy7/ZXAUxHxzo/e+sHdpWZzcz5b/vdHy5s/zJe/PIpPMAAAAIBe3fv09vxfo84GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHHz/sN3l7vTAJtfHFbcv34xIuaK4k/GdHs+HeWIuPSPJCb37ZdExMQQ4rfuRcTHi+InWVqPQhbFH8YPoXUvaaVthfFjLv8pFMW/PIT4cJ7dz84/bxT1/1I8354X97/JiP+pH1f/8188Ov9N9On/VwaM8cyDn1f7xr8X8cxk8fmvGz/pE/+FgaKX4xtf393ttzb9ccTV7t+f9hlvf4S9UrW5fqe6tbN7fW19abW2WttYWJh/dfG1xVcWb1RvrdVr+b+FMb777C8+PKz9lwr//iV5Nv3b/2LB8SYK8v/Pg7sPP9qttA7Gv/ZCQfxf/yTf4mD8Uh7n03k5W3+1W251yvs997PfPndY+1f22l9+nP//a/0O2utAR3l2sF8dAOBEbO3s3l6q12ubY1vI7tKfgDSOU5iKJyKN8S18Oys8GNYB0zRNsz5VsOp+RAxynCSG3NJScT57hb5ngFGfmQAAgGHbu+gfdSYAAAAAAAAAAAAAAAAAAABwfp3GW9Z6Y+69AjkZxiu0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG4r8BAAD//7gG3Ac=")

102.756808ms ago: executing program 0 (id=7370):
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kmem_cache_free\x00'}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ff"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x18, 0xd, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d0000001811000054249803ba0d968a005ba20bb6f8eec06e81bb117abb91d98d08f51dc1432b20eb7d3b15aac3a26a5fe9c9ded455f5ee8ec1d9141f3be8b43fff83a75171ff7371e47bdea0aec735664ba5cad54ee4e3efe1", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000807120000f8ffffffb703000008000010b704000000000000850000000100000095", @ANYRES32=r0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
gettid()
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0xfed7, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000000c0)='kfree\x00', r2, 0x0, 0x4}, 0x18)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
fcntl$notify(r4, 0x402, 0x8)
getdents64(r4, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000300), 0x450080)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r7, 0xc02054a5, &(0x7f00000003c0)={0x9, 0xffffffffffffffff, 'id0\x00'})
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r8=>0x0})
bind$can_raw(r6, &(0x7f00000000c0)={0x1d, r8}, 0x10)
close(r6)

101.858408ms ago: executing program 7 (id=7371):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r2, &(0x7f0000004200)='t', 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=@gettaction={0x30, 0x32, 0x400, 0x70bd2b, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10001}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004010}, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
sendfile(r2, r0, 0x0, 0x3ffff)
sendfile(r2, r0, 0x0, 0x7ffff000)

38.885929ms ago: executing program 0 (id=7372):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x140341)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000380), &(0x7f00000005c0)=r2}, 0x20)
sched_rr_get_interval(0x0, &(0x7f0000000840))
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x3f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))

3.97493ms ago: executing program 6 (id=7373):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r3 = socket(0x10, 0x3, 0x4000000)
ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r4, 0x0, r6, 0x0, 0x1, 0x0)
vmsplice(r5, &(0x7f0000001280)=[{&(0x7f0000001180)="83", 0x1}], 0x1, 0x0)
vmsplice(r6, &(0x7f00000005c0), 0x10000000000001ea, 0xe)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
r8 = socket(0x10, 0x80003, 0x0)
write(r8, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
r9 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$selinux_validatetrans(r9, 0x0, 0xa)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8)

0s ago: executing program 0 (id=7374):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000a0000000500040000000000100003"], 0x5c}}, 0x0)

kernel console output (not intermixed with test programs):

bond_slave_0): Releasing backup interface
[  417.197973][T21459] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  417.207286][T21464] bond0: (slave bond_slave_1): Releasing backup interface
[  417.223938][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.234535][T21464] team0: Port device team_slave_0 removed
[  417.241287][T21464] team0: Port device team_slave_1 removed
[  417.247446][T21464] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.257731][T21464] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.362191][T21474] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  417.372864][T21478] loop7: detected capacity change from 0 to 512
[  417.471175][T21478] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  417.489587][T21478] ext4 filesystem being mounted at /330/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  417.521603][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.551242][T21488] hub 9-0:1.0: USB hub found
[  417.556069][T21488] hub 9-0:1.0: 8 ports detected
[  418.290870][T21500] program syz.5.6619 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  418.303389][T21485] netlink: 'syz.6.6613': attribute type 4 has an invalid length.
[  418.311161][T21485] netlink: 17 bytes leftover after parsing attributes in process `syz.6.6613'.
[  418.642496][T21511] loop7: detected capacity change from 0 to 512
[  418.685640][T21511] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  418.705960][T21511] ext4 filesystem being mounted at /333/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  418.769821][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.812961][T21521] loop7: detected capacity change from 0 to 512
[  418.870783][T21521] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  418.885468][T21521] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  418.915915][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.979828][T21538] loop6: detected capacity change from 0 to 512
[  419.055701][T21538] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  419.075730][T21538] ext4 filesystem being mounted at /359/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  419.105452][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  419.161405][T21546] loop6: detected capacity change from 0 to 512
[  419.169912][T21524] usb usb8: usbfs: process 21524 (syz.1.6626) did not claim interface 0 before use
[  419.493620][T21556] hub 9-0:1.0: USB hub found
[  419.502811][T21556] hub 9-0:1.0: 8 ports detected
[  419.582111][T21553] loop5: detected capacity change from 0 to 8192
[  419.596748][T21553] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  419.672126][T21567] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  419.708726][T21572] program syz.5.6649 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  419.759002][T21578] hub 9-0:1.0: USB hub found
[  419.769051][T21578] hub 9-0:1.0: 8 ports detected
[  419.856448][T21588] FAULT_INJECTION: forcing a failure.
[  419.856448][T21588] name failslab, interval 1, probability 0, space 0, times 0
[  419.869213][T21588] CPU: 0 UID: 0 PID: 21588 Comm: syz.7.6657 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  419.869243][T21588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  419.869257][T21588] Call Trace:
[  419.869263][T21588]  <TASK>
[  419.869270][T21588]  __dump_stack+0x1d/0x30
[  419.869293][T21588]  dump_stack_lvl+0xe8/0x140
[  419.869315][T21588]  dump_stack+0x15/0x1b
[  419.869386][T21588]  should_fail_ex+0x265/0x280
[  419.869424][T21588]  should_failslab+0x8c/0xb0
[  419.869450][T21588]  kmem_cache_alloc_node_noprof+0x57/0x320
[  419.869485][T21588]  ? __alloc_skb+0x101/0x320
[  419.869508][T21588]  __alloc_skb+0x101/0x320
[  419.869534][T21588]  netlink_alloc_large_skb+0xba/0xf0
[  419.869561][T21588]  netlink_sendmsg+0x3cf/0x6b0
[  419.869600][T21588]  ? __pfx_netlink_sendmsg+0x10/0x10
[  419.869671][T21588]  __sock_sendmsg+0x142/0x180
[  419.869701][T21588]  ____sys_sendmsg+0x31e/0x4e0
[  419.869731][T21588]  ___sys_sendmsg+0x17b/0x1d0
[  419.869772][T21588]  __x64_sys_sendmsg+0xd4/0x160
[  419.869805][T21588]  x64_sys_call+0x191e/0x2ff0
[  419.869864][T21588]  do_syscall_64+0xd2/0x200
[  419.869902][T21588]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  419.869953][T21588]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  419.870050][T21588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.870143][T21588] RIP: 0033:0x7fd58698eba9
[  419.870158][T21588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.870174][T21588] RSP: 002b:00007fd5853ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.870190][T21588] RAX: ffffffffffffffda RBX: 00007fd586bd5fa0 RCX: 00007fd58698eba9
[  419.870201][T21588] RDX: 0000000000000040 RSI: 0000200000000600 RDI: 0000000000000005
[  419.870213][T21588] RBP: 00007fd5853ef090 R08: 0000000000000000 R09: 0000000000000000
[  419.870226][T21588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.870298][T21588] R13: 00007fd586bd6038 R14: 00007fd586bd5fa0 R15: 00007ffdf8fe0528
[  419.870315][T21588]  </TASK>
[  420.093861][T21596] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  420.111602][T21591] loop5: detected capacity change from 0 to 512
[  420.126861][T21600] program syz.6.6662 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  420.147256][T21602] loop7: detected capacity change from 0 to 512
[  420.155931][T21591] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.176647][T21591] ext4 filesystem being mounted at /491/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  420.191577][T21602] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.191864][T21584] usb usb8: usbfs: process 21584 (syz.0.6655) did not claim interface 0 before use
[  420.221311][T21602] ext4 filesystem being mounted at /338/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  420.290451][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  420.300091][T15646] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  420.319563][T21614] netlink: 'syz.1.6666': attribute type 10 has an invalid length.
[  420.333523][T21614] team0: Port device dummy0 added
[  420.363529][T21624] netlink: 'syz.0.6670': attribute type 10 has an invalid length.
[  420.382251][T21624] team0: Port device dummy0 added
[  420.466008][T21634] netlink: 'syz.0.6673': attribute type 30 has an invalid length.
[  420.746845][T21643] loop7: detected capacity change from 0 to 512
[  420.917244][T21643] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.930201][T21643] ext4 filesystem being mounted at /341/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  420.942513][   T29] kauditd_printk_skb: 816 callbacks suppressed
[  420.942527][   T29] audit: type=1326 audit(1758078634.868:20634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd58698d510 code=0x7ffc0000
[  420.972551][   T29] audit: type=1326 audit(1758078634.868:20635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fd58698d8f7 code=0x7ffc0000
[  420.996197][   T29] audit: type=1326 audit(1758078634.868:20636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd58698d510 code=0x7ffc0000
[  421.020108][   T29] audit: type=1326 audit(1758078634.868:20637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  421.043889][   T29] audit: type=1326 audit(1758078634.868:20638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  421.069141][   T29] audit: type=1326 audit(1758078634.948:20639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  421.092926][   T29] audit: type=1326 audit(1758078634.948:20640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  421.116551][   T29] audit: type=1326 audit(1758078634.948:20641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  421.140113][   T29] audit: type=1326 audit(1758078634.948:20642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  421.163649][   T29] audit: type=1326 audit(1758078634.948:20643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21642 comm="syz.7.6677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  421.230289][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.305434][T21659] loop7: detected capacity change from 0 to 1024
[  421.312319][T21659] EXT4-fs: Ignoring removed bh option
[  421.317897][T21659] EXT4-fs: inline encryption not supported
[  421.325652][T21659] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  421.341227][T21659] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  421.362334][T21659] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.6683: lblock 2 mapped to illegal pblock 2 (length 1)
[  421.394313][T21659] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 48: comm syz.7.6683: lblock 0 mapped to illegal pblock 48 (length 1)
[  421.408819][T21659] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.6683: Failed to acquire dquot type 0
[  421.429021][T21659] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  421.438812][T21659] EXT4-fs error (device loop7): ext4_evict_inode:254: inode #11: comm syz.7.6683: mark_inode_dirty error
[  421.452137][T21659] EXT4-fs warning (device loop7): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  421.462488][T21659] EXT4-fs (loop7): 1 orphan inode deleted
[  421.468790][T21659] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  421.561901][T18114] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1)
[  421.576601][T18114] EXT4-fs error (device loop7): ext4_release_dquot:6973: comm kworker/u8:0: Failed to release dquot type 0
[  421.588326][T21670] Falling back ldisc for ttyS3.
[  421.593608][T21659] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  421.613329][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.138517][T21699] loop1: detected capacity change from 0 to 512
[  422.169591][T21699] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  422.183006][T21699] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  422.211294][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.404976][T21713] usb usb8: usbfs: process 21713 (syz.7.6707) did not claim interface 0 before use
[  422.414610][T21722] Falling back ldisc for ttyS3.
[  422.454291][T21727] Falling back ldisc for ttyS3.
[  422.547936][T21737] loop7: detected capacity change from 0 to 512
[  422.593755][T21741] loop7: detected capacity change from 0 to 512
[  422.605109][T21743] FAULT_INJECTION: forcing a failure.
