last executing test programs:

26.420144865s ago: executing program 3 (id=2424):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket(0x1e, 0x2, 0x0)
sendmsg$tipc(r2, &(0x7f0000000400)={&(0x7f00000003c0)=@id={0x1e, 0x3, 0x0, {0x4e20}}, 0x10, 0x0, 0xf5ff, 0x0, 0x0, 0x4c840}, 0x4000001)

26.417240025s ago: executing program 3 (id=2425):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x204000000000000, &(0x7f0000000640), 0x1, 0x5b3, &(0x7f0000000680)="$eJzs3V9oJHcdAPDvbnavNnd6rdTqVdtLrbZn/2wuSTm8WpB71PZK7Z8nT86Q7OWObLIxu8EmtZBShAqehOqTPikIKj6cCAriQ0Gsj4JvSqlgEeUgFEtR9NSVmd099swmuTR/hst8PjDJzG9m8/vOfvnOzvxudi6A3BpKfhQiDkXEaxFxuL147QZD7V8rY5fOJ1MhWq2n3yqk270wdul8d9Pu6w4mP4oRH0p+/TriYHltv43FpenxWq0631kebs7MDTcWlx66MDM+VZ2qzo6OjZw4Pnpi5MTJHdvXHz7/ymffeP7xKxdXB7//+pGj/0jiPdRZ17sfO2UohjrvSTk+2ruiEPHpne4sIwMRUYqID2QdCFt25ndff7abv3Ja/4djIF2KGBw78/bhuPho1jECu6eVWm/tQAvYzwqRdQRANrqf9Mn1b3faq3OP6f1yEXwDWz3VvgB8oTO2s3I1/6UodrYp79L1/dG/RgxF8/5Ln7n7q8kUuzQOw/qWX4x0oG5t/RfSsbFbOtvdExHHIuJjEfHxiLg3Iu7bZt/PfCHJ/x+/2dsm/3vrevP/iYioRMT9EfFARDwYEQ9ts+/bTyf5P/jF3jb5z487Ppd1BGTpty9nHQHp8f94qdTv+F/c5t++e5P1rfTfFZff7G1z/M+Pp57OOgKy9MSJrCMgS995K+sIePVU+2Ju7ed/MW7v2S6Z/2D7UjGOJOfuEfHhiPhIRNwZEXdFxNHu/UTX6SuPJdtXqr1taz//i5e3s39sbPVUxKM993at9OS/45aBztJ70/GAcuHchVr1eES8Lx0TKt+ULI9s0MfXln/1WL/2H9+Z5P9TT3TH/5Ip6b87FtiJ43LppmtfNzneHN/uftO2+mLEHaV++S907gRq39fXiojhd9nHS8d+8pt+7Z98Ksn/vQ9unH92U+u77XHcfvnvKmx8f+ZwejwY7h4V1nopbrvYr/3JK0n+3/yD/Gcnqf/BjfOfHv+v3q/b2HofpZXL3+jbPpPk/8+/fDfH/wOFZ9IAD3TanhtvNudHIg4UHl/bPrr1mPer7vvRfb+S/B+7p//n//s7r0ne0KSy/xMR/42If0bEvyLiSkT8OyL+FhFvb9DnL1555Of92seeTfL/l9fUf3aS/E9uUv+Fa+p/6zPfvuvkl/v1/YPvJfkfrGxe/w+nwRzrtDj/29z1JijrOAEAAAAAAADYGcX0GXiFYuXqfLFYqbSf4XdbDBZr9UbzgXP1hdnJ6HwftFzs3ul1uOd+0JHOd0W7y6P/tzwWEbdGxMsDN6fLlYl6bTLrnYecOhTxxk+/NHHg4Dr1n3h9IOsogd2Q1P+5bw0sJ/PvqHPIlaT+f/TOTPq9LPUP+aL+Ib/UP+SX+of8Uv+QX+of8kv9Q36pf8gv9Q/51Vv/QD49efp0MrW6z/2crU9dmD4/d3L0eGVmYaIyUZ+fq0zV61PpN3ZmNv97tXp9buThWHhuuFltNIcbi0tnZ+oLs82z6XOjz1bLe7BPwOb+/qfP/+zWo6/+vhARy4/cnE7R8+xstQr7m0t/yK9S1gEAmXGODxQ2Wf+e9Vac2flYgL2x3f/jH7hx3XfE+D/klfF/yC/j/5BfzvEB4/+QP8b/Ib+q843FpenxWm3NTNaRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkU2NxaXq8VqvOmzFjJncz/wsAAP//ylZHUg==")

26.378651559s ago: executing program 3 (id=2427):
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x16, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x44, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000002480)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffffff, 0x0, 0x4)

26.346765772s ago: executing program 3 (id=2429):
r0 = syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x6}}]}, 0x1, 0x50f, &(0x7f0000000680)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=")
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$ARCH_SET_GS(0x1e, r1, 0x0, 0x1001)
r2 = openat(r0, &(0x7f0000000080)='./file2\x00', 0xc6001, 0x2c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xfea7)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r5=>0x0})
sendmsg$can_bcm(r4, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r5, 0x2000000}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca0000000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@newchain={0x2c, 0x64, 0x4, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xffe0, 0xc}, {0x9, 0x5}, {0x2, 0x5}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x81}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x24040058)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)

25.519012072s ago: executing program 3 (id=2435):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000003000), r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf25020000000a000900aaaaaaaaaa44000008000300", @ANYRES32=r5, @ANYBLOB='\b\x00\v'], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084) (fail_nth: 1)

24.925838359s ago: executing program 3 (id=2445):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f190bf5274ad7ecef8d8d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac6db5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffc90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07cf66b696d83af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2", 0x3e3}, {&(0x7f00000003c0)="847839fc378469d5765bd74a8532b82037b02c9e", 0x14}], 0x3}, 0x0)
setsockopt$RDS_CONG_MONITOR(r3, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, <r5=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r5}]}]}, 0x28}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ca9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x1100, 0x0, 0x9}}}}}}}, 0x0)

24.925567779s ago: executing program 32 (id=2445):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f190bf5274ad7ecef8d8d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac6db5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffc90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07cf66b696d83af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2", 0x3e3}, {&(0x7f00000003c0)="847839fc378469d5765bd74a8532b82037b02c9e", 0x14}], 0x3}, 0x0)
setsockopt$RDS_CONG_MONITOR(r3, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, <r5=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r5}]}]}, 0x28}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ca9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x1100, 0x0, 0x9}}}}}}}, 0x0)

1.688398067s ago: executing program 1 (id=2858):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000280)='tasks\x00', 0x2, 0x0)
r2 = syz_clone(0x4000, &(0x7f0000001000), 0x0, 0x0, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000400)=r2, 0x12)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='afs_cb_break\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r2, r3, 0x0, 0x2, &(0x7f0000000100)='}\x00'}, 0x30)

1.604170705s ago: executing program 1 (id=2849):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000f80)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x40080)

1.577700397s ago: executing program 1 (id=2850):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3800000000010300000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000002b0ae6a393e669980384b169b338c7b58d3ba542cc7cfe5a3cf15032915f9210d1d11013579564a840a9feb27503ab5f003abac701074dd02f040109835671f3b87fc2f10208a572"], 0x38}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
socket$inet_sctp(0x2, 0x5, 0x84)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, 0x0, 0x40)
keyctl$read(0xb, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xfffe}, 0x18)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)="d8000000180081084e81f782db44b904021d0800fd007c06e8fe55a10a0015400600142603600e120800060000000201a80016000800014003e01100036010fab94dcf5c0461c1d67f6f9400e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409001b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed1bffec62070000cbee5de6ccd44a677575a62cef352a92954b43370e9701ee1b6ec75a526c5d5b5701cf8773", 0xd8}], 0x1}, 0x400c0)
r6 = socket(0x10, 0x803, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r7}, 0x10)
fchmod(r6, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

1.496131255s ago: executing program 5 (id=2852):
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x8, 0x1000000, 0x0, 0x0, 0x1)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fcdbdf2503000000180070c4632e392a9e4a03133d8825ee0180e1bf74756e00"/52], 0x34}, 0x1, 0x0, 0x0, 0x20009805}, 0x24000004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='workqueue_activate_work\x00'}, 0x18)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000001000000000095000000000000007fe02c64ab9dba9ec42454932b1dc681cf0000552bc5373561d82c86651a80e7983dc99632d0fd4cdd51c381f56e5c751867eaa7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x72, 0x21cfa, 0x0, 0x8000007, 0x3, 0x4, 0x1, 0x0, 0x6})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffefff, 0x5, 0xe1d9, 0xeb2, 0x4000fb})
close(r1)

1.495869986s ago: executing program 1 (id=2853):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x290, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x440, 0x2e0, 0x2e0, 0x440, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0)

1.495302505s ago: executing program 1 (id=2854):
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP_SET_OP_GET_BYNAME(r1, 0x1, 0x53, &(0x7f0000000440)={0x6, 0x7, 'syz2\x00'}, &(0x7f0000000480)=0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x5400, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0}, 0x94)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb8500000043"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f00000006c0)=@nat={'nat\x00', 0x1b, 0x5, 0x4b8, 0x260, 0x260, 0xffffffff, 0xa8, 0x320, 0x420, 0x420, 0xffffffff, 0x420, 0x420, 0x5, &(0x7f0000000300), {[{{@ip={@private=0xa010101, @private=0xa010102, 0x0, 0xffffff00, 'ip_vti0\x00', 'team_slave_1\x00', {0xff}, {0xff}, 0x33, 0x3, 0x20}, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x17, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @port=0x4e20, @gre_key=0x2}}}}, {{@ip={@loopback, @remote, 0xffffff00, 0xff000000, 'hsr0\x00', 'wg1\x00', {0xff}, {0xff}, 0x8, 0x2, 0x18}, 0x0, 0x180, 0x1b8, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x8, 0x2, 0x1}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [0xff, 0xff000000, 0xff000000, 0xffffffff], @ipv4=@private=0xa010100, [0x0, 0x0, 0xff000000, 0xff], @ipv4=@local, [0xffffffff, 0x0, 0xffffffff, 0xff000000], @ipv6=@rand_addr=' \x01\x00', [0x0, 0xffffff00, 0xff000000], 0x8, 0x400, 0x3b, 0x4e22, 0x4e20, 0x4e22, 0x4e21, 0x2, 0x120}, 0x181, 0x8}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x4, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @gre_key=0xda5, @icmp_id=0x68}}}}, {{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x1f}, 0xffffff00, 0xff000000, 'bridge_slave_0\x00', 'veth1_to_bond\x00', {}, {}, 0xc, 0x2, 0x4}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@inet=@dscp={{0x28}, {0x8, 0x1}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x1, 0x2}, {0x2, 0x4, 0x6}}}}, {{@uncond, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@socket0={{0x20}}, @common=@inet=@set1={{0x28}, {{0x4, 0x4, 0x3}}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x5, @ipv6=@loopback, @ipv4=@empty, @port=0x4e22, @gre_key=0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x518)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000080))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000200)={'syztnl1\x00', 0x0, 0x8000, 0x0, 0x3, 0x0, {{0x5, 0x4, 0x3, 0x22, 0x14, 0x65, 0x0, 0x9, 0x2f, 0x0, @private=0xa010100, @loopback}}}})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000580)=ANY=[@ANYRES64=0x0], 0x0, 0x32, 0x0, 0x0, 0x0, 0x10000, @value=r2}, 0x28)
mount_setattr(0xffffffffffffffff, 0x0, 0x900, &(0x7f0000000200)={0x76, 0x100080, 0x20000}, 0x20)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x290, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x440, 0x2e0, 0x2e0, 0x440, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0)

1.334340351s ago: executing program 2 (id=2856):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x7}, 0x18)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)

1.317547722s ago: executing program 2 (id=2857):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b)
lseek(r2, 0x0, 0x4)

