last executing test programs:

2m36.151537288s ago: executing program 3 (id=4785):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0})
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4}, 0x10)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000200), 0x800)
r5 = open(&(0x7f0000000240)='./file1\x00', 0x14d142, 0x0)
sendfile(r5, r5, 0x0, 0x800000009)

2m36.085028893s ago: executing program 3 (id=4786):
r0 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

2m36.043123867s ago: executing program 3 (id=4788):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00')
r0 = open(&(0x7f0000000280)='./bus\x00', 0x80e40, 0x80)
ioctl$int_out(r0, 0x5460, &(0x7f00000003c0))
socket(0x2, 0x80805, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000004c0)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x9, 0x4)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xffffffffffffff32, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/timers\x00', 0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000300240248ff050005001200", 0x2e}], 0x1}, 0x0)

2m35.036247398s ago: executing program 3 (id=4797):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='hugetlbfs\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})
r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$selinux_load(r3, &(0x7f0000000000)=ANY=[], 0x44f0)

2m34.921666018s ago: executing program 3 (id=4803):
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
accept$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000002c0)=0x14)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e"], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
ioctl$FIONCLEX(r2, 0x5450)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
r10 = socket$kcm(0x2d, 0x2, 0x0)
sendmsg$IPSET_CMD_LIST(r10, 0x0, 0x40041)
accept(r10, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac010902"], 0x0)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0xc0, &(0x7f0000000380)={[{@dots}, {@fat=@nfs}, {@nodots}, {@fat=@nfs_nostale_ro}, {@nodots}, {@nodots}, {@nodots}, {@fat=@errors_continue}, {@dots}, {@dots}]}, 0x1, 0x255, &(0x7f0000000a40)="$eJzs3cFq1FAUBuDTdqadFsGuxUXAjauivsEgI4gBYWQWunKgumlFSDfR1TyGz+Aj+RhddRexCWknUVBJm7b5Pgg57c+Fcze5M3Bv5v3DT0eHn08+Fj++xWSSxChiFWcR+7EZW1HaqO6b5/V2XLYKAOC2mc+X0757oEMb7X9l2XQ5joidVrL4fj1NAQAAAAAAAAAA0DX7/wFgeOz/v/uybLrcqz6/rbP/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjPWVHcL9auexFx8Xff/QEA3Wuv/+tX3/0BAN2r1/9d6z8ADIXv/wAwPG/evns1TdPZPEkmEaerfJEvynuZv3iZzp4k5/YvRp3m+WJc1ensaZknzXyvGv/st/l2PH5U5r+y56/TRr4Th1c9eQAAAAAAAAAAAAAAAAAAALghDpJa43z/Vpkf/Ckvq0vvB2ic3x/Fg9G1TQMAAAAAAAAAAAAAAAAAAAButZMvX4+Wx8cfMoWiLnbjP0ZN4mY0r/iXoqgeBK3orx4f3vABAAAAAAAAAAAAAAAAAAAdqg/9jvvuBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6U//+/xUWfc8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGIafAQAA//9o64rH")
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x16f)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r0)
close_range(r1, 0xffffffffffffffff, 0x0)

2m34.610325933s ago: executing program 3 (id=4806):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000140)={0x0, 0x20d302, 0x0}, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), 0x4)
r2 = dup3(r0, r1, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88)

2m34.591008314s ago: executing program 32 (id=4806):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x200000, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000140)={0x0, 0x20d302, 0x0}, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), 0x4)
r2 = dup3(r0, r1, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88)

3.716213861s ago: executing program 4 (id=8215):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030080e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x24004000)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r4)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, r5, 0x8, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffffffff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x4040)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18)
mq_open(0x0, 0x42, 0x0, 0x0)
write$binfmt_aout(r6, &(0x7f00000003c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r9 = syz_open_pts(r6, 0x121881)
ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000000180)=0xff)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8982, &(0x7f0000004300)={0x7, 'vlan1\x00', {0x3}, 0x549})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r1, 0x0, 0x6}, 0x18)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x103940)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r10, 0x4058534c, &(0x7f0000000040)={0x80, 0xc, 0xff, 0xffffefff, 0x2, 0x2})
r11 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r11, 0x6, 0x8, &(0x7f0000000a00)=0xbfab, 0x4)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@ipv4_getrule={0x1c, 0x22, 0x8, 0x70bd2a, 0x25dfdbfe, {0x2, 0x80, 0x14, 0x8, 0x3, 0x0, 0x0, 0x0, 0x10000}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x48890}, 0x0)

3.636616678s ago: executing program 4 (id=8218):
setresgid(0xee00, 0x0, 0xee00)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x7)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r4}, 0x18)
close(r3)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r5, 0x5607, 0x2c)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TIOCL_SETVESABLANK(r7, 0x560e, &(0x7f0000000140))
socket$packet(0x11, 0x3, 0x300)
ioctl$TIOCL_BLANKSCREEN(r7, 0x541c, &(0x7f0000000040))
sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fd", 0x42, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.729060011s ago: executing program 4 (id=8243):
r0 = perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0x3, 0x80, 0x10, 0xc, 0x0, 0x1000000004, 0x80, 0x8, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000080), 0x6}, 0x9010, 0x5, 0x0, 0x8, 0x100, 0x7, 0x38c7, 0x0, 0x8, 0x0, 0x60403f5}, 0x0, 0xd, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x8, 0x6f, 0x6, 0x70, 0x0, 0x2be4, 0x89, 0x4, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x4, @perf_config_ext={0x7, 0x4}, 0x200, 0x10000000000, 0x8, 0x9, 0x9, 0xb062, 0xf, 0x0, 0x9, 0x0, 0x61}, 0x0, 0xb, r0, 0xb)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={<r3=>0xffffffffffffffff})
splice(r3, 0x0, r1, 0x0, 0x10000008ebc, 0x0)

2.445882163s ago: executing program 2 (id=8253):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet_sctp(r1, &(0x7f0000001f00)=[{&(0x7f0000000000)=@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000040)="ca", 0x1}], 0x1, 0x0, 0x0, 0x4000414}], 0x1, 0x4008851)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000001180)={0x0, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x8, 0x4, 0x2, 0x800, 0x2}, &(0x7f00000000c0)=0x98)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r0, 0x1, 0x5001)

2.390025698s ago: executing program 2 (id=8254):
setresgid(0xee00, 0x0, 0xee00)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x7)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
close(r3)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r5, 0x5607, 0x2c)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TIOCL_SETVESABLANK(r7, 0x560e, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$TIOCL_BLANKSCREEN(r7, 0x541c, &(0x7f0000000040))
sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fd", 0x42, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.069751733s ago: executing program 0 (id=8255):
r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r0, 0x100, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x14, 0x18, {0x8, @bearer=@udp='udp:syz2\x00'}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40001)
kexec_load(0x8, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="b0d6", 0x2, 0xc000000000, 0x80000000}], 0x0)

1.809754844s ago: executing program 4 (id=8257):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, [@printk={@ld}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x84b0, 0x1)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1f9}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r2, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r5, &(0x7f0000000300)="6ff98344bd528845cc592d5d7b6687bbcd4ff00d92d9459df04e6fa9fa3a94f6c429661e4a71faa23eccb38d1f130c0344ad3aeb6d09cc383052262a60a9b03002ed18646bdec9154af55fb8eac17e8a2d57767414cfcc11e2dffd8ace830689f2e1b482a160bc5fe14e00cd4ea411357fc57161c6bf7e8d43f889", &(0x7f0000000480)=""/252}, 0x20)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
close(r6)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

1.544616646s ago: executing program 2 (id=8265):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a00)=ANY=[@ANYBLOB="340000001800010029bd7000fddbdf251d010400080005000209f50215000300030000200503000054831bdbae1d82b302000000e0852f7bc9ea1fa4b3cb2b148b57fc59d7366218123e4c3d8070ef9ec17902d891f48da9a5c7004af619be93c92c4b1d8bc9c0be441446faa7c86da0be1f394794c642b4bc31ae944da553f9b93740981351050bdf119fcaa6f6ec0ae1b3b18c827aba72edc5040bd38e6da4b6455eed7b789c51a5d40bf8684cc4a2bdcc739a7756520b93e3bd08409b81de308f51850df38cd3db043b53bb8d4851d29d3f1db367f5529f85d37fd77dc0d83ef935e9763351cf2af631e2666f043b5da5e596be45168f98cdb3183d13eedb3e37a3bea52e10d5024c42ad24e2f8871abf341bdcac5baf99401abb36601fd7c8dd439f856013495f93df0f65ba7e6a08efaa0ea94eb13082623fc9e497baaa17e0440fdf5d1c70e5d666191e1aed849cb354ce49e6acae25c08e454489189491114df58e324fb61a208439cc7ab96be2c95ea61342141399a4b8d5ab8e68607b602ff60f74122e3b58becde4d1b99524af"], 0x34}}, 0x4c0c8)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r1 = gettid()
ptrace$setregset(0x4205, 0xffffffffffffffff, 0x4, &(0x7f0000000400)={&(0x7f0000000680)="5bbf0ae3184dfad29921277905263568ea763505fb3f4654f0bf15d71f1f27e6b7e2d5b3890fe83bf8de826c819529dd5d7af602e673e27f81cea6d9a2ca3556a27e45c6036804f61d5e8ea8a4453828d8d6b8244db4767abc97806f6be4eb437710b5a1eacfe23d8e3243dfe4252a909177892c73ea451314e6d22be9956b50e2a84fc7aa7832b7b8953b350dceeddc31305018771aae63b1bca96d969507a00e6fb473d08b1f229423808843d3250b58d8ef7b6f45f3eb64d53bff5a23192fa8ffd65c7f32d6d2d169f4ecfdc379e2d5b9b9dd42a82a494084a2ceab979071658a064157dca16359fb1a6ac1642f0026dbe3935f160649cdb0cfdc9b98", 0xfe})
r2 = perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x200, 0x20, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x0, 0xe}, 0x4049, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000006fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000240)}], 0x1}}], 0x2, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r6}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0})
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = timerfd_create(0x0, 0x0)
readv(r8, &(0x7f0000000380)=[{&(0x7f0000000d00)=""/161, 0xa1}], 0x1)

1.440414084s ago: executing program 4 (id=8268):
unshare(0x24060400)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x7, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="180500000a0000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000ae6c0000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x6, 0x7fff, 0x1, 'queue0\x00', 0xffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$key(0xffffffffffffffff, 0x0, 0x20000050)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f00000068c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb86dd6007000000303a00fe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="1238468cbfc91cccade9b4a07e5880d55623fdb9778eec4edcf25632f55098be7a1665604bcce5a2771a134761df505aa15bfea8672400d13de6fc9838ae98f47e769cdfab1b65e3d2e50ea24f90a2d43e4a037712cdf1492f34685bba20ea2a0e03de6396f63588cb50bd795a6244933f2c8f1e6c89b5e7c090fdb14dd8908f06b8397b2bbb363f74dccb2dafa1f2c8484259ca66d47aa3fd00fb40fcde4503eb6bece5a1802e25b5efd20155cd98edf823c266687f67de85279cd1be72de69d8f854c120274a9af32e5ca959751f2a984156dd3b447c898f770b3debfc646c4490f547755cb75cb6125ff9b1fe466717c5832f36573dfcee02988e1548e992e8aa47c5dafb1202aa20b0164ea7b72b5fdd0fec5eaa92dd0c1e4b5f1dbb6ff163323e8fabdbddfb5b3d9a6dcec54b36aaa5f43f4e4210c995788dd56a68754517b52a6375c237d0bcafc07e850e0bdad258a97acf6181eb"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0xe, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
listxattr(&(0x7f0000000fc0)='./file0\x00', 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCL_BLANKSCREEN(r6, 0x4b67, &(0x7f0000000180))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x207, &(0x7f0000000000), 0x1, 0x469, &(0x7f0000000100)="$eJzs3M9vFFUcAPDv7G5BfnZF/AGiomgk/mhpQeXgRRMTD5qY6AGPtRSCLNTQmghpbDEELyZKwt2YeDHxL/DkiagnE694NyTEcAE9rRl2dtlud8u2u91t3c8nGfpe9+2+73dm3s6bGaYBDKz96T9JxPaIuB4RwxGRq2+wpbKk7e7cmpv859bcZBLl8vt/J+nb4vatuclq0yT7ua1SKaQflLuURLFJvzPnL5yeKJWmzmX10dkzn4zOnL/w8qkzEyenTk6dHT969MjhsddeHX+lK3mmMd3e+/n0vj1vf3jl3cljVz769cdKvOXy1WuHFuXRHUMRMVdbJ42e625nfbejrpwU+hgIK7I5IgrZ3no9hiN/aWftteF464u+BgesqXK5XB5v/fJCGfgfS6LfEQD9UT3Qp+e/1aVHU4914eYblROgNO872VJ5pRAXszZDDee33bQ/Io4t/PttukTD9RQAgLXwczr/eanJ/K8Y8Uhdu53ZvaFiRDwYEbsi4qGI2B0RD0el7aMR8dgK+9/fUF86/8ndWF1m7Unnf69n97YWz/9qd8GK+ay2427+Q8mJU6WpQ9k6ORhDm9P6WNNPTyIW0p9/fN2q//r5X7qk/VfnglkcNwqbF7/n+MTsRMeJZ25ejNhbaJZ/EoV7WcSeiNi7yj5OvfDDvsW/yddK989/GV24z1T+LuL5yvZfiIb8q5Ll70+OPhClqUOj1b1iqd9+v/xeq/47yr8L0u2/ten+X8u/mNTfr51Z8hGb7tfH5T+/bHlOs9r9f1PywaLOP5uYnT03FrEpeWfp7+sucFfr1fZp/gcPNB//u+Lemng8ItKd+ImIeDIinspifzoinomIA8vk/8ubz368+vzXVpr//Iq2/8oL+dPXfmrVf3vb/0i1cjeodr7/2g2wk3UHAAAAG0UuIrZHkhuplXO5kZHK/5ffHVtzpemZ2RdPTH969njlGYFiDOWqV7qG666HjmXXhqv18aw+n9UPZ9eNr+a33K2PTE6Xjvc7eRhw21qM/9Rf+X5HB6w5z2vB4DL+YXCtfvz75oCN7j6jONerOIDecxSHwdVs/M/3IQ6g9xz/YXDVxv83bTSue9yr8eFNYONx/IfBZfzDQOrkuf51UYjvI5Zvk6yXUFdU+KqTtxd6EGHk1seK6mFhPB/RxzAK7f5Vizhfnu+4035/MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTHfwEAAP//qO7n/A==")
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)
socket$netlink(0x10, 0x3, 0x14)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000300)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, 0xee01}}, './file0\x00'})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000780)=0xc)
socket$nl_generic(0x10, 0x3, 0x10)