[  422.605109][T21743] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.618211][T21743] CPU: 0 UID: 0 PID: 21743 Comm: syz.6.6720 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  422.618241][T21743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  422.618255][T21743] Call Trace:
[  422.618261][T21743]  <TASK>
[  422.618330][T21743]  __dump_stack+0x1d/0x30
[  422.618354][T21743]  dump_stack_lvl+0xe8/0x140
[  422.618377][T21743]  dump_stack+0x15/0x1b
[  422.618394][T21743]  should_fail_ex+0x265/0x280
[  422.618420][T21743]  should_fail+0xb/0x20
[  422.618495][T21743]  should_fail_usercopy+0x1a/0x20
[  422.618566][T21743]  strncpy_from_user+0x25/0x230
[  422.618603][T21743]  ? __kmalloc_cache_noprof+0x189/0x320
[  422.618646][T21743]  __se_sys_memfd_create+0x1ff/0x590
[  422.618673][T21743]  __x64_sys_memfd_create+0x31/0x40
[  422.618713][T21743]  x64_sys_call+0x2abe/0x2ff0
[  422.618735][T21743]  do_syscall_64+0xd2/0x200
[  422.618811][T21743]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  422.618839][T21743]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  422.618873][T21743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.618897][T21743] RIP: 0033:0x7f0b0fa5eba9
[  422.618960][T21743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.618977][T21743] RSP: 002b:00007f0b0e4c6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  422.619005][T21743] RAX: ffffffffffffffda RBX: 0000000000000545 RCX: 00007f0b0fa5eba9
[  422.619017][T21743] RDX: 00007f0b0e4c6ef0 RSI: 0000000000000000 RDI: 00007f0b0fae27e8
[  422.619028][T21743] RBP: 0000200000001300 R08: 00007f0b0e4c6bb7 R09: 00007f0b0e4c6e40
[  422.619038][T21743] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  422.619118][T21743] R13: 00007f0b0e4c6ef0 R14: 00007f0b0e4c6eb0 R15: 00002000000001c0
[  422.619139][T21743]  </TASK>
[  422.886042][T21741] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  422.899448][T21741] ext4 filesystem being mounted at /350/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  423.097482][T21748] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.244806][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  423.350075][T21760] hub 9-0:1.0: USB hub found
[  423.354899][T21760] hub 9-0:1.0: 8 ports detected
[  423.451837][T21748] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.507203][T21764] loop7: detected capacity change from 0 to 512
[  423.576629][T21764] ext4 filesystem being mounted at /353/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  424.088922][T21779] FAULT_INJECTION: forcing a failure.
[  424.088922][T21779] name failslab, interval 1, probability 0, space 0, times 0
[  424.101587][T21779] CPU: 1 UID: 0 PID: 21779 Comm: syz.5.6729 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  424.101618][T21779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  424.101635][T21779] Call Trace:
[  424.101643][T21779]  <TASK>
[  424.101690][T21779]  __dump_stack+0x1d/0x30
[  424.101711][T21779]  dump_stack_lvl+0xe8/0x140
[  424.101732][T21779]  dump_stack+0x15/0x1b
[  424.101759][T21779]  should_fail_ex+0x265/0x280
[  424.101793][T21779]  should_failslab+0x8c/0xb0
[  424.101825][T21779]  kmem_cache_alloc_node_noprof+0x57/0x320
[  424.101861][T21779]  ? __alloc_skb+0x101/0x320
[  424.101919][T21779]  __alloc_skb+0x101/0x320
[  424.102037][T21779]  netlink_alloc_large_skb+0xba/0xf0
[  424.102059][T21779]  netlink_sendmsg+0x3cf/0x6b0
[  424.102145][T21779]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.102170][T21779]  __sock_sendmsg+0x142/0x180
[  424.102200][T21779]  ____sys_sendmsg+0x31e/0x4e0
[  424.102232][T21779]  ___sys_sendmsg+0x17b/0x1d0
[  424.102353][T21779]  __x64_sys_sendmsg+0xd4/0x160
[  424.102391][T21779]  x64_sys_call+0x191e/0x2ff0
[  424.102472][T21779]  do_syscall_64+0xd2/0x200
[  424.102504][T21779]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  424.102532][T21779]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  424.102570][T21779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.102600][T21779] RIP: 0033:0x7f967375eba9
[  424.102650][T21779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  424.102667][T21779] RSP: 002b:00007f96721bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  424.102684][T21779] RAX: ffffffffffffffda RBX: 00007f96739a5fa0 RCX: 00007f967375eba9
[  424.102697][T21779] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  424.102712][T21779] RBP: 00007f96721bf090 R08: 0000000000000000 R09: 0000000000000000
[  424.102727][T21779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.102742][T21779] R13: 00007f96739a6038 R14: 00007f96739a5fa0 R15: 00007ffcb5f07dd8
[  424.102765][T21779]  </TASK>
[  424.384544][T21748] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.722996][T21748] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.069022][T21797] hub 9-0:1.0: USB hub found
[  425.078100][T21797] hub 9-0:1.0: 8 ports detected
[  425.278695][ T1859] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  425.331720][ T1859] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  425.449625][   T37] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  425.483017][   T37] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  425.514478][T21799] Falling back ldisc for ttyS3.
[  425.602348][T21818] FAULT_INJECTION: forcing a failure.
[  425.602348][T21818] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.615474][T21818] CPU: 0 UID: 0 PID: 21818 Comm: syz.6.6745 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  425.615537][T21818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  425.615550][T21818] Call Trace:
[  425.615555][T21818]  <TASK>
[  425.615561][T21818]  __dump_stack+0x1d/0x30
[  425.615582][T21818]  dump_stack_lvl+0xe8/0x140
[  425.615655][T21818]  dump_stack+0x15/0x1b
[  425.615669][T21818]  should_fail_ex+0x265/0x280
[  425.615690][T21818]  should_fail+0xb/0x20
[  425.615713][T21818]  should_fail_usercopy+0x1a/0x20
[  425.615741][T21818]  strncpy_from_user+0x25/0x230
[  425.615814][T21818]  ? kmem_cache_alloc_noprof+0x186/0x310
[  425.615846][T21818]  ? getname_flags+0x80/0x3b0
[  425.615929][T21818]  getname_flags+0xae/0x3b0
[  425.615960][T21818]  user_path_at+0x28/0x130
[  425.616121][T21818]  do_fchownat+0xb0/0x210
[  425.616154][T21818]  __x64_sys_lchown+0x4a/0x60
[  425.616242][T21818]  x64_sys_call+0x2861/0x2ff0
[  425.616263][T21818]  do_syscall_64+0xd2/0x200
[  425.616354][T21818]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  425.616376][T21818]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  425.616402][T21818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.616510][T21818] RIP: 0033:0x7f0b0fa5eba9
[  425.616527][T21818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.616548][T21818] RSP: 002b:00007f0b0e4c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e
[  425.616574][T21818] RAX: ffffffffffffffda RBX: 00007f0b0fca5fa0 RCX: 00007f0b0fa5eba9
[  425.616588][T21818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000700
[  425.616602][T21818] RBP: 00007f0b0e4c7090 R08: 0000000000000000 R09: 0000000000000000
[  425.616615][T21818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.616630][T21818] R13: 00007f0b0fca6038 R14: 00007f0b0fca5fa0 R15: 00007fff8c8c95d8
[  425.616652][T21818]  </TASK>
[  425.822399][T21821] loop5: detected capacity change from 0 to 512
[  425.844774][T21822] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21822 comm=syz.7.6747
[  425.859566][T21821] ext4 filesystem being mounted at /511/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  425.870486][T21822] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=21822 comm=syz.7.6747
[  425.940191][T21831] loop5: detected capacity change from 0 to 512
[  425.945511][   T29] kauditd_printk_skb: 467 callbacks suppressed
[  425.945527][   T29] audit: type=1326 audit(1758078639.868:21108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f967375e7ab code=0x7ffc0000
[  425.976226][T21822] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  425.991958][   T29] audit: type=1326 audit(1758078639.918:21109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f967375d80a code=0x7ffc0000
[  426.032392][   T29] audit: type=1326 audit(1758078639.918:21110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f967375d80a code=0x7ffc0000
[  426.035808][T21831] ext4 filesystem being mounted at /512/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  426.055908][   T29] audit: type=1326 audit(1758078639.918:21111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f967375d417 code=0x7ffc0000
[  426.089937][   T29] audit: type=1326 audit(1758078639.918:21112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f967376034a code=0x7ffc0000
[  426.114070][   T29] audit: type=1326 audit(1758078640.018:21113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f967375d510 code=0x7ffc0000
[  426.137670][   T29] audit: type=1326 audit(1758078640.018:21114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f967375d8f7 code=0x7ffc0000
[  426.161334][   T29] audit: type=1326 audit(1758078640.018:21115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f967375d510 code=0x7ffc0000
[  426.185022][   T29] audit: type=1326 audit(1758078640.018:21116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967375eba9 code=0x7ffc0000
[  426.208617][   T29] audit: type=1326 audit(1758078640.018:21117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21829 comm="syz.5.6751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967375eba9 code=0x7ffc0000
[  426.238446][T21840] team0: Mode changed to "activebackup"
[  426.250228][T21840] loop7: detected capacity change from 0 to 512
[  426.265580][T21840] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended
[  426.291666][T21840] EXT4-fs warning (device loop7): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  426.308609][T21840] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6753: bg 0: block 248: padding at end of block bitmap is not set
[  426.323906][T21840] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.6753: Failed to acquire dquot type 1
[  426.336189][T21840] EXT4-fs (loop7): 1 truncate cleaned up
[  426.408162][T21847] loop6: detected capacity change from 0 to 512
[  426.433011][T21847] ext4 filesystem being mounted at /384/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  426.507602][T21862] FAULT_INJECTION: forcing a failure.
[  426.507602][T21862] name failslab, interval 1, probability 0, space 0, times 0
[  426.520307][T21862] CPU: 0 UID: 0 PID: 21862 Comm: syz.6.6762 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  426.520332][T21862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  426.520343][T21862] Call Trace:
[  426.520400][T21862]  <TASK>
[  426.520407][T21862]  __dump_stack+0x1d/0x30
[  426.520426][T21862]  dump_stack_lvl+0xe8/0x140
[  426.520443][T21862]  dump_stack+0x15/0x1b
[  426.520533][T21862]  should_fail_ex+0x265/0x280
[  426.520638][T21862]  should_failslab+0x8c/0xb0
[  426.520668][T21862]  kmem_cache_alloc_node_noprof+0x57/0x320
[  426.520700][T21862]  ? __alloc_skb+0x101/0x320
[  426.520726][T21862]  __alloc_skb+0x101/0x320
[  426.520750][T21862]  netlink_alloc_large_skb+0xba/0xf0
[  426.520801][T21862]  netlink_sendmsg+0x3cf/0x6b0
[  426.520849][T21862]  ? __pfx_netlink_sendmsg+0x10/0x10
[  426.520885][T21862]  __sock_sendmsg+0x142/0x180
[  426.520927][T21862]  ____sys_sendmsg+0x31e/0x4e0
[  426.520963][T21862]  ___sys_sendmsg+0x17b/0x1d0
[  426.521063][T21862]  __x64_sys_sendmsg+0xd4/0x160
[  426.521203][T21862]  x64_sys_call+0x191e/0x2ff0
[  426.521233][T21862]  do_syscall_64+0xd2/0x200
[  426.521275][T21862]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  426.521364][T21862]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  426.521405][T21862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.521433][T21862] RIP: 0033:0x7f0b0fa5eba9
[  426.521453][T21862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.521507][T21862] RSP: 002b:00007f0b0e4c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  426.521539][T21862] RAX: ffffffffffffffda RBX: 00007f0b0fca5fa0 RCX: 00007f0b0fa5eba9
[  426.521553][T21862] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  426.521566][T21862] RBP: 00007f0b0e4c7090 R08: 0000000000000000 R09: 0000000000000000
[  426.521579][T21862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.521600][T21862] R13: 00007f0b0fca6038 R14: 00007f0b0fca5fa0 R15: 00007fff8c8c95d8
[  426.521646][T21862]  </TASK>
[  426.530465][T21845] netlink: 'syz.5.6755': attribute type 4 has an invalid length.
[  426.733346][T21845] netlink: 17 bytes leftover after parsing attributes in process `syz.5.6755'.
[  426.803371][T21875] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  426.877939][T21880] hub 9-0:1.0: USB hub found
[  426.886420][T21880] hub 9-0:1.0: 8 ports detected
[  427.060557][T21891] loop6: detected capacity change from 0 to 1024
[  427.067274][T21891] EXT4-fs: Ignoring removed orlov option
[  427.349055][T21898] loop1: detected capacity change from 0 to 512
[  427.389437][T21907] hub 9-0:1.0: USB hub found
[  427.395950][T21907] hub 9-0:1.0: 8 ports detected
[  427.403748][T21898] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  427.472045][T21918] hub 9-0:1.0: USB hub found
[  427.477845][T21918] hub 9-0:1.0: 8 ports detected
[  427.717531][T21929] netlink: 'syz.5.6787': attribute type 4 has an invalid length.
[  427.725311][T21929] netlink: 17 bytes leftover after parsing attributes in process `syz.5.6787'.
[  427.748828][T21940] program syz.6.6794 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  427.858567][T21946] loop6: detected capacity change from 0 to 512
[  427.871803][T21933] netlink: 'syz.7.6791': attribute type 4 has an invalid length.
[  427.879638][T21933] netlink: 17 bytes leftover after parsing attributes in process `syz.7.6791'.