1.172040737s ago: executing program 4 (id=2859):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00TW\x00\x00\x00'], 0x48)
ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0xfffffffffffffffe)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8fff15c92e99a4235c69405ea00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003509e0262dc58a2f1000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x36e084fcb6392193, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200373a4541062101a59ea940d2cb0b36b8f5020000a00000050000000000eb000000a5e5be21c44e328e68f3922af831e4e51bfb30f7788fd57e51bc464355bd646d037ccc16ddb08a7b3a697aedb66ddd793acf37119e61f502d8bbb016f701890700000068d945af468c1c9090c76906b94e0f27761c75e58c82da54d010078660684a4106855beaf5e813ed18aa4acabb5bee7f082d24a16b01fc91471eba59152e716af8776ab90ac48bcbee6570df22513808ecab7a9680aa613a56aa11bfa73af4c4e94b5cfc855f0e910186d7e68ac24f8b125140ac5f7f4819168ce1c25550c6773b41011999d8d9827757d96c5e8aa4617cc54c5e67060a92661f84e698d1fe3cee10a85882cbecb29f2a22535ac50e64d95ecbab66f54373b94475e05b79a0a61bc2ae1e", 0x12d, r4)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$SIOCGSKNS(r5, 0x894c, &(0x7f0000000200)={'wg0\x00'})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000033b385434e4380f2246e2c53000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000440)='btrfs_clear_extent_bit\x00', r7, 0x0, 0xfe}, 0x18)
getpriority(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000))
acct(0xfffffffffffffffe)

1.075147256s ago: executing program 2 (id=2860):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c40)={{r0}, &(0x7f0000000bc0), &(0x7f0000000c00)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r2}, 0x10)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r3, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

1.063741127s ago: executing program 4 (id=2861):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0x400, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10)
mount_setattr(0xffffffffffffffff, &(0x7f00000020c0)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x8900, &(0x7f00000005c0)={0x0, 0x1, 0x80000}, 0x4d)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "00001000", "4e67cb72f328ac2f"}, 0x28)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)={0x2, 0xd, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}]}, 0x60}}, 0x0)
ioctl$SIOCGSKNS(r0, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r4)
clock_getres(0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x9}, 0x18)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001cc0)={&(0x7f0000001b80)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001c80)={&(0x7f0000001bc0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_CHAIN_COUNTERS={0x34, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x10001}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x4fd}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}]}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x5, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}, 0x1, 0x0, 0x0, 0x20008040}, 0x10)
listen(r5, 0x5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
close_range(r5, 0xffffffffffffffff, 0x0)

941.418779ms ago: executing program 0 (id=2862):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c46fdc300030700000000000000020003"], 0x58)
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x169042, 0x0)
pwritev2(r5, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x6000, 0x0, 0x0)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

862.179327ms ago: executing program 2 (id=2863):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000000000070000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x5, &(0x7f0000000180)={0x0, 0x1, 0x86, 0x80000000})

804.211792ms ago: executing program 2 (id=2864):
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x20402, 0x0)
write$binfmt_aout(r0, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unlink(0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r5, 0x8, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4}, &(0x7f0000000540), &(0x7f0000000580)=r7}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r4, &(0x7f0000000780)}, 0x20)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1802, 0x4)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000b80)=ANY=[@ANYRES64=r1, @ANYRESHEX=0x0, @ANYBLOB="2c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c696f636861727365743d6d616363726f617469616e2c696f636861727365743d63703433372c757365667265652c726f6469722c7569643e74353a7bd912f41b207e4bc4478b479f5a21373fd412d72f65702b57308921a665e19ef4cc41aac5e7c09d211fd4c1fbf43833c769c6b16297c14d0d92df4f0371acd1b184d6", @ANYRESHEX=r1, @ANYRES8], 0x6, 0x2aa, &(0x7f0000000500)="$eJzs3T1re1UYAPDnpulN1CEZnETwgg5Ope3qkiItFDMpGdRBi21BmiC0UPAFYydXF0c/gSC4+SVc/AQKrqKbHQpX7s29Jq1paqSx/5ffb+nTc89zznNODy0d7sn7L45ODrM4vvjsl2i3k2j0oheXSXSjEbUv4preVwEAPM4u8zz+yCeWyUsior26sgCAFVr67//3Ky8JAFixt95+542dfn/3zSxrx97oy/NB8Z998XXyfOc4PoxhHMVmdOIqIv/bJN7L83zczArdeGU0Ph8UmaP3fqzG3/ktoszfik50y6br+fv93a1sYiZ/XNTxbDV/r8jfjk48P2f+/f7u9pz8GKTx6ssz9W9EJ376ID6KYRyWRUzzP9/Kstfzr//89N2ivCI/GZ8PWmW/qXzt5t61Vv/jAQAAAAAAAAAAAAAAAAAAAADgCbVR3Z3TivL+nqKpun9n7ar4Zj2yWvf6/TyT/KQeaOZ+oDTyfJzHN/X9OptZluVVx2l+M15oRvNhVg0AAAAAAAAAAAAAAAAAAACPlrOPPzk5GA6PTu8lqG8DqF/r/6/j9GZaXorFnVvTuRpVuGDkWKv7JBG3lZEU21Is4p625a7gmdtq/va7ZQds391nfdH+3E9Qn66Tg2T+HraibmnXh+SH2T5plMHPv981V3rbo3yp45fOfdRZeu3pc2UwXtAnkkWFvfbrZOeqluTmKtJyV+emr1fBTPqNs7HUef7n74rEbR0AAAAAAAAAAAAAAAAAALBS05d+5zy8WJjayFsrKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/lfTz/9fIhhXyf+icxqnZw+8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4CfwUAAP//UZdgPQ==")
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x204000)

646.145957ms ago: executing program 5 (id=2865):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x290, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x440, 0x2e0, 0x2e0, 0x440, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0)

640.042068ms ago: executing program 0 (id=2866):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r5=>0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6, 0x0, 0x4}, 0x18)
r7 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r7, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x300, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
bind(r0, &(0x7f00000001c0)=@nfc_llcp={0x27, r5, 0x0, 0x5, 0x6, 0x4, "e53f4758cd8343c099b6b1cf9d980968224b7dab2e8e6d72b70604a0be2f47ba6b3c2a0f0bff37d8587f642ce8c971dd84e6673763b339cdd065c6286796c8"}, 0x80)

617.23927ms ago: executing program 5 (id=2867):
r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
write$selinux_create(r0, &(0x7f0000000300)=@access={'system_u:object_r:hald_sonypic_exec_t:s0', 0x20, 'system_u:system_r:kernel_t:s0', 0x20, 0x7}, 0x5c)

546.092617ms ago: executing program 5 (id=2868):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x7}, 0x18)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="5d00000002"], 0x5c}, 0x1, 0x0, 0x0, 0x4028055}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)

544.806967ms ago: executing program 0 (id=2869):
r0 = syz_io_uring_setup(0x49b, &(0x7f0000000380)={0x0, 0xd6ee, 0x1000, 0x0, 0x27d}, &(0x7f0000000200)=<r1=>0x0, &(0x7f0000000680)=<r2=>0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r3, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1})
io_uring_enter(r0, 0x5fe2, 0x217, 0xa5, 0x0, 0x0)

544.338457ms ago: executing program 5 (id=2870):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b)
lseek(r2, 0x0, 0x4)

353.040886ms ago: executing program 0 (id=2871):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000b00), 0x2, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000009440)=<r2=>0x0)
bind$nfc_llcp(r1, &(0x7f0000009480)={0x27, r2, 0x0, 0x5, 0x1, 0x6, "be8e19b6a865e7ab561f559d74a73485c8abd6554271850320b9571ca0d8f47c1e1a12c085d196fd2eb6853571e830e500", 0x31}, 0xb)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0x4}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)

260.057415ms ago: executing program 2 (id=2872):
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1000000000)
pipe2$9p(0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x9, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0xc)
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="940000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000cc14000400fe8000000000000000000000000000aa0c0002800500010000000000080007"], 0x94}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x20000080)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kfree\x00', r1, 0x0, 0x7fff}, 0x18)
syz_usbip_server_init(0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r2 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000000)='%,\x00')
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route_sched_retired(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000580)=@newchain={0x94, 0x64, 0x200, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x9, 0xc}, {0xe, 0x8}, {0x0, 0xc}}, [@f_rsvp6={{0xa}, {0x64, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0xffff, 0xffff}}, @TCA_RSVP_DST={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @TCA_RSVP_PINFO={0x20, 0x4, {{0x3438, 0x5, 0x6}, {0x8, 0x8, 0x5}, 0x85, 0x4, 0x7}}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x10, 0xb}}, @TCA_RSVP_SRC={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x5, 0xfff1}}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x4010)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r4, 0x5607, 0x1f)
ioctl$VT_ACTIVATE(r4, 0x5606, 0x4)

259.615735ms ago: executing program 0 (id=2873):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
socket(0x21, 0x800, 0x10000)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48, 0x83, 0x0, 0x80000001}, {0x6, 0x5, 0x0, 0xfffffc}]}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$kcm(0xa, 0x1, 0x106)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)={0x114, 0x29, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac0b}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8", @typed={0x8, 0x145, 0x0, 0x0, @ipv4=@remote}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$kcm(r1, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x5, 0xfffffff9}, 0x80, 0x0}, 0x24004059)

205.12025ms ago: executing program 4 (id=2874):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c40)={{r0}, &(0x7f0000000bc0), &(0x7f0000000c00)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r2}, 0x10)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r3, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

198.465681ms ago: executing program 0 (id=2875):
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x8, 0x1000000, 0x0, 0x0, 0x1)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010027bd7000fcdbdf2503000000180070c4632e392a9e4a03133d8825ee0180e1bf74756e00"/52], 0x34}, 0x1, 0x0, 0x0, 0x20009805}, 0x24000004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='workqueue_activate_work\x00'}, 0x18)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000001000000000095000000000000007fe02c64ab9dba9ec42454932b1dc681cf0000552bc5373561d82c86651a80e7983dc99632d0fd4cdd51c381f56e5c751867eaa7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x72, 0x21cfa, 0x0, 0x8000007, 0x3, 0x4, 0x1, 0x0, 0x6})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f00000001c0)={0x800100, 0xffffefff, 0x5, 0xe1d9, 0xeb2, 0x4000fb})
close(r1)

142.313176ms ago: executing program 1 (id=2876):
prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xf7}, 0x18)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x4, &(0x7f0000000240)=ANY=[@ANYRESDEC, @ANYRES8], &(0x7f0000000100)='GPL\x00', 0x0, 0xffffff9a, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x24004045)
io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES16=r1, @ANYRES8=0x0], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000280)=ANY=[], &(0x7f00000014c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
pipe(&(0x7f00000007c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
setreuid(0xee01, 0xee01)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_int(r6, 0x1, 0x200000010, &(0x7f0000000000)=0x9, 0x4)
sendto$unix(r5, &(0x7f0000000080)="008e", 0x2, 0xd1, 0x0, 0x0)
recvfrom$unix(r6, 0x0, 0x0, 0x10102, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r7}, 0x10)
r8 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r8, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r8, 0x0, 0x0, 0x6, 0x0)
mq_timedsend(r8, 0x0, 0x0, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
splice(r3, 0x0, r4, 0x0, 0xfffd, 0x0)
socket$tipc(0x1e, 0x5, 0x0)

125.946608ms ago: executing program 4 (id=2877):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000280)='tasks\x00', 0x2, 0x0)
r2 = syz_clone(0x4000, &(0x7f0000001000), 0x0, 0x0, 0x0, 0x0)
write$cgroup_pid(r1, &(0x7f0000000400)=r2, 0x12)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='afs_cb_break\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r2, r3, 0x0, 0x2, &(0x7f0000000100)='}\x00'}, 0x30)

68.059294ms ago: executing program 5 (id=2878):
getpid()
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xc04002, 0x0, 0x1, 0x0, &(0x7f0000000000)) (async)
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0xc04002, 0x0, 0x1, 0x0, &(0x7f0000000000))
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300) (async)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
getresuid(0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000700000000000000000085000000ae00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0xfffc, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4) (async)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x304}, "4de8c701d4e03437", "30c3f77673d10d997df4cac8783ea00f", "87b7b196", "1266da2283c593f4"}, 0x28)
r3 = perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x3, 0x80802, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x7}, 0x0, 0x10003, 0x0, 0x1, 0x6586, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x2401)
ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f0000000080)={0x0, 0x1, 0x1, 0x8, 0x0, 0x9, 0x0})
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100060c10000000010000000000", 0x58}], 0x1)
umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x0) (async)
umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{0x1}, &(0x7f0000000100), &(0x7f0000000380)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0x1}, &(0x7f0000000400), &(0x7f0000000440)=r0}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0x1}, &(0x7f0000000400), &(0x7f0000000440)=r0}, 0x20)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000006c0), &(0x7f0000000700)=0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f00000002c0)=ANY=[@ANYBLOB='6', @ANYRES16=r6], 0x118) (async)
write$UHID_CREATE2(r8, &(0x7f00000002c0)=ANY=[@ANYBLOB='6', @ANYRES16=r6], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
pipe2$watch_queue(&(0x7f0000000780), 0x80) (async)
pipe2$watch_queue(&(0x7f0000000780), 0x80)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYRES16=r7, @ANYRES32=r3, @ANYBLOB="0500000000000400000000000000000000c0ec74591093db59abf6d80dcea4000000", @ANYRES32=0x0, @ANYRESOCT=r8, @ANYRES8=r8], 0x50)