1.356197891s ago: executing program 1 (id=8270):
unshare(0x2c020400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)

1.270012798s ago: executing program 1 (id=8271):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb0100180000000000000014a3ed66000000140000000600000201e9ffff00000006040000e8d3b88e000d00000000612e655f00"], 0x0, 0x32, 0x0, 0x1}, 0x28)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x20000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
pipe2(&(0x7f0000000840), 0x0)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x8000001f)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x8000003d)
close_range(r3, r4, 0x0)
getsockname$l2tp6(r4, &(0x7f0000000440)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000480)=0x20)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
write$UHID_CREATE2(r5, 0x0, 0x0)

973.937682ms ago: executing program 0 (id=8272):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
openat$dir(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file1\x00', 0x81c0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x0) (fail_nth: 3)

939.092445ms ago: executing program 1 (id=8273):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x73, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x7fff, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40)

893.029958ms ago: executing program 0 (id=8274):
socket(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x540, 0x2, 0x9}}}}}, 0x0)

892.324158ms ago: executing program 1 (id=8276):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000001000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x205, 0x70bd2d, 0x25dfdbfe, {{}, {}, {0x10, 0x13, @udp='udp:syz2\x00'}}}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x8840)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

846.138232ms ago: executing program 0 (id=8277):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

840.627012ms ago: executing program 1 (id=8278):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, [@printk={@ld}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x84b0, 0x1)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1f9}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r2, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r5, &(0x7f0000000300)="6ff98344bd528845cc592d5d7b6687bbcd4ff00d92d9459df04e6fa9fa3a94f6c429661e4a71faa23eccb38d1f130c0344ad3aeb6d09cc383052262a60a9b03002ed18646bdec9154af55fb8eac17e8a2d57767414cfcc11e2dffd8ace830689f2e1b482a160bc5fe14e00cd4ea411357fc57161c6bf7e8d43f889", &(0x7f0000000480)=""/252}, 0x20)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
close(r6)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

810.730065ms ago: executing program 4 (id=8279):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x78502, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r3 = fcntl$dupfd(r2, 0x0, r2)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x1}], 0x1})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000000000)={0xc, {"a2e3ad2109c752f91b5a470987f70e06d038e7ff7fc6e5539b3245078b089b3208336d060890e0878f0e1ac6e70a9b3368959b6c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b38070d095d0936cd3b78130daa61f8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6cb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
openat$cgroup_ro(r5, &(0x7f0000000380)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x4d10, 0x2, 0x2, 0x0, 0x0)
read$usbfs(r3, &(0x7f0000001040)=""/192, 0xc0)
write$tun(r3, &(0x7f0000000400)=ANY=[], 0xa2)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f00000000c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000080)={<r6=>0xffffffffffffffff}, 0x3, 0xffffffffffffffff, 0x30, 0x1, @in6={0xa, 0x4e23, 0x4aa, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}}}, 0xa0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, 0x0, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000000c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000080), r6}}, 0x18)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000240)={[{@errors_remount}, {@noinit_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@errors_remount}, {@block_validity}, {@grpjquota}]}, 0x3, 0x45b, &(0x7f00000010c0)="$eJzs281rHOUfAPDvTJL217dfYq0vfVGjVQy+JE1atQcvioIHBcFLPcYkLbXbRpoIthStIvUoBcGjeBT8CzzpRdST4FXvUijSi9XTyuzOdF+6u0nTTabNfj4w2eeZeWbn+c4zz+4z82QDGFjj2Z8kYmdE/B4Ro/Vsa4Hx+sv1axfm/rl2YS6JavWtv5Jaub+vXZgrihb77cgzE2lE+mkS+zscd+nc+VOzlcrC2Tw/tXz6vamlc+efPXl69sTCiYUzM0ePHjk8/cLzM8/1Jc57srru+3DxwN7X3r78xtyxy+/8/G1SxN8WR5+M99r4RLXa58OVa1dTOhlexQ5D61gZVi1rhqy5Rmr9fzSGotF4o/HqJ6VWDlhX1VyXzRerwCaWRNk1AMpRfNFn97/FsnGjj/Jdfal+A5TFfT1f6luGI83LjLTd3/bTeEQcu/jvV9kS6/McAgCgxffZ+OeZTuO/NO5vKvf/2FqbGxrL51J2R8S9EbEnIu6LqJV9ICIe7HSQHhMC7ZMkN49/0itrj25l2fjvxXxuq3X8V4z+Ymwoz+2qxT+SHD9ZWThUOycREzGyNctP9zjGD6/89nm3bc3jv2zJjl+MBfN6XBne2rrP/Ozy7O3E3OzqxxH7hjvFn9yYCUgiYm9E7FvjMU4+9c2BbttWjr+H1cwzraD6dcST9fa/GG3xF5Le85NT/4vKwqGp4qq42S+/Xnqz2/FvK/4+yNp/e8fr/0b8Y0nzfO3Srbx7vXdf+uOzrvc0k2u6/hsrtuSvH8wuL5+djtiSvF6vdPP6mca+Rb4on8U/cbBz/98djTOxPyKyi/ihiHg4Ih7Jo3s0Ih6LiIM9zsJPLz/+bq8zVHb7z7e1/1hrkbb2byS2RPuazomhUz9+1/qOjeTqPv+O1FIT+Zra59+XveNaTb1u9WoGAACAu1UaETsjSSdvpNN0crL+P/x7YntaWVxafvr44vtn5uu/ERiLkbR40jXa9Dx0Or+tL/IzbfnD+XPjL4a21fKTc4uV+bKDhwG3o0v/z/zpNxqw+fVhHg24S+n/MLj0fxhc+j8Mrg79f1sZ9QA2Xqfv/49KqAew8dr6v2k/GCDu/2Fw6f8wuJr7f1JiPYANtbQtVv6R/GZIVKvV6h1Qjc2TiPSOqEZ/Esk694KdZQd464myP5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6478AAAD//+Jk61o=")
r7 = syz_open_dev$usbfs(&(0x7f0000000180), 0x2, 0x101)
ioctl$USBDEVFS_RELEASE_PORT(r7, 0x80045519, &(0x7f00000001c0)=0x20000000)
socket$kcm(0x23, 0x5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x200480, &(0x7f00000005c0))

740.390181ms ago: executing program 0 (id=8281):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x73, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x7fff, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40)

728.752331ms ago: executing program 5 (id=8282):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0)

642.881138ms ago: executing program 2 (id=8283):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write(r2, 0x0, 0x0)
splice(r2, &(0x7f0000000180), r1, 0x0, 0x4, 0x0)

618.930881ms ago: executing program 5 (id=8284):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000840)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

586.346063ms ago: executing program 5 (id=8285):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000840)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

584.058614ms ago: executing program 0 (id=8286):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = socket$inet(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet(0x2, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x2, 0x8200, 0x8b2, 0x5}, &(0x7f0000000080)=0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000003a50007020000f8ffffffb703000000000000b70400000000000085000000c300040095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x10)
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
io_setup(0x9, &(0x7f0000000080))
r8 = epoll_create1(0x80000)
eventfd2(0xffffffff, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r1, &(0x7f0000000b80)={0xe0001016})

569.778964ms ago: executing program 1 (id=8287):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00'}, 0x18)
syz_usbip_server_init(0x1)

536.783387ms ago: executing program 2 (id=8288):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x205, 0x70bd2d, 0x25dfdbfe, {{}, {}, {0x10, 0x13, @udp='udp:syz2\x00'}}}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x8840)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

536.170387ms ago: executing program 5 (id=8289):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, [@printk={@ld}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x84b0, 0x1)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1f9}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r2, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r5, &(0x7f0000000300)="6ff98344bd528845cc592d5d7b6687bbcd4ff00d92d9459df04e6fa9fa3a94f6c429661e4a71faa23eccb38d1f130c0344ad3aeb6d09cc383052262a60a9b03002ed18646bdec9154af55fb8eac17e8a2d57767414cfcc11e2dffd8ace830689f2e1b482a160bc5fe14e00cd4ea411357fc57161c6bf7e8d43f8", &(0x7f0000000480)=""/252}, 0x20)
ioctl$TUNSETIFF(r6, 0x400454ca, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20010814)
close(r6)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

441.139155ms ago: executing program 2 (id=8290):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00'}, 0x18)
syz_usbip_server_init(0x1)

98.414612ms ago: executing program 5 (id=8291):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)

0s ago: executing program 5 (id=8292):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r0}, 0x18)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x3)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r0}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
pread64(0xffffffffffffffff, &(0x7f0000001240)=""/102392, 0x18ff8, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000580)=ANY=[@ANYRES8=r0, @ANYRES64, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x20780, 0x39, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

kernel console output (not intermixed with test programs):