[  427.898224][T21946] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  427.915629][T21946] EXT4-fs (loop6): orphan cleanup on readonly fs
[  427.922494][T21946] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.6796: bg 0: block 248: padding at end of block bitmap is not set
[  427.938771][T21946] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.6796: Failed to acquire dquot type 1
[  427.974972][T21946] EXT4-fs (loop6): 1 truncate cleaned up
[  428.034406][T21954] hub 9-0:1.0: USB hub found
[  428.044363][T21954] hub 9-0:1.0: 8 ports detected
[  428.238255][T21956] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  428.245570][T21956] IPv6: NLM_F_CREATE should be set when creating new route
[  428.269299][T21963] loop1: detected capacity change from 0 to 512
[  428.310685][T21963] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  428.367102][T21968] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  428.515612][T21980] loop1: detected capacity change from 0 to 128
[  428.523722][T21980] ext4 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  428.721072][T21987] FAULT_INJECTION: forcing a failure.
[  428.721072][T21987] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  428.734386][T21987] CPU: 0 UID: 0 PID: 21987 Comm: syz.1.6809 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  428.734418][T21987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  428.734434][T21987] Call Trace:
[  428.734441][T21987]  <TASK>
[  428.734449][T21987]  __dump_stack+0x1d/0x30
[  428.734522][T21987]  dump_stack_lvl+0xe8/0x140
[  428.734581][T21987]  dump_stack+0x15/0x1b
[  428.734602][T21987]  should_fail_ex+0x265/0x280
[  428.734626][T21987]  should_fail_alloc_page+0xf2/0x100
[  428.734658][T21987]  __alloc_frozen_pages_noprof+0xff/0x360
[  428.734763][T21987]  alloc_pages_mpol+0xb3/0x250
[  428.734833][T21987]  folio_alloc_noprof+0x97/0x150
[  428.734910][T21987]  filemap_alloc_folio_noprof+0x66/0x210
[  428.734950][T21987]  __filemap_get_folio+0x28f/0x6b0
[  428.735050][T21987]  ? ext4_chunk_trans_extent+0x178/0x1a0
[  428.735141][T21987]  ext4_write_begin+0x2fe/0xeb0
[  428.735165][T21987]  ? __pfx_ext4_xattr_security_get+0x10/0x10
[  428.735213][T21987]  ? __vfs_getxattr+0x2aa/0x2c0
[  428.735242][T21987]  ext4_da_write_begin+0x1fb/0x6e0
[  428.735269][T21987]  ? balance_dirty_pages_ratelimited_flags+0x40b/0x5e0
[  428.735329][T21987]  generic_perform_write+0x181/0x490
[  428.735355][T21987]  ext4_buffered_write_iter+0x1ee/0x3c0
[  428.735523][T21987]  ? ext4_file_write_iter+0xfe/0xf00
[  428.735559][T21987]  ext4_file_write_iter+0x383/0xf00
[  428.735614][T21987]  ? kstrtouint_from_user+0x9f/0xf0
[  428.735703][T21987]  ? avc_policy_seqno+0x15/0x30
[  428.735726][T21987]  ? selinux_file_permission+0x1e4/0x320
[  428.735753][T21987]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  428.735843][T21987]  vfs_write+0x52a/0x960
[  428.735876][T21987]  ksys_write+0xda/0x1a0
[  428.735975][T21987]  __x64_sys_write+0x40/0x50
[  428.736003][T21987]  x64_sys_call+0x27fe/0x2ff0
[  428.736029][T21987]  do_syscall_64+0xd2/0x200
[  428.736098][T21987]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  428.736128][T21987]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  428.736162][T21987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.736181][T21987] RIP: 0033:0x7fcd3c23eba9
[  428.736253][T21987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.736274][T21987] RSP: 002b:00007fcd3ac86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  428.736323][T21987] RAX: ffffffffffffffda RBX: 00007fcd3c486090 RCX: 00007fcd3c23eba9
[  428.736333][T21987] RDX: 000000000000fea7 RSI: 0000200000000040 RDI: 0000000000000007
[  428.736347][T21987] RBP: 00007fcd3ac86090 R08: 0000000000000000 R09: 0000000000000000
[  428.736360][T21987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  428.736373][T21987] R13: 00007fcd3c486128 R14: 00007fcd3c486090 R15: 00007fff78ca4458
[  428.736394][T21987]  </TASK>
[  428.862587][T21991] netlink: 'syz.0.6806': attribute type 4 has an invalid length.
[  429.018904][T21991] netlink: 17 bytes leftover after parsing attributes in process `syz.0.6806'.
[  429.125605][T22003] loop7: detected capacity change from 0 to 512
[  429.154680][T22003] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  429.179862][T22003] EXT4-fs (loop7): orphan cleanup on readonly fs
[  429.191010][T22003] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6815: bg 0: block 248: padding at end of block bitmap is not set
[  429.222107][T22003] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.6815: Failed to acquire dquot type 1
[  429.250257][T22003] EXT4-fs (loop7): 1 truncate cleaned up
[  429.498351][T22019] hub 9-0:1.0: USB hub found
[  429.513263][T22019] hub 9-0:1.0: 8 ports detected
[  429.564349][T22021] FAULT_INJECTION: forcing a failure.
[  429.564349][T22021] name failslab, interval 1, probability 0, space 0, times 0
[  429.577042][T22021] CPU: 0 UID: 0 PID: 22021 Comm: syz.6.6821 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  429.577090][T22021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  429.577102][T22021] Call Trace:
[  429.577172][T22021]  <TASK>
[  429.577179][T22021]  __dump_stack+0x1d/0x30
[  429.577202][T22021]  dump_stack_lvl+0xe8/0x140
[  429.577224][T22021]  dump_stack+0x15/0x1b
[  429.577240][T22021]  should_fail_ex+0x265/0x280
[  429.577312][T22021]  should_failslab+0x8c/0xb0
[  429.577341][T22021]  kmem_cache_alloc_node_noprof+0x57/0x320
[  429.577417][T22021]  ? __alloc_skb+0x101/0x320
[  429.577437][T22021]  __alloc_skb+0x101/0x320
[  429.577454][T22021]  ? audit_log_start+0x365/0x6c0
[  429.577488][T22021]  audit_log_start+0x380/0x6c0
[  429.577595][T22021]  audit_seccomp+0x48/0x100
[  429.577647][T22021]  ? __seccomp_filter+0x68c/0x10d0
[  429.577667][T22021]  __seccomp_filter+0x69d/0x10d0
[  429.577692][T22021]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  429.577794][T22021]  ? vfs_write+0x7e8/0x960
[  429.577822][T22021]  __secure_computing+0x82/0x150
[  429.577843][T22021]  syscall_trace_enter+0xcf/0x1e0
[  429.577867][T22021]  do_syscall_64+0xac/0x200
[  429.577898][T22021]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  429.577961][T22021]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  429.577989][T22021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.578010][T22021] RIP: 0033:0x7f0b0fa5eba9
[  429.578026][T22021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  429.578187][T22021] RSP: 002b:00007f0b0e4c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012e
[  429.578208][T22021] RAX: ffffffffffffffda RBX: 00007f0b0fca5fa0 RCX: 00007f0b0fa5eba9
[  429.578249][T22021] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000000000000
[  429.578259][T22021] RBP: 00007f0b0e4c7090 R08: 0000000000000000 R09: 0000000000000000
[  429.578269][T22021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  429.578280][T22021] R13: 00007f0b0fca6038 R14: 00007f0b0fca5fa0 R15: 00007fff8c8c95d8
[  429.578296][T22021]  </TASK>
[  429.863231][T22024] loop6: detected capacity change from 0 to 1024
[  429.881572][T22024] EXT4-fs: Ignoring removed bh option
[  429.894258][T22024] EXT4-fs: inline encryption not supported
[  429.911759][T22024] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  429.934102][T22024] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  429.942864][T22024] EXT4-fs error (device loop6): ext4_map_blocks:778: inode #3: block 2: comm syz.6.6822: lblock 2 mapped to illegal pblock 2 (length 1)
[  429.968861][T22024] EXT4-fs error (device loop6): ext4_map_blocks:778: inode #3: block 48: comm syz.6.6822: lblock 0 mapped to illegal pblock 48 (length 1)
[  430.083775][T22024] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.6822: Failed to acquire dquot type 0
[  430.123425][T22024] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  430.146545][T22024] EXT4-fs error (device loop6): ext4_evict_inode:254: inode #11: comm syz.6.6822: mark_inode_dirty error
[  430.163469][T22024] EXT4-fs warning (device loop6): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  430.190008][T22024] EXT4-fs (loop6): 1 orphan inode deleted
[  430.205122][   T37] EXT4-fs error (device loop6): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  430.275306][   T37] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:2: Failed to release dquot type 0
[  430.325581][T22024] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  430.454488][T22037] Falling back ldisc for ttyS3.
[  430.745542][T22068] program syz.6.6840 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  430.819707][T22080] 9pnet_fd: Insufficient options for proto=fd
[  431.009274][T22098] SELinux: failed to load policy
[  431.039563][T22106] program syz.5.6854 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  431.084572][T22112] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  431.128781][T22119] 9pnet_fd: Insufficient options for proto=fd
[  431.135539][   T29] kauditd_printk_skb: 396 callbacks suppressed
[  431.135553][   T29] audit: type=1326 audit(1758078645.068:21503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.165472][   T29] audit: type=1326 audit(1758078645.068:21504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.188996][   T29] audit: type=1326 audit(1758078645.068:21505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.212711][   T29] audit: type=1326 audit(1758078645.068:21506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.236306][   T29] audit: type=1326 audit(1758078645.068:21507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.260022][   T29] audit: type=1326 audit(1758078645.168:21508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.283712][   T29] audit: type=1326 audit(1758078645.168:21509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.307398][   T29] audit: type=1326 audit(1758078645.168:21510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.331419][   T29] audit: type=1326 audit(1758078645.258:21511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.355286][   T29] audit: type=1326 audit(1758078645.288:21512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22118 comm="syz.0.6860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010fa1eba9 code=0x7ffc0000
[  431.385067][T22120] usb usb8: usbfs: process 22120 (syz.0.6860) did not claim interface 0 before use
[  431.459557][T22133] program syz.1.6866 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  431.496403][T22137] loop1: detected capacity change from 0 to 1024
[  431.503740][T22137] EXT4-fs: Ignoring removed orlov option
[  431.517919][T22135] hub 9-0:1.0: USB hub found
[  431.522627][T22135] hub 9-0:1.0: 8 ports detected
[  431.532199][T22141] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  431.757891][T22164] loop6: detected capacity change from 0 to 1024
[  431.764754][T22164] EXT4-fs: Ignoring removed orlov option
[  431.767594][T22156] netlink: 'syz.7.6872': attribute type 4 has an invalid length.
[  431.778259][T22156] netlink: 17 bytes leftover after parsing attributes in process `syz.7.6872'.
[  432.119765][T22171] loop6: detected capacity change from 0 to 512
[  432.148773][T22173] hub 9-0:1.0: USB hub found
[  432.159811][T22173] hub 9-0:1.0: 8 ports detected
[  432.282024][T22180] hub 9-0:1.0: USB hub found
[  432.287175][T22180] hub 9-0:1.0: 8 ports detected
[  432.354673][T22185] loop5: detected capacity change from 0 to 512
[  432.361980][T22185] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  432.375893][T22185] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  432.392207][T22185] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.6886: bg 0: block 248: padding at end of block bitmap is not set
[  432.408419][T22185] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.6886: Failed to acquire dquot type 1
[  432.420326][T22185] EXT4-fs (loop5): 1 truncate cleaned up
[  432.597044][T22202] loop7: detected capacity change from 0 to 1024
[  432.603834][T22202] EXT4-fs: Ignoring removed orlov option
[  432.679576][T22211] FAULT_INJECTION: forcing a failure.