50.278725ms ago: executing program 4 (id=2879):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x1c, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}, @TCA_GRED_LIMIT={0xfffffffffffffd2c, 0x5, 0x401}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x51}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33) (fail_nth: 2)

0s ago: executing program 4 (id=2880):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x34, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0)
sendmsg$SMC_PNETID_DEL(r1, 0x0, 0x4000)
r2 = syz_open_dev$MSR(0x0, 0x8000002000000, 0x0)
read$msr(r2, 0x0, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff28, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
unshare(0x2c040000)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000580)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="1800022cbf70fbfbdbdf25c25e5779050004000025dc49dd5724cf870dac9328ff05ac26dbb05ba09519b6c072bdfb0c25aa694700000000"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x20040000)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
r5 = openat(0xffffffffffffff9c, 0x0, 0x105042, 0x21)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x100000b, 0x2013, r5, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
syslog(0x2, &(0x7f00000000c0)=""/88, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000000c000000bca30000000000002403000020feffff620af8fff8ffffff71a4f8ff000000001f03000000000000e5000300000000002604fdffff02000014010000033800001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf8}, 0x94)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="660a00000000000061114c0000000000850000001500000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="0018120000000000c398a47ac20553d4218e1e6c", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000001000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r7, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

kernel console output (not intermixed with test programs):