0 R15: 00007ffd89ceb518
[  485.827568][T26256]  </TASK>
[  486.180600][T26263] loop1: detected capacity change from 0 to 512
[  486.195290][T26263] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  486.207324][T26263] EXT4-fs (loop1): 1 orphan inode deleted
[  486.213155][T26263] EXT4-fs (loop1): 1 truncate cleaned up
[  486.272153][T26265] loop2: detected capacity change from 0 to 512
[  486.291420][T26265] ext4 filesystem being mounted at /1419/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  486.741004][T26279] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  486.827518][T26282] tipc: Disabling bearer <eth:syzkaller0>
[  486.882160][T26280] netlink: 'syz.4.7172': attribute type 13 has an invalid length.
[  486.897232][T26279] netlink: 'syz.5.7170': attribute type 13 has an invalid length.
[  487.007372][T26280] 8021q: adding VLAN 0 to HW filter on device $Hÿ
[  487.073830][T26280] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  487.111034][T26279] 8021q: adding VLAN 0 to HW filter on device $Hÿ
[  487.201607][T26279] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  487.522979][T26293] ref_ctr_offset mismatch. inode: 0x1ec7 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  487.779026][T26308] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  487.795089][T26308] tipc: Disabling bearer <eth:syzkaller0>
[  487.859124][T26309] __nla_validate_parse: 4 callbacks suppressed
[  487.859140][T26309] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7177'.
[  487.903351][T26310] netlink: 'syz.0.7182': attribute type 13 has an invalid length.
[  487.938324][T26311] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7177'.
[  487.957698][T26309] netlink: 21 bytes leftover after parsing attributes in process `syz.4.7177'.
[  488.027087][T26310] 8021q: adding VLAN 0 to HW filter on device $Hÿ
[  488.048375][T26310] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  488.103818][T26317] loop1: detected capacity change from 0 to 512
[  488.127460][T26317] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  488.192353][T26317] EXT4-fs (loop1): 1 orphan inode deleted
[  488.198141][T26317] EXT4-fs (loop1): 1 truncate cleaned up
[  488.491640][T26334] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  488.504637][T26334] netlink: 'syz.1.7188': attribute type 13 has an invalid length.
[  488.524850][T26334] 8021q: adding VLAN 0 to HW filter on device $Hÿ
[  488.535284][T26334] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  488.588993][T26341] FAULT_INJECTION: forcing a failure.
[  488.588993][T26341] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  488.602160][T26341] CPU: 1 UID: 0 PID: 26341 Comm: syz.1.7192 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  488.602264][T26341] Tainted: [W]=WARN
[  488.602272][T26341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  488.602287][T26341] Call Trace:
[  488.602293][T26341]  <TASK>
[  488.602300][T26341]  __dump_stack+0x1d/0x30
[  488.602355][T26341]  dump_stack_lvl+0xe8/0x140
[  488.602377][T26341]  dump_stack+0x15/0x1b
[  488.602397][T26341]  should_fail_ex+0x265/0x280
[  488.602430][T26341]  should_fail+0xb/0x20
[  488.602587][T26341]  should_fail_usercopy+0x1a/0x20
[  488.602605][T26341]  _copy_from_user+0x1c/0xb0
[  488.602628][T26341]  memdup_user+0x5e/0xd0
[  488.602654][T26341]  strndup_user+0x68/0xb0
[  488.602702][T26341]  __se_sys_mount+0x4d/0x2e0
[  488.602738][T26341]  ? fput+0x8f/0xc0
[  488.602770][T26341]  ? ksys_write+0x192/0x1a0
[  488.602793][T26341]  __x64_sys_mount+0x67/0x80
[  488.602854][T26341]  x64_sys_call+0x2b4d/0x2ff0
[  488.602879][T26341]  do_syscall_64+0xd2/0x200
[  488.602906][T26341]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  488.602933][T26341]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  488.602980][T26341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.603001][T26341] RIP: 0033:0x7fdac171ebe9
[  488.603015][T26341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  488.603084][T26341] RSP: 002b:00007fdac0187038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  488.603103][T26341] RAX: ffffffffffffffda RBX: 00007fdac1945fa0 RCX: 00007fdac171ebe9
[  488.603116][T26341] RDX: 00002000000002c0 RSI: 0000200000000300 RDI: 0000000000000000
[  488.603163][T26341] RBP: 00007fdac0187090 R08: 00002000000005c0 R09: 0000000000000000
[  488.603175][T26341] R10: 0000000000200480 R11: 0000000000000246 R12: 0000000000000001
[  488.603186][T26341] R13: 00007fdac1946038 R14: 00007fdac1945fa0 R15: 00007ffd10784148
[  488.603205][T26341]  </TASK>
[  489.020405][T26356] netlink: 'syz.1.7199': attribute type 12 has an invalid length.
[  489.142440][T26369] bridge: RTM_NEWNEIGH with invalid ether address
[  489.313313][T26375] netlink: 'syz.4.7208': attribute type 13 has an invalid length.
[  489.334511][T26375] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  489.442791][T26391] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  489.465006][T26391] netlink: 'syz.1.7212': attribute type 13 has an invalid length.
[  489.536335][T26391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  489.569082][T26403] SELinux: ebitmap: truncated map
[  489.575702][T26403] SELinux: failed to load policy
[  489.586473][T26397] FAULT_INJECTION: forcing a failure.
[  489.586473][T26397] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  489.599677][T26397] CPU: 1 UID: 0 PID: 26397 Comm: syz.4.7215 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  489.599713][T26397] Tainted: [W]=WARN
[  489.599719][T26397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  489.599731][T26397] Call Trace:
[  489.599743][T26397]  <TASK>
[  489.599750][T26397]  __dump_stack+0x1d/0x30
[  489.599776][T26397]  dump_stack_lvl+0xe8/0x140
[  489.599833][T26397]  dump_stack+0x15/0x1b
[  489.599857][T26397]  should_fail_ex+0x265/0x280
[  489.599893][T26397]  should_fail+0xb/0x20
[  489.599936][T26397]  should_fail_usercopy+0x1a/0x20
[  489.599954][T26397]  _copy_from_iter+0xcf/0xe40
[  489.599974][T26397]  ? mntput_no_expire+0x6f/0x460
[  489.600025][T26397]  ? mntput+0x4b/0x80
[  489.600059][T26397]  tun_get_user+0x3d0/0x2680
[  489.600151][T26397]  ? _parse_integer_limit+0x170/0x190
[  489.600215][T26397]  ? ref_tracker_alloc+0x1f2/0x2f0
[  489.600347][T26397]  ? selinux_file_permission+0x1e4/0x320
[  489.600384][T26397]  tun_chr_write_iter+0x15e/0x210
[  489.600416][T26397]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  489.600445][T26397]  vfs_write+0x4a0/0x8e0
[  489.600491][T26397]  ksys_write+0xda/0x1a0
[  489.600517][T26397]  __x64_sys_write+0x40/0x50
[  489.600544][T26397]  x64_sys_call+0x27fe/0x2ff0
[  489.600567][T26397]  do_syscall_64+0xd2/0x200
[  489.600590][T26397]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  489.600665][T26397]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  489.600733][T26397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.600753][T26397] RIP: 0033:0x7f45a8abebe9
[  489.600769][T26397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.600786][T26397] RSP: 002b:00007f45a751f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  489.600805][T26397] RAX: ffffffffffffffda RBX: 00007f45a8ce5fa0 RCX: 00007f45a8abebe9
[  489.600821][T26397] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003
[  489.600895][T26397] RBP: 00007f45a751f090 R08: 0000000000000000 R09: 0000000000000000
[  489.600908][T26397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  489.600922][T26397] R13: 00007f45a8ce6038 R14: 00007f45a8ce5fa0 R15: 00007ffd89ceb518
[  489.600949][T26397]  </TASK>
[  489.955674][T26424] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  489.955674][T26424]    program syz.1.7220 not setting count and/or reply_len properly
[  489.990705][T26424] loop1: detected capacity change from 0 to 512
[  489.999738][T26427] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7226'.
[  490.008983][T26424] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  490.038483][T26430] netlink: 'syz.5.7222': attribute type 13 has an invalid length.
[  490.038831][T26424] EXT4-fs (loop1): 1 orphan inode deleted
[  490.052136][T26424] EXT4-fs (loop1): 1 truncate cleaned up
[  490.068281][T26430] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  490.141462][T26439] bridge: RTM_NEWNEIGH with invalid ether address
[  490.206948][   T29] kauditd_printk_skb: 25 callbacks suppressed
[  490.206962][   T29] audit: type=1400 audit(1754528369.561:5859): avc:  denied  { name_connect } for  pid=26434 comm="syz.4.7227" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  490.243116][T26435] loop4: detected capacity change from 0 to 512
[  490.250135][T26435] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  490.259471][T26435] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  490.269344][T26435] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.7227: invalid block
[  490.281807][T26435] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.7227: invalid indirect mapped block 4294967295 (level 1)
[  490.296916][T26435] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.7227: invalid indirect mapped block 4294967295 (level 1)
[  490.311284][T26435] EXT4-fs (loop4): 2 truncates cleaned up
[  490.354061][T26445] netlink: 84 bytes leftover after parsing attributes in process `syz.4.7232'.
[  490.388331][   T29] audit: type=1400 audit(1754528369.741:5860): avc:  denied  { create } for  pid=26448 comm="syz.4.7234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  490.416994][   T29] audit: type=1400 audit(1754528369.751:5861): avc:  denied  { bind } for  pid=26448 comm="syz.4.7234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  490.425506][T26451] loop4: detected capacity change from 0 to 512
[  490.436430][   T29] audit: type=1400 audit(1754528369.751:5862): avc:  denied  { read } for  pid=26448 comm="syz.4.7234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  490.462139][   T29] audit: type=1326 audit(1754528369.811:5863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26450 comm="syz.4.7235" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f45a8abebe9 code=0x0
[  490.728617][T26456] loop1: detected capacity change from 0 to 4096
[  491.009397][T26464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7238'.
[  491.039713][T26464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7238'.
[  491.275817][T26470] loop5: detected capacity change from 0 to 512
[  491.297095][T26470] EXT4-fs (loop5): too many log groups per flexible block group
[  491.304954][T26470] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  491.311871][T26470] EXT4-fs (loop5): mount failed
[  491.348062][T26481] loop5: detected capacity change from 0 to 512
[  491.354925][T26481] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  491.364017][T26481] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  491.403644][T26484] bridge: RTM_NEWNEIGH with invalid ether address
[  491.447943][T26486] SELinux: ebitmap: truncated map
[  491.454441][T26486] SELinux: failed to load policy
[  491.483444][T26488] ref_ctr_offset mismatch. inode: 0x1fae offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  491.545894][T26499] netlink: 'syz.4.7253': attribute type 12 has an invalid length.
[  491.583348][T26501] ref_ctr_offset mismatch. inode: 0x1fbe offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  491.901345][T26521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7258'.
[  491.972425][T26521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7258'.
[  492.196820][T26525] ref_ctr_offset mismatch. inode: 0x1efe offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  492.206037][T26527] netlink: 'syz.0.7265': attribute type 12 has an invalid length.
[  492.271663][T26531] loop0: detected capacity change from 0 to 1024
[  492.323973][T26533] loop2: detected capacity change from 0 to 512
[  492.330746][T26533] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  492.342776][T26533] EXT4-fs (loop2): 1 orphan inode deleted
[  492.348591][T26533] EXT4-fs (loop2): 1 truncate cleaned up
[  492.435357][T26543] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  492.452999][T26543] tipc: Disabling bearer <eth:syzkaller0>
[  492.507717][T26543] netlink: 'syz.0.7271': attribute type 13 has an invalid length.
[  492.552070][T26543] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  492.749329][T26567] netlink: 'syz.4.7280': attribute type 13 has an invalid length.
[  492.761783][T26572] bridge: RTM_NEWNEIGH with invalid ether address
[  492.766823][   T29] audit: type=1400 audit(1754528372.101:5864): avc:  denied  { execute } for  pid=26568 comm="syz.1.7283" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=82971 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  492.871125][T26567] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  492.895130][T26579] lo speed is unknown, defaulting to 1000
[  492.895478][T26583] loop0: detected capacity change from 0 to 512
[  492.938182][   T29] audit: type=1326 audit(1754528372.281:5865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26582 comm="syz.0.7289" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff2493cebe9 code=0x0
[  492.989430][T26591] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7292'.
[  493.016183][   T29] audit: type=1400 audit(1754528372.371:5866): avc:  denied  { read } for  pid=26594 comm="syz.1.7294" name="usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  493.039710][   T29] audit: type=1400 audit(1754528372.371:5867): avc:  denied  { open } for  pid=26594 comm="syz.1.7294" path="/dev/usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  493.063553][   T29] audit: type=1400 audit(1754528372.371:5868): avc:  denied  { ioctl } for  pid=26594 comm="syz.1.7294" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  493.142978][T26605] loop4: detected capacity change from 0 to 512
[  493.150161][T26605] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  493.159293][T26605] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  493.177730][T26607] loop1: detected capacity change from 0 to 1024
[  493.200480][T26607] EXT4-fs mount: 24 callbacks suppressed
[  493.200559][T26607] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  493.229515][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  493.313658][T26619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7300'.
[  493.324094][T26619] veth1_macvtap: left promiscuous mode
[  493.339014][T26618] SELinux: ebitmap: truncated map
[  493.345510][T26618] SELinux: failed to load policy
[  493.431081][T26626] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  493.439904][T26626] tipc: Disabling bearer <eth:syzkaller0>
[  493.449687][T26628] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7306'.
[  493.488518][T26630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  493.492121][T26626] netlink: 'syz.4.7305': attribute type 13 has an invalid length.
[  493.497001][T26630] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  493.517866][T26630] loop5: detected capacity change from 0 to 512
[  493.527011][T26626] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  493.527361][T26630] FAT-fs (loop5): error, invalid access to FAT (entry 0x0fff0000)
[  493.555280][T26630] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7307'.
[  493.617075][T26636] loop4: detected capacity change from 0 to 1024
[  493.630639][T26636] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  493.675024][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  493.691532][T26643] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7313'.
[  493.711422][T26645] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  493.719817][T26645] tipc: Disabling bearer <eth:syzkaller0>
[  493.769674][T26650] netlink: 'syz.4.7312': attribute type 13 has an invalid length.
[  493.786598][T26650] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  493.797565][T26651] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  493.797565][T26651]    program syz.2.7314 not setting count and/or reply_len properly
[  493.823812][T26651] loop2: detected capacity change from 0 to 512
[  493.830783][T26651] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  493.842713][T26651] EXT4-fs (loop2): 1 orphan inode deleted
[  493.848561][T26651] EXT4-fs (loop2): 1 truncate cleaned up
[  493.856198][T26651] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  493.871886][T26651] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  493.908082][T26658] netlink: 'syz.0.7317': attribute type 12 has an invalid length.
[  493.972579][T26668] loop0: detected capacity change from 0 to 1024
[  493.989777][T26668] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  494.034541][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.045380][T26672] FAULT_INJECTION: forcing a failure.
[  494.045380][T26672] name failslab, interval 1, probability 0, space 0, times 0
[  494.058093][T26672] CPU: 1 UID: 0 PID: 26672 Comm: syz.4.7320 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  494.058130][T26672] Tainted: [W]=WARN
[  494.058138][T26672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  494.058158][T26672] Call Trace:
[  494.058165][T26672]  <TASK>
[  494.058171][T26672]  __dump_stack+0x1d/0x30
[  494.058270][T26672]  dump_stack_lvl+0xe8/0x140
[  494.058292][T26672]  dump_stack+0x15/0x1b
[  494.058311][T26672]  should_fail_ex+0x265/0x280
[  494.058349][T26672]  should_failslab+0x8c/0xb0
[  494.058448][T26672]  kmem_cache_alloc_noprof+0x50/0x310
[  494.058476][T26672]  ? prepare_creds+0x37/0x4c0
[  494.058500][T26672]  prepare_creds+0x37/0x4c0
[  494.058562][T26672]  copy_creds+0x8f/0x3f0
[  494.058585][T26672]  copy_process+0x658/0x2000
[  494.058631][T26672]  ? kstrtouint+0x76/0xc0
[  494.058716][T26672]  ? __rcu_read_unlock+0x4f/0x70
[  494.058738][T26672]  kernel_clone+0x16c/0x5c0
[  494.058798][T26672]  ? vfs_write+0x75e/0x8e0
[  494.058901][T26672]  __x64_sys_clone+0xe6/0x120
[  494.058933][T26672]  x64_sys_call+0x119c/0x2ff0
[  494.058955][T26672]  do_syscall_64+0xd2/0x200
[  494.059056][T26672]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  494.059080][T26672]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  494.059162][T26672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.059183][T26672] RIP: 0033:0x7f45a8abebe9