[  432.679576][T22211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.692737][T22211] CPU: 1 UID: 0 PID: 22211 Comm: syz.5.6897 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  432.692837][T22211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  432.692852][T22211] Call Trace:
[  432.692859][T22211]  <TASK>
[  432.692867][T22211]  __dump_stack+0x1d/0x30
[  432.692959][T22211]  dump_stack_lvl+0xe8/0x140
[  432.692982][T22211]  dump_stack+0x15/0x1b
[  432.693002][T22211]  should_fail_ex+0x265/0x280
[  432.693041][T22211]  should_fail+0xb/0x20
[  432.693065][T22211]  should_fail_usercopy+0x1a/0x20
[  432.693092][T22211]  strncpy_from_user+0x25/0x230
[  432.693122][T22211]  ? __kmalloc_cache_noprof+0x189/0x320
[  432.693189][T22211]  __se_sys_memfd_create+0x1ff/0x590
[  432.693366][T22211]  __x64_sys_memfd_create+0x31/0x40
[  432.693477][T22211]  x64_sys_call+0x2abe/0x2ff0
[  432.693512][T22211]  do_syscall_64+0xd2/0x200
[  432.693541][T22211]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  432.693570][T22211]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  432.693597][T22211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.693632][T22211] RIP: 0033:0x7f967375eba9
[  432.693689][T22211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.693717][T22211] RSP: 002b:00007f96721bee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  432.693903][T22211] RAX: ffffffffffffffda RBX: 000000000000050a RCX: 00007f967375eba9
[  432.693915][T22211] RDX: 00007f96721beef0 RSI: 0000000000000000 RDI: 00007f96737e27e8
[  432.693929][T22211] RBP: 0000200000000940 R08: 00007f96721bebb7 R09: 00007f96721bee40
[  432.693945][T22211] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0
[  432.693960][T22211] R13: 00007f96721beef0 R14: 00007f96721beeb0 R15: 00002000000008c0
[  432.693983][T22211]  </TASK>
[  432.901388][T22217] lo speed is unknown, defaulting to 1000
[  432.909211][T22217] lo speed is unknown, defaulting to 1000
[  432.915308][T22217] lo speed is unknown, defaulting to 1000
[  432.921989][T22217] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  432.937157][T22217] lo speed is unknown, defaulting to 1000
[  432.944851][T22217] lo speed is unknown, defaulting to 1000
[  432.950862][T22217] lo speed is unknown, defaulting to 1000
[  432.957224][T22217] lo speed is unknown, defaulting to 1000
[  432.963296][T22217] lo speed is unknown, defaulting to 1000
[  432.969822][T22217] lo speed is unknown, defaulting to 1000
[  432.984893][T22217] lo speed is unknown, defaulting to 1000
[  433.089724][T22228] loop5: detected capacity change from 0 to 512
[  433.096893][T22228] EXT4-fs: Ignoring removed orlov option
[  433.103091][T22228] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  433.113117][T22228] EXT4-fs (loop5): orphan cleanup on readonly fs
[  433.126620][T22228] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.6904: bg 0: block 248: padding at end of block bitmap is not set
[  433.157677][T22228] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.6904: Failed to acquire dquot type 1
[  433.169769][T22228] EXT4-fs (loop5): 1 truncate cleaned up
[  433.208309][T22240] program syz.7.6908 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  433.219581][T22238] hub 9-0:1.0: USB hub found
[  433.224302][T22238] hub 9-0:1.0: 8 ports detected
[  433.258812][T22249] program syz.7.6913 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  433.291705][T22255] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  433.298974][T22255] IPv6: NLM_F_CREATE should be set when creating new route
[  433.432843][T22264] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=22264 comm=syz.5.6920
[  433.493125][T22271] loop7: detected capacity change from 0 to 512
[  433.500624][T22271] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  433.511509][T22271] EXT4-fs (loop7): orphan cleanup on readonly fs
[  433.518574][T22271] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6922: bg 0: block 248: padding at end of block bitmap is not set
[  433.532547][T22277] program syz.5.6925 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  433.535561][T22271] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.6922: Failed to acquire dquot type 1
[  433.568868][T22271] EXT4-fs (loop7): 1 truncate cleaned up
[  433.587236][T22279] loop5: detected capacity change from 0 to 512
[  433.675044][T22288] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  433.682334][T22288] IPv6: NLM_F_CREATE should be set when creating new route
[  433.727094][T22290] loop7: detected capacity change from 0 to 512
[  433.743308][T22290] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  433.762730][T22290] EXT4-fs (loop7): orphan cleanup on readonly fs
[  433.770004][T22290] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.6931: bg 0: block 248: padding at end of block bitmap is not set
[  433.786937][T22290] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.6931: Failed to acquire dquot type 1
[  433.798838][T22290] EXT4-fs (loop7): 1 truncate cleaned up
[  433.890995][T22294] lo speed is unknown, defaulting to 1000
[  433.980138][T22294] lo speed is unknown, defaulting to 1000
[  434.134582][T22298] loop7: detected capacity change from 0 to 512
[  434.332390][T22307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22307 comm=syz.1.6934
[  434.366381][T22307] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=22307 comm=syz.1.6934
[  434.411870][T22307] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  434.507485][T22317] lo speed is unknown, defaulting to 1000
[  434.662656][T22317] lo speed is unknown, defaulting to 1000
[  434.916284][T22323] loop5: detected capacity change from 0 to 512
[  434.930791][T22323] ext4 filesystem being mounted at /553/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  435.029930][T22332] loop1: detected capacity change from 0 to 1024
[  435.036710][T22332] EXT4-fs: Ignoring removed bh option
[  435.042567][T22332] EXT4-fs: inline encryption not supported
[  435.050375][T22332] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  435.062780][T22332] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  435.080117][T22332] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.6943: lblock 2 mapped to illegal pblock 2 (length 1)
[  435.103630][T22330] usb usb8: usbfs: process 22330 (syz.5.6945) did not claim interface 0 before use
[  435.110402][T22332] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.6943: lblock 0 mapped to illegal pblock 48 (length 1)
[  435.244849][T22332] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.6943: Failed to acquire dquot type 0
[  435.276364][T22343] hub 9-0:1.0: USB hub found
[  435.281095][T22343] hub 9-0:1.0: 8 ports detected
[  435.293847][T22332] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  435.315492][T22332] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.6943: mark_inode_dirty error
[  435.338858][T22347] loop7: detected capacity change from 0 to 8192
[  435.355111][T22347] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  435.457923][T22332] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  435.472154][T22332] EXT4-fs (loop1): 1 orphan inode deleted
[  435.491130][   T37] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  435.515793][   T37] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:2: Failed to release dquot type 0
[  435.547053][T22332] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  435.580473][T22355] loop5: detected capacity change from 0 to 512
[  435.603270][T22357] lo speed is unknown, defaulting to 1000
[  435.605745][T22355] ext4 filesystem being mounted at /556/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  435.632512][T22359] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  435.639808][T22359] IPv6: NLM_F_CREATE should be set when creating new route
[  435.863675][T22372] loop1: detected capacity change from 0 to 512
[  435.928560][T22372] EXT4-fs mount: 44 callbacks suppressed
[  435.928576][T22372] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  436.037806][T22372] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  436.241884][T22362] lo speed is unknown, defaulting to 1000
[  436.261859][   T29] kauditd_printk_skb: 535 callbacks suppressed
[  436.261878][   T29] audit: type=1326 audit(1758078650.178:22037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22366 comm="syz.1.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3c23eba9 code=0x7ffc0000
[  436.303382][T22373] lo speed is unknown, defaulting to 1000
[  436.313573][T22376] lo speed is unknown, defaulting to 1000
[  436.443555][T22382] loop7: detected capacity change from 0 to 1024
[  436.460502][T22382] EXT4-fs: Ignoring removed bh option
[  436.472406][T22382] EXT4-fs: inline encryption not supported
[  436.488535][T22382] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  436.519387][   T29] audit: type=1326 audit(1758078650.428:22038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22366 comm="syz.1.6958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3c23eba9 code=0x7ffc0000
[  436.566082][T22382] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  436.578784][T22382] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.6961: lblock 2 mapped to illegal pblock 2 (length 1)
[  436.620549][T22382] Quota error (device loop7): qtree_write_dquot: dquota write failed
[  436.648374][   T29] audit: type=1400 audit(1758078650.578:22039): avc:  denied  { module_request } for  pid=22387 comm="syz.5.6963" kmod="fs-pvfs2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  436.675391][T22382] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 48: comm syz.7.6961: lblock 0 mapped to illegal pblock 48 (length 1)
[  436.713165][T22382] Quota error (device loop7): v2_write_file_info: Can't write info structure
[  436.713754][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  436.722023][T22382] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.6961: Failed to acquire dquot type 0
[  436.722152][   T29] audit: type=1400 audit(1758078650.638:22040): avc:  denied  { ioctl } for  pid=22387 comm="syz.5.6963" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=82199 ioctlcmd=0x937b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  436.731614][T22377] netlink: 'syz.0.6957': attribute type 4 has an invalid length.
[  436.769600][T22377] netlink: 17 bytes leftover after parsing attributes in process `syz.0.6957'.
[  436.788075][T22382] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  436.802471][T22382] EXT4-fs error (device loop7): ext4_evict_inode:254: inode #11: comm syz.7.6961: mark_inode_dirty error
[  436.825232][T22382] EXT4-fs warning (device loop7): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  436.825514][   T29] audit: type=1400 audit(1758078650.758:22041): avc:  denied  { read } for  pid=22394 comm="syz.5.6965" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  436.844541][T22382] EXT4-fs (loop7): 1 orphan inode deleted
[  436.859977][   T29] audit: type=1400 audit(1758078650.758:22042): avc:  denied  { open } for  pid=22394 comm="syz.5.6965" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  436.895597][T22382] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  436.897145][ T1859] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  436.939429][ T1859] Quota error (device loop7): remove_tree: Can't read quota data block 1
[  436.947968][ T1859] EXT4-fs error (device loop7): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 0
[  436.960498][T22382] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  436.980436][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.004511][T22404] 9pnet_fd: Insufficient options for proto=fd
[  437.059184][T22406] loop7: detected capacity change from 0 to 8192
[  437.072743][T22399] 9pnet_fd: Insufficient options for proto=fd
[  437.092915][   T29] audit: type=1400 audit(1758078651.018:22043): avc:  denied  { setattr } for  pid=22393 comm="syz.1.6964" name="file0" dev="tmpfs" ino=284 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  437.142063][T22408] loop5: detected capacity change from 0 to 512
[  437.166596][T22408] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  437.180619][T22408] ext4 filesystem being mounted at /562/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  437.203962][T15646] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.256592][T22413] hub 9-0:1.0: USB hub found
[  437.261269][T22413] hub 9-0:1.0: 8 ports detected
[  437.324598][T22417] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  437.331895][T22417] IPv6: NLM_F_CREATE should be set when creating new route
[  437.379324][T22418] lo speed is unknown, defaulting to 1000
[  437.475011][T22415] hub 9-0:1.0: USB hub found
[  437.479765][T22415] hub 9-0:1.0: 8 ports detected
[  437.690646][T22438] loop5: detected capacity change from 0 to 512
[  437.732265][T22442] loop6: detected capacity change from 0 to 512
[  437.757774][T22442] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  437.786229][T22442] ext4 filesystem being mounted at /448/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  437.869875][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.897044][T22450] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  438.011853][T22457] team0: Port device dummy0 removed
[  438.028403][T22457] bridge_slave_0: left allmulticast mode
[  438.034129][T22457] bridge_slave_0: left promiscuous mode
[  438.039938][T22457] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.051818][T22457] bridge_slave_1: left allmulticast mode
[  438.057518][T22457] bridge_slave_1: left promiscuous mode
[  438.063180][T22457] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.073075][T22457] bond0: (slave bond_slave_0): Releasing backup interface
[  438.085133][T22457] bond0: (slave bond_slave_1): Releasing backup interface
[  438.108939][T22457] team0: Port device team_slave_0 removed
[  438.117804][T22457] team0: Port device team_slave_1 removed
[  438.124944][T22457] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  438.132365][T22457] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.145108][T22457] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  438.152517][T22457] batman_adv: batadv0: Removing interface: batadv_slave_1
[  438.183708][T22468] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22468 comm=syz.7.6993
[  438.200323][T22468] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=22468 comm=syz.7.6993
[  438.224106][T22468] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  438.349229][T22478] hub 9-0:1.0: USB hub found
[  438.353928][T22478] hub 9-0:1.0: 8 ports detected
[  438.363405][T22485] hub 9-0:1.0: USB hub found
[  438.370757][T22485] hub 9-0:1.0: 8 ports detected
[  438.428397][T22492] team0: Port device dummy0 removed
[  438.438826][T22492] bridge_slave_0: left allmulticast mode
[  438.444738][T22492] bridge_slave_0: left promiscuous mode
[  438.450573][T22492] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.460855][T22492] bridge_slave_1: left allmulticast mode
[  438.466814][T22492] bridge_slave_1: left promiscuous mode
[  438.472467][T22492] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.486592][T22492] bond0: (slave bond_slave_0): Releasing backup interface
[  438.501355][T22492] bond0: (slave bond_slave_1): Releasing backup interface
[  438.526295][T22497] loop5: detected capacity change from 0 to 512
[  438.537858][T22492] team0: Port device team_slave_0 removed
[  438.547350][T22492] team0: Port device team_slave_1 removed
[  438.554915][T22492] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  438.562302][T22492] batman_adv: batadv0: Removing interface: batadv_slave_0