  rtnetlink_rcv+0x1c/0x30
[  156.335251][ T9897]  netlink_unicast+0x5c0/0x690
[  156.335336][ T9897]  netlink_sendmsg+0x58b/0x6b0
[  156.335360][ T9897]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.335381][ T9897]  __sock_sendmsg+0x145/0x180
[  156.335412][ T9897]  ____sys_sendmsg+0x31e/0x4e0
[  156.335492][ T9897]  ___sys_sendmsg+0x17b/0x1d0
[  156.335565][ T9897]  __x64_sys_sendmsg+0xd4/0x160
[  156.335666][ T9897]  x64_sys_call+0x191e/0x3000
[  156.335709][ T9897]  do_syscall_64+0xd2/0x200
[  156.335726][ T9897]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  156.335754][ T9897]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  156.335789][ T9897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.335808][ T9897] RIP: 0033:0x7f194da1efc9
[  156.335854][ T9897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.335938][ T9897] RSP: 002b:00007f194c487038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.335988][ T9897] RAX: ffffffffffffffda RBX: 00007f194dc75fa0 RCX: 00007f194da1efc9
[  156.336003][ T9897] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  156.336018][ T9897] RBP: 00007f194c487090 R08: 0000000000000000 R09: 0000000000000000
[  156.336030][ T9897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.336044][ T9897] R13: 00007f194dc76038 R14: 00007f194dc75fa0 R15: 00007ffec03bf928
[  156.336068][ T9897]  </TASK>
[  156.367352][ T9903] loop1: detected capacity change from 0 to 164
[  156.401249][ T9894] loop3: detected capacity change from 0 to 512
[  156.614947][ T9894] EXT4-fs (loop3): shut down requested (0)
[  156.846143][ T9914] loop4: detected capacity change from 0 to 2048
[  156.954554][ T9931] loop3: detected capacity change from 0 to 1024
[  156.963228][ T9931] EXT4-fs: Ignoring removed i_version option
[  156.969464][ T9931] EXT4-fs: Ignoring removed nobh option
[  157.338329][ T9902] syz.1.2187 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  157.349432][ T9902] CPU: 1 UID: 0 PID: 9902 Comm: syz.1.2187 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  157.349516][ T9902] Tainted: [W]=WARN
[  157.349523][ T9902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  157.349535][ T9902] Call Trace:
[  157.349541][ T9902]  <TASK>
[  157.349628][ T9902]  __dump_stack+0x1d/0x30
[  157.349666][ T9902]  dump_stack_lvl+0xe8/0x140
[  157.349725][ T9902]  dump_stack+0x15/0x1b
[  157.349742][ T9902]  dump_header+0x81/0x220
[  157.349761][ T9902]  oom_kill_process+0x342/0x400
[  157.349793][ T9902]  out_of_memory+0x979/0xb80
[  157.349835][ T9902]  try_charge_memcg+0x610/0xa10
[  157.349879][ T9902]  charge_memcg+0x51/0xc0
[  157.349902][ T9902]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  157.349929][ T9902]  __read_swap_cache_async+0x17b/0x2d0
[  157.350007][ T9902]  swap_cluster_readahead+0x362/0x3c0
[  157.350054][ T9902]  swapin_readahead+0xde/0x6f0
[  157.350092][ T9902]  ? mod_memcg_lruvec_state+0x1fc/0x2c0
[  157.350126][ T9902]  ? __rcu_read_unlock+0x34/0x70
[  157.350152][ T9902]  ? __rcu_read_unlock+0x4f/0x70
[  157.350178][ T9902]  ? swap_cache_get_folio+0x277/0x280
[  157.350246][ T9902]  do_swap_page+0x2ae/0x2370
[  157.350272][ T9902]  ? css_rstat_updated+0xb7/0x240
[  157.350292][ T9902]  ? __pfx_default_wake_function+0x10/0x10
[  157.350398][ T9902]  handle_mm_fault+0x9a5/0x2be0
[  157.350424][ T9902]  ? vma_start_read+0x141/0x1f0
[  157.350461][ T9902]  do_user_addr_fault+0x630/0x1080
[  157.350488][ T9902]  exc_page_fault+0x62/0xa0
[  157.350592][ T9902]  asm_exc_page_fault+0x26/0x30
[  157.350612][ T9902] RIP: 0033:0x7fb09742ef10
[  157.350628][ T9902] Code: ce ff ff ff 3f 48 3b 34 c1 0f 84 3b 01 00 00 48 83 c0 01 48 83 f8 04 75 ec 31 f6 80 7c 24 1e 00 0f 85 8e 01 00 00 41 83 c7 01 <45> 3b 78 04 0f 82 6c ff ff ff 80 7b 4e 00 0f 84 17 03 00 00 48 83
[  157.350646][ T9902] RSP: 002b:00007ffd9d873030 EFLAGS: 00010206
[  157.350734][ T9902] RAX: 0000000000000001 RBX: 00007fb0982d5720 RCX: ffffffff815e2455
[  157.350747][ T9902] RDX: 0000000000000456 RSI: ffffffff815e2455 RDI: 0000000000000004
[  157.350759][ T9902] RBP: ffffffff815e2455 R08: 00007fb0977a6038 R09: 00007fb097792000
[  157.350771][ T9902] R10: 00007fb096fb7008 R11: 0000000000000004 R12: 0000000000000004
[  157.350783][ T9902] R13: 0000000000000000 R14: ffffffff815e22bf R15: 000000000006760f
[  157.350796][ T9902]  ? bpf_probe_read_compat_str+0x4f/0x130
[  157.350866][ T9902]  ? bpf_probe_write_user+0xa5/0xc0
[  157.350890][ T9902]  ? bpf_probe_write_user+0xa5/0xc0
[  157.350912][ T9902]  ? bpf_probe_write_user+0xa5/0xc0
[  157.351001][ T9902]  </TASK>
[  157.351009][ T9902] memory: usage 307200kB, limit 307200kB, failcnt 1287
[  157.602353][ T9902] memory+swap: usage 307592kB, limit 9007199254740988kB, failcnt 0
[  157.610295][ T9902] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  157.617593][ T9902] Memory cgroup stats for /syz1:
[  157.617728][ T9902] cache 0
[  157.625649][ T9902] rss 0
[  157.628435][ T9902] shmem 0
[  157.631397][ T9902] mapped_file 0
[  157.634863][ T9902] dirty 0
[  157.637827][ T9902] writeback 0
[  157.641114][ T9902] workingset_refault_anon 352
[  157.645794][ T9902] workingset_refault_file 1939
[  157.650576][ T9902] swap 401408
[  157.653856][ T9902] swapcached 0
[  157.657236][ T9902] pgpgin 116058
[  157.660684][ T9902] pgpgout 116058
[  157.664307][ T9902] pgfault 143405
[  157.667856][ T9902] pgmajfault 276
[  157.671396][ T9902] inactive_anon 0
[  157.675085][ T9902] active_anon 0
[  157.678558][ T9902] inactive_file 0
[  157.682235][ T9902] active_file 0
[  157.685715][ T9902] unevictable 0
[  157.689413][ T9902] hierarchical_memory_limit 314572800
[  157.694792][ T9902] hierarchical_memsw_limit 9223372036854771712
[  157.701012][ T9902] total_cache 0
[  157.704553][ T9902] total_rss 0
[  157.707845][ T9902] total_shmem 0
[  157.711334][ T9902] total_mapped_file 0
[  157.715309][ T9902] total_dirty 0
[  157.718778][ T9902] total_writeback 0
[  157.722585][ T9902] total_workingset_refault_anon 352
[  157.727880][ T9902] total_workingset_refault_file 1939
[  157.733162][ T9902] total_swap 401408
[  157.736984][ T9902] total_swapcached 0
[  157.740869][ T9902] total_pgpgin 116058
[  157.744904][ T9902] total_pgpgout 116058
[  157.748992][ T9902] total_pgfault 143405
[  157.753057][ T9902] total_pgmajfault 276
[  157.757152][ T9902] total_inactive_anon 0
[  157.761346][ T9902] total_active_anon 0
[  157.765316][ T9902] total_inactive_file 0
[  157.769513][ T9902] total_active_file 0
[  157.773492][ T9902] total_unevictable 0
[  157.777529][ T9902] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2187,pid=9902,uid=0
[  157.792210][ T9902] Memory cgroup out of memory: Killed process 9902 (syz.1.2187) total-vm:94088kB, anon-rss:1136kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  157.899224][ T9965] loop4: detected capacity change from 0 to 1024
[  157.906797][ T9965] EXT4-fs: Ignoring removed i_version option
[  157.911203][ T9956] vhci_hcd: default hub control req: 400c v5000 i0007 l0
[  157.913089][ T9965] EXT4-fs: Ignoring removed nobh option
[  157.961722][ T9968] IPVS: set_ctl: invalid protocol: 65533 0.0.0.0:0
[  158.024415][ T9974] loop2: detected capacity change from 0 to 512
[  158.031368][ T9974] EXT4-fs: Ignoring removed bh option
[  158.072166][ T9985] netlink: 'syz.4.2212': attribute type 4 has an invalid length.
[  158.552442][ T8228] IPVS: starting estimator thread 0...
[  158.657127][T10002] IPVS: using max 2400 ests per chain, 120000 per kthread
[  158.978158][T10021] sd 0:0:1:0: device reset
[  159.050501][T10023] loop1: detected capacity change from 0 to 512
[  159.067336][T10025] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  159.073904][T10025] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  159.081445][T10025] vhci_hcd vhci_hcd.0: Device attached
[  159.113183][T10033] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  159.140289][T10019] xt_CT: You must specify a L4 protocol and not use inversions on it
[  159.273569][T10052] sd 0:0:1:0: device reset
[  159.326800][   T10] usb 9-1: new low-speed USB device number 4 using vhci_hcd
[  159.544019][T10082] FAULT_INJECTION: forcing a failure.
[  159.544019][T10082] name failslab, interval 1, probability 0, space 0, times 0
[  159.556875][T10082] CPU: 0 UID: 0 PID: 10082 Comm: syz.1.2244 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  159.556990][T10082] Tainted: [W]=WARN
[  159.556999][T10082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  159.557033][T10082] Call Trace:
[  159.557082][T10082]  <TASK>
[  159.557090][T10082]  __dump_stack+0x1d/0x30
[  159.557116][T10082]  dump_stack_lvl+0xe8/0x140
[  159.557141][T10082]  dump_stack+0x15/0x1b
[  159.557241][T10082]  should_fail_ex+0x265/0x280
[  159.557288][T10082]  ? pty_unix98_install+0x6a/0x390
[  159.557327][T10082]  should_failslab+0x8c/0xb0
[  159.557362][T10082]  __kmalloc_cache_noprof+0x4c/0x4a0
[  159.557407][T10082]  pty_unix98_install+0x6a/0x390
[  159.557442][T10082]  tty_init_dev+0x7c/0x330
[  159.557466][T10082]  ptmx_open+0xda/0x240
[  159.557562][T10082]  chrdev_open+0x2eb/0x3a0
[  159.557598][T10082]  do_dentry_open+0x649/0xa20
[  159.557623][T10082]  ? __pfx_chrdev_open+0x10/0x10
[  159.557680][T10082]  vfs_open+0x37/0x1e0
[  159.557752][T10082]  path_openat+0x1c5e/0x2170
[  159.557784][T10082]  do_filp_open+0x109/0x230
[  159.557824][T10082]  do_sys_openat2+0xa6/0x110
[  159.557853][T10082]  __x64_sys_openat+0xf2/0x120
[  159.557894][T10082]  x64_sys_call+0x2eab/0x3000
[  159.557974][T10082]  do_syscall_64+0xd2/0x200
[  159.557997][T10082]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  159.558032][T10082]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  159.558097][T10082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.558197][T10082] RIP: 0033:0x7fb09754efc9
[  159.558212][T10082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.558248][T10082] RSP: 002b:00007fb095faf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  159.558327][T10082] RAX: ffffffffffffffda RBX: 00007fb0977a5fa0 RCX: 00007fb09754efc9
[  159.558339][T10082] RDX: 0000000000000041 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  159.558362][T10082] RBP: 00007fb095faf090 R08: 0000000000000000 R09: 0000000000000000
[  159.558374][T10082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.558385][T10082] R13: 00007fb0977a6038 R14: 00007fb0977a5fa0 R15: 00007ffd9d872fa8
[  159.558410][T10082]  </TASK>
[  159.816462][   T29] kauditd_printk_skb: 1071 callbacks suppressed
[  159.816481][   T29] audit: type=1326 audit(159.799:13943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.867072][T10026] vhci_hcd: connection reset by peer
[  159.867636][T10086] loop1: detected capacity change from 0 to 8192
[  159.878984][   T29] audit: type=1326 audit(159.799:13944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.902421][   T29] audit: type=1326 audit(159.799:13945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.925923][   T29] audit: type=1326 audit(159.809:13946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.926790][   T52] vhci_hcd: stop threads
[  159.948911][   T29] audit: type=1326 audit(159.809:13947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.953174][   T52] vhci_hcd: release socket
[  159.953189][   T52] vhci_hcd: disconnect device
[  159.976142][   T29] audit: type=1326 audit(159.809:13948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.976237][   T29] audit: type=1326 audit(159.809:13949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.976269][   T29] audit: type=1326 audit(159.809:13950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10087 comm="syz.0.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  159.976303][   T29] audit: type=1326 audit(159.849:13951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10089 comm="syz.0.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  160.077292][   T29] audit: type=1326 audit(159.849:13952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10089 comm="syz.0.2249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fedcdf4efc9 code=0x7ffc0000
[  160.138933][T10097] netlink: 'syz.2.2252': attribute type 7 has an invalid length.
[  160.190735][T10104] loop3: detected capacity change from 0 to 512
[  160.243255][T10102] SELinux: failed to load policy
[  160.249756][T10102] loop2: detected capacity change from 0 to 128
[  160.337042][T10115] sd 0:0:1:0: device reset
[  160.347988][T10102] bio_check_eod: 30762 callbacks suppressed
[  160.348003][T10102] syz.2.2254: attempt to access beyond end of device
[  160.348003][T10102] loop2: rw=2049, sector=145, nr_sectors = 8 limit=128
[  160.367609][T10102] syz.2.2254: attempt to access beyond end of device
[  160.367609][T10102] loop2: rw=2049, sector=161, nr_sectors = 8 limit=128
[  160.382764][T10102] syz.2.2254: attempt to access beyond end of device
[  160.382764][T10102] loop2: rw=2049, sector=177, nr_sectors = 8 limit=128
[  160.397529][T10102] syz.2.2254: attempt to access beyond end of device
[  160.397529][T10102] loop2: rw=2049, sector=193, nr_sectors = 8 limit=128
[  160.412638][T10102] syz.2.2254: attempt to access beyond end of device
[  160.412638][T10102] loop2: rw=2049, sector=209, nr_sectors = 8 limit=128
[  160.427443][T10102] syz.2.2254: attempt to access beyond end of device
[  160.427443][T10102] loop2: rw=2049, sector=225, nr_sectors = 8 limit=128
[  160.446125][T10121] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2259'.
[  160.455132][T10121] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2259'.
[  160.464170][T10121] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2259'.
[  160.476896][T10102] syz.2.2254: attempt to access beyond end of device
[  160.476896][T10102] loop2: rw=2049, sector=241, nr_sectors = 8 limit=128
[  160.500884][T10102] syz.2.2254: attempt to access beyond end of device
[  160.500884][T10102] loop2: rw=2049, sector=257, nr_sectors = 8 limit=128
[  160.514705][T10102] syz.2.2254: attempt to access beyond end of device
[  160.514705][T10102] loop2: rw=2049, sector=273, nr_sectors = 8 limit=128
[  160.530551][T10102] syz.2.2254: attempt to access beyond end of device
[  160.530551][T10102] loop2: rw=2049, sector=289, nr_sectors = 8 limit=128
[  160.666771][T10140] loop4: detected capacity change from 0 to 512
[  161.195085][T10148] random: crng reseeded on system resumption
[  161.199296][T10148] Restarting kernel threads ...
[  161.207398][T10148] Done restarting kernel threads.
[  161.402941][T10161] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  161.402964][T10161] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  161.403000][T10161] vhci_hcd vhci_hcd.0: Device attached
[  161.488774][T10172] loop1: detected capacity change from 0 to 128
[  161.493401][T10172] EXT4-fs warning (device loop1): verify_group_input:137: Cannot add at group 49 (only 1 groups)
[  161.496461][T10172] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2277'.
[  161.496488][T10172] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2277'.
[  161.496506][T10172] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2277'.
[  161.771833][T10180] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  161.781844][T10180] tipc: Disabling bearer <eth:syzkaller0>
[  161.834312][ T3321] EXT4-fs unmount: 66 callbacks suppressed
[  161.834352][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  161.998613][T10192] loop4: detected capacity change from 0 to 2048
[  162.058131][T10192] Alternate GPT is invalid, using primary GPT.
[  162.064436][T10192]  loop4: p1 p2 p3