[  494.059198][T26672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.059216][T26672] RSP: 002b:00007f45a74dcfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  494.059235][T26672] RAX: ffffffffffffffda RBX: 00007f45a8ce6180 RCX: 00007f45a8abebe9
[  494.059247][T26672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000041200000
[  494.059260][T26672] RBP: 00007f45a74dd090 R08: 0000000000000000 R09: 0000000000000000
[  494.059282][T26672] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  494.059295][T26672] R13: 00007f45a8ce6218 R14: 00007f45a8ce6180 R15: 00007ffd89ceb518
[  494.059312][T26672]  </TASK>
[  494.477787][T26678] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  494.533194][T26678] SELinux: failed to load policy
[  494.623440][T26689] netlink: 'syz.1.7329': attribute type 12 has an invalid length.
[  494.672108][T26697] loop2: detected capacity change from 0 to 1024
[  494.693918][T26697] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  494.718062][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.782581][T26704] lo speed is unknown, defaulting to 1000
[  495.057791][T26711] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  495.114657][T26712] netlink: 256 bytes leftover after parsing attributes in process `syz.5.7336'.
[  495.123807][T26712] netlink: 72 bytes leftover after parsing attributes in process `syz.5.7336'.
[  495.128150][T26711] SELinux: failed to load policy
[  495.192546][T26712] netlink: 84 bytes leftover after parsing attributes in process `syz.5.7336'.
[  495.233789][T26716] SELinux: ebitmap: truncated map
[  495.243384][T26716] SELinux: failed to load policy
[  495.445793][T26732] bridge: RTM_NEWNEIGH with invalid ether address
[  495.483649][T26734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  495.496101][T26734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  495.514070][T26734] loop2: detected capacity change from 0 to 512
[  495.527711][T26734] FAT-fs (loop2): error, invalid access to FAT (entry 0x0fff0000)
[  495.528059][T26725] netlink: 'syz.4.7341': attribute type 13 has an invalid length.
[  495.539916][T26734] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7346'.
[  495.557471][T26738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  495.566256][T26738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  495.579648][T26738] loop1: detected capacity change from 0 to 512
[  495.598556][T26738] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fff0000)
[  495.609541][T26738] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7348'.
[  495.620503][T26725] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  495.695140][T26743] loop4: detected capacity change from 0 to 512
[  495.709493][T26743] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  495.718677][T26743] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  496.229562][T26761] bridge: RTM_NEWNEIGH with invalid ether address
[  496.376266][T26757] netlink: 'syz.4.7355': attribute type 13 has an invalid length.
[  496.405665][T26757] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  496.575827][T26792] bridge: RTM_NEWNEIGH with invalid ether address
[  496.598857][T26794] ref_ctr_offset mismatch. inode: 0x207b offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  496.669423][T26796] netlink: 'syz.0.7370': attribute type 13 has an invalid length.
[  496.680564][T26802] ref_ctr_offset mismatch. inode: 0x2083 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  496.697920][T26796] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  496.773381][T26810] netlink: 'syz.0.7377': attribute type 12 has an invalid length.
[  496.815000][T26816] bridge: RTM_NEWNEIGH with invalid ether address
[  496.858843][T26821] ALSA: seq fatal error: cannot create timer (-19)
[  497.083271][T26832] SELinux: ebitmap: truncated map
[  497.094466][T26832] SELinux: failed to load policy
[  497.238290][T26842] loop5: detected capacity change from 0 to 512
[  497.245419][T26842] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  497.254544][T26842] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  497.669158][T26847] SELinux: ebitmap: truncated map
[  497.676050][T26847] SELinux: failed to load policy
[  497.699983][T26851] bridge: RTM_NEWNEIGH with invalid ether address
[  498.101397][T26871] __nla_validate_parse: 8 callbacks suppressed
[  498.101410][T26871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7393'.
[  498.180453][T26871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7393'.
[  498.417659][T26883] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7405'.
[  498.669179][T26895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7406'.
[  498.726904][T26895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7406'.
[  498.776183][T26895] netlink: 21 bytes leftover after parsing attributes in process `syz.2.7406'.
[  499.146841][T26918] loop1: detected capacity change from 0 to 1024
[  499.167312][T26918] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  499.184361][T26917] SELinux: ebitmap: truncated map
[  499.190957][T26917] SELinux: failed to load policy
[  499.218696][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  499.314863][T26932] ALSA: seq fatal error: cannot create timer (-19)
[  499.457042][T26948] SELinux: ebitmap: truncated map
[  499.465281][T26948] SELinux: failed to load policy
[  499.555813][T26959] loop5: detected capacity change from 0 to 4096
[  499.877389][T26973] ALSA: seq fatal error: cannot create timer (-19)
[  499.977942][T26977] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7438'.
[  500.017133][T26977] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7438'.
[  500.027437][T26977] netlink: 21 bytes leftover after parsing attributes in process `syz.2.7438'.
[  500.381746][T26998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.399695][T26998] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.445179][T26998] loop1: detected capacity change from 0 to 512
[  500.484729][T26998] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fff0000)
[  500.503786][T26998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7451'.
[  500.670414][T27016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.679442][T27016] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.689932][T27016] loop0: detected capacity change from 0 to 512
[  500.698643][T27016] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fff0000)
[  501.079944][T27051] FAULT_INJECTION: forcing a failure.
[  501.079944][T27051] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.093026][T27051] CPU: 1 UID: 0 PID: 27051 Comm: syz.2.7474 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  501.093062][T27051] Tainted: [W]=WARN
[  501.093070][T27051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.093084][T27051] Call Trace:
[  501.093092][T27051]  <TASK>
[  501.093101][T27051]  __dump_stack+0x1d/0x30
[  501.093175][T27051]  dump_stack_lvl+0xe8/0x140
[  501.093193][T27051]  dump_stack+0x15/0x1b
[  501.093209][T27051]  should_fail_ex+0x265/0x280
[  501.093245][T27051]  should_fail+0xb/0x20
[  501.093300][T27051]  should_fail_usercopy+0x1a/0x20
[  501.093318][T27051]  _copy_from_user+0x1c/0xb0
[  501.093397][T27051]  ___sys_sendmsg+0xc1/0x1d0
[  501.093442][T27051]  __x64_sys_sendmsg+0xd4/0x160
[  501.093483][T27051]  x64_sys_call+0x191e/0x2ff0
[  501.093548][T27051]  do_syscall_64+0xd2/0x200
[  501.093575][T27051]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  501.093602][T27051]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  501.093625][T27051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.093724][T27051] RIP: 0033:0x7fda502eebe9
[  501.093739][T27051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.093757][T27051] RSP: 002b:00007fda4ed4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  501.093777][T27051] RAX: ffffffffffffffda RBX: 00007fda50515fa0 RCX: 00007fda502eebe9
[  501.093790][T27051] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000008
[  501.093802][T27051] RBP: 00007fda4ed4f090 R08: 0000000000000000 R09: 0000000000000000
[  501.093882][T27051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.093936][T27051] R13: 00007fda50516038 R14: 00007fda50515fa0 R15: 00007ffc57ed07d8
[  501.093955][T27051]  </TASK>
[  501.336909][T27064] FAULT_INJECTION: forcing a failure.
[  501.336909][T27064] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.349988][T27064] CPU: 1 UID: 0 PID: 27064 Comm: syz.2.7479 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  501.350049][T27064] Tainted: [W]=WARN
[  501.350055][T27064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.350163][T27064] Call Trace:
[  501.350169][T27064]  <TASK>
[  501.350176][T27064]  __dump_stack+0x1d/0x30
[  501.350219][T27064]  dump_stack_lvl+0xe8/0x140
[  501.350240][T27064]  dump_stack+0x15/0x1b
[  501.350258][T27064]  should_fail_ex+0x265/0x280
[  501.350288][T27064]  should_fail+0xb/0x20
[  501.350368][T27064]  should_fail_usercopy+0x1a/0x20
[  501.350467][T27064]  _copy_from_user+0x1c/0xb0
[  501.350490][T27064]  memdup_user+0x5e/0xd0
[  501.350515][T27064]  strndup_user+0x68/0xb0
[  501.350604][T27064]  __se_sys_mount+0x4d/0x2e0
[  501.350630][T27064]  ? fput+0x8f/0xc0
[  501.350671][T27064]  ? ksys_write+0x192/0x1a0
[  501.350691][T27064]  __x64_sys_mount+0x67/0x80
[  501.350717][T27064]  x64_sys_call+0x2b4d/0x2ff0
[  501.350810][T27064]  do_syscall_64+0xd2/0x200
[  501.350832][T27064]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  501.350859][T27064]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  501.350938][T27064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.350963][T27064] RIP: 0033:0x7fda502eebe9
[  501.350977][T27064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.351063][T27064] RSP: 002b:00007fda4ed4f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  501.351085][T27064] RAX: ffffffffffffffda RBX: 00007fda50515fa0 RCX: 00007fda502eebe9
[  501.351099][T27064] RDX: 0000200000000280 RSI: 0000200000000300 RDI: 0000000000000000
[  501.351111][T27064] RBP: 00007fda4ed4f090 R08: 0000200000000600 R09: 0000000000000000
[  501.351123][T27064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.351135][T27064] R13: 00007fda50516038 R14: 00007fda50515fa0 R15: 00007ffc57ed07d8
[  501.351153][T27064]  </TASK>
[  501.586997][T27066] loop2: detected capacity change from 0 to 1024
[  501.613570][T27066] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  501.643513][T27078] bridge: RTM_NEWNEIGH with invalid ether address
[  501.696609][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  501.741468][T27095] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  501.741468][T27095]    program syz.4.7486 not setting count and/or reply_len properly
[  501.771431][T27095] loop4: detected capacity change from 0 to 512
[  501.787613][T27095] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  501.813725][T27101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.822283][T27101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.832732][T27101] loop0: detected capacity change from 0 to 512
[  501.842035][T27101] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fff0000)
[  501.857174][T27095] EXT4-fs (loop4): 1 orphan inode deleted
[  501.862956][T27095] EXT4-fs (loop4): 1 truncate cleaned up
[  501.910996][T27095] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  501.939185][T27105] ref_ctr_offset mismatch. inode: 0xb13 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  501.966181][T27095] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  502.002646][T27109] bridge: RTM_NEWNEIGH with invalid ether address
[  502.036498][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  502.036514][   T29] audit: type=1400 audit(1754528381.391:5871): avc:  denied  { connect } for  pid=27111 comm=77DEA305FF07 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  502.062716][   T29] audit: type=1400 audit(1754528381.391:5872): avc:  denied  { ioctl } for  pid=27111 comm=77DEA305FF07 path="socket:[83846]" dev="sockfs" ino=83846 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  502.098589][T27113] sctp: [Deprecated]: syz.1.7498 (pid 27113) Use of int in max_burst socket option.
[  502.098589][T27113] Use struct sctp_assoc_value instead
[  502.114116][   T29] audit: type=1400 audit(1754528381.471:5873): avc:  denied  { compute_member } for  pid=27111 comm=77DEA305FF07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  502.152232][   T29] audit: type=1326 audit(1754528381.511:5874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27110 comm="syz.1.7498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdac1715ba7 code=0x7ffc0000
[  502.176012][   T29] audit: type=1326 audit(1754528381.511:5875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27110 comm="syz.1.7498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdac16badd9 code=0x7ffc0000
[  502.199444][   T29] audit: type=1326 audit(1754528381.511:5876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27110 comm="syz.1.7498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac171ebe9 code=0x7ffc0000
[  502.223017][   T29] audit: type=1326 audit(1754528381.511:5877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27110 comm="syz.1.7498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdac1715ba7 code=0x7ffc0000
[  502.246426][   T29] audit: type=1326 audit(1754528381.511:5878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27110 comm="syz.1.7498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdac16badd9 code=0x7ffc0000
[  502.269860][   T29] audit: type=1326 audit(1754528381.511:5879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27110 comm="syz.1.7498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdac171ebe9 code=0x7ffc0000
[  502.277295][T27116] loop2: detected capacity change from 0 to 1024
[  502.293263][   T29] audit: type=1326 audit(1754528381.511:5880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27110 comm="syz.1.7498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdac1715ba7 code=0x7ffc0000
[  502.382715][T27116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  502.416752][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  502.461264][T27128] loop1: detected capacity change from 0 to 512
[  502.471607][T27128] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  502.480715][T27128] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
[  502.486515][T27136] bridge: RTM_NEWNEIGH with invalid ether address
[  502.528463][T27135] ALSA: seq fatal error: cannot create timer (-19)
[  502.542632][T27142] loop4: detected capacity change from 0 to 512
[  502.561753][T27144] ref_ctr_offset mismatch. inode: 0x2005 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  502.576734][T27142] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  502.597861][T27142] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.7511: invalid indirect mapped block 2683928664 (level 1)
[  502.612404][T27142] EXT4-fs (loop4): Remounting filesystem read-only
[  502.619129][T27142] EXT4-fs (loop4): 1 truncate cleaned up
[  502.625283][T27142] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  502.658425][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  503.140740][T27175] ref_ctr_offset mismatch. inode: 0x20ff offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  503.152333][T27168] ref_ctr_offset mismatch. inode: 0x2015 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  503.435244][T27193] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  503.548118][T27193] netlink: 'syz.1.7531': attribute type 13 has an invalid length.
[  503.577763][T27210] loop0: detected capacity change from 0 to 128
[  503.586697][T27193] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  503.616978][T27210] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  503.638826][T27210] ext4 filesystem being mounted at /1478/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  503.679997][T27210] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  503.686289][T27214] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  503.686533][T27210] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  503.686621][T27210] vhci_hcd vhci_hcd.0: Device attached
[  503.719515][T27214] tipc: Disabling bearer <eth:syzkaller0>
[  503.729784][T27210] sd 0:0:1:0: device reset
[  503.752711][T27227] netlink: 'syz.4.7539': attribute type 13 has an invalid length.
[  503.767878][T27229] ref_ctr_offset mismatch. inode: 0x2114 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  503.793341][T27227] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  503.834746][T27224] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  503.854746][T27224] tipc: Disabling bearer <eth:syzkaller0>
[  503.890734][T27224] netlink: 'syz.2.7542': attribute type 13 has an invalid length.
[  503.910813][T27224] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  503.926437][T27237] loop4: detected capacity change from 0 to 4096
[  503.958607][ T3410] usb 1-1: new low-speed USB device number 2 using vhci_hcd
[  503.969618][T27240] ref_ctr_offset mismatch. inode: 0x202b offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  504.066352][T27252] ref_ctr_offset mismatch. inode: 0x2135 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  504.231475][T27259] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  504.231475][T27259]    program syz.1.7557 not setting count and/or reply_len properly
[  504.252082][T27259] loop1: detected capacity change from 0 to 512
[  504.258928][T27259] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  504.269953][T27219] vhci_hcd: connection reset by peer
[  504.275687][ T2784] vhci_hcd: stop threads
[  504.280048][ T2784] vhci_hcd: release socket
[  504.284491][ T2784] vhci_hcd: disconnect device
[  504.293985][ T3311] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  504.314592][T27259] EXT4-fs (loop1): 1 orphan inode deleted
[  504.320428][T27259] EXT4-fs (loop1): 1 truncate cleaned up
[  504.333401][T27259] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  504.361422][T27261] __nla_validate_parse: 8 callbacks suppressed
[  504.361434][T27261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7556'.