[  438.571809][T22492] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  438.579368][T22492] batman_adv: batadv0: Removing interface: batadv_slave_1
[  438.581378][T22497] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  438.599355][T22497] ext4 filesystem being mounted at /578/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  438.637727][T15646] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  438.660808][T22502] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22502 comm=syz.5.7007
[  438.693460][T22502] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=22502 comm=syz.5.7007
[  438.740338][T22506] loop1: detected capacity change from 0 to 512
[  438.752748][T22502] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  438.761361][T22506] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  438.768473][ T3449] lo speed is unknown, defaulting to 1000
[  438.791411][T22506] ext4 filesystem being mounted at /61/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  438.840813][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  438.873535][T22517] hub 9-0:1.0: USB hub found
[  438.878422][T22517] hub 9-0:1.0: 8 ports detected
[  438.927540][T22527] loop5: detected capacity change from 0 to 512
[  438.936265][T22527] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  438.945183][T22523] loop1: detected capacity change from 0 to 512
[  438.952239][T22527] EXT4-fs (loop5): orphan cleanup on readonly fs
[  438.960849][T22527] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.7018: bg 0: block 248: padding at end of block bitmap is not set
[  438.977685][T22527] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.7018: Failed to acquire dquot type 1
[  438.994780][T22527] EXT4-fs (loop5): 1 truncate cleaned up
[  439.001272][T22527] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  439.025256][T15646] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.126517][T22532] usb usb8: usbfs: process 22532 (syz.1.7020) did not claim interface 0 before use
[  439.167443][T22549] hub 9-0:1.0: USB hub found
[  439.172364][T22549] hub 9-0:1.0: 8 ports detected
[  439.337415][T22566] hub 9-0:1.0: USB hub found
[  439.342227][T22566] hub 9-0:1.0: 8 ports detected
[  439.362181][T22567] lo speed is unknown, defaulting to 1000
[  439.501363][T22578] hub 9-0:1.0: USB hub found
[  439.506403][T22578] hub 9-0:1.0: 8 ports detected
[  439.621833][T22586] loop1: detected capacity change from 0 to 512
[  439.633989][T22586] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  439.681547][T22589] loop5: detected capacity change from 0 to 512
[  439.690860][T22589] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  439.699969][T22589] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  439.714900][T22586] EXT4-fs (loop1): orphan cleanup on readonly fs
[  439.722263][T22589] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended
[  439.750689][T22589] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  439.782812][T22589] System zones: 0-2, 18-18, 34-35
[  439.804021][T22589] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  439.904811][T22586] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.7043: bg 0: block 248: padding at end of block bitmap is not set
[  439.919610][T22586] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.7043: Failed to acquire dquot type 1
[  439.920477][T22589] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.943267][T22586] EXT4-fs (loop1): 1 truncate cleaned up
[  439.957162][T22586] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  439.986379][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  440.031982][T22603] hub 9-0:1.0: USB hub found
[  440.037843][T22603] hub 9-0:1.0: 8 ports detected
[  440.175617][T22615] loop1: detected capacity change from 0 to 512
[  440.392537][T22645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22645 comm=syz.6.7063
[  440.448336][T22644] lo speed is unknown, defaulting to 1000
[  440.495512][T22645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=22645 comm=syz.6.7063
[  440.515377][T22647] 8021q: adding VLAN 0 to HW filter on device bond0
[  440.536211][T22647] 8021q: adding VLAN 0 to HW filter on device team0
[  440.561517][T22647] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  440.604943][T22648] lo speed is unknown, defaulting to 1000
[  440.713746][T22648] lo speed is unknown, defaulting to 1000
[  441.265665][   T29] kauditd_printk_skb: 625 callbacks suppressed
[  441.265680][   T29] audit: type=1326 audit(1758078655.198:22665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b0fa5d510 code=0x7ffc0000
[  441.295517][   T29] audit: type=1326 audit(1758078655.198:22666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b0fa5d510 code=0x7ffc0000
[  441.319319][   T29] audit: type=1326 audit(1758078655.198:22667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  441.343001][   T29] audit: type=1326 audit(1758078655.198:22668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  441.343367][T22677] loop6: detected capacity change from 0 to 512
[  441.370345][   T29] audit: type=1326 audit(1758078655.248:22669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  441.396778][   T29] audit: type=1326 audit(1758078655.248:22670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  441.420480][   T29] audit: type=1326 audit(1758078655.248:22671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  441.444221][   T29] audit: type=1326 audit(1758078655.248:22672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  441.468134][   T29] audit: type=1326 audit(1758078655.248:22673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0b0fa5ebe3 code=0x7ffc0000
[  441.491825][   T29] audit: type=1326 audit(1758078655.248:22674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22676 comm="syz.6.7075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0b0fa5d65f code=0x7ffc0000
[  441.519531][T22677] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  441.540095][T22677] ext4 filesystem being mounted at /456/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  441.607492][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.741797][T22694] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  441.749113][T22694] IPv6: NLM_F_CREATE should be set when creating new route
[  441.775961][T22691] usb usb8: usbfs: process 22691 (syz.6.7080) did not claim interface 0 before use
[  441.812582][T22673] netlink: 'syz.0.7072': attribute type 4 has an invalid length.
[  441.820507][T22673] netlink: 17 bytes leftover after parsing attributes in process `syz.0.7072'.
[  441.937208][T22707] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22707 comm=syz.1.7086
[  441.974246][T22707] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=22707 comm=syz.1.7086
[  442.041091][T22707] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  442.064563][T22713] loop7: detected capacity change from 0 to 1024
[  442.081634][T22713] EXT4-fs: Ignoring removed bh option
[  442.091628][T22713] EXT4-fs: inline encryption not supported
[  442.112611][T22713] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  442.134999][T22713] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  442.143896][T22713] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 2: comm syz.7.7088: lblock 2 mapped to illegal pblock 2 (length 1)
[  442.148701][T22701] SELinux: failed to load policy
[  442.159707][T22713] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 48: comm syz.7.7088: lblock 0 mapped to illegal pblock 48 (length 1)
[  442.187740][T22717] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  442.207430][T22713] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.7088: Failed to acquire dquot type 0
[  442.244429][T22713] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  442.274324][T22713] EXT4-fs error (device loop7): ext4_evict_inode:254: inode #11: comm syz.7.7088: mark_inode_dirty error
[  442.305381][T22713] EXT4-fs warning (device loop7): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  442.330035][T22713] EXT4-fs (loop7): 1 orphan inode deleted
[  442.342304][T22713] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  442.356083][ T1727] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  442.401002][ T1727] EXT4-fs error (device loop7): ext4_release_dquot:6973: comm kworker/u8:6: Failed to release dquot type 0
[  442.427643][T22726] lo speed is unknown, defaulting to 1000
[  442.463099][T22713] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  442.487994][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  442.521931][T22726] chnl_net:caif_netlink_parms(): no params data found
[  442.610270][T22747] hub 9-0:1.0: USB hub found
[  442.615730][T22747] hub 9-0:1.0: 8 ports detected
[  442.642139][T22726] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.649248][T22726] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.660066][T22726] bridge_slave_0: entered allmulticast mode
[  442.754623][T22726] bridge_slave_0: entered promiscuous mode
[  442.761567][T22726] bridge0: port 2(bridge_slave_1) entered blocking state
[  442.768733][T22726] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.775989][T22726] bridge_slave_1: entered allmulticast mode
[  442.782639][T22726] bridge_slave_1: entered promiscuous mode
[  442.790739][   T37] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.822995][T22726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  442.835605][T22726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  442.852740][   T37] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.872988][T22751] lo speed is unknown, defaulting to 1000
[  442.925915][T22751] lo speed is unknown, defaulting to 1000
[  442.982772][T22726] team0: Port device team_slave_0 added
[  442.990050][T22726] team0: Port device team_slave_1 added
[  442.996710][   T37] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.089800][T22726] batman_adv: batadv0: Adding interface: batadv_slave_0
[  443.096792][T22726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.122778][T22726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  443.135396][   T37] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.146961][T22726] batman_adv: batadv0: Adding interface: batadv_slave_1
[  443.153903][T22726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.179858][T22726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  443.205730][T22764] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22764 comm=syz.6.7102
[  443.230798][T22764] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=22764 comm=syz.6.7102
[  443.281187][T22766] lo speed is unknown, defaulting to 1000
[  443.428280][T22766] lo speed is unknown, defaulting to 1000
[  443.620318][T22726] hsr_slave_0: entered promiscuous mode
[  443.626860][T22726] hsr_slave_1: entered promiscuous mode
[  443.632670][T22726] debugfs: 'hsr0' already exists in 'hsr'
[  443.638425][T22726] Cannot create hsr debugfs directory
[  443.656637][T22773] 9pnet_fd: Insufficient options for proto=fd
[  443.670551][T22764] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  443.706868][T22777] netlink: 'syz.7.7106': attribute type 1 has an invalid length.
[  443.729607][T22777] bond1: entered promiscuous mode
[  443.737146][T22777] 8021q: adding VLAN 0 to HW filter on device bond1
[  443.841457][   T37] bond0 (unregistering): Released all slaves
[  443.911627][T22788] team0: Mode changed to "activebackup"
[  443.931425][   T37] hsr_slave_0: left promiscuous mode
[  443.939345][T22785] loop6: detected capacity change from 0 to 512
[  443.951399][   T37] hsr_slave_1: left promiscuous mode
[  443.962468][   T37] veth1_macvtap: left promiscuous mode
[  443.964386][T22785] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  443.972469][   T37] veth0_macvtap: left promiscuous mode
[  443.982592][   T37] veth1_vlan: left promiscuous mode
[  443.988101][   T37] veth0_vlan: left promiscuous mode
[  443.999414][T22785] EXT4-fs warning (device loop6): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  444.022614][T22785] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.7109: bg 0: block 248: padding at end of block bitmap is not set
[  444.040202][T22785] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.7109: Failed to acquire dquot type 1
[  444.056176][T22785] EXT4-fs (loop6): 1 truncate cleaned up
[  444.062433][T22785] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  444.099511][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  444.147697][T22803] 9pnet_fd: Insufficient options for proto=fd
[  444.202155][ T6691] lo speed is unknown, defaulting to 1000
[  444.208044][ T6691] infiniband syz0: ib_query_port failed (-19)
[  444.339610][T22807] loop7: detected capacity change from 0 to 512
[  444.401410][T22819] loop7: detected capacity change from 0 to 1024
[  444.410855][T22819] EXT4-fs: Ignoring removed orlov option
[  444.419831][T22819] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  444.481547][T22726] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  444.563607][T22726] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  444.578790][T22726] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  444.597435][T22726] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  444.688481][T18114] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  444.710892][T18114] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  444.725186][T18114] bond0 (unregistering): Released all slaves
[  444.816116][T18114] bond0 (unregistering): Released all slaves
[  444.921856][T22726] 8021q: adding VLAN 0 to HW filter on device bond0
[  444.946534][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.949043][T22726] 8021q: adding VLAN 0 to HW filter on device team0
[  444.974230][T18114] tipc: Left network mode
[  444.980148][T18114] tipc: Left network mode
[  444.981204][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.991600][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  445.003036][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.010117][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  445.043378][T18114] hsr_slave_0: left promiscuous mode
[  445.051969][T18114] hsr_slave_1: left promiscuous mode
[  445.075976][T18114] batman_adv: batadv0: Removing interface: batadv_slave_0
[  445.084374][T18114] batman_adv: batadv0: Removing interface: batadv_slave_1
[  445.109968][T18114] hsr_slave_0: left promiscuous mode
[  445.112491][T18114] hsr_slave_1: left promiscuous mode
[  445.184302][T18114] team0 (unregistering): Port device team_slave_1 removed
[  445.204299][T18114] team0 (unregistering): Port device team_slave_0 removed
[  445.430710][T22726] 8021q: adding VLAN 0 to HW filter on device batadv0
[  445.496637][T22852] 
: renamed from bond0 (while UP)
[  445.592194][T22726] veth0_vlan: entered promiscuous mode
[  445.610403][T22726] veth1_vlan: entered promiscuous mode
[  445.631750][T22726] veth0_macvtap: entered promiscuous mode
[  445.639523][T22726] veth1_macvtap: entered promiscuous mode
[  445.740788][T22875] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  445.748085][T22875] IPv6: NLM_F_CREATE should be set when creating new route
[  446.049526][T22726] batman_adv: batadv0: Interface activated: batadv_slave_0
[  446.070129][T22726] batman_adv: batadv0: Interface activated: batadv_slave_1
[  446.080874][ T1859] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  446.115180][ T1859] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  446.127595][ T1859] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  446.136517][ T1859] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  446.238656][T18114] IPVS: stop unused estimator thread 0...
[  446.254068][T18114] IPVS: stop unused estimator thread 0...