[  162.068205][T10192] loop4: partition table partially beyond EOD, truncated
[  162.213017][T10167] vhci_hcd: connection closed
[  162.213274][   T52] vhci_hcd: stop threads
[  162.222293][   T52] vhci_hcd: release socket
[  162.226760][   T52] vhci_hcd: disconnect device
[  162.252768][T10203] loop1: detected capacity change from 0 to 1024
[  162.260381][T10203] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  162.271445][T10203] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  162.281970][T10203] JBD2: no valid journal superblock found
[  162.287757][T10203] EXT4-fs (loop1): Could not load journal inode
[  162.339312][ T2968] IPVS: starting estimator thread 0...
[  162.426843][T10206] IPVS: using max 2496 ests per chain, 124800 per kthread
[  162.683409][T10217] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10217 comm=syz.0.2296
[  162.919012][T10231] loop4: detected capacity change from 0 to 512
[  162.925863][T10231] EXT4-fs: Ignoring removed bh option
[  162.958913][T10231] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.990279][T10238] loop2: detected capacity change from 0 to 512
[  162.997275][T10238] EXT4-fs: Ignoring removed bh option
[  163.010728][T10238] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.358902][T10264] loop1: detected capacity change from 0 to 2048
[  163.398139][T10264] Alternate GPT is invalid, using primary GPT.
[  163.404503][T10264]  loop1: p1 p2 p3
[  163.408275][T10264] loop1: partition table partially beyond EOD, truncated
[  163.880240][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.928697][T10272] loop2: detected capacity change from 0 to 2048
[  163.948583][T10272] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.962647][T10272] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2311: bg 0: block 234: padding at end of block bitmap is not set
[  163.978267][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.035945][T10279] SELinux: security_context_str_to_sid (½¹OKöþ•nsîY%-czТ°[ÍÅà) failed with errno=-22
[  164.282849][T10299] netlink: 'syz.1.2321': attribute type 12 has an invalid length.
[  164.406819][   T10] usb 9-1: enqueue for inactive port 0
[  164.418169][   T10] usb 9-1: enqueue for inactive port 0
[  164.496776][   T10] vhci_hcd: vhci_device speed not set
[  164.726084][T10321] netem: change failed
[  164.824156][   T29] kauditd_printk_skb: 701 callbacks suppressed
[  164.824172][   T29] audit: type=1326 audit(164.809:14654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  164.873745][   T29] audit: type=1326 audit(164.859:14655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  164.898452][   T29] audit: type=1326 audit(164.889:14656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  164.924170][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.934478][   T29] audit: type=1326 audit(164.909:14657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  165.123915][T10327] loop3: detected capacity change from 0 to 512
[  165.131638][T10327] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  165.144023][   T29] audit: type=1326 audit(165.129:14658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  165.194519][T10327] EXT4-fs (loop3): 1 truncate cleaned up
[  165.201147][T10327] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.317348][T10331] SELinux:  policydb magic number 0x4c5047 does not match expected magic number 0xf97cff8c
[  165.317618][   T29] audit: type=1326 audit(165.179:14659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  165.336804][T10331] SELinux: failed to load policy
[  165.350363][   T29] audit: type=1326 audit(165.199:14660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  165.378682][   T29] audit: type=1326 audit(165.219:14661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  165.401649][   T29] audit: type=1326 audit(165.239:14662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  165.415245][T10333] loop1: detected capacity change from 0 to 2048
[  165.424586][   T29] audit: type=1326 audit(165.259:14663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10308 comm="syz.1.2326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  165.459722][T10333] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.503165][T10339] loop4: detected capacity change from 0 to 2048
[  165.510352][T10341] geneve2: entered promiscuous mode
[  165.515767][T10341] geneve2: entered allmulticast mode
[  165.541970][T10339] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.666123][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.928121][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.964252][T10364] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2342'.
[  165.979524][T10339] EXT4-fs error (device loop4): ext4_find_extent:939: inode #2: comm syz.4.2334: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  165.997032][T10339] EXT4-fs (loop4): Remounting filesystem read-only
[  166.004690][T10366] loop2: detected capacity change from 0 to 1024
[  166.013485][T10366] EXT4-fs: Ignoring removed i_version option
[  166.019728][T10366] EXT4-fs: Ignoring removed nobh option
[  166.023388][T10359] loop3: detected capacity change from 0 to 8192
[  166.043972][T10366] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.056937][T10359] vfat: Unknown parameter 'À'
[  166.200418][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.314499][T10379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2346'.
[  166.323873][T10379] netlink: 'syz.1.2346': attribute type 1 has an invalid length.
[  166.331750][T10379] netlink: 'syz.1.2346': attribute type 2 has an invalid length.
[  166.379190][T10376] netlink: 8 bytes leftover after parsing attributes in process `,&#^%'.
[  166.417016][T10381] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  166.423589][T10381] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  166.431218][T10381] vhci_hcd vhci_hcd.0: Device attached
[  166.478587][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.537542][T10386] loop1: detected capacity change from 0 to 2048
[  166.607918][T10386] Alternate GPT is invalid, using primary GPT.
[  166.614311][T10386]  loop1: p1 p2 p3
[  166.618083][T10386] loop1: partition table partially beyond EOD, truncated
[  166.686790][ T8228] usb 5-1: new low-speed USB device number 2 using vhci_hcd
[  166.830885][T10403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2355'.
[  166.857057][T10403] hsr_slave_0: left promiscuous mode
[  166.863339][T10403] hsr_slave_1: left promiscuous mode
[  166.883544][T10406] SELinux:  Context system_u:object_r:ping_exec_t:s0 is not valid (left unmapped).
[  166.900783][T10405] loop4: detected capacity change from 0 to 1024
[  166.908297][T10405] EXT4-fs: Ignoring removed i_version option
[  166.914516][T10405] EXT4-fs: Ignoring removed nobh option
[  166.958903][T10405] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.038648][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.064108][T10411] netlink: 'syz.0.2367': attribute type 30 has an invalid length.
[  167.147183][T10418] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2359'.
[  167.197078][T10382] vhci_hcd: connection reset by peer
[  167.202695][   T52] vhci_hcd: stop threads
[  167.207024][   T52] vhci_hcd: release socket
[  167.211478][   T52] vhci_hcd: disconnect device
[  167.433374][T10437] loop3: detected capacity change from 0 to 1024
[  167.457567][T10437] EXT4-fs: Ignoring removed i_version option
[  167.463909][T10437] EXT4-fs: Ignoring removed nobh option
[  167.482086][T10437] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.571919][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.749606][T10466] loop1: detected capacity change from 0 to 512
[  167.764524][T10466] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.794484][T10469] loop2: detected capacity change from 0 to 2048
[  167.860533][T10469] Alternate GPT is invalid, using primary GPT.
[  167.867078][T10469]  loop2: p1 p2 p3
[  167.870878][T10469] loop2: partition table partially beyond EOD, truncated
[  167.942490][T10454] chnl_net:caif_netlink_parms(): no params data found
[  167.988529][T10489] loop3: detected capacity change from 0 to 764
[  168.014246][T10489] Symlink component flag not implemented
[  168.020067][T10489] Symlink component flag not implemented
[  168.036508][T10489] Symlink component flag not implemented (129)
[  168.042807][T10489] Symlink component flag not implemented (6)
[  168.084204][T10489] rock: directory entry would overflow storage
[  168.090551][T10489] rock: sig=0x4f50, size=4, remaining=3
[  168.096163][T10489] iso9660: Corrupted directory entry in block 6 of inode 1792
[  168.108427][T10454] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.115535][T10454] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.123353][T10454] bridge_slave_0: entered allmulticast mode
[  168.129866][T10454] bridge_slave_0: entered promiscuous mode
[  168.136958][T10454] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.144035][T10454] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.151870][T10454] bridge_slave_1: entered allmulticast mode
[  168.159060][T10454] bridge_slave_1: entered promiscuous mode
[  168.170008][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.200984][T10454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.219640][T10454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.248842][T10454] team0: Port device team_slave_0 added
[  168.255175][T10501] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  168.255808][T10454] team0: Port device team_slave_1 added
[  168.261718][T10501] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  168.261864][T10501] vhci_hcd vhci_hcd.0: Device attached
[  168.287570][T10454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.294540][T10454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  168.294610][T10454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  168.303143][T10454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.338603][T10454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  168.364658][T10454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  168.376643][T10502] vhci_hcd: connection closed
[  168.376930][ T1703] vhci_hcd: stop threads
[  168.386342][ T1703] vhci_hcd: release socket
[  168.390795][ T1703] vhci_hcd: disconnect device
[  168.408968][T10454] hsr_slave_0: entered promiscuous mode
[  168.415085][T10454] hsr_slave_1: entered promiscuous mode
[  168.513686][T10515] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2392'.
[  169.067859][T10531] loop2: detected capacity change from 0 to 512
[  169.075360][T10531] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  169.180078][T10531] EXT4-fs (loop2): 1 truncate cleaned up
[  169.186850][T10531] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.295284][T10454] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  169.319786][T10454] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  169.353169][T10454] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  169.362470][T10454] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  169.471251][T10541] loop4: detected capacity change from 0 to 1024
[  169.486118][T10541] EXT4-fs: Ignoring removed i_version option
[  169.498952][T10541] EXT4-fs: Ignoring removed nobh option
[  169.518984][T10541] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.598836][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.752205][T10454] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.766290][T10454] 8021q: adding VLAN 0 to HW filter on device team0
[  169.792304][T10557] loop2: detected capacity change from 0 to 2048
[  169.800110][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.810878][  T264] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.817960][  T264] bridge0: port 1(bridge_slave_0) entered forwarding state
[  169.827751][  T264] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.834837][  T264] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.854958][T10557] Alternate GPT is invalid, using primary GPT.
[  169.861518][T10557]  loop2: p1 p2 p3
[  169.865297][T10557] loop2: partition table partially beyond EOD, truncated
[  169.874103][T10454] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  169.894026][   T29] kauditd_printk_skb: 530 callbacks suppressed
[  169.894105][   T29] audit: type=1326 audit(169.879:15194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f194da1d6ba code=0x7ffc0000
[  169.923402][   T29] audit: type=1326 audit(169.879:15195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f194da1d6ba code=0x7ffc0000
[  169.946514][   T29] audit: type=1326 audit(169.879:15196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f194da1d6ba code=0x7ffc0000
[  169.969826][   T29] audit: type=1326 audit(169.879:15197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f194da1d6ba code=0x7ffc0000
[  169.992866][   T29] audit: type=1326 audit(169.879:15198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f194da1d6ba code=0x7ffc0000
[  170.016269][   T29] audit: type=1326 audit(169.879:15199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f194da1d6ba code=0x7ffc0000
[  170.039366][   T29] audit: type=1326 audit(169.879:15200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f194da1d6ba code=0x7ffc0000
[  170.062725][   T29] audit: type=1326 audit(169.879:15201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f194da1dc2a code=0x7ffc0000
[  170.085744][   T29] audit: type=1326 audit(169.879:15202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f194da1efc9 code=0x7ffc0000
[  170.086663][T10567] FAULT_INJECTION: forcing a failure.
[  170.086663][T10567] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.108813][   T29] audit: type=1326 audit(169.879:15203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10556 comm="syz.2.2404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f194da1efc9 code=0x7ffc0000
[  170.121851][T10567] CPU: 1 UID: 0 PID: 10567 Comm: syz.4.2408 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  170.121972][T10567] Tainted: [W]=WARN
[  170.121982][T10567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  170.121998][T10567] Call Trace:
[  170.122009][T10567]  <TASK>
[  170.122020][T10567]  __dump_stack+0x1d/0x30
[  170.122052][T10567]  dump_stack_lvl+0xe8/0x140
[  170.122080][T10567]  dump_stack+0x15/0x1b
[  170.122157][T10567]  should_fail_ex+0x265/0x280
[  170.122204][T10567]  should_fail+0xb/0x20
[  170.122226][T10567]  should_fail_usercopy+0x1a/0x20
[  170.122328][T10567]  _copy_from_user+0x1c/0xb0
[  170.122363][T10567]  ___sys_sendmsg+0xc1/0x1d0
[  170.122431][T10567]  __x64_sys_sendmsg+0xd4/0x160
[  170.122575][T10567]  x64_sys_call+0x191e/0x3000
[  170.122607][T10567]  do_syscall_64+0xd2/0x200
[  170.122631][T10567]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  170.122748][T10567]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  170.122790][T10567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.122821][T10567] RIP: 0033:0x7fd48b6cefc9
[  170.122841][T10567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.122867][T10567] RSP: 002b:00007fd48a116038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.122946][T10567] RAX: ffffffffffffffda RBX: 00007fd48b926090 RCX: 00007fd48b6cefc9
[  170.122964][T10567] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  170.122981][T10567] RBP: 00007fd48a116090 R08: 0000000000000000 R09: 0000000000000000
[  170.122998][T10567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.123076][T10567] R13: 00007fd48b926128 R14: 00007fd48b926090 R15: 00007ffd62bc8d08