[  504.439258][T27261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7556'.
[  504.508624][T27259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.603886][T27264] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  504.683584][T27264] netlink: 'syz.5.7559': attribute type 13 has an invalid length.
[  504.712422][T27264] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  504.776141][T27270] sctp: [Deprecated]: syz.0.7562 (pid 27270) Use of int in max_burst socket option.
[  504.776141][T27270] Use struct sctp_assoc_value instead
[  504.821492][T27274] ref_ctr_offset mismatch. inode: 0xb68 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  504.895414][T27285] ref_ctr_offset mismatch. inode: 0x216b offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  504.988128][T27292] lo speed is unknown, defaulting to 1000
[  505.049170][T27297] netlink: 56 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  505.079637][T27299] loop4: detected capacity change from 0 to 4096
[  505.443172][T27305] bridge0: port 1(vlan0) entered blocking state
[  505.449516][T27305] bridge0: port 1(vlan0) entered forwarding state
[  505.753837][T27319] ref_ctr_offset mismatch. inode: 0x2063 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  505.782915][T27321] loop5: detected capacity change from 0 to 512
[  505.790065][T27321] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  505.799194][T27321] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  505.848209][T27323] loop0: detected capacity change from 0 to 256
[  506.084525][T27353] Set syz1 is full, maxelem 65536 reached
[  506.139921][T27364] bridge: RTM_NEWNEIGH with invalid ether address
[  506.198659][T27370] FAULT_INJECTION: forcing a failure.
[  506.198659][T27370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  506.211790][T27370] CPU: 0 UID: 0 PID: 27370 Comm: syz.0.7600 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  506.211827][T27370] Tainted: [W]=WARN
[  506.211888][T27370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  506.211901][T27370] Call Trace:
[  506.211908][T27370]  <TASK>
[  506.211934][T27370]  __dump_stack+0x1d/0x30
[  506.211956][T27370]  dump_stack_lvl+0xe8/0x140
[  506.211976][T27370]  dump_stack+0x15/0x1b
[  506.211994][T27370]  should_fail_ex+0x265/0x280
[  506.212026][T27370]  should_fail+0xb/0x20
[  506.212104][T27370]  should_fail_usercopy+0x1a/0x20
[  506.212126][T27370]  _copy_from_user+0x1c/0xb0
[  506.212156][T27370]  ___sys_sendmsg+0xc1/0x1d0
[  506.212207][T27370]  __x64_sys_sendmsg+0xd4/0x160
[  506.212294][T27370]  x64_sys_call+0x191e/0x2ff0
[  506.212319][T27370]  do_syscall_64+0xd2/0x200
[  506.212346][T27370]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  506.212375][T27370]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  506.212462][T27370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.212559][T27370] RIP: 0033:0x7ff2493cebe9
[  506.212577][T27370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.212598][T27370] RSP: 002b:00007ff247e37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  506.212619][T27370] RAX: ffffffffffffffda RBX: 00007ff2495f5fa0 RCX: 00007ff2493cebe9
[  506.212634][T27370] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  506.212649][T27370] RBP: 00007ff247e37090 R08: 0000000000000000 R09: 0000000000000000
[  506.212687][T27370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.212701][T27370] R13: 00007ff2495f6038 R14: 00007ff2495f5fa0 R15: 00007ffff6bdc918
[  506.212722][T27370]  </TASK>
[  506.258396][T27379] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7604'.
[  506.452705][T27386] loop2: detected capacity change from 0 to 4096
[  506.513075][T27393] bridge: RTM_NEWNEIGH with invalid ether address
[  506.706153][T27409] sctp: [Deprecated]: syz.2.7615 (pid 27409) Use of int in max_burst socket option.
[  506.706153][T27409] Use struct sctp_assoc_value instead
[  506.851029][T27411] loop2: detected capacity change from 0 to 1024
[  506.887610][T27411] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  506.942023][T27419] ref_ctr_offset mismatch. inode: 0x215d offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  506.966492][T27411] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  506.988472][T27411] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  507.000790][T27411] EXT4-fs (loop2): This should not happen!! Data will be lost
[  507.000790][T27411] 
[  507.010462][T27411] EXT4-fs (loop2): Total free blocks count 0
[  507.016517][T27411] EXT4-fs (loop2): Free/Dirty block details
[  507.022430][T27411] EXT4-fs (loop2): free_blocks=68451041280
[  507.028352][T27411] EXT4-fs (loop2): dirty_blocks=64
[  507.033563][T27411] EXT4-fs (loop2): Block reservation details
[  507.039537][T27411] EXT4-fs (loop2): i_reserved_data_blocks=4
[  507.055370][T27426] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7618'.
[  507.095544][T27430] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  507.103621][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  507.126682][T27430] tipc: Disabling bearer <eth:syzkaller0>
[  507.167860][T27434] loop2: detected capacity change from 0 to 128
[  507.174794][T27435] netlink: 'syz.4.7620': attribute type 13 has an invalid length.
[  507.227574][T27435] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  507.307035][T27441] sctp: [Deprecated]: syz.4.7628 (pid 27441) Use of int in max_burst socket option.
[  507.307035][T27441] Use struct sctp_assoc_value instead
[  507.325492][   T29] kauditd_printk_skb: 750 callbacks suppressed
[  507.325506][   T29] audit: type=1326 audit(1754528386.681:6631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45a8ab5ba7 code=0x7ffc0000
[  507.355363][   T29] audit: type=1326 audit(1754528386.681:6632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f45a8a5add9 code=0x7ffc0000
[  507.378939][   T29] audit: type=1326 audit(1754528386.681:6633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45a8ab5ba7 code=0x7ffc0000
[  507.404746][   T29] audit: type=1326 audit(1754528386.681:6634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f45a8a5add9 code=0x7ffc0000
[  507.428167][   T29] audit: type=1326 audit(1754528386.681:6635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45a8abebe9 code=0x7ffc0000
[  507.451659][   T29] audit: type=1326 audit(1754528386.681:6636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45a8ab5ba7 code=0x7ffc0000
[  507.475120][   T29] audit: type=1326 audit(1754528386.681:6637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f45a8a5add9 code=0x7ffc0000
[  507.498529][   T29] audit: type=1326 audit(1754528386.681:6638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45a8ab5ba7 code=0x7ffc0000
[  507.521977][   T29] audit: type=1326 audit(1754528386.681:6639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f45a8a5add9 code=0x7ffc0000
[  507.536052][T27442] netlink: 256 bytes leftover after parsing attributes in process `syz.1.7626'.
[  507.545408][   T29] audit: type=1326 audit(1754528386.681:6640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27440 comm="syz.4.7628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f45a8ab5ba7 code=0x7ffc0000
[  507.554438][T27442] netlink: 72 bytes leftover after parsing attributes in process `syz.1.7626'.
[  507.697458][T27447] loop4: detected capacity change from 0 to 4096
[  507.747219][T27453] loop2: detected capacity change from 0 to 512
[  507.754074][T27453] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  507.763138][T27453] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  507.837569][T27463] ref_ctr_offset mismatch. inode: 0x20a4 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  507.986781][T27472] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  508.000667][T27472] tipc: Disabling bearer <eth:syzkaller0>
[  508.050641][T27478] netlink: 'syz.2.7638': attribute type 13 has an invalid length.
[  508.079265][T27480] loop5: detected capacity change from 0 to 512
[  508.088835][T27480] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  508.097874][T27480] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  508.108827][T27478] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  508.141798][T27483] netlink: 'syz.0.7645': attribute type 13 has an invalid length.
[  508.181642][T27483] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  508.321334][T27498] ref_ctr_offset mismatch. inode: 0xbdb offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  508.354706][T27500] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7652'.
[  508.490061][T27523] Set syz1 is full, maxelem 65536 reached
[  508.506793][T27525] FAULT_INJECTION: forcing a failure.
[  508.506793][T27525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  508.519918][T27525] CPU: 0 UID: 0 PID: 27525 Comm: syz.2.7663 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  508.519957][T27525] Tainted: [W]=WARN
[  508.519964][T27525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  508.519979][T27525] Call Trace:
[  508.519985][T27525]  <TASK>
[  508.519993][T27525]  __dump_stack+0x1d/0x30
[  508.520016][T27525]  dump_stack_lvl+0xe8/0x140
[  508.520037][T27525]  dump_stack+0x15/0x1b
[  508.520055][T27525]  should_fail_ex+0x265/0x280
[  508.520091][T27525]  should_fail+0xb/0x20
[  508.520176][T27525]  should_fail_usercopy+0x1a/0x20
[  508.520198][T27525]  _copy_from_user+0x1c/0xb0
[  508.520227][T27525]  vt_ioctl+0x98f/0x1880
[  508.520257][T27525]  tty_ioctl+0x7de/0xb80
[  508.520365][T27525]  ? __pfx_tty_ioctl+0x10/0x10
[  508.520410][T27525]  __se_sys_ioctl+0xcb/0x140
[  508.520441][T27525]  __x64_sys_ioctl+0x43/0x50
[  508.520530][T27525]  x64_sys_call+0x1816/0x2ff0
[  508.520554][T27525]  do_syscall_64+0xd2/0x200
[  508.520580][T27525]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  508.520682][T27525]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  508.520706][T27525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  508.520730][T27525] RIP: 0033:0x7fda502eebe9
[  508.520746][T27525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  508.520816][T27525] RSP: 002b:00007fda4ed4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  508.520837][T27525] RAX: ffffffffffffffda RBX: 00007fda50515fa0 RCX: 00007fda502eebe9
[  508.520891][T27525] RDX: 0000200000000140 RSI: 0000000000004b72 RDI: 0000000000000007
[  508.520905][T27525] RBP: 00007fda4ed4f090 R08: 0000000000000000 R09: 0000000000000000
[  508.520965][T27525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  508.520980][T27525] R13: 00007fda50516038 R14: 00007fda50515fa0 R15: 00007ffc57ed07d8
[  508.520999][T27525]  </TASK>
[  508.528418][T27527] ref_ctr_offset mismatch. inode: 0xbf2 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  508.561742][T27525] loop2: detected capacity change from 0 to 4096
[  508.756162][T27531] ref_ctr_offset mismatch. inode: 0x21a5 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  508.887335][T27541] loop4: detected capacity change from 0 to 4096
[  509.008320][ T3410] usb 1-1: enqueue for inactive port 0
[  509.013802][ T3410] usb 1-1: enqueue for inactive port 0
[  509.088323][ T3410] vhci_hcd: vhci_device speed not set
[  509.271936][T27560] ref_ctr_offset mismatch. inode: 0x20e7 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  509.300536][T27564] ref_ctr_offset mismatch. inode: 0x20d8 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  509.327239][T27566] netlink: 56 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  509.443467][T27578] netlink: 'syz.0.7682': attribute type 13 has an invalid length.
[  509.481737][T27578] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  509.662389][T27593] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7692'.
[  509.676670][T27590] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  509.699801][T27590] tipc: Disabling bearer <eth:syzkaller0>
[  509.705572][T27595] ref_ctr_offset mismatch. inode: 0x21b2 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  509.755173][T27602] netlink: 'syz.0.7688': attribute type 13 has an invalid length.
[  509.812602][T27602] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  509.855965][T27609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  509.868499][T27609] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  509.883978][T27609] loop4: detected capacity change from 0 to 512
[  509.910044][T27609] FAT-fs (loop4): error, invalid access to FAT (entry 0x0fff0000)
[  509.922503][T27609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7699'.
[  510.011807][T27617] netlink: 256 bytes leftover after parsing attributes in process `syz.5.7701'.
[  510.020880][T27617] netlink: 72 bytes leftover after parsing attributes in process `syz.5.7701'.
[  510.098976][T27617] netlink: 84 bytes leftover after parsing attributes in process `syz.5.7701'.
[  510.367453][T27636] sctp: [Deprecated]: syz.2.7710 (pid 27636) Use of int in max_burst socket option.
[  510.367453][T27636] Use struct sctp_assoc_value instead
[  510.403507][T27638] loop2: detected capacity change from 0 to 1024
[  510.420213][T27638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  510.436009][T27638] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  510.451410][T27638] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  510.463728][T27638] EXT4-fs (loop2): This should not happen!! Data will be lost
[  510.463728][T27638] 
[  510.473397][T27638] EXT4-fs (loop2): Total free blocks count 0
[  510.479398][T27638] EXT4-fs (loop2): Free/Dirty block details
[  510.485383][T27638] EXT4-fs (loop2): free_blocks=68451041280
[  510.491200][T27638] EXT4-fs (loop2): dirty_blocks=64
[  510.496326][T27638] EXT4-fs (loop2): Block reservation details
[  510.502304][T27638] EXT4-fs (loop2): i_reserved_data_blocks=4
[  510.526053][T27644] loop4: detected capacity change from 0 to 1024
[  510.534305][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  510.552385][T27644] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  510.564499][T27646] ref_ctr_offset mismatch. inode: 0x211c offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  510.588345][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  510.695680][T27664] loop2: detected capacity change from 0 to 512
[  510.705763][T27664] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  510.714691][T27664] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.7721: invalid indirect mapped block 2683928664 (level 1)
[  510.772015][T27664] EXT4-fs (loop2): Remounting filesystem read-only
[  510.791160][T27667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  510.797635][T27664] EXT4-fs (loop2): 1 truncate cleaned up
[  510.806970][T27664] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  510.810651][T27667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  510.836920][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  510.865002][T27667] loop0: detected capacity change from 0 to 512
[  510.872730][T27672] lo speed is unknown, defaulting to 1000
[  510.881126][T27667] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fff0000)
[  510.893841][T27667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7722'.
[  510.944719][T27674] loop2: detected capacity change from 0 to 1024
[  510.969507][T27674] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  510.987782][T27679] loop5: detected capacity change from 0 to 128
[  510.996526][T27679] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  511.009496][T27679] ext4 filesystem being mounted at /575/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  511.020266][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  511.025890][T27679] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  511.035747][T27679] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  511.043429][T27679] vhci_hcd vhci_hcd.0: Device attached
[  511.057834][T27684] netlink: 5 bytes leftover after parsing attributes in process `syz.2.7727'.
[  511.150875][T27695] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7732'.
[  511.288399][ T3383] usb 11-1: new low-speed USB device number 2 using vhci_hcd
[  511.397661][T27717] netlink: 'syz.2.7738': attribute type 13 has an invalid length.
[  511.447955][T27717] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  511.513783][T27726] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7744'.
[  511.565441][T27681] vhci_hcd: connection reset by peer
[  511.571661][ T2041] vhci_hcd: stop threads
[  511.575939][ T2041] vhci_hcd: release socket
[  511.580473][ T2041] vhci_hcd: disconnect device
[  511.589074][T19840] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  511.601002][T27730] loop2: detected capacity change from 0 to 512
[  511.608289][T27730] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  511.634467][T27730] EXT4-fs (loop2): 1 orphan inode deleted
[  511.640275][T27730] EXT4-fs (loop2): 1 truncate cleaned up
[  511.660338][T27730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  511.673399][T27730] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  511.784472][T27756] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7756'.
[  512.159953][T27769] loop4: detected capacity change from 0 to 512
[  512.173731][T27769] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  512.216310][T27769] EXT4-fs (loop4): 1 orphan inode deleted
[  512.222089][T27769] EXT4-fs (loop4): 1 truncate cleaned up
[  512.257540][T27769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  512.295591][T27769] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  512.460679][T27792] netlink: 'syz.4.7770': attribute type 1 has an invalid length.
[  512.584925][T27805] loop5: detected capacity change from 0 to 128
[  512.593833][T27805] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  512.613804][T27805] ext4 filesystem being mounted at /579/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  512.624225][T27799] loop2: detected capacity change from 0 to 512
[  512.631290][T27799] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  512.635102][T27805] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  512.642754][T27799] EXT4-fs (loop2): 1 orphan inode deleted
[  512.647624][T27805] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  512.653398][T27799] EXT4-fs (loop2): 1 truncate cleaned up