[  446.422591][   T29] kauditd_printk_skb: 282 callbacks suppressed
[  446.422607][   T29] audit: type=1326 audit(1758078660.348:22952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  446.457728][T22891] loop6: detected capacity change from 0 to 1024
[  446.464748][T22891] EXT4-fs: Ignoring removed orlov option
[  446.470846][   T29] audit: type=1326 audit(1758078660.378:22953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  446.494601][   T29] audit: type=1326 audit(1758078660.378:22954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  446.518191][   T29] audit: type=1326 audit(1758078660.378:22955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  446.541765][   T29] audit: type=1326 audit(1758078660.378:22956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  446.565420][   T29] audit: type=1326 audit(1758078660.378:22957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0b0fa5ebe3 code=0x7ffc0000
[  446.588877][   T29] audit: type=1326 audit(1758078660.388:22958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0b0fa5d65f code=0x7ffc0000
[  446.612291][   T29] audit: type=1326 audit(1758078660.388:22959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f0b0fa5ec37 code=0x7ffc0000
[  446.635834][   T29] audit: type=1326 audit(1758078660.388:22960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b0fa5d510 code=0x7ffc0000
[  446.659421][   T29] audit: type=1326 audit(1758078660.388:22961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22890 comm="syz.6.7139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b0fa5e7ab code=0x7ffc0000
[  446.664140][T22902] 9pnet_fd: Insufficient options for proto=fd
[  446.664561][T22891] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  446.664673][T22891] ext4 filesystem being mounted at /468/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  446.714252][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  446.797772][T22913] hub 9-0:1.0: USB hub found
[  446.802452][T22913] hub 9-0:1.0: 8 ports detected
[  447.021833][T22923] bridge_slave_0: left allmulticast mode
[  447.027627][T22923] bridge_slave_0: left promiscuous mode
[  447.033338][T22923] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.060052][T22923] bridge_slave_1: left allmulticast mode
[  447.065927][T22923] bridge_slave_1: left promiscuous mode
[  447.071588][T22923] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.082411][T22923] bond0: (slave bond_slave_0): Releasing backup interface
[  447.094372][T22923] bond0: (slave bond_slave_1): Releasing backup interface
[  447.108175][T22923] team0: Port device team_slave_0 removed
[  447.117848][T22923] team0: Port device team_slave_1 removed
[  447.125611][T22923] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  447.133014][T22923] batman_adv: batadv0: Removing interface: batadv_slave_0
[  447.144795][T22923] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  447.152217][T22923] batman_adv: batadv0: Removing interface: batadv_slave_1
[  448.150930][T22941] loop7: detected capacity change from 0 to 1024
[  448.157600][T22941] EXT4-fs: Ignoring removed orlov option
[  448.165706][T22941] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  448.185607][T22943] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  448.340235][T22951] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=22951 comm=syz.5.7160
[  448.481030][T22959] loop1: detected capacity change from 0 to 512
[  448.501323][T22952] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  448.517342][T22959] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  448.543204][T17282] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.554854][T22959] ext4 filesystem being mounted at /96/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  448.592139][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.608518][T22960] usb usb8: usbfs: process 22960 (syz.0.7164) did not claim interface 0 before use
[  448.810019][T22979] FAULT_INJECTION: forcing a failure.
[  448.810019][T22979] name failslab, interval 1, probability 0, space 0, times 0
[  448.822748][T22979] CPU: 0 UID: 0 PID: 22979 Comm: syz.7.7168 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  448.822849][T22979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  448.822862][T22979] Call Trace:
[  448.822868][T22979]  <TASK>
[  448.822876][T22979]  __dump_stack+0x1d/0x30
[  448.822898][T22979]  dump_stack_lvl+0xe8/0x140
[  448.822920][T22979]  dump_stack+0x15/0x1b
[  448.822939][T22979]  should_fail_ex+0x265/0x280
[  448.822986][T22979]  should_failslab+0x8c/0xb0
[  448.823008][T22979]  kmem_cache_alloc_noprof+0x50/0x310
[  448.823095][T22979]  ? skb_clone+0x151/0x1f0
[  448.823123][T22979]  skb_clone+0x151/0x1f0
[  448.823175][T22979]  __netlink_deliver_tap+0x2c9/0x500
[  448.823207][T22979]  netlink_unicast+0x66b/0x690
[  448.823228][T22979]  netlink_sendmsg+0x58b/0x6b0
[  448.823267][T22979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.823326][T22979]  __sock_sendmsg+0x142/0x180
[  448.823476][T22979]  ____sys_sendmsg+0x31e/0x4e0
[  448.823511][T22979]  ___sys_sendmsg+0x17b/0x1d0
[  448.823556][T22979]  __x64_sys_sendmsg+0xd4/0x160
[  448.823583][T22979]  x64_sys_call+0x191e/0x2ff0
[  448.823624][T22979]  do_syscall_64+0xd2/0x200
[  448.823658][T22979]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  448.823686][T22979]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  448.823721][T22979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.823782][T22979] RIP: 0033:0x7fd58698eba9
[  448.823798][T22979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.823819][T22979] RSP: 002b:00007fd5853ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  448.823840][T22979] RAX: ffffffffffffffda RBX: 00007fd586bd5fa0 RCX: 00007fd58698eba9
[  448.823855][T22979] RDX: 000000000000c0b0 RSI: 0000200000000280 RDI: 0000000000000003
[  448.823868][T22979] RBP: 00007fd5853ef090 R08: 0000000000000000 R09: 0000000000000000
[  448.823883][T22979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.823916][T22979] R13: 00007fd586bd6038 R14: 00007fd586bd5fa0 R15: 00007ffdf8fe0528
[  448.823933][T22979]  </TASK>
[  449.163936][T22987] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64013 sclass=netlink_route_socket pid=22987 comm=syz.7.7171
[  449.183672][T22987] FAULT_INJECTION: forcing a failure.
[  449.183672][T22987] name failslab, interval 1, probability 0, space 0, times 0
[  449.196384][T22987] CPU: 0 UID: 0 PID: 22987 Comm: syz.7.7171 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  449.196408][T22987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  449.196439][T22987] Call Trace:
[  449.196445][T22987]  <TASK>
[  449.196453][T22987]  __dump_stack+0x1d/0x30
[  449.196474][T22987]  dump_stack_lvl+0xe8/0x140
[  449.196491][T22987]  dump_stack+0x15/0x1b
[  449.196519][T22987]  should_fail_ex+0x265/0x280
[  449.196543][T22987]  should_failslab+0x8c/0xb0
[  449.196572][T22987]  kmem_cache_alloc_node_noprof+0x57/0x320
[  449.196683][T22987]  ? __alloc_skb+0x101/0x320
[  449.196703][T22987]  __alloc_skb+0x101/0x320
[  449.196725][T22987]  netlink_ack+0xfd/0x500
[  449.196757][T22987]  netlink_rcv_skb+0x192/0x220
[  449.196814][T22987]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  449.196855][T22987]  rtnetlink_rcv+0x1c/0x30
[  449.196888][T22987]  netlink_unicast+0x5c0/0x690
[  449.196910][T22987]  netlink_sendmsg+0x58b/0x6b0
[  449.196979][T22987]  ? __pfx_netlink_sendmsg+0x10/0x10
[  449.197005][T22987]  __sock_sendmsg+0x142/0x180
[  449.197082][T22987]  ____sys_sendmsg+0x345/0x4e0
[  449.197116][T22987]  ___sys_sendmsg+0x17b/0x1d0
[  449.197162][T22987]  __sys_sendmmsg+0x178/0x300
[  449.197238][T22987]  __x64_sys_sendmmsg+0x57/0x70
[  449.197268][T22987]  x64_sys_call+0x1c4a/0x2ff0
[  449.197353][T22987]  do_syscall_64+0xd2/0x200
[  449.197390][T22987]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  449.197417][T22987]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  449.197496][T22987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.197514][T22987] RIP: 0033:0x7fd58698eba9
[  449.197527][T22987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.197546][T22987] RSP: 002b:00007fd5853ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  449.197574][T22987] RAX: ffffffffffffffda RBX: 00007fd586bd5fa0 RCX: 00007fd58698eba9
[  449.197648][T22987] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  449.197663][T22987] RBP: 00007fd5853ef090 R08: 0000000000000000 R09: 0000000000000000
[  449.197676][T22987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.197689][T22987] R13: 00007fd586bd6038 R14: 00007fd586bd5fa0 R15: 00007ffdf8fe0528
[  449.197707][T22987]  </TASK>
[  449.907560][T22996] FAULT_INJECTION: forcing a failure.
[  449.907560][T22996] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  449.920732][T22996] CPU: 0 UID: 0 PID: 22996 Comm: +}[@ Not tainted syzkaller #0 PREEMPT(voluntary) 
[  449.920759][T22996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  449.920772][T22996] Call Trace:
[  449.920778][T22996]  <TASK>
[  449.920785][T22996]  __dump_stack+0x1d/0x30
[  449.920827][T22996]  dump_stack_lvl+0xe8/0x140
[  449.920851][T22996]  dump_stack+0x15/0x1b
[  449.920921][T22996]  should_fail_ex+0x265/0x280
[  449.920952][T22996]  should_fail+0xb/0x20
[  449.920979][T22996]  should_fail_usercopy+0x1a/0x20
[  449.921034][T22996]  _copy_from_user+0x1c/0xb0
[  449.921075][T22996]  ___sys_sendmsg+0xc1/0x1d0
[  449.921149][T22996]  __x64_sys_sendmsg+0xd4/0x160
[  449.921183][T22996]  x64_sys_call+0x191e/0x2ff0
[  449.921207][T22996]  do_syscall_64+0xd2/0x200
[  449.921284][T22996]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  449.921392][T22996]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  449.921430][T22996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.921524][T22996] RIP: 0033:0x7fd58698eba9
[  449.921544][T22996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.921570][T22996] RSP: 002b:00007fd5853ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  449.921594][T22996] RAX: ffffffffffffffda RBX: 00007fd586bd5fa0 RCX: 00007fd58698eba9
[  449.921632][T22996] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000005
[  449.921725][T22996] RBP: 00007fd5853ef090 R08: 0000000000000000 R09: 0000000000000000
[  449.921739][T22996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.921822][T22996] R13: 00007fd586bd6038 R14: 00007fd586bd5fa0 R15: 00007ffdf8fe0528
[  449.921842][T22996]  </TASK>
[  450.349661][T23009] usb usb8: usbfs: process 23009 (syz.5.7179) did not claim interface 0 before use
[  450.449744][T23023] hub 9-0:1.0: USB hub found
[  450.454561][T23023] hub 9-0:1.0: 8 ports detected
[  450.495122][T23033] loop1: detected capacity change from 0 to 1024
[  450.510602][T23033] EXT4-fs: Ignoring removed mblk_io_submit option
[  450.517416][T23033] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 not in group (block 4194309)!
[  450.528027][T23033] EXT4-fs (loop1): group descriptors corrupted!
[  450.749188][T23043] FAULT_INJECTION: forcing a failure.
[  450.749188][T23043] name failslab, interval 1, probability 0, space 0, times 0
[  450.761839][T23043] CPU: 1 UID: 0 PID: 23043 Comm: syz.1.7186 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  450.761883][T23043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  450.761900][T23043] Call Trace:
[  450.761907][T23043]  <TASK>
[  450.761916][T23043]  __dump_stack+0x1d/0x30
[  450.761943][T23043]  dump_stack_lvl+0xe8/0x140
[  450.762055][T23043]  dump_stack+0x15/0x1b
[  450.762074][T23043]  should_fail_ex+0x265/0x280
[  450.762102][T23043]  should_failslab+0x8c/0xb0
[  450.762127][T23043]  __kvmalloc_node_noprof+0x123/0x4e0
[  450.762175][T23043]  ? bpf_test_run_xdp_live+0xed/0xfe0
[  450.762200][T23043]  bpf_test_run_xdp_live+0xed/0xfe0
[  450.762286][T23043]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  450.762353][T23043]  ? __pfx_autoremove_wake_function+0x10/0x10
[  450.762464][T23043]  ? 0xffffffffa0205240
[  450.762481][T23043]  ? synchronize_rcu+0x45/0x320
[  450.762508][T23043]  ? 0xffffffffa0205240
[  450.762519][T23043]  ? 0xffffffffa0205240
[  450.762530][T23043]  ? bpf_dispatcher_change_prog+0x6ec/0x7f0
[  450.762593][T23043]  ? 0xffffffffa0202f48
[  450.762618][T23043]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  450.762655][T23043]  bpf_prog_test_run_xdp+0x4f5/0x910
[  450.762737][T23043]  ? __rcu_read_unlock+0x4f/0x70
[  450.762783][T23043]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  450.762853][T23043]  bpf_prog_test_run+0x227/0x390
[  450.762937][T23043]  __sys_bpf+0x4b9/0x7b0
[  450.762978][T23043]  __x64_sys_bpf+0x41/0x50
[  450.763005][T23043]  x64_sys_call+0x2aea/0x2ff0
[  450.763055][T23043]  do_syscall_64+0xd2/0x200
[  450.763092][T23043]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  450.763121][T23043]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  450.763149][T23043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.763223][T23043] RIP: 0033:0x7fcd3c23eba9
[  450.763237][T23043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  450.763257][T23043] RSP: 002b:00007fcd3ac65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  450.763349][T23043] RAX: ffffffffffffffda RBX: 00007fcd3c486180 RCX: 00007fcd3c23eba9
[  450.763377][T23043] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  450.763388][T23043] RBP: 00007fcd3ac65090 R08: 0000000000000000 R09: 0000000000000000
[  450.763399][T23043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  450.763413][T23043] R13: 00007fcd3c486218 R14: 00007fcd3c486180 R15: 00007fff78ca4458
[  450.763436][T23043]  </TASK>
[  452.008344][   T29] kauditd_printk_skb: 361 callbacks suppressed
[  452.008359][   T29] audit: type=1326 audit(1758078665.938:23323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.061249][   T29] audit: type=1326 audit(1758078665.968:23324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.085018][   T29] audit: type=1326 audit(1758078665.968:23325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.108768][   T29] audit: type=1326 audit(1758078665.968:23326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.132351][   T29] audit: type=1326 audit(1758078665.968:23327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.155996][   T29] audit: type=1326 audit(1758078665.968:23328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.179617][   T29] audit: type=1326 audit(1758078665.968:23329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.203239][   T29] audit: type=1326 audit(1758078665.968:23330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.227276][   T29] audit: type=1326 audit(1758078665.968:23331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.250889][   T29] audit: type=1326 audit(1758078665.968:23332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23042 comm="syz.7.7193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd58698eba9 code=0x7ffc0000
[  452.447128][T23060] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3)
[  452.453662][T23060] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  452.461437][T23060] vhci_hcd vhci_hcd.0: Device attached
[  452.471308][T23062] hub 9-0:1.0: USB hub found
[  452.476034][T23062] hub 9-0:1.0: 8 ports detected
[  452.487314][T23060] SELinux:  Context system_u:object_r:bsdpty_device_t:s0 is not valid (left unmapped).