[  170.123103][T10567]  </TASK>
[  170.353026][T10572] loop1: detected capacity change from 0 to 512
[  170.374496][T10454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  170.458329][T10572] loop1: detected capacity change from 0 to 8192
[  170.540530][T10572]  loop1: p1 < > p2 < p5 p6 > p3 p4
[  170.545781][T10572] loop1: partition table partially beyond EOD, truncated
[  170.554414][T10572] loop1: p1 start 67108864 is beyond EOD, truncated
[  170.563182][T10572] loop1: p3 start 100859904 is beyond EOD, truncated
[  170.569977][T10572] loop1: p4 size 393216 extends beyond EOD, truncated
[  170.587305][T10572] loop1: p5 start 100859904 is beyond EOD, truncated
[  170.594138][T10572] loop1: p6 size 393216 extends beyond EOD, truncated
[  170.641705][T10454] veth0_vlan: entered promiscuous mode
[  170.843711][T10591] loop4: detected capacity change from 0 to 512
[  170.968343][T10591] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  170.984864][T10454] veth1_vlan: entered promiscuous mode
[  171.047366][T10591] EXT4-fs (loop4): 1 truncate cleaned up
[  171.053971][T10591] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.159867][T10454] veth0_macvtap: entered promiscuous mode
[  171.171400][T10454] veth1_macvtap: entered promiscuous mode
[  171.209208][T10454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  171.228746][T10454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  171.249739][   T31] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  171.303128][   T31] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  171.315680][   T31] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  171.324462][   T31] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  171.335816][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.386163][T10605] loop1: detected capacity change from 0 to 1024
[  171.396368][T10602] loop2: detected capacity change from 0 to 512
[  171.408539][T10602] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  171.439733][T10605] EXT4-fs: Ignoring removed i_version option
[  171.456123][T10605] EXT4-fs: Ignoring removed nobh option
[  171.463230][T10618] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2421'.
[  171.487092][T10618] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2421'.
[  171.487590][T10615] loop3: detected capacity change from 0 to 512
[  171.506617][T10615] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  171.517748][T10602] EXT4-fs (loop2): 1 truncate cleaned up
[  171.534161][T10602] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.551047][T10605] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.593459][T10615] EXT4-fs (loop3): 1 orphan inode deleted
[  171.610694][   T31] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:1: Failed to release dquot type 1
[  171.612220][T10615] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.663414][T10632] netlink: 'syz.2.2419': attribute type 13 has an invalid length.
[  171.684893][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.731728][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.746666][T10645] loop3: detected capacity change from 0 to 512
[  171.767348][ T8228] usb 5-1: enqueue for inactive port 0
[  171.774001][ T8228] usb 5-1: enqueue for inactive port 0
[  171.837912][T10656] loop3: detected capacity change from 0 to 512
[  171.865562][T10658] loop0: detected capacity change from 0 to 512
[  171.876434][T10656] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.877116][ T8228] vhci_hcd: vhci_device speed not set
[  171.927844][T10658] EXT4-fs warning (device loop0): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop0.
[  171.950774][T10670] FAULT_INJECTION: forcing a failure.
[  171.950774][T10670] name failslab, interval 1, probability 0, space 0, times 0
[  171.963693][T10670] CPU: 0 UID: 0 PID: 10670 Comm: syz.4.2432 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  171.963754][T10670] Tainted: [W]=WARN
[  171.963763][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  171.963778][T10670] Call Trace:
[  171.963785][T10670]  <TASK>
[  171.963834][T10670]  __dump_stack+0x1d/0x30
[  171.963858][T10670]  dump_stack_lvl+0xe8/0x140
[  171.963878][T10670]  dump_stack+0x15/0x1b
[  171.963895][T10670]  should_fail_ex+0x265/0x280
[  171.964007][T10670]  ? legacy_init_fs_context+0x31/0x80
[  171.964045][T10670]  should_failslab+0x8c/0xb0
[  171.964081][T10670]  __kmalloc_cache_noprof+0x4c/0x4a0
[  171.964126][T10670]  legacy_init_fs_context+0x31/0x80
[  171.964151][T10670]  alloc_fs_context+0x3ef/0x4e0
[  171.964178][T10670]  fs_context_for_mount+0x22/0x30
[  171.964208][T10670]  do_new_mount+0xea/0x660
[  171.964281][T10670]  ? security_capable+0x83/0x90
[  171.964330][T10670]  path_mount+0x4a5/0xb70
[  171.964360][T10670]  ? user_path_at+0x109/0x130
[  171.964458][T10670]  __se_sys_mount+0x28c/0x2e0
[  171.964488][T10670]  ? fput+0x8f/0xc0
[  171.964510][T10670]  __x64_sys_mount+0x67/0x80
[  171.964581][T10670]  x64_sys_call+0x2b51/0x3000
[  171.964602][T10670]  do_syscall_64+0xd2/0x200
[  171.964620][T10670]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  171.964679][T10670]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  171.964732][T10670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.964806][T10670] RIP: 0033:0x7fd48b6cefc9
[  171.964823][T10670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.964844][T10670] RSP: 002b:00007fd48a137038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  171.964861][T10670] RAX: ffffffffffffffda RBX: 00007fd48b925fa0 RCX: 00007fd48b6cefc9
[  171.964939][T10670] RDX: 0000200000002540 RSI: 0000200000002500 RDI: 0000000000000000
[  171.964951][T10670] RBP: 00007fd48a137090 R08: 0000200000000200 R09: 0000000000000000
[  171.964963][T10670] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  171.964974][T10670] R13: 00007fd48b926038 R14: 00007fd48b925fa0 R15: 00007ffd62bc8d08
[  171.965075][T10670]  </TASK>
[  172.453665][T10672] loop1: detected capacity change from 0 to 512
[  172.462394][T10672] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  172.501303][T10672] EXT4-fs (loop1): 1 truncate cleaned up
[  172.508050][T10672] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.611280][ T3322] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[  172.627833][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.682553][ T3322] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[  172.752234][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.856812][T10694] loop2: detected capacity change from 0 to 512
[  172.874300][T10694] EXT4-fs: Ignoring removed bh option
[  172.916108][ T4790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.936531][T10694] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.024204][T10699] loop4: detected capacity change from 0 to 1024
[  173.031534][T10699] EXT4-fs: Ignoring removed i_version option
[  173.057219][T10699] EXT4-fs: Ignoring removed nobh option
[  173.066984][T10700] loop1: detected capacity change from 0 to 512
[  173.073663][T10700] EXT4-fs: Ignoring removed bh option
[  173.079977][ T4790] bond0: (slave syz_tun): Releasing backup interface
[  173.082367][T10699] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.100796][T10700] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.132545][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.237504][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.753297][T10735] loop4: detected capacity change from 0 to 512
[  173.760629][T10735] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  173.780938][T10735] EXT4-fs (loop4): 1 truncate cleaned up
[  173.787428][T10735] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.919664][T10733] loop1: detected capacity change from 0 to 8192
[  173.963997][T10715] chnl_net:caif_netlink_parms(): no params data found
[  174.079552][T10715] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.086647][T10715] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.130331][T10715] bridge_slave_0: entered allmulticast mode
[  174.137650][T10715] bridge_slave_0: entered promiscuous mode
[  174.144928][T10715] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.152086][T10715] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.160049][T10715] bridge_slave_1: entered allmulticast mode
[  174.167645][T10715] bridge_slave_1: entered promiscuous mode
[  174.171903][T10754] loop0: detected capacity change from 0 to 1024
[  174.181226][T10754] EXT4-fs: Ignoring removed i_version option
[  174.187629][T10754] EXT4-fs: Ignoring removed nobh option
[  174.196122][T10715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.213313][T10715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.236150][T10715] team0: Port device team_slave_0 added
[  174.269271][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.286188][T10754] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.286851][T10715] team0: Port device team_slave_1 added
[  174.338576][T10762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2457'.
[  174.359739][T10454] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.384362][T10715] batman_adv: batadv0: Adding interface: batadv_slave_0
[  174.391491][T10715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  174.417428][T10715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  174.429810][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.430757][T10715] batman_adv: batadv0: Adding interface: batadv_slave_1
[  174.445904][T10715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  174.471868][T10715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  174.517845][T10715] hsr_slave_0: entered promiscuous mode
[  174.530865][T10715] hsr_slave_1: entered promiscuous mode
[  174.540510][T10715] debugfs: 'hsr0' already exists in 'hsr'
[  174.546270][T10715] Cannot create hsr debugfs directory
[  174.554474][T10772] loop0: detected capacity change from 0 to 2048
[  174.608359][T10772] Alternate GPT is invalid, using primary GPT.
[  174.614719][T10772]  loop0: p1 p2 p3
[  174.614729][T10772] loop0: partition table partially beyond EOD, truncated
[  174.656952][T10715] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  174.666045][T10715] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  174.675466][T10715] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  174.684622][T10715] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  174.701486][T10715] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.708581][T10715] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.709261][T10793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2467'.
[  174.715891][T10715] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.731826][T10715] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.735176][T10793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2467'.
[  174.768204][T10715] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.781988][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.790164][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.802201][T10715] 8021q: adding VLAN 0 to HW filter on device team0
[  174.813709][ T1703] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.820895][ T1703] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.832939][ T1703] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.840064][ T1703] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.915563][T10715] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.029989][T10715] veth0_vlan: entered promiscuous mode
[  175.038555][T10715] veth1_vlan: entered promiscuous mode
[  175.057915][T10715] veth0_macvtap: entered promiscuous mode
[  175.065560][T10715] veth1_macvtap: entered promiscuous mode
[  175.078051][T10715] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.091056][T10715] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.103449][  T264] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.112525][  T264] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.121975][  T264] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.131376][  T264] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.162239][   T29] kauditd_printk_skb: 381 callbacks suppressed
[  175.162302][   T29] audit: type=1400 audit(175.149:15584): avc:  denied  { add_name } for  pid=10715 comm="syz-executor" name="syz5" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  175.193322][   T29] audit: type=1400 audit(175.149:15585): avc:  denied  { create } for  pid=10715 comm="syz-executor" name="syz5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  175.213490][   T29] audit: type=1400 audit(175.149:15586): avc:  denied  { associate } for  pid=10715 comm="syz-executor" name="syz5" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  175.271815][   T29] audit: type=1326 audit(175.249:15587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10816 comm="syz.5.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  175.294914][   T29] audit: type=1326 audit(175.249:15588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10816 comm="syz.5.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  175.317910][   T29] audit: type=1326 audit(175.249:15589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10816 comm="syz.5.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  175.341001][   T29] audit: type=1326 audit(175.249:15590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10816 comm="syz.5.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  175.364077][   T29] audit: type=1326 audit(175.249:15591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10816 comm="syz.5.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  175.387314][   T29] audit: type=1326 audit(175.249:15592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10816 comm="syz.5.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  175.410641][   T29] audit: type=1326 audit(175.249:15593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10816 comm="syz.5.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  175.677462][T10833] loop4: detected capacity change from 0 to 512
[  175.914506][T10833] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  175.928746][T10833] EXT4-fs (loop4): 1 truncate cleaned up
[  175.934828][T10833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.935039][T10844] loop2: detected capacity change from 0 to 512
[  175.957834][T10844] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  176.047734][T10844] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  176.055690][T10844] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002]
[  176.063948][T10844] System zones: 0-1, 15-15, 18-18, 34-34
[  176.070133][T10844] EXT4-fs (loop2): orphan cleanup on readonly fs
[  176.076716][T10844] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  176.091581][T10844] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  176.099765][T10844] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2474: bg 0: block 40: padding at end of block bitmap is not set
[  176.116936][T10844] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  176.131465][T10844] EXT4-fs (loop2): 1 truncate cleaned up
[  176.137559][T10844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  176.291066][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.401758][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.408054][T10851] infiniband syz1: set active
[  176.415575][T10851] infiniband syz1: added bond0
[  176.427099][T10851] RDS/IB: syz1: added