[  512.660961][T27805] vhci_hcd vhci_hcd.0: Device attached
[  512.692808][T27799] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  512.711747][T27810] loop4: detected capacity change from 0 to 4096
[  512.730208][T27799] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  512.763601][T27815] loop0: detected capacity change from 0 to 512
[  512.775230][T27815] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  512.784394][T27815] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  512.903429][T27831] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  512.915333][T27831] tipc: Disabling bearer <eth:syzkaller0>
[  512.930542][T27832] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  512.930542][T27832]    program syz.1.7783 not setting count and/or reply_len properly
[  512.960658][T27831] netlink: 'syz.0.7780': attribute type 13 has an invalid length.
[  512.988068][T27831] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  513.233254][T27811] vhci_hcd: connection closed
[  513.233435][ T1376] vhci_hcd: stop threads
[  513.242488][ T1376] vhci_hcd: release socket
[  513.246975][ T1376] vhci_hcd: disconnect device
[  513.253244][T19840] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  513.465975][T27845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.474641][T27845] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.485733][T27845] loop5: detected capacity change from 0 to 512
[  513.494817][T27845] FAT-fs (loop5): error, invalid access to FAT (entry 0x0fff0000)
[  513.511507][T27847] ref_ctr_offset mismatch. inode: 0x2232 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  513.566539][T27849] loop4: detected capacity change from 0 to 512
[  513.573598][T27849] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  513.582764][T27849] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  513.609861][T27851] sctp: [Deprecated]: syz.4.7792 (pid 27851) Use of int in max_burst socket option.
[  513.609861][T27851] Use struct sctp_assoc_value instead
[  513.749924][T27854] netlink: 'syz.4.7793': attribute type 13 has an invalid length.
[  513.761790][   T29] kauditd_printk_skb: 94 callbacks suppressed
[  513.761801][   T29] audit: type=1326 audit(1754528393.121:6735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.791556][   T29] audit: type=1326 audit(1754528393.121:6736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.816214][T27854] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  513.821467][   T29] audit: type=1326 audit(1754528393.181:6737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.854952][   T29] audit: type=1326 audit(1754528393.181:6738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.878484][   T29] audit: type=1326 audit(1754528393.181:6739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.902905][   T29] audit: type=1326 audit(1754528393.271:6740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.926496][   T29] audit: type=1326 audit(1754528393.271:6741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.950152][   T29] audit: type=1326 audit(1754528393.271:6742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.975297][   T29] audit: type=1326 audit(1754528393.341:6743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  513.998803][   T29] audit: type=1326 audit(1754528393.341:6744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27857 comm="syz.2.7795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda502eebe9 code=0x7ffc0000
[  514.070871][T27867] loop5: detected capacity change from 0 to 1024
[  514.089776][T27867] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  514.103714][T27875] loop4: detected capacity change from 0 to 512
[  514.111108][T27875] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  514.114558][T27867] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  514.120343][T27875] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  514.143870][T27867] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  514.156160][T27867] EXT4-fs (loop5): This should not happen!! Data will be lost
[  514.156160][T27867] 
[  514.165859][T27867] EXT4-fs (loop5): Total free blocks count 0
[  514.171850][T27867] EXT4-fs (loop5): Free/Dirty block details
[  514.177737][T27867] EXT4-fs (loop5): free_blocks=68451041280
[  514.183571][T27867] EXT4-fs (loop5): dirty_blocks=64
[  514.188732][T27867] EXT4-fs (loop5): Block reservation details
[  514.194699][T27867] EXT4-fs (loop5): i_reserved_data_blocks=4
[  514.250220][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  514.266666][T27883] ref_ctr_offset mismatch. inode: 0x225d offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  514.286576][T27886] loop5: detected capacity change from 0 to 128
[  514.311500][T27886] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  514.325131][T27886] ext4 filesystem being mounted at /583/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  514.345595][T27886] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  514.352204][T27886] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  514.352334][T27892] loop4: detected capacity change from 0 to 1024
[  514.359737][T27886] vhci_hcd vhci_hcd.0: Device attached
[  514.360172][T27893] vhci_hcd: connection closed
[  514.379852][ T6421] vhci_hcd: stop threads
[  514.389019][ T6421] vhci_hcd: release socket
[  514.393460][ T6421] vhci_hcd: disconnect device
[  514.404854][T27892] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  514.424066][T27892] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  514.445066][T27892] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  514.457407][T27892] EXT4-fs (loop4): This should not happen!! Data will be lost
[  514.457407][T27892] 
[  514.467059][T27892] EXT4-fs (loop4): Total free blocks count 0
[  514.473063][T27892] EXT4-fs (loop4): Free/Dirty block details
[  514.478970][T27892] EXT4-fs (loop4): free_blocks=68451041280
[  514.484766][T27892] EXT4-fs (loop4): dirty_blocks=64
[  514.489951][T27892] EXT4-fs (loop4): Block reservation details
[  514.495976][T27892] EXT4-fs (loop4): i_reserved_data_blocks=4
[  514.503970][T27900] netlink: 'syz.0.7810': attribute type 13 has an invalid length.
[  514.524421][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  514.555175][T27900] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  514.614811][T27906] loop0: detected capacity change from 0 to 512
[  514.626744][T27906] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  514.635951][T27906] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  514.716823][T27919] __nla_validate_parse: 13 callbacks suppressed
[  514.716834][T27919] netlink: 56 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  514.838200][T27927] ref_ctr_offset mismatch. inode: 0x216e offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  514.879255][T27920] mmap: syz.2.7816 (27920) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  514.927845][T19840] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  514.945393][T27929] loop0: detected capacity change from 0 to 128
[  514.983431][T27929] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  515.011911][T27929] ext4 filesystem being mounted at /1542/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  515.057551][T27929] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  515.064103][T27929] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  515.071708][T27929] vhci_hcd vhci_hcd.0: Device attached
[  515.144093][T27940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7826'.
[  515.153159][T27940] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7826'.
[  515.271907][T27954] ref_ctr_offset mismatch. inode: 0x2234 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  515.300670][T27957] loop2: detected capacity change from 0 to 164
[  515.328431][T27457] usb 1-1: new low-speed USB device number 3 using vhci_hcd
[  515.346726][T27957] syz.2.7833: attempt to access beyond end of device
[  515.346726][T27957] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  515.381519][T27957] syz.2.7833: attempt to access beyond end of device
[  515.381519][T27957] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164
[  515.466494][T27965] FAULT_INJECTION: forcing a failure.
[  515.466494][T27965] name failslab, interval 1, probability 0, space 0, times 0
[  515.480119][T27965] CPU: 0 UID: 0 PID: 27965 Comm: syz.2.7837 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  515.480208][T27965] Tainted: [W]=WARN
[  515.480215][T27965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  515.480237][T27965] Call Trace:
[  515.480244][T27965]  <TASK>
[  515.480253][T27965]  __dump_stack+0x1d/0x30
[  515.480276][T27965]  dump_stack_lvl+0xe8/0x140
[  515.480295][T27965]  dump_stack+0x15/0x1b
[  515.480346][T27965]  should_fail_ex+0x265/0x280
[  515.480399][T27965]  should_failslab+0x8c/0xb0
[  515.480427][T27965]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  515.480520][T27965]  ? shmem_alloc_inode+0x34/0x50
[  515.480543][T27965]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  515.480567][T27965]  shmem_alloc_inode+0x34/0x50
[  515.480599][T27965]  alloc_inode+0x3d/0x170
[  515.480619][T27965]  new_inode+0x1d/0xe0
[  515.480643][T27965]  shmem_get_inode+0x244/0x750
[  515.480709][T27965]  __shmem_file_setup+0x113/0x210
[  515.480741][T27965]  shmem_file_setup+0x3b/0x50
[  515.480802][T27965]  __se_sys_memfd_create+0x2c3/0x590
[  515.480827][T27965]  __x64_sys_memfd_create+0x31/0x40
[  515.480847][T27965]  x64_sys_call+0x2abe/0x2ff0
[  515.480938][T27965]  do_syscall_64+0xd2/0x200
[  515.480968][T27965]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  515.480993][T27965]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  515.481013][T27965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.481033][T27965] RIP: 0033:0x7fda502eebe9
[  515.481066][T27965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  515.481086][T27965] RSP: 002b:00007fda4ed4ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  515.481139][T27965] RAX: ffffffffffffffda RBX: 0000000000000b75 RCX: 00007fda502eebe9
[  515.481154][T27965] RDX: 00007fda4ed4eef0 RSI: 0000000000000000 RDI: 00007fda503727e8
[  515.481168][T27965] RBP: 0000200000000c40 R08: 00007fda4ed4ebb7 R09: 00007fda4ed4ee40
[  515.481180][T27965] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000bc0
[  515.481192][T27965] R13: 00007fda4ed4eef0 R14: 00007fda4ed4eeb0 R15: 0000200000000c00
[  515.481209][T27965]  </TASK>
[  515.833879][ T3311] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  515.849195][T27935] vhci_hcd: connection reset by peer
[  515.872033][ T2041] vhci_hcd: stop threads
[  515.876317][ T2041] vhci_hcd: release socket
[  515.880763][ T2041] vhci_hcd: disconnect device
[  515.922295][T27981] ref_ctr_offset mismatch. inode: 0x217a offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  515.979019][T27983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.002169][T27983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.029763][T27983] loop5: detected capacity change from 0 to 512
[  516.040046][T27985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7839'.
[  516.071246][T27985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7839'.
[  516.080941][T27985] netlink: 29 bytes leftover after parsing attributes in process `syz.1.7839'.
[  516.097428][T27986] ref_ctr_offset mismatch. inode: 0x227a offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  516.143145][T27983] FAT-fs (loop5): error, invalid access to FAT (entry 0x0fff0000)
[  516.151839][T27983] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7838'.
[  516.201468][T27989] ref_ctr_offset mismatch. inode: 0x21bf offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  516.368356][ T3383] usb 11-1: enqueue for inactive port 0
[  516.373992][ T3383] usb 11-1: enqueue for inactive port 0
[  516.448409][ T3383] vhci_hcd: vhci_device speed not set
[  516.456901][T27998] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  516.466941][T27998] tipc: Disabling bearer <eth:syzkaller0>
[  516.574237][T27995] netlink: 'syz.2.7848': attribute type 13 has an invalid length.
[  516.607891][T27995] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  516.741850][T28004] netlink: 56 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  516.862054][T28008] loop5: detected capacity change from 0 to 4096
[  517.093524][T28018] bridge: RTM_NEWNEIGH with invalid ether address
[  517.228750][T28027] loop0: detected capacity change from 0 to 512
[  517.235773][T28027] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  517.244913][T28027] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  517.305801][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7858'.
[  517.314723][T28027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7858'.
[  517.356557][T28033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.365207][T28033] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  517.513133][T28033] loop0: detected capacity change from 0 to 512
[  517.538827][T28033] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fff0000)
[  517.743658][T28042] sctp: [Deprecated]: syz.2.7863 (pid 28042) Use of int in max_burst socket option.
[  517.743658][T28042] Use struct sctp_assoc_value instead
[  517.810200][T28049] bridge: RTM_NEWNEIGH with invalid ether address
[  517.980425][T28061] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  517.989639][T28061] tipc: Disabling bearer <eth:syzkaller0>
[  518.041983][T28064] netlink: 'syz.2.7870': attribute type 13 has an invalid length.
[  518.067752][T28064] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  518.161816][T28071] loop4: detected capacity change from 0 to 1024
[  518.193833][T28071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  518.219937][T28071] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  518.235033][T28071] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  518.247330][T28071] EXT4-fs (loop4): This should not happen!! Data will be lost
[  518.247330][T28071] 
[  518.256993][T28071] EXT4-fs (loop4): Total free blocks count 0
[  518.262998][T28071] EXT4-fs (loop4): Free/Dirty block details
[  518.268950][T28071] EXT4-fs (loop4): free_blocks=68451041280
[  518.274749][T28071] EXT4-fs (loop4): dirty_blocks=64
[  518.279956][T28071] EXT4-fs (loop4): Block reservation details
[  518.285921][T28071] EXT4-fs (loop4): i_reserved_data_blocks=4
[  518.300747][T28075] program syz.2.7876 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  518.311331][T28084] bridge: RTM_NEWNEIGH with invalid ether address
[  518.316632][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  518.386156][T28091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.400629][T28091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.566971][T28116] loop0: detected capacity change from 0 to 128
[  518.575388][T28116] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  518.587747][T28116] ext4 filesystem being mounted at /1556/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  518.603130][T28116] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  518.609690][T28116] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  518.617297][T28116] vhci_hcd vhci_hcd.0: Device attached
[  518.995276][   T29] kauditd_printk_skb: 9 callbacks suppressed
[  518.995349][   T29] audit: type=1326 audit(1754528398.351:6754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28132 comm="syz.1.7898" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdac171ebe9 code=0x0
[  519.138590][T28118] vhci_hcd: connection closed
[  519.138909][ T1376] vhci_hcd: stop threads
[  519.147828][ T1376] vhci_hcd: release socket
[  519.152271][ T1376] vhci_hcd: disconnect device
[  519.158669][ T3311] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  519.251406][T28139] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  519.261799][T28139] tipc: Disabling bearer <eth:syzkaller0>
[  519.309125][T28143] ref_ctr_offset mismatch. inode: 0x2203 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  519.331215][T28138] netlink: 'syz.0.7900': attribute type 13 has an invalid length.
[  519.359602][T28138] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  519.391082][T28145] loop2: detected capacity change from 0 to 1024
[  519.412292][T28145] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  519.455377][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  519.475063][T28153] ref_ctr_offset mismatch. inode: 0x21d0 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  519.486807][T28155] loop4: detected capacity change from 0 to 512
[  519.496759][   T29] audit: type=1326 audit(1754528398.851:6755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28154 comm="syz.4.7908" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f45a8abebe9 code=0x0
[  519.670093][T28169] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  519.691595][T28172] ref_ctr_offset mismatch. inode: 0x221e offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  519.699645][T28169] tipc: Disabling bearer <eth:syzkaller0>
[  519.716375][T28173] netlink: 'syz.5.7913': attribute type 13 has an invalid length.
[  519.748334][T28176] netlink: 'syz.0.7912': attribute type 13 has an invalid length.
[  519.799319][T28176] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  519.858698][T28173] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  519.883125][T28181] ref_ctr_offset mismatch. inode: 0x2290 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  519.928194][T28182] __nla_validate_parse: 15 callbacks suppressed
[  519.928212][T28182] netlink: 256 bytes leftover after parsing attributes in process `syz.2.7915'.
[  519.943662][T28182] netlink: 72 bytes leftover after parsing attributes in process `syz.2.7915'.
[  519.985012][T28186] loop5: detected capacity change from 0 to 1024
[  520.010531][T28186] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  520.053852][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  520.071457][T28194] ref_ctr_offset mismatch. inode: 0x21e0 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  520.084840][T28182] netlink: 84 bytes leftover after parsing attributes in process `syz.2.7915'.
[  520.150963][T28200] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7924'.