[  452.511275][T23063] vhci_hcd: connection closed
[  452.511411][ T1727] vhci_hcd: stop threads
[  452.520441][ T1727] vhci_hcd: release socket
[  452.524882][ T1727] vhci_hcd: disconnect device
[  452.576969][T23073] loop5: detected capacity change from 0 to 512
[  452.599367][T23073] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  452.602681][T23079] hub 9-0:1.0: USB hub found
[  452.612538][T23073] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  452.617742][T23079] hub 9-0:1.0: 8 ports detected
[  452.642132][T22726] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  452.663092][T23081] hub 9-0:1.0: USB hub found
[  452.667938][T23081] hub 9-0:1.0: 8 ports detected
[  452.711162][T23086] hub 9-0:1.0: USB hub found
[  452.724221][T23086] hub 9-0:1.0: 8 ports detected
[  452.768151][T23090] netlink: 'syz.5.7205': attribute type 4 has an invalid length.
[  452.775917][T23090] netlink: 17 bytes leftover after parsing attributes in process `syz.5.7205'.
[  452.797011][T23091] loop1: detected capacity change from 0 to 512
[  452.817211][T23091] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  452.839174][T23091] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  452.853854][T23091] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.7208: bg 0: block 248: padding at end of block bitmap is not set
[  452.871418][T23091] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.7208: Failed to acquire dquot type 1
[  452.885727][T23091] EXT4-fs (loop1): 1 truncate cleaned up
[  452.891815][T23091] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  452.965606][T23095] usb usb8: usbfs: process 23095 (syz.7.7209) did not claim interface 0 before use
[  453.094127][T23101] loop6: detected capacity change from 0 to 512
[  453.123501][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  453.163965][T23101] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  453.180046][T23101] ext4 filesystem being mounted at /477/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  453.264193][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.417618][T23109] loop6: detected capacity change from 0 to 1024
[  453.434496][T23109] EXT4-fs: Ignoring removed mblk_io_submit option
[  453.451596][T23109] EXT4-fs (loop6): ext4_check_descriptors: Inode table for group 0 not in group (block 4194309)!
[  453.462242][T23109] EXT4-fs (loop6): group descriptors corrupted!
[  453.858701][T23123] hub 9-0:1.0: USB hub found
[  453.864786][T23123] hub 9-0:1.0: 8 ports detected
[  454.069072][T23129] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23129 comm=syz.1.7218
[  454.103235][T23135] FAULT_INJECTION: forcing a failure.
[  454.103235][T23135] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.116630][T23135] CPU: 0 UID: 0 PID: 23135 Comm: syz.1.7223 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  454.116660][T23135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  454.116675][T23135] Call Trace:
[  454.116682][T23135]  <TASK>
[  454.116690][T23135]  __dump_stack+0x1d/0x30
[  454.116756][T23135]  dump_stack_lvl+0xe8/0x140
[  454.116887][T23135]  dump_stack+0x15/0x1b
[  454.116907][T23135]  should_fail_ex+0x265/0x280
[  454.116957][T23135]  should_fail+0xb/0x20
[  454.116981][T23135]  should_fail_usercopy+0x1a/0x20
[  454.117011][T23135]  _copy_to_user+0x20/0xa0
[  454.117131][T23135]  simple_read_from_buffer+0xb5/0x130
[  454.117155][T23135]  proc_fail_nth_read+0x10e/0x150
[  454.117216][T23135]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  454.117246][T23135]  vfs_read+0x1a8/0x770
[  454.117270][T23135]  ? __rcu_read_unlock+0x4f/0x70
[  454.117292][T23135]  ? __fget_files+0x184/0x1c0
[  454.117398][T23135]  ksys_read+0xda/0x1a0
[  454.117418][T23135]  __x64_sys_read+0x40/0x50
[  454.117437][T23135]  x64_sys_call+0x27bc/0x2ff0
[  454.117503][T23135]  do_syscall_64+0xd2/0x200
[  454.117540][T23135]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  454.117563][T23135]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  454.117667][T23135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.117692][T23135] RIP: 0033:0x7fcd3c23d5bc
[  454.117709][T23135] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  454.117728][T23135] RSP: 002b:00007fcd3aca7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  454.117749][T23135] RAX: ffffffffffffffda RBX: 00007fcd3c485fa0 RCX: 00007fcd3c23d5bc
[  454.117765][T23135] RDX: 000000000000000f RSI: 00007fcd3aca70a0 RDI: 0000000000000007
[  454.117850][T23135] RBP: 00007fcd3aca7090 R08: 0000000000000000 R09: 0000000000000000
[  454.117863][T23135] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001
[  454.117874][T23135] R13: 00007fcd3c486038 R14: 00007fcd3c485fa0 R15: 00007fff78ca4458
[  454.117891][T23135]  </TASK>
[  454.329571][T23144] netlink: 'syz.7.7221': attribute type 1 has an invalid length.
[  454.387721][T23149] loop5: detected capacity change from 0 to 512
[  454.395585][T23149] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  454.418437][T23149] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  454.428238][T23147] loop1: detected capacity change from 0 to 512
[  454.446590][T23149] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.7226: bg 0: block 248: padding at end of block bitmap is not set
[  454.451815][T23144] 8021q: adding VLAN 0 to HW filter on device bond0
[  454.469564][T23149] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.7226: Failed to acquire dquot type 1
[  454.485995][T23149] EXT4-fs (loop5): 1 truncate cleaned up
[  454.492200][T23149] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  454.533960][T22726] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  454.547310][T23147] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  454.595487][T23147] ext4 filesystem being mounted at /107/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  454.667559][T23170] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=23170 comm=syz.6.7234
[  454.681570][T23138] netlink: 'syz.0.7225': attribute type 4 has an invalid length.
[  454.689431][T23138] netlink: 17 bytes leftover after parsing attributes in process `syz.0.7225'.
[  454.705942][T23170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  454.730786][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  454.778877][T23178] hub 9-0:1.0: USB hub found
[  454.783557][T23178] hub 9-0:1.0: 8 ports detected
[  454.813315][T23182] hub 9-0:1.0: USB hub found
[  454.819701][T23182] hub 9-0:1.0: 8 ports detected
[  454.918741][T23192] hub 9-0:1.0: USB hub found
[  454.923393][T23192] hub 9-0:1.0: 8 ports detected
[  454.950345][T23196] loop7: detected capacity change from 0 to 128
[  454.952469][T23198] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  454.963934][T23198] IPv6: NLM_F_CREATE should be set when creating new route
[  454.983031][T23196] bio_check_eod: 82 callbacks suppressed
[  454.983042][T23196] syz.7.7246: attempt to access beyond end of device
[  454.983042][T23196] loop7: rw=2049, sector=138, nr_sectors = 8 limit=128
[  455.066239][T23205] 9pnet: Could not find request transport: fd0x0000000000000005
[  455.167166][T23215] hub 9-0:1.0: USB hub found
[  455.172110][T23215] hub 9-0:1.0: 8 ports detected
[  455.257839][T23228] loop5: detected capacity change from 0 to 512
[  455.281932][T23232] 9pnet_fd: Insufficient options for proto=fd
[  455.308508][T23230] hub 8-0:1.0: USB hub found
[  455.313923][T23230] hub 8-0:1.0: 8 ports detected
[  456.487694][T23251] netlink: 'syz.5.7263': attribute type 4 has an invalid length.
[  456.495490][T23251] netlink: 17 bytes leftover after parsing attributes in process `syz.5.7263'.
[  456.715444][T23261] loop6: detected capacity change from 0 to 512
[  456.787341][T23261] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  456.800875][T23261] ext4 filesystem being mounted at /496/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  456.839529][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.866173][T23273] loop6: detected capacity change from 0 to 512
[  456.931261][T23271] usb usb8: usbfs: process 23271 (syz.7.7273) did not claim interface 0 before use
[  456.943144][T23280] loop6: detected capacity change from 0 to 512
[  456.977531][T23280] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  457.005889][T23280] ext4 filesystem being mounted at /500/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  457.017035][   T29] kauditd_printk_skb: 749 callbacks suppressed
[  457.017047][   T29] audit: type=1326 audit(1758078670.948:24078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b0fa5d510 code=0x7ffc0000
[  457.047103][   T29] audit: type=1326 audit(1758078670.948:24079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f0b0fa5d8f7 code=0x7ffc0000
[  457.070580][   T29] audit: type=1326 audit(1758078670.948:24080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b0fa5d510 code=0x7ffc0000
[  457.095012][T23283] loop1: detected capacity change from 0 to 1024
[  457.101636][T23283] EXT4-fs: Ignoring removed orlov option
[  457.112304][   T29] audit: type=1326 audit(1758078670.948:24081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  457.135908][   T29] audit: type=1326 audit(1758078670.948:24082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  457.159606][   T29] audit: type=1326 audit(1758078670.948:24083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  457.170494][T23289] hub 9-0:1.0: USB hub found
[  457.183161][   T29] audit: type=1326 audit(1758078670.948:24084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  457.211309][   T29] audit: type=1326 audit(1758078670.948:24085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  457.221651][T23289] hub 9-0:1.0: 8 ports detected
[  457.235024][   T29] audit: type=1326 audit(1758078670.948:24086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  457.235053][   T29] audit: type=1326 audit(1758078670.948:24087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23279 comm="syz.6.7277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b0fa5eba9 code=0x7ffc0000
[  457.289750][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.300734][T23283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  457.429818][T23303] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23303 comm=syz.0.7285
[  457.442632][T23303] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=23303 comm=syz.0.7285
[  457.478646][T23303] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  457.529890][T23308] loop5: detected capacity change from 0 to 512
[  457.544019][T23308] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  457.568805][T23308] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  457.586305][T23308] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.7286: bg 0: block 248: padding at end of block bitmap is not set
[  457.600795][T23316] hub 9-0:1.0: USB hub found
[  457.601809][T23308] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.7286: Failed to acquire dquot type 1
[  457.615996][T23316] hub 9-0:1.0: 8 ports detected
[  457.650806][T23308] EXT4-fs (loop5): 1 truncate cleaned up
[  457.657127][T23308] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback.
[  457.708406][T23324] loop6: detected capacity change from 0 to 1024
[  457.720134][T22726] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0008-000000000000.
[  457.736660][T23324] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  457.755909][T23324] ext4 filesystem being mounted at /505/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  457.770443][T23330] loop5: detected capacity change from 0 to 1024
[  457.778649][T23330] EXT4-fs: Ignoring removed orlov option
[  457.785236][T23324] FAULT_INJECTION: forcing a failure.