[  176.431203][T10851] smc: adding ib device syz1 with port count 1
[  176.437629][T10851] smc:    ib device syz1 port 1 has no pnetid
[  176.444167][T10857] loop5: detected capacity change from 0 to 1024
[  176.470459][T10862] loop2: detected capacity change from 0 to 1024
[  176.482968][T10857] EXT4-fs: Ignoring removed i_version option
[  176.495408][T10862] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  176.509940][T10857] EXT4-fs: Ignoring removed nobh option
[  176.520352][T10862] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  176.529325][T10862] EXT4-fs (loop2): orphan cleanup on readonly fs
[  176.536079][T10862] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  176.550788][T10862] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  176.558428][T10862] EXT4-fs error (device loop2): ext4_free_blocks:6706: comm syz.2.2482: Freeing blocks not in datazone - block = 0, count = 4096
[  176.573739][T10857] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.603542][T10862] EXT4-fs (loop2): 1 orphan inode deleted
[  176.609850][T10862] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  176.654096][T10862] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.2482: iget: bad extended attribute block 6
[  176.691808][T10862] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.2482: iget: bad extended attribute block 6
[  176.744403][T10715] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.778873][T10878] loop1: detected capacity change from 0 to 2048
[  176.824289][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.868010][T10878] Alternate GPT is invalid, using primary GPT.
[  176.874353][T10878]  loop1: p1 p2 p3
[  176.878152][T10878] loop1: partition table partially beyond EOD, truncated
[  176.919507][T10890] loop0: detected capacity change from 0 to 512
[  176.939698][T10890] EXT4-fs (loop0): 1 orphan inode deleted
[  176.956871][  T311] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:5: Failed to release dquot type 1
[  176.979495][T10890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.998158][T10901] xfrm0: Caught tx_queue_len zero misconfig
[  177.061835][T10912] loop2: detected capacity change from 0 to 1024
[  177.068942][T10912] EXT4-fs: Ignoring removed i_version option
[  177.075036][T10912] EXT4-fs: Ignoring removed nobh option
[  177.089595][T10912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.139577][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.160674][T10918] nfs4: Bad value for 'source'
[  177.168327][T10918] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2500'.
[  177.187660][T10454] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.209322][T10923] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5648 sclass=netlink_route_socket pid=10923 comm=syz.0.2501
[  177.511826][T10947] loop2: detected capacity change from 0 to 4096
[  177.525399][T10947] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.538629][T10947] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.565561][T10952] FAULT_INJECTION: forcing a failure.
[  177.565561][T10952] name failslab, interval 1, probability 0, space 0, times 0
[  177.578655][T10952] CPU: 0 UID: 0 PID: 10952 Comm: syz.0.2514 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  177.578694][T10952] Tainted: [W]=WARN
[  177.578755][T10952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  177.578770][T10952] Call Trace:
[  177.578778][T10952]  <TASK>
[  177.578787][T10952]  __dump_stack+0x1d/0x30
[  177.578815][T10952]  dump_stack_lvl+0xe8/0x140
[  177.578840][T10952]  dump_stack+0x15/0x1b
[  177.578924][T10952]  should_fail_ex+0x265/0x280
[  177.578968][T10952]  should_failslab+0x8c/0xb0
[  177.579005][T10952]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  177.579065][T10952]  ? __alloc_skb+0x101/0x320
[  177.579103][T10952]  __alloc_skb+0x101/0x320
[  177.579136][T10952]  ? audit_log_start+0x342/0x720
[  177.579219][T10952]  audit_log_start+0x3a0/0x720
[  177.579242][T10952]  audit_seccomp+0x48/0x100
[  177.579277][T10952]  ? __seccomp_filter+0x82d/0x1250
[  177.579306][T10952]  __seccomp_filter+0x83e/0x1250
[  177.579390][T10952]  ? do_futex+0x21f/0x380
[  177.579430][T10952]  __secure_computing+0x82/0x150
[  177.579516][T10952]  syscall_trace_enter+0xcf/0x1e0
[  177.579551][T10952]  do_syscall_64+0xac/0x200
[  177.579573][T10952]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  177.579670][T10952]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  177.579774][T10952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.579855][T10952] RIP: 0033:0x7f23f739d9dc
[  177.579881][T10952] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  177.579947][T10952] RSP: 002b:00007f23f5dff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  177.579970][T10952] RAX: ffffffffffffffda RBX: 00007f23f75f5fa0 RCX: 00007f23f739d9dc
[  177.579986][T10952] RDX: 000000000000000f RSI: 00007f23f5dff0a0 RDI: 0000000000000006
[  177.580002][T10952] RBP: 00007f23f5dff090 R08: 0000000000000000 R09: 0000000000000002
[  177.580018][T10952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  177.580034][T10952] R13: 00007f23f75f6038 R14: 00007f23f75f5fa0 R15: 00007ffd81f3b4f8
[  177.580057][T10952]  </TASK>
[  177.875126][T10970] netlink: 'syz.2.2521': attribute type 4 has an invalid length.
[  177.881263][T10972] loop0: detected capacity change from 0 to 512
[  177.890079][T10972] EXT4-fs: inline encryption not supported
[  177.902663][T10972] EXT4-fs (loop0): Number of reserved GDT blocks insanely large: 935
[  177.911251][T10970] loop2: detected capacity change from 0 to 512
[  177.939562][T10970] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.983476][T10972] netlink: 'syz.0.2522': attribute type 13 has an invalid length.
[  177.991427][T10972] netlink: 'syz.0.2522': attribute type 27 has an invalid length.
[  178.026096][T10984] vhci_hcd: default hub control req: 0417 v0006 i0002 l4
[  178.028151][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.036074][T10984] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2526'.
[  178.101901][T10972] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.109199][T10972] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.171627][T10988] loop5: detected capacity change from 0 to 2048
[  178.203384][T10972] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.213363][T10972] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  178.253473][T10988] Alternate GPT is invalid, using primary GPT.
[  178.259965][T10988]  loop5: p1 p2 p3
[  178.263707][T10988] loop5: partition table partially beyond EOD, truncated
[  178.288306][  T264] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  178.297362][  T264] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  178.326791][  T264] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  178.335954][  T264] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  178.399735][T11000] netlink: 'syz.2.2533': attribute type 4 has an invalid length.
[  178.407574][T11000] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2533'.
[  178.418287][T11000] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  178.724291][T11017] loop0: detected capacity change from 0 to 4096
[  178.764177][T11017] ext4: Unknown parameter './file1'
[  178.900438][T11039] FAULT_INJECTION: forcing a failure.
[  178.900438][T11039] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.914008][T11039] CPU: 1 UID: 0 PID: 11039 Comm: syz.2.2547 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  178.914047][T11039] Tainted: [W]=WARN
[  178.914055][T11039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  178.914102][T11039] Call Trace:
[  178.914108][T11039]  <TASK>
[  178.914116][T11039]  __dump_stack+0x1d/0x30
[  178.914138][T11039]  dump_stack_lvl+0xe8/0x140
[  178.914162][T11039]  dump_stack+0x15/0x1b
[  178.914184][T11039]  should_fail_ex+0x265/0x280
[  178.914267][T11039]  should_fail+0xb/0x20
[  178.914287][T11039]  should_fail_usercopy+0x1a/0x20
[  178.914313][T11039]  _copy_from_iter+0xd2/0xe80
[  178.914340][T11039]  ? should_fail_ex+0xdb/0x280
[  178.914410][T11039]  ? should_failslab+0x8c/0xb0
[  178.914441][T11039]  ? __kmalloc_noprof+0x2a2/0x570
[  178.914473][T11039]  ? kernfs_fop_write_iter+0xe2/0x300
[  178.914552][T11039]  kernfs_fop_write_iter+0x125/0x300
[  178.914579][T11039]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  178.914601][T11039]  vfs_write+0x52a/0x960
[  178.914677][T11039]  ksys_write+0xda/0x1a0
[  178.914742][T11039]  __x64_sys_write+0x40/0x50
[  178.914771][T11039]  x64_sys_call+0x2802/0x3000
[  178.914814][T11039]  do_syscall_64+0xd2/0x200
[  178.914836][T11039]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  178.914871][T11039]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  178.914938][T11039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.914965][T11039] RIP: 0033:0x7f194da1efc9
[  178.914984][T11039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.915005][T11039] RSP: 002b:00007f194c487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.915145][T11039] RAX: ffffffffffffffda RBX: 00007f194dc75fa0 RCX: 00007f194da1efc9
[  178.915157][T11039] RDX: 0000000000000012 RSI: 0000200000000400 RDI: 0000000000000005
[  178.915182][T11039] RBP: 00007f194c487090 R08: 0000000000000000 R09: 0000000000000000
[  178.915193][T11039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.915207][T11039] R13: 00007f194dc76038 R14: 00007f194dc75fa0 R15: 00007ffec03bf928
[  178.915230][T11039]  </TASK>
[  179.201801][T11056] FAULT_INJECTION: forcing a failure.
[  179.201801][T11056] name failslab, interval 1, probability 0, space 0, times 0
[  179.213933][T11058] loop5: detected capacity change from 0 to 512
[  179.214804][T11056] CPU: 0 UID: 0 PID: 11056 Comm: syz.2.2553 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  179.214848][T11056] Tainted: [W]=WARN
[  179.214857][T11056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  179.214891][T11056] Call Trace:
[  179.214896][T11056]  <TASK>
[  179.214907][T11056]  __dump_stack+0x1d/0x30
[  179.214939][T11056]  dump_stack_lvl+0xe8/0x140
[  179.214968][T11056]  dump_stack+0x15/0x1b
[  179.215001][T11056]  should_fail_ex+0x265/0x280
[  179.215048][T11056]  ? qdisc_get_rtab+0x1a5/0x2d0
[  179.215076][T11056]  should_failslab+0x8c/0xb0
[  179.215162][T11056]  __kmalloc_cache_noprof+0x4c/0x4a0
[  179.215208][T11056]  qdisc_get_rtab+0x1a5/0x2d0
[  179.215306][T11056]  tcf_police_init+0x38e/0xc70
[  179.215398][T11056]  tcf_action_init_1+0x36a/0x4a0
[  179.215441][T11056]  tcf_action_init+0x267/0x6d0
[  179.215510][T11056]  tc_ctl_action+0x291/0x830
[  179.215656][T11056]  ? __pfx_tc_ctl_action+0x10/0x10
[  179.215696][T11056]  rtnetlink_rcv_msg+0x65a/0x6d0
[  179.215730][T11056]  ? avc_has_perm_noaudit+0x1b1/0x200
[  179.215761][T11056]  netlink_rcv_skb+0x123/0x220
[  179.215943][T11056]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  179.215983][T11056]  rtnetlink_rcv+0x1c/0x30
[  179.216011][T11056]  netlink_unicast+0x5c0/0x690
[  179.216055][T11056]  netlink_sendmsg+0x58b/0x6b0
[  179.216105][T11056]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.216160][T11056]  __sock_sendmsg+0x145/0x180
[  179.216195][T11056]  ____sys_sendmsg+0x31e/0x4e0
[  179.216245][T11056]  ___sys_sendmsg+0x17b/0x1d0
[  179.216310][T11056]  __x64_sys_sendmsg+0xd4/0x160
[  179.216435][T11056]  x64_sys_call+0x191e/0x3000
[  179.216466][T11056]  do_syscall_64+0xd2/0x200
[  179.216489][T11056]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  179.216576][T11056]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  179.216619][T11056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.216648][T11056] RIP: 0033:0x7f194da1efc9
[  179.216668][T11056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.216731][T11056] RSP: 002b:00007f194c487038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.216757][T11056] RAX: ffffffffffffffda RBX: 00007f194dc75fa0 RCX: 00007f194da1efc9
[  179.216778][T11056] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  179.216796][T11056] RBP: 00007f194c487090 R08: 0000000000000000 R09: 0000000000000000
[  179.216813][T11056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.216828][T11056] R13: 00007f194dc76038 R14: 00007f194dc75fa0 R15: 00007ffec03bf928
[  179.216856][T11056]  </TASK>
[  179.437107][T11062] syzkaller0: entered promiscuous mode
[  179.445827][T11058] EXT4-fs: Ignoring removed mblk_io_submit option
[  179.451835][T11062] syzkaller0: entered allmulticast mode
[  179.502687][T11058] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13
[  179.542320][T11058] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #13: comm syz.5.2554: attempt to clear invalid blocks 2 len 1
[  179.581580][T11058] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  179.596179][T11058] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.2554: invalid indirect mapped block 1819239214 (level 0)
[  179.611042][T11058] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.2554: invalid indirect mapped block 1819239214 (level 1)
[  179.626024][T11058] EXT4-fs (loop5): 1 truncate cleaned up
[  179.633911][T11058] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.687008][T11078] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2559'.
[  179.746369][T11085] loop1: detected capacity change from 0 to 2048
[  179.794784][T11085] Alternate GPT is invalid, using primary GPT.
[  179.801288][T11085]  loop1: p1 p2 p3
[  179.805117][T11085] loop1: partition table partially beyond EOD, truncated
[  179.837530][T11098] FAULT_INJECTION: forcing a failure.
[  179.837530][T11098] name failslab, interval 1, probability 0, space 0, times 0
[  179.850322][T11098] CPU: 0 UID: 0 PID: 11098 Comm: syz.5.2567 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  179.850406][T11098] Tainted: [W]=WARN
[  179.850415][T11098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  179.850430][T11098] Call Trace:
[  179.850439][T11098]  <TASK>
[  179.850480][T11098]  __dump_stack+0x1d/0x30
[  179.850530][T11098]  dump_stack_lvl+0xe8/0x140
[  179.850556][T11098]  dump_stack+0x15/0x1b
[  179.850576][T11098]  should_fail_ex+0x265/0x280
[  179.850613][T11098]  should_failslab+0x8c/0xb0
[  179.850730][T11098]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  179.850761][T11098]  ? __alloc_skb+0x101/0x320
[  179.850824][T11098]  __alloc_skb+0x101/0x320
[  179.850861][T11098]  netlink_alloc_large_skb+0xbf/0xf0
[  179.850900][T11098]  netlink_sendmsg+0x3cf/0x6b0
[  179.850931][T11098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.850955][T11098]  __sock_sendmsg+0x145/0x180
[  179.850981][T11098]  ____sys_sendmsg+0x31e/0x4e0
[  179.851015][T11098]  ___sys_sendmsg+0x17b/0x1d0
[  179.851080][T11098]  __x64_sys_sendmsg+0xd4/0x160
[  179.851125][T11098]  x64_sys_call+0x191e/0x3000
[  179.851147][T11098]  do_syscall_64+0xd2/0x200
[  179.851220][T11098]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  179.851311][T11098]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  179.851342][T11098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.851369][T11098] RIP: 0033:0x7f03541fefc9
[  179.851419][T11098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.851445][T11098] RSP: 002b:00007f0352c67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.851470][T11098] RAX: ffffffffffffffda RBX: 00007f0354455fa0 RCX: 00007f03541fefc9
[  179.851483][T11098] RDX: 0000000024000840 RSI: 0000200000009b40 RDI: 0000000000000003
[  179.851495][T11098] RBP: 00007f0352c67090 R08: 0000000000000000 R09: 0000000000000000