[  520.253064][T28206] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  520.259595][T28206] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  520.267144][T28206] vhci_hcd vhci_hcd.0: Device attached
[  520.279976][T28210] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7928'.
[  520.280440][T28207] vhci_hcd: connection closed
[  520.289746][ T1376] vhci_hcd: stop threads
[  520.298776][ T1376] vhci_hcd: release socket
[  520.303305][ T1376] vhci_hcd: disconnect device
[  520.311041][T28212] bridge: RTM_NEWNEIGH with invalid ether address
[  520.358136][T28220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7932'.
[  520.367465][T27457] usb 1-1: enqueue for inactive port 0
[  520.373240][T27457] usb 1-1: enqueue for inactive port 0
[  520.395370][T28222] netlink: 56 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  520.438426][T28224] loop4: detected capacity change from 0 to 1024
[  520.448358][T27457] vhci_hcd: vhci_device speed not set
[  520.455568][T28224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  520.472087][T28224] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  520.487217][T28224] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  520.499568][T28224] EXT4-fs (loop4): This should not happen!! Data will be lost
[  520.499568][T28224] 
[  520.509257][T28224] EXT4-fs (loop4): Total free blocks count 0
[  520.515311][T28224] EXT4-fs (loop4): Free/Dirty block details
[  520.521309][T28224] EXT4-fs (loop4): free_blocks=68451041280
[  520.527126][T28224] EXT4-fs (loop4): dirty_blocks=64
[  520.532252][T28224] EXT4-fs (loop4): Block reservation details
[  520.538286][T28224] EXT4-fs (loop4): i_reserved_data_blocks=4
[  520.544286][T28229] ref_ctr_offset mismatch. inode: 0xcf1 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  520.566201][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  520.697055][T28238] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  520.723733][T28238] tipc: Disabling bearer <eth:syzkaller0>
[  520.769284][T28238] netlink: 'syz.5.7939': attribute type 13 has an invalid length.
[  520.806321][T28238] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  520.918043][T28244] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  520.964227][T28244] tipc: Disabling bearer <eth:syzkaller0>
[  521.010728][T28255] netlink: 'syz.0.7941': attribute type 13 has an invalid length.
[  521.032299][T28257] loop5: detected capacity change from 0 to 1024
[  521.077498][T28257] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  521.089773][T28255] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  521.115686][T28257] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  521.176318][T28257] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  521.188701][T28257] EXT4-fs (loop5): This should not happen!! Data will be lost
[  521.188701][T28257] 
[  521.198343][T28257] EXT4-fs (loop5): Total free blocks count 0
[  521.204369][T28257] EXT4-fs (loop5): Free/Dirty block details
[  521.210265][T28257] EXT4-fs (loop5): free_blocks=68451041280
[  521.216061][T28257] EXT4-fs (loop5): dirty_blocks=64
[  521.221334][T28257] EXT4-fs (loop5): Block reservation details
[  521.227307][T28257] EXT4-fs (loop5): i_reserved_data_blocks=4
[  521.328731][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  521.340143][T28278] netlink: 56 bytes leftover after parsing attributes in process `wÞ£ÿ'.
[  521.416776][T28286] netlink: 256 bytes leftover after parsing attributes in process `syz.4.7952'.
[  521.425863][T28286] netlink: 72 bytes leftover after parsing attributes in process `syz.4.7952'.
[  521.446414][T28290] loop2: detected capacity change from 0 to 512
[  521.469955][T28290] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  521.479182][T28290] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  521.691177][T28310] netlink: 'syz.5.7968': attribute type 13 has an invalid length.
[  521.738536][T28310] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  521.766927][T28318] loop0: detected capacity change from 0 to 128
[  521.797204][T28318] ext4 filesystem being mounted at /1572/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  521.824707][T28318] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  521.831262][T28318] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  521.838863][T28318] vhci_hcd vhci_hcd.0: Device attached
[  522.006297][T28346] loop2: detected capacity change from 0 to 512
[  522.020924][T28346] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  522.030105][T28346] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  522.078289][T27457] usb 1-1: new low-speed USB device number 4 using vhci_hcd
[  522.280314][T28372] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  522.286869][T28372] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  522.294407][T28372] vhci_hcd vhci_hcd.0: Device attached
[  522.304040][T28375] vhci_hcd: connection closed
[  522.304209][ T2784] vhci_hcd: stop threads
[  522.313286][ T2784] vhci_hcd: release socket
[  522.317748][ T2784] vhci_hcd: disconnect device
[  522.350018][T28325] vhci_hcd: connection reset by peer
[  522.361392][ T6421] vhci_hcd: stop threads
[  522.365675][ T6421] vhci_hcd: release socket
[  522.370148][ T6421] vhci_hcd: disconnect device
[  522.462130][T28388] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  522.472505][T28388] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  522.482815][T28388] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  522.512792][T28391] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  522.521552][T28391] tipc: Disabling bearer <eth:syzkaller0>
[  522.532299][T28392] loop4: detected capacity change from 0 to 128
[  522.550101][T28393] netlink: 'syz.2.8000': attribute type 13 has an invalid length.
[  522.552578][T28392] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  522.581337][T28388] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  522.591706][T28388] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  522.597335][T28392] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  522.601917][T28388] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  522.620293][T28391] netlink: 'syz.0.8002': attribute type 13 has an invalid length.
[  522.664476][T28393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  522.698313][T28391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  522.729733][T28388] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  522.740144][T28388] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  522.750370][T28388] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  522.887640][T28388] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  522.898022][T28388] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  522.908256][T28388] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  522.987388][ T2041] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  522.995736][ T2041] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  523.004011][ T2041] netdevsim netdevsim4 eth0: set [1, 2] type 2 family 0 port 6081 - 0
[  523.327817][ T2041] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  523.336229][ T2041] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  523.344345][ T2041] netdevsim netdevsim4 eth1: set [1, 2] type 2 family 0 port 6081 - 0
[  523.406841][ T2041] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  523.415270][ T2041] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  523.423462][ T2041] netdevsim netdevsim4 eth2: set [1, 2] type 2 family 0 port 6081 - 0
[  523.432034][ T2041] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  523.440368][ T2041] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  523.448592][ T2041] netdevsim netdevsim4 eth3: set [1, 2] type 2 family 0 port 6081 - 0
[  523.457294][T28423] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  523.463812][T28423] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  523.471429][T28423] vhci_hcd vhci_hcd.0: Device attached
[  523.633760][T28433] netlink: 'syz.4.8015': attribute type 13 has an invalid length.
[  523.718385][   T36] usb 3-1: new low-speed USB device number 2 using vhci_hcd
[  523.783193][T28433] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  523.790931][T28440] loop2: detected capacity change from 0 to 1024
[  523.898375][T28440] EXT4-fs mount: 2 callbacks suppressed
[  523.898391][T28440] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  523.963716][T28447] ref_ctr_offset mismatch. inode: 0xd3f offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  524.009262][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.098323][T28425] vhci_hcd: connection reset by peer
[  524.103942][ T6421] vhci_hcd: stop threads
[  524.108288][ T6421] vhci_hcd: release socket
[  524.112700][ T6421] vhci_hcd: disconnect device
[  524.138557][T28457] loop2: detected capacity change from 0 to 128
[  524.157950][T28457] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  524.227588][T28457] ext4 filesystem being mounted at /1608/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  524.270964][T28467] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  524.327730][T28457] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  524.334253][T28457] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  524.341891][T28457] vhci_hcd vhci_hcd.0: Device attached
[  524.364193][T28467] tipc: Disabling bearer <eth:syzkaller0>
[  524.379710][T28457] sd 0:0:1:0: device reset
[  524.394702][T28473] netlink: 'syz.5.8029': attribute type 13 has an invalid length.
[  524.508400][T28473] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  524.589016][T28484] netlink: 'syz.1.8032': attribute type 13 has an invalid length.
[  524.598333][ T3410] usb 5-1: new low-speed USB device number 2 using vhci_hcd
[  524.645697][T28484] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  524.661763][T28487] ref_ctr_offset mismatch. inode: 0xd4f offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  524.900873][T28470] vhci_hcd: connection reset by peer
[  524.907087][ T1376] vhci_hcd: stop threads
[  524.911425][ T1376] vhci_hcd: release socket
[  524.915839][ T1376] vhci_hcd: disconnect device
[  524.919654][T28500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.929164][ T3303] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  524.929526][T28499] bridge: RTM_NEWNEIGH with invalid ether address
[  524.945465][T28500] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.989442][T28500] loop4: detected capacity change from 0 to 512
[  525.018808][T28500] FAT-fs (loop4): error, invalid access to FAT (entry 0x0fff0000)
[  525.030294][   T29] audit: type=1400 audit(1754528404.371:6756): avc:  denied  { create } for  pid=28513 comm="syz.1.8048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  525.050461][T28500] __nla_validate_parse: 12 callbacks suppressed
[  525.050476][T28500] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8040'.
[  525.074443][   T29] audit: type=1400 audit(1754528404.431:6757): avc:  denied  { setopt } for  pid=28513 comm="syz.1.8048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  525.095593][   T29] audit: type=1326 audit(1754528404.431:6758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28513 comm="syz.1.8048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdac171ebe9 code=0x7ffc0000
[  525.119193][   T29] audit: type=1326 audit(1754528404.431:6759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28513 comm="syz.1.8048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fdac171ebe9 code=0x7ffc0000
[  525.271502][T28528] netlink: 'syz.2.8049': attribute type 13 has an invalid length.
[  525.306763][T28528] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  525.342197][T28538] bridge: RTM_NEWNEIGH with invalid ether address
[  525.348878][T28539] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  525.348878][T28539]    program syz.1.8055 not setting count and/or reply_len properly
[  525.414433][T28545] loop2: detected capacity change from 0 to 128
[  525.422542][T28545] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  525.444372][T28545] ext4 filesystem being mounted at /1613/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  525.465235][T28545] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  525.471762][T28545] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  525.479442][T28545] vhci_hcd vhci_hcd.0: Device attached
[  525.494605][T28549] vhci_hcd: connection closed
[  525.494739][ T2041] vhci_hcd: stop threads
[  525.503853][ T2041] vhci_hcd: release socket
[  525.508347][ T2041] vhci_hcd: disconnect device
[  525.679063][T28561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8061'.
[  525.727575][T28561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8061'.
[  525.751864][T28561] netlink: 21 bytes leftover after parsing attributes in process `syz.0.8061'.
[  525.883676][T28572] bridge: RTM_NEWNEIGH with invalid ether address
[  526.036100][T28578] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8068'.
[  526.068012][T28578] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8068'.
[  526.077416][T28578] netlink: 29 bytes leftover after parsing attributes in process `syz.4.8068'.
[  526.298741][ T3303] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  526.322873][T28582] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  526.329413][T28582] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  526.336940][T28582] vhci_hcd vhci_hcd.0: Device attached
[  526.449047][T28589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8071'.
[  526.459536][T28589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8071'.
[  526.469452][T28589] netlink: 29 bytes leftover after parsing attributes in process `syz.5.8071'.
[  526.478815][T28583] vhci_hcd: connection closed
[  526.479802][ T6421] vhci_hcd: stop threads
[  526.488860][ T6421] vhci_hcd: release socket
[  526.493303][ T6421] vhci_hcd: disconnect device
[  526.504837][T28588] loop2: detected capacity change from 0 to 1024
[  526.743268][T28588] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  526.789774][T28588] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  526.806473][T28598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  526.815046][T28598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  526.825427][T28598] loop0: detected capacity change from 0 to 512
[  526.827418][T28588] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  526.844203][T28588] EXT4-fs (loop2): This should not happen!! Data will be lost
[  526.844203][T28588] 
[  526.846175][T28598] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fff0000)
[  526.853960][T28588] EXT4-fs (loop2): Total free blocks count 0
[  526.867879][T28588] EXT4-fs (loop2): Free/Dirty block details
[  526.873807][T28588] EXT4-fs (loop2): free_blocks=68451041280
[  526.879674][T28588] EXT4-fs (loop2): dirty_blocks=64
[  526.884841][T28588] EXT4-fs (loop2): Block reservation details
[  526.890868][T28588] EXT4-fs (loop2): i_reserved_data_blocks=4
[  526.913730][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  526.976563][T28607] loop2: detected capacity change from 0 to 4096
[  527.053531][T28612] bridge: RTM_NEWNEIGH with invalid ether address
[  527.091900][T28616] loop5: detected capacity change from 0 to 128
[  527.106145][T28616] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  527.129596][T28616] ext4 filesystem being mounted at /637/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  527.156817][T28616] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  527.159947][T27457] usb 1-1: enqueue for inactive port 0
[  527.163417][T28616] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  527.169066][T27457] usb 1-1: enqueue for inactive port 0
[  527.176512][T28616] vhci_hcd vhci_hcd.0: Device attached
[  527.237992][T28616] sd 0:0:1:0: device reset
[  527.248371][T27457] vhci_hcd: vhci_device speed not set
[  527.425447][T28641] bridge: RTM_NEWNEIGH with invalid ether address
[  527.432117][ T3369] usb 11-1: new low-speed USB device number 3 using vhci_hcd
[  527.485488][T28645] loop0: detected capacity change from 0 to 4096
[  527.757585][T28621] vhci_hcd: connection reset by peer
[  527.778930][T19840] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  527.789331][ T2784] vhci_hcd: stop threads
[  527.789342][ T2784] vhci_hcd: release socket
[  527.789357][ T2784] vhci_hcd: disconnect device
[  527.870897][T28667] bridge: RTM_NEWNEIGH with invalid ether address
[  527.896174][T28673] ref_ctr_offset mismatch. inode: 0x235d offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  527.897580][T28656] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  527.897580][T28656]    program syz.0.8100 not setting count and/or reply_len properly
[  527.925270][T28671] loop5: detected capacity change from 0 to 4096
[  527.937365][T28656] loop0: detected capacity change from 0 to 512
[  527.951876][T28656] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  527.968202][T28656] EXT4-fs (loop0): 1 orphan inode deleted
[  527.974045][T28656] EXT4-fs (loop0): 1 truncate cleaned up
[  527.988971][T28656] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  528.008899][T28656] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  528.203233][T28697] loop4: detected capacity change from 0 to 512
[  528.226568][T28701] bridge: RTM_NEWNEIGH with invalid ether address
[  528.230741][   T29] audit: type=1326 audit(1754528407.581:6760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28696 comm="syz.4.8114" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f45a8abebe9 code=0x0
[  528.658134][T28719] loop0: detected capacity change from 0 to 4096
[  528.758363][   T36] usb 3-1: enqueue for inactive port 0
[  528.763923][   T36] usb 3-1: enqueue for inactive port 0
[  528.848331][   T36] vhci_hcd: vhci_device speed not set
[  529.146335][T28735] bridge: RTM_NEWNEIGH with invalid ether address
[  529.203711][T28740] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  529.210251][T28740] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  529.217821][T28740] vhci_hcd vhci_hcd.0: Device attached
[  529.231414][T28743] vhci_hcd: connection closed
[  529.231630][ T2041] vhci_hcd: stop threads