[  457.785236][T23324] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  457.798614][T23324] CPU: 1 UID: 0 PID: 23324 Comm: syz.6.7293 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  457.798644][T23324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  457.798658][T23324] Call Trace:
[  457.798663][T23324]  <TASK>
[  457.798669][T23324]  __dump_stack+0x1d/0x30
[  457.798813][T23324]  dump_stack_lvl+0xe8/0x140
[  457.798832][T23324]  dump_stack+0x15/0x1b
[  457.798848][T23324]  should_fail_ex+0x265/0x280
[  457.798870][T23324]  should_fail_alloc_page+0xf2/0x100
[  457.798979][T23324]  __alloc_frozen_pages_noprof+0xff/0x360
[  457.799036][T23324]  alloc_pages_mpol+0xb3/0x250
[  457.799083][T23324]  folio_alloc_noprof+0x97/0x150
[  457.799127][T23324]  filemap_alloc_folio_noprof+0x66/0x210
[  457.799160][T23324]  __filemap_get_folio+0x28f/0x6b0
[  457.799185][T23324]  ext4_da_write_begin+0x3ac/0x6e0
[  457.799220][T23324]  generic_perform_write+0x181/0x490
[  457.799334][T23324]  ext4_buffered_write_iter+0x1ee/0x3c0
[  457.799374][T23324]  ? ext4_file_write_iter+0xfe/0xf00
[  457.799481][T23324]  ext4_file_write_iter+0x383/0xf00
[  457.799542][T23324]  ? 0xffffffff81000000
[  457.799558][T23324]  ? __rcu_read_unlock+0x4f/0x70
[  457.799578][T23324]  ? avc_policy_seqno+0x15/0x30
[  457.799604][T23324]  ? selinux_file_permission+0x1e4/0x320
[  457.799685][T23324]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  457.799745][T23324]  vfs_write+0x52a/0x960
[  457.799778][T23324]  __x64_sys_pwrite64+0xfd/0x150
[  457.799886][T23324]  x64_sys_call+0xc4d/0x2ff0
[  457.799913][T23324]  do_syscall_64+0xd2/0x200
[  457.799953][T23324]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  457.799999][T23324]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  457.800032][T23324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.800111][T23324] RIP: 0033:0x7f0b0fa5eba9
[  457.800129][T23324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.800198][T23324] RSP: 002b:00007f0b0e4c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  457.800216][T23324] RAX: ffffffffffffffda RBX: 00007f0b0fca5fa0 RCX: 00007f0b0fa5eba9
[  457.800252][T23324] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000004
[  457.800344][T23324] RBP: 00007f0b0e4c7090 R08: 0000000000000000 R09: 0000000000000000
[  457.800360][T23324] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000001
[  457.800375][T23324] R13: 00007f0b0fca6038 R14: 00007f0b0fca5fa0 R15: 00007fff8c8c95d8
[  457.800443][T23324]  </TASK>
[  458.046405][T23330] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  458.063676][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.085045][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  458.114028][T23335] loop6: detected capacity change from 0 to 1024
[  458.122471][T23335] EXT4-fs: Ignoring removed orlov option
[  458.132307][T23334] hub 9-0:1.0: USB hub found
[  458.137708][T23334] hub 9-0:1.0: 8 ports detected
[  458.146032][T23335] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  458.179831][T23328] netlink: 'syz.7.7295': attribute type 4 has an invalid length.
[  458.187675][T23328] netlink: 17 bytes leftover after parsing attributes in process `syz.7.7295'.
[  458.456093][T22726] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.609798][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.681311][T23356] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  458.733555][T23360] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23360 comm=syz.6.7306
[  458.748460][T23362] loop5: detected capacity change from 0 to 128
[  458.755460][T23360] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53506 sclass=netlink_route_socket pid=23360 comm=syz.6.7306
[  458.777720][T23360] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  458.804383][T23362] syz.5.7307: attempt to access beyond end of device
[  458.804383][T23362] loop5: rw=2049, sector=138, nr_sectors = 8 limit=128
[  458.818104][T23341] loop1: detected capacity change from 0 to 512
[  458.874316][T23341] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  458.890621][T23341] ext4 filesystem being mounted at /118/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  458.921528][T21245] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.092435][T23386] FAULT_INJECTION: forcing a failure.
[  459.092435][T23386] name failslab, interval 1, probability 0, space 0, times 0
[  459.105237][T23386] CPU: 1 UID: 0 PID: 23386 Comm: syz.1.7316 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  459.105285][T23386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  459.105314][T23386] Call Trace:
[  459.105320][T23386]  <TASK>
[  459.105329][T23386]  __dump_stack+0x1d/0x30
[  459.105353][T23386]  dump_stack_lvl+0xe8/0x140
[  459.105405][T23386]  dump_stack+0x15/0x1b
[  459.105431][T23386]  should_fail_ex+0x265/0x280
[  459.105454][T23386]  should_failslab+0x8c/0xb0
[  459.105482][T23386]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  459.105619][T23386]  ? sidtab_sid2str_get+0xa0/0x130
[  459.105638][T23386]  ? skb_put+0xa9/0xf0
[  459.105662][T23386]  kmemdup_noprof+0x2b/0x70
[  459.105687][T23386]  sidtab_sid2str_get+0xa0/0x130
[  459.105729][T23386]  security_sid_to_context_core+0x1eb/0x2e0
[  459.105755][T23386]  security_sid_to_context+0x27/0x40
[  459.105774][T23386]  avc_audit_post_callback+0x9d/0x520
[  459.105797][T23386]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  459.105904][T23386]  common_lsm_audit+0x1bb/0x230
[  459.105935][T23386]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  459.106036][T23386]  ? avc_denied+0xe4/0x100
[  459.106056][T23386]  slow_avc_audit+0x104/0x140
[  459.106083][T23386]  avc_has_perm+0x13a/0x180
[  459.106168][T23386]  sel_write_validatetrans+0xe3/0x370
[  459.106201][T23386]  ? __pfx_sel_write_validatetrans+0x10/0x10
[  459.106280][T23386]  vfs_write+0x269/0x960
[  459.106304][T23386]  ? __rcu_read_unlock+0x4f/0x70
[  459.106327][T23386]  ? __fget_files+0x184/0x1c0
[  459.106350][T23386]  ksys_write+0xda/0x1a0
[  459.106426][T23386]  __x64_sys_write+0x40/0x50
[  459.106464][T23386]  x64_sys_call+0x27fe/0x2ff0
[  459.106488][T23386]  do_syscall_64+0xd2/0x200
[  459.106526][T23386]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  459.106628][T23386]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  459.106753][T23386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.106780][T23386] RIP: 0033:0x7fcd3c23eba9
[  459.106893][T23386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.106966][T23386] RSP: 002b:00007fcd3aca7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  459.106990][T23386] RAX: ffffffffffffffda RBX: 00007fcd3c485fa0 RCX: 00007fcd3c23eba9
[  459.107007][T23386] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000003
[  459.107021][T23386] RBP: 00007fcd3aca7090 R08: 0000000000000000 R09: 0000000000000000
[  459.107034][T23386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.107046][T23386] R13: 00007fcd3c486038 R14: 00007fcd3c485fa0 R15: 00007fff78ca4458
[  459.107065][T23386]  </TASK>
[  459.437397][T23395] loop6: detected capacity change from 0 to 512
[  459.467853][T23395] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  459.480639][T23395] ext4 filesystem being mounted at /515/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  459.535458][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.605056][T23410] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  459.666865][T23418] hub 9-0:1.0: USB hub found
[  459.670228][T23417] loop6: detected capacity change from 0 to 512
[  459.671561][T23418] hub 9-0:1.0: 8 ports detected
[  459.713860][T23417] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  459.727919][T23417] ext4 filesystem being mounted at /520/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  459.754897][T17155] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.779834][T23431] hub 9-0:1.0: USB hub found
[  459.785339][T23431] hub 9-0:1.0: 8 ports detected
[  459.829856][T23437] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  459.836513][T23437] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  459.844017][T23437] vhci_hcd vhci_hcd.0: Device attached
[  459.852242][T23438] vhci_hcd: connection closed
[  459.852750][ T1727] vhci_hcd: stop threads
[  459.861876][ T1727] vhci_hcd: release socket
[  459.866380][ T1727] vhci_hcd: disconnect device
[  459.866559][T23444] FAULT_INJECTION: forcing a failure.
[  459.866559][T23444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  459.884213][T23444] CPU: 0 UID: 0 PID: 23444 Comm: syz.1.7338 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  459.884245][T23444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  459.884262][T23444] Call Trace:
[  459.884270][T23444]  <TASK>
[  459.884280][T23444]  __dump_stack+0x1d/0x30
[  459.884321][T23444]  dump_stack_lvl+0xe8/0x140
[  459.884343][T23444]  dump_stack+0x15/0x1b
[  459.884379][T23444]  should_fail_ex+0x265/0x280
[  459.884407][T23444]  should_fail+0xb/0x20
[  459.884433][T23444]  should_fail_usercopy+0x1a/0x20
[  459.884466][T23444]  strncpy_from_user+0x25/0x230
[  459.884572][T23444]  ? kmem_cache_alloc_noprof+0x186/0x310
[  459.884639][T23444]  ? getname_flags+0x80/0x3b0
[  459.884671][T23444]  getname_flags+0xae/0x3b0
[  459.884705][T23444]  do_sys_openat2+0x60/0x110
[  459.884744][T23444]  __x64_sys_openat+0xf2/0x120
[  459.884875][T23444]  x64_sys_call+0x2e9c/0x2ff0
[  459.884991][T23444]  do_syscall_64+0xd2/0x200
[  459.885097][T23444]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  459.885129][T23444]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  459.885249][T23444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.885303][T23444] RIP: 0033:0x7fcd3c23d510
[  459.885316][T23444] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  459.885337][T23444] RSP: 002b:00007fcd3aca6f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  459.885356][T23444] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcd3c23d510
[  459.885367][T23444] RDX: 0000000000000000 RSI: 00007fcd3c2c1f06 RDI: 00000000ffffff9c
[  459.885377][T23444] RBP: 00007fcd3c2c1f06 R08: 0000000000000000 R09: 0000000000000000
[  459.885387][T23444] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  459.885398][T23444] R13: 00007fcd3c486038 R14: 00007fcd3c485fa0 R15: 00007fff78ca4458
[  459.885492][T23444]  </TASK>
[  460.110895][T23449] loop1: detected capacity change from 0 to 1024
[  460.118735][T23449] EXT4-fs: Ignoring removed orlov option
[  460.127367][T23449] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  460.294775][T23468] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  460.325607][T23472] loop7: detected capacity change from 0 to 512
[  460.336900][T23472] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  460.351370][T23472] ext4 filesystem being mounted at /476/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  460.407594][T23485] netlink: 'syz.7.7357': attribute type 21 has an invalid length.
[  460.415617][T23485] netlink: 132 bytes leftover after parsing attributes in process `syz.7.7357'.
[  460.507882][T23496] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  460.617202][T23511] loop6: detected capacity change from 0 to 512
[  460.625418][T23511] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended
[  460.655885][T23511] EXT4-fs warning (device loop6): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  460.671913][T23511] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.7369: bg 0: block 248: padding at end of block bitmap is not set
[  460.686519][T23517] loop7: detected capacity change from 0 to 1024
[  460.687751][T23511] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.7369: Failed to acquire dquot type 1
[  460.693231][T23517] EXT4-fs: Ignoring removed orlov option
[  460.706428][T23511] EXT4-fs (loop6): 1 truncate cleaned up
[  460.788083][T23517] ==================================================================
[  460.796195][T23517] BUG: KCSAN: data-race in filemap_read / filemap_read
[  460.803064][T23517] 
[  460.805398][T23517] read to 0xffff8881044bdb28 of 8 bytes by task 23525 on cpu 1:
[  460.813032][T23517]  filemap_read+0x6f/0xa00
[  460.817462][T23517]  generic_file_read_iter+0x79/0x330
[  460.822755][T23517]  ext4_file_read_iter+0x1cc/0x290
[  460.827982][T23517]  copy_splice_read+0x442/0x660
[  460.832839][T23517]  splice_direct_to_actor+0x290/0x680
[  460.838214][T23517]  do_splice_direct+0xda/0x150
[  460.842982][T23517]  do_sendfile+0x380/0x650
[  460.847412][T23517]  __x64_sys_sendfile64+0x105/0x150
[  460.852618][T23517]  x64_sys_call+0x2bb0/0x2ff0
[  460.857298][T23517]  do_syscall_64+0xd2/0x200
[  460.861817][T23517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.867716][T23517] 
[  460.870042][T23517] write to 0xffff8881044bdb28 of 8 bytes by task 23517 on cpu 0:
[  460.877748][T23517]  filemap_read+0x974/0xa00
[  460.882247][T23517]  generic_file_read_iter+0x79/0x330
[  460.887535][T23517]  ext4_file_read_iter+0x1cc/0x290
[  460.892678][T23517]  copy_splice_read+0x442/0x660
[  460.897524][T23517]  splice_direct_to_actor+0x290/0x680
[  460.902890][T23517]  do_splice_direct+0xda/0x150
[  460.907653][T23517]  do_sendfile+0x380/0x650
[  460.912079][T23517]  __x64_sys_sendfile64+0x105/0x150
[  460.917288][T23517]  x64_sys_call+0x2bb0/0x2ff0
[  460.921969][T23517]  do_syscall_64+0xd2/0x200
[  460.926500][T23517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.932390][T23517] 
[  460.934706][T23517] value changed: 0x0000000000000163 -> 0x0000000000000164
[  460.941807][T23517] 
[  460.944128][T23517] Reported by Kernel Concurrency Sanitizer on:
[  460.950282][T23517] CPU: 0 UID: 0 PID: 23517 Comm: syz.7.7371 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  460.960086][T23517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  460.970140][T23517] ==================================================================