[  529.240609][ T2041] vhci_hcd: release socket
[  529.245135][ T2041] vhci_hcd: disconnect device
[  529.285069][T28752] loop5: detected capacity change from 0 to 1024
[  529.299774][T28752] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  529.324072][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.638347][ T3410] usb 5-1: enqueue for inactive port 0
[  529.644056][ T3410] usb 5-1: enqueue for inactive port 0
[  529.718520][ T3410] vhci_hcd: vhci_device speed not set
[  529.985595][T28788] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  529.992119][T28788] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  529.999688][T28788] vhci_hcd vhci_hcd.0: Device attached
[  530.005967][T28789] vhci_hcd: connection closed
[  530.006009][ T2784] vhci_hcd: stop threads
[  530.015012][ T2784] vhci_hcd: release socket
[  530.019585][ T2784] vhci_hcd: disconnect device
[  530.172706][T28798] netlink: 'syz.0.8157': attribute type 13 has an invalid length.
[  530.190545][T28805] __nla_validate_parse: 10 callbacks suppressed
[  530.190562][T28805] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8160'.
[  530.206774][T28798] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  530.252383][T28807] loop5: detected capacity change from 0 to 1024
[  530.290717][T28807] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  530.324080][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.489963][T28824] netlink: 256 bytes leftover after parsing attributes in process `syz.0.8167'.
[  530.499050][T28824] netlink: 72 bytes leftover after parsing attributes in process `syz.0.8167'.
[  530.521343][T28824] netlink: 84 bytes leftover after parsing attributes in process `syz.0.8167'.
[  530.611102][T28832] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8171'.
[  530.633709][T28834] sd 0:0:1:0: device reset
[  530.688180][T28838] ref_ctr_offset mismatch. inode: 0x23a3 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  530.742008][T28839] netlink: 'syz.1.8173': attribute type 13 has an invalid length.
[  530.794339][T28839] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  530.938653][T28849] netlink: 'syz.1.8178': attribute type 13 has an invalid length.
[  530.955542][T28851] ref_ctr_offset mismatch. inode: 0x2317 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  530.976216][T28849] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  531.147559][T28862] loop2: detected capacity change from 0 to 128
[  531.155317][T28862] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  531.167774][T28862] ext4 filesystem being mounted at /1631/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  531.179523][T28862] sd 0:0:1:0: device reset
[  531.194316][ T3303] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  531.246679][T28869] loop2: detected capacity change from 0 to 512
[  531.253919][T28869] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  531.262987][T28869] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  531.274635][T28869] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8185'.
[  531.407218][T28885] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  531.425743][T28885] tipc: Disabling bearer <eth:syzkaller0>
[  531.450634][T28888] netlink: 'syz.5.8191': attribute type 13 has an invalid length.
[  531.479007][T28889] netlink: 'syz.0.8189': attribute type 13 has an invalid length.
[  531.503111][T28888] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  531.550299][T28891] netlink: 'syz.2.8193': attribute type 13 has an invalid length.
[  531.571574][T28889] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  531.657663][T28895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8195'.
[  531.702241][T28895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8195'.
[  531.735904][T28891] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  531.751746][T28893] bridge: RTM_NEWNEIGH with invalid ether address
[  531.799366][T28901] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8198'.
[  531.817404][T28905] loop5: detected capacity change from 0 to 512
[  531.827676][T28905] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  531.836840][T28905] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  531.853030][T28907] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8201'.
[  531.925847][T28918] syzkaller0: entered promiscuous mode
[  531.931414][T28918] syzkaller0: entered allmulticast mode
[  531.941305][T28916] ref_ctr_offset mismatch. inode: 0x23c7 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  532.055173][T28940] loop2: detected capacity change from 0 to 128
[  532.066840][T28940] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  532.081228][T28940] ext4 filesystem being mounted at /1640/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  532.111126][   T29] audit: type=1400 audit(1754528411.461:6761): avc:  denied  { setattr } for  pid=28939 comm="syz.2.8216" name="file1" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  532.133224][   T29] audit: type=1400 audit(1754528411.461:6762): avc:  denied  { add_name } for  pid=28939 comm="syz.2.8216" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  532.160452][T28947] loop5: detected capacity change from 0 to 1024
[  532.171069][ T3303] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  532.190609][T28947] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  532.205076][T28947] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  532.227818][T28947] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  532.240278][T28947] EXT4-fs (loop5): This should not happen!! Data will be lost
[  532.240278][T28947] 
[  532.250148][T28947] EXT4-fs (loop5): Total free blocks count 0
[  532.256156][T28947] EXT4-fs (loop5): Free/Dirty block details
[  532.262154][T28947] EXT4-fs (loop5): free_blocks=68451041280
[  532.267977][T28947] EXT4-fs (loop5): dirty_blocks=64
[  532.272301][T28957] sd 0:0:1:0: device reset
[  532.273148][T28947] EXT4-fs (loop5): Block reservation details
[  532.283627][T28947] EXT4-fs (loop5): i_reserved_data_blocks=4
[  532.319150][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.383563][   T29] audit: type=1326 audit(1754528411.741:6763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.407120][   T29] audit: type=1326 audit(1754528411.741:6764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.439964][T28971] block device autoloading is deprecated and will be removed.
[  532.448488][   T29] audit: type=1326 audit(1754528411.771:6765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.472034][   T29] audit: type=1326 audit(1754528411.771:6766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.495550][   T29] audit: type=1326 audit(1754528411.771:6767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.500217][T28971] loop0: detected capacity change from 0 to 512
[  532.519080][   T29] audit: type=1326 audit(1754528411.771:6768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.533666][ T3369] usb 11-1: enqueue for inactive port 0
[  532.548870][   T29] audit: type=1326 audit(1754528411.771:6769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.577849][   T29] audit: type=1326 audit(1754528411.771:6770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28970 comm="syz.0.8227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2493cebe9 code=0x7ffc0000
[  532.607120][ T3369] usb 11-1: enqueue for inactive port 0
[  532.616045][T28971] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  532.631878][T28976] netlink: 'syz.5.8228': attribute type 13 has an invalid length.
[  532.647189][T28971] EXT4-fs (loop0): orphan cleanup on readonly fs
[  532.661956][T28976] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  532.670762][T28971] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.8227: corrupted inode contents
[  532.696067][T28971] EXT4-fs (loop0): Remounting filesystem read-only
[  532.702764][T28971] EXT4-fs (loop0): 1 truncate cleaned up
[  532.709639][ T3369] vhci_hcd: vhci_device speed not set
[  532.718553][   T41] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  532.729088][   T41] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  532.741080][T28981] sd 0:0:1:0: device reset
[  532.746697][   T41] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[  532.757452][T28971] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  532.771291][T28971] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  532.838885][T28986] sd 0:0:1:0: device reset
[  532.856307][T28993] loop5: detected capacity change from 0 to 1024
[  532.875350][T28993] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  532.895499][T28993] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  532.910671][T28993] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28
[  532.923044][T28993] EXT4-fs (loop5): This should not happen!! Data will be lost
[  532.923044][T28993] 
[  532.932706][T28993] EXT4-fs (loop5): Total free blocks count 0
[  532.932724][T28993] EXT4-fs (loop5): Free/Dirty block details
[  532.932739][T28993] EXT4-fs (loop5): free_blocks=68451041280
[  532.932755][T28993] EXT4-fs (loop5): dirty_blocks=64
[  532.932769][T28993] EXT4-fs (loop5): Block reservation details
[  532.932780][T28993] EXT4-fs (loop5): i_reserved_data_blocks=4
[  532.965629][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  533.067163][T29008] loop1: detected capacity change from 0 to 4096
[  533.125433][T29021] sd 0:0:1:0: device reset
[  533.795699][T29042] loop1: detected capacity change from 0 to 2048
[  533.804801][T29042] ext4: Unknown parameter 'uid'
[  533.835580][T29043] bond46: entered promiscuous mode
[  533.840899][T29043] bond46: entered allmulticast mode
[  533.854265][T29043] 8021q: adding VLAN 0 to HW filter on device bond46
[  533.874372][T29043] bond46 (unregistering): Released all slaves
[  534.009264][T29048] netlink: 'syz.4.8257': attribute type 13 has an invalid length.
[  534.053397][T29048] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  534.087138][T29059] sd 0:0:1:0: device reset
[  534.136632][T29061] loop5: detected capacity change from 0 to 1024
[  534.171820][T29061] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  534.247760][T19840] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  534.338332][T29079] loop4: detected capacity change from 0 to 512
[  534.354914][T29079] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  534.395872][T29079] EXT4-fs (loop4): orphan cleanup on readonly fs
[  534.415190][T29079] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.8268: Block bitmap for bg 0 marked uninitialized
[  534.523389][T29082] FAULT_INJECTION: forcing a failure.
[  534.523389][T29082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  534.536542][T29082] CPU: 0 UID: 0 PID: 29082 Comm: syz.5.8267 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  534.536675][T29082] Tainted: [W]=WARN
[  534.536683][T29082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  534.536697][T29082] Call Trace:
[  534.536705][T29082]  <TASK>
[  534.536714][T29082]  __dump_stack+0x1d/0x30
[  534.536738][T29082]  dump_stack_lvl+0xe8/0x140
[  534.536789][T29082]  dump_stack+0x15/0x1b
[  534.536809][T29082]  should_fail_ex+0x265/0x280
[  534.536846][T29082]  should_fail+0xb/0x20
[  534.536879][T29082]  should_fail_usercopy+0x1a/0x20
[  534.536980][T29082]  _copy_to_user+0x20/0xa0
[  534.537009][T29082]  simple_read_from_buffer+0xb5/0x130
[  534.537034][T29082]  proc_fail_nth_read+0x10e/0x150
[  534.537094][T29082]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  534.537161][T29082]  vfs_read+0x1a0/0x6f0
[  534.537243][T29082]  ? __rcu_read_unlock+0x4f/0x70
[  534.537266][T29082]  ? __fget_files+0x184/0x1c0
[  534.537294][T29082]  ksys_read+0xda/0x1a0
[  534.537365][T29082]  __x64_sys_read+0x40/0x50
[  534.537385][T29082]  x64_sys_call+0x27bc/0x2ff0
[  534.537480][T29082]  do_syscall_64+0xd2/0x200
[  534.537503][T29082]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  534.537538][T29082]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  534.537561][T29082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.537583][T29082] RIP: 0033:0x7f1b5649d5fc
[  534.537600][T29082] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  534.537619][T29082] RSP: 002b:00007f1b54ee6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  534.537673][T29082] RAX: ffffffffffffffda RBX: 00007f1b566c6090 RCX: 00007f1b5649d5fc
[  534.537686][T29082] RDX: 000000000000000f RSI: 00007f1b54ee60a0 RDI: 0000000000000006
[  534.537700][T29082] RBP: 00007f1b54ee6090 R08: 0000000000000000 R09: 0000000000000000
[  534.537714][T29082] R10: 00000000000002c2 R11: 0000000000000246 R12: 0000000000000001
[  534.537727][T29082] R13: 00007f1b566c6128 R14: 00007f1b566c6090 R15: 00007ffee6902f58
[  534.537746][T29082]  </TASK>
[  534.764388][T29079] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  534.780920][T29079] EXT4-fs (loop4): 1 orphan inode deleted
[  534.787030][T29079] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  534.812391][T29079] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  534.845965][T29079] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  534.891096][T29098] SELinux:  policydb magic number 0x4800 does not match expected magic number 0xf97cff8c
[  534.901411][T29098] SELinux: failed to load policy
[  534.907983][T29079] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  534.959814][T29106] netlink: 'syz.5.8280': attribute type 10 has an invalid length.
[  534.967967][T29106] syz_tun: entered promiscuous mode
[  534.974663][T29106] $Hÿ: (slave syz_tun): Enslaving as an active interface with an up link
[  534.988175][T29107] netlink: 'syz.1.8278': attribute type 13 has an invalid length.
[  535.015981][T29109] ref_ctr_offset mismatch. inode: 0x2367 offset: 0x0 ref_ctr_offset(old): 0x1000 ref_ctr_offset(new): 0x0
[  535.029549][T29112] sg_write: data in/out 722924518/114 bytes for SCSI command 0xa4-- guessing data in;
[  535.029549][T29112]    program syz.4.8279 not setting count and/or reply_len properly
[  535.082547][T29107] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  535.098124][T29111] bridge: RTM_NEWNEIGH with invalid ether address
[  535.107706][T29112] loop4: detected capacity change from 0 to 512
[  535.115870][T29112] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  535.136086][T29112] EXT4-fs (loop4): 1 orphan inode deleted
[  535.141928][T29112] EXT4-fs (loop4): 1 truncate cleaned up
[  535.164553][T29112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  535.178052][T29112] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  535.231902][T29123] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  535.238461][T29123] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  535.246137][T29123] vhci_hcd vhci_hcd.0: Device attached
[  535.262868][T29124] vhci_hcd: connection closed
[  535.263695][ T2041] vhci_hcd: stop threads
[  535.272672][ T2041] vhci_hcd: release socket
[  535.277068][ T2041] vhci_hcd: disconnect device
[  535.311259][T29132] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  535.317784][T29132] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  535.325410][T29132] vhci_hcd vhci_hcd.0: Device attached
[  535.332594][T29133] vhci_hcd: connection closed
[  535.332847][ T6421] vhci_hcd: stop threads
[  535.333672][T29135] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  535.337594][ T6421] vhci_hcd: release socket
[  535.337604][ T6421] vhci_hcd: disconnect device
[  535.364721][T29135] netlink: 'syz.5.8289': attribute type 13 has an invalid length.
[  535.439256][T29135] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  535.765504][T29140] loop5: detected capacity change from 0 to 128
[  535.773330][T29140] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  535.785662][T29140] ext4 filesystem being mounted at /687/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  535.785746][T29103] ==================================================================
[  535.785777][T29103] BUG: KCSAN: data-race in _prb_read_valid / prb_reserve
[  535.811014][T29103] 
[  535.813326][T29103] write to 0xffffffff8689bf18 of 88 bytes by task 29140 on cpu 1:
[  535.821120][T29103]  prb_reserve+0x696/0xaf0
[  535.825537][T29103]  vprintk_store+0x56d/0x860
[  535.830126][T29103]  vprintk_emit+0x178/0x650
[  535.834620][T29103]  vprintk_default+0x26/0x30
[  535.839195][T29103]  vprintk+0x1d/0x30
[  535.843084][T29103]  _printk+0x79/0xa0
[  535.846972][T29103]  mnt_warn_timestamp_expiry+0x1c3/0x200
[  535.852605][T29103]  do_new_mount+0x30a/0x5e0
[  535.857101][T29103]  path_mount+0x4a4/0xb20
[  535.861415][T29103]  __se_sys_mount+0x28f/0x2e0
[  535.866084][T29103]  __x64_sys_mount+0x67/0x80
[  535.870661][T29103]  x64_sys_call+0x2b4d/0x2ff0
[  535.875326][T29103]  do_syscall_64+0xd2/0x200
[  535.879820][T29103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.885702][T29103] 
[  535.888013][T29103] read to 0xffffffff8689bf18 of 8 bytes by task 29103 on cpu 0:
[  535.895631][T29103]  _prb_read_valid+0x1c4/0x920
[  535.900401][T29103]  prb_read_valid+0x3c/0x60
[  535.904914][T29103]  console_unlock+0x164/0x330
[  535.909589][T29103]  con_shutdown+0x4b/0x60
[  535.913923][T29103]  release_tty+0x85/0x4f0
[  535.918251][T29103]  tty_release_struct+0x96/0xb0
[  535.923097][T29103]  tty_release+0x856/0xb10
[  535.927509][T29103]  __fput+0x298/0x650
[  535.931487][T29103]  ____fput+0x1c/0x30
[  535.935465][T29103]  task_work_run+0x131/0x1a0
[  535.940045][T29103]  exit_to_user_mode_loop+0xe4/0x100
[  535.945319][T29103]  do_syscall_64+0x1d6/0x200
[  535.949898][T29103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.955781][T29103] 
[  535.958097][T29103] value changed: 0x00000000000020bf -> 0x00000000000040bf
[  535.965240][T29103] 
[  535.967556][T29103] Reported by Kernel Concurrency Sanitizer on:
[  535.973692][T29103] CPU: 0 UID: 0 PID: 29103 Comm: syz.4.8279 Tainted: G        W           6.16.0-syzkaller-11895-gcca7a0aae895 #0 PREEMPT(voluntary) 
[  535.987401][T29103] Tainted: [W]=WARN
[  535.991188][T29103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  536.001231][T29103] ==================================================================
[  536.036726][T19840] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.