[  179.851507][T11098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.851519][T11098] R13: 00007f0354456038 R14: 00007f0354455fa0 R15: 00007ffec70a10f8
[  179.851538][T11098]  </TASK>
[  180.387490][T11114] loop2: detected capacity change from 0 to 512
[  180.397230][T11114] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  180.460486][T11114] EXT4-fs (loop2): 1 truncate cleaned up
[  180.556420][   T29] kauditd_printk_skb: 1246 callbacks suppressed
[  180.556438][   T29] audit: type=1400 audit(180.539:16835): avc:  denied  { ioctl } for  pid=11118 comm="syz.0.2570" path="socket:[28438]" dev="sockfs" ino=28438 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  180.701642][   T29] audit: type=1326 audit(180.689:16836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.744593][T11129] loop4: detected capacity change from 0 to 2048
[  180.770652][   T29] audit: type=1326 audit(180.689:16837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.793921][   T29] audit: type=1326 audit(180.689:16838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.817116][   T29] audit: type=1326 audit(180.689:16839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.840148][   T29] audit: type=1326 audit(180.689:16840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.863266][   T29] audit: type=1326 audit(180.689:16841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.886513][   T29] audit: type=1326 audit(180.689:16842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.909895][   T29] audit: type=1326 audit(180.689:16843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.933131][   T29] audit: type=1326 audit(180.689:16844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11123 comm="syz.5.2575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f03541fefc9 code=0x7ffc0000
[  180.992807][T11138] FAULT_INJECTION: forcing a failure.
[  180.992807][T11138] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  181.006110][T11138] CPU: 1 UID: 0 PID: 11138 Comm: syz.1.2577 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  181.006279][T11138] Tainted: [W]=WARN
[  181.006287][T11138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  181.006303][T11138] Call Trace:
[  181.006312][T11138]  <TASK>
[  181.006322][T11138]  __dump_stack+0x1d/0x30
[  181.006345][T11138]  dump_stack_lvl+0xe8/0x140
[  181.006376][T11138]  dump_stack+0x15/0x1b
[  181.006398][T11138]  should_fail_ex+0x265/0x280
[  181.006442][T11138]  should_fail_alloc_page+0xf2/0x100
[  181.006558][T11138]  __alloc_frozen_pages_noprof+0xff/0x360
[  181.006608][T11138]  alloc_pages_mpol+0xb3/0x260
[  181.006659][T11138]  alloc_pages_noprof+0x90/0x130
[  181.006690][T11138]  __pud_alloc+0x47/0x470
[  181.006794][T11138]  handle_mm_fault+0x1882/0x2be0
[  181.006820][T11138]  ? __rcu_read_unlock+0x4f/0x70
[  181.006851][T11138]  ? mt_find+0x208/0x320
[  181.006883][T11138]  do_user_addr_fault+0x3fe/0x1080
[  181.006950][T11138]  exc_page_fault+0x62/0xa0
[  181.007104][T11138]  asm_exc_page_fault+0x26/0x30
[  181.007126][T11138] RIP: 0010:rep_movs_alternative+0xf/0x90
[  181.007158][T11138] Code: c4 10 c3 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 3d f9 01 00 66 2e
[  181.007183][T11138] RSP: 0018:ffffc9000338fe18 EFLAGS: 00050202
[  181.007203][T11138] RAX: ffff888126ab0aa0 RBX: 0000000000000004 RCX: 0000000000000004
[  181.007218][T11138] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffc9000338fe54
[  181.007234][T11138] RBP: 0000000000000000 R08: 0000000000000490 R09: 0000000000000000
[  181.007257][T11138] R10: 0001c9000338fe54 R11: 0001c9000338fe57 R12: 0000000000000000
[  181.007271][T11138] R13: ffff888107194d00 R14: ffffc9000338fe54 R15: 0000200000000040
[  181.007296][T11138]  _copy_from_user+0x6f/0xb0
[  181.007400][T11138]  do_sock_getsockopt+0xf1/0x240
[  181.007456][T11138]  __x64_sys_getsockopt+0x11e/0x1a0
[  181.007491][T11138]  x64_sys_call+0x2bca/0x3000
[  181.007568][T11138]  do_syscall_64+0xd2/0x200
[  181.007590][T11138]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  181.007624][T11138]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  181.007659][T11138]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.007709][T11138] RIP: 0033:0x7fb09754efc9
[  181.007723][T11138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.007760][T11138] RSP: 002b:00007fb095faf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  181.007790][T11138] RAX: ffffffffffffffda RBX: 00007fb0977a5fa0 RCX: 00007fb09754efc9
[  181.007805][T11138] RDX: 0000000000000006 RSI: 0000000000000065 RDI: 0000000000000003
[  181.007817][T11138] RBP: 00007fb095faf090 R08: 0000200000000040 R09: 0000000000000000
[  181.007828][T11138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.007840][T11138] R13: 00007fb0977a6038 R14: 00007fb0977a5fa0 R15: 00007ffd9d872fa8
[  181.007859][T11138]  </TASK>
[  181.349413][T11129] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2572: bg 0: block 234: padding at end of block bitmap is not set
[  181.364240][T11129] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 117
[  181.376759][T11129] EXT4-fs (loop4): This should not happen!! Data will be lost
[  181.376759][T11129] 
[  181.498718][T11155] 9pnet_fd: Insufficient options for proto=fd
[  181.691657][T11166] loop2: detected capacity change from 0 to 1024
[  181.700668][T11166] EXT4-fs (loop2): blocks per group (131072) and clusters per group (8192) inconsistent
[  181.977810][T11168] loop5: detected capacity change from 0 to 512
[  181.985673][T11168] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  182.009393][T11168] EXT4-fs (loop5): 1 truncate cleaned up
[  182.133913][T11174] loop2: detected capacity change from 0 to 2048
[  182.153651][T11176] loop4: detected capacity change from 0 to 512
[  182.190174][T11176] EXT4-fs (loop4): shut down requested (0)
[  182.212087][ T3419] hid_parser_main: 28 callbacks suppressed
[  182.212109][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x1
[  182.225573][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.232991][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.240601][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.248165][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.255577][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.263217][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x4
[  182.270655][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.278085][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.285497][ T3419] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  182.295239][ T3419] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  182.312139][T11184] loop1: detected capacity change from 0 to 1024
[  182.324857][T11184] EXT4-fs: Ignoring removed i_version option
[  182.337311][T11184] EXT4-fs: Ignoring removed nobh option
[  182.400550][T11186] loop2: detected capacity change from 0 to 512
[  182.489842][T11186] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2594: bg 0: block 248: padding at end of block bitmap is not set
[  182.512726][T11186] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2594: Failed to acquire dquot type 1
[  182.563229][T11186] EXT4-fs (loop2): 1 truncate cleaned up
[  182.589072][T11210] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  182.595624][T11210] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  182.603185][T11210] vhci_hcd vhci_hcd.0: Device attached
[  182.613251][T11204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2602'.
[  182.623829][T11204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2602'.
[  182.632818][T11204] netem: unknown loss type 0
[  182.637489][T11204] netem: change failed
[  182.661847][T11204] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  182.669383][T11204] vhci_hcd: invalid port number 96
[  182.674529][T11204] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  182.733335][T11220] FAULT_INJECTION: forcing a failure.
[  182.733335][T11220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.746580][T11220] CPU: 1 UID: 0 PID: 11220 Comm: syz.5.2606 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  182.746650][T11220] Tainted: [W]=WARN
[  182.746657][T11220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  182.746839][T11220] Call Trace:
[  182.746848][T11220]  <TASK>
[  182.746858][T11220]  __dump_stack+0x1d/0x30
[  182.746940][T11220]  dump_stack_lvl+0xe8/0x140
[  182.746960][T11220]  dump_stack+0x15/0x1b
[  182.746977][T11220]  should_fail_ex+0x265/0x280
[  182.747016][T11220]  should_fail+0xb/0x20
[  182.747031][T11220]  should_fail_usercopy+0x1a/0x20
[  182.747146][T11220]  _copy_from_user+0x1c/0xb0
[  182.747172][T11220]  ___sys_sendmsg+0xc1/0x1d0
[  182.747222][T11220]  __x64_sys_sendmsg+0xd4/0x160
[  182.747319][T11220]  x64_sys_call+0x191e/0x3000
[  182.747407][T11220]  do_syscall_64+0xd2/0x200
[  182.747424][T11220]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  182.747458][T11220]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  182.747496][T11220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.747569][T11220] RIP: 0033:0x7f03541fefc9
[  182.747584][T11220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.747606][T11220] RSP: 002b:00007f0352c67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.747626][T11220] RAX: ffffffffffffffda RBX: 00007f0354455fa0 RCX: 00007f03541fefc9
[  182.747638][T11220] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000007
[  182.747649][T11220] RBP: 00007f0352c67090 R08: 0000000000000000 R09: 0000000000000000
[  182.747662][T11220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.747705][T11220] R13: 00007f0354456038 R14: 00007f0354455fa0 R15: 00007ffec70a10f8
[  182.747729][T11220]  </TASK>
[  183.033469][ T3411] usb 3-1: new low-speed USB device number 4 using vhci_hcd
[  183.358164][T11227] loop5: detected capacity change from 0 to 512
[  183.367325][T11227] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  183.399772][T11227] EXT4-fs (loop5): 1 truncate cleaned up
[  183.414165][T11211] vhci_hcd: connection reset by peer
[  183.425394][   T12] vhci_hcd: stop threads
[  183.429816][   T12] vhci_hcd: release socket
[  183.434288][   T12] vhci_hcd: disconnect device
[  183.460418][T11230] loop0: detected capacity change from 0 to 512
[  183.510176][T11230] EXT4-fs (loop0): shut down requested (0)
[  183.520435][ T3479] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  183.530485][T11237] loop2: detected capacity change from 0 to 1024
[  183.538210][T11237] EXT4-fs: Ignoring removed i_version option
[  183.544668][T11237] EXT4-fs: Ignoring removed nobh option
[  183.582294][T11243] sd 0:0:1:0: device reset
[  183.693598][T11258] x_tables: duplicate underflow at hook 1
[  183.725474][T11257] loop4: detected capacity change from 0 to 2048
[  183.734970][T11260] netlink: 'syz.0.2618': attribute type 7 has an invalid length.
[  183.831608][T11263] loop0: detected capacity change from 0 to 2048
[  183.845642][T11257] Alternate GPT is invalid, using primary GPT.
[  183.852073][T11257]  loop4: p1 p2 p3
[  183.855818][T11257] loop4: partition table partially beyond EOD, truncated
[  183.879179][T11263] Alternate GPT is invalid, using primary GPT.
[  183.885472][T11263]  loop0: p1 p2 p3
[  183.889311][T11263] loop0: partition table partially beyond EOD, truncated
[  184.021051][T11272] 9pnet: Unknown protocol version 9p20\++}
[  184.467932][T11248] syz.2.2615 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  184.482304][T11248] CPU: 0 UID: 0 PID: 11248 Comm: syz.2.2615 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  184.482377][T11248] Tainted: [W]=WARN
[  184.482386][T11248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  184.482402][T11248] Call Trace:
[  184.482410][T11248]  <TASK>
[  184.482487][T11248]  __dump_stack+0x1d/0x30
[  184.482516][T11248]  dump_stack_lvl+0xe8/0x140
[  184.482543][T11248]  dump_stack+0x15/0x1b
[  184.482566][T11248]  dump_header+0x81/0x220
[  184.482602][T11248]  oom_kill_process+0x342/0x400
[  184.482705][T11248]  out_of_memory+0x979/0xb80
[  184.482747][T11248]  try_charge_memcg+0x610/0xa10
[  184.482811][T11248]  obj_cgroup_charge_pages+0xa6/0x150
[  184.482895][T11248]  __memcg_kmem_charge_page+0x9f/0x170
[  184.482920][T11248]  __alloc_frozen_pages_noprof+0x188/0x360
[  184.482967][T11248]  alloc_pages_mpol+0xb3/0x260
[  184.483029][T11248]  alloc_pages_noprof+0x90/0x130
[  184.483058][T11248]  __vmalloc_node_range_noprof+0x7a5/0xed0
[  184.483112][T11248]  __kvmalloc_node_noprof+0x483/0x670
[  184.483150][T11248]  ? ip_set_alloc+0x24/0x30
[  184.483243][T11248]  ? ip_set_alloc+0x24/0x30
[  184.483281][T11248]  ? __kmalloc_cache_noprof+0x249/0x4a0
[  184.483313][T11248]  ip_set_alloc+0x24/0x30
[  184.483377][T11248]  hash_netiface_create+0x282/0x740
[  184.483443][T11248]  ? __pfx_hash_netiface_create+0x10/0x10
[  184.483505][T11248]  ip_set_create+0x3cc/0x970
[  184.483535][T11248]  ? __nla_parse+0x40/0x60
[  184.483564][T11248]  nfnetlink_rcv_msg+0x4c6/0x590
[  184.483625][T11248]  netlink_rcv_skb+0x123/0x220
[  184.483673][T11248]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  184.483745][T11248]  nfnetlink_rcv+0x167/0x16c0
[  184.483778][T11248]  ? insn_get_prefixes+0xa72/0xca0
[  184.483820][T11248]  ? cmp_ex_search+0x25/0x40
[  184.483924][T11248]  ? bsearch+0x95/0xc0
[  184.483958][T11248]  ? __pfx_cmp_ex_search+0x10/0x10
[  184.483985][T11248]  ? strncpy_from_kernel_nofault+0x78/0x130
[  184.484014][T11248]  ? search_extable+0x53/0x80
[  184.484116][T11248]  ? strncpy_from_kernel_nofault+0x78/0x130
[  184.484269][T11248]  ? strncpy_from_kernel_nofault+0x78/0x130
[  184.484293][T11248]  ? fixup_exception+0x741/0xd50
[  184.484384][T11248]  ? insn_get_modrm+0x367/0x390
[  184.484479][T11248]  ? __rcu_read_lock+0x37/0x50
[  184.484556][T11248]  ? spurious_kernel_fault+0xf4/0x4a0
[  184.484586][T11248]  ? kernelmode_fixup_or_oops+0x59/0xb0
[  184.484616][T11248]  ? exc_page_fault+0x7b/0xa0
[  184.484653][T11248]  ? kernelmode_fixup_or_oops+0x59/0xb0
[  184.484753][T11248]  ? should_fail_ex+0x30/0x280
[  184.484793][T11248]  ? selinux_nlmsg_lookup+0x99/0x890
[  184.484820][T11248]  ? __rcu_read_unlock+0x34/0x70
[  184.484893][T11248]  ? __netlink_lookup+0x266/0x2a0
[  184.484915][T11248]  netlink_unicast+0x5c0/0x690
[  184.484952][T11248]  netlink_sendmsg+0x58b/0x6b0
[  184.484979][T11248]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.485069][T11248]  __sock_sendmsg+0x145/0x180
[  184.485163][T11248]  ____sys_sendmsg+0x31e/0x4e0
[  184.485202][T11248]  ___sys_sendmsg+0x17b/0x1d0
[  184.485260][T11248]  __x64_sys_sendmsg+0xd4/0x160
[  184.485309][T11248]  x64_sys_call+0x191e/0x3000
[  184.485360][T11248]  do_syscall_64+0xd2/0x200
[  184.485378][T11248]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  184.485458][T11248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.485489][T11248] RIP: 0033:0x7f194da1efc9
[  184.485510][T11248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.485605][T11248] RSP: 002b:00007f194c487038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.485630][T11248] RAX: ffffffffffffffda RBX: 00007f194dc75fa0 RCX: 00007f194da1efc9
[  184.485644][T11248] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 000000000000000a
[  184.485657][T11248] RBP: 00007f194daa1f91 R08: 0000000000000000 R09: 0000000000000000
[  184.485674][T11248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  184.485736][T11248] R13: 00007f194dc76038 R14: 00007f194dc75fa0 R15: 00007ffec03bf928
[  184.485761][T11248]  </TASK>
[  184.485770][T11248] memory: usage 307200kB, limit 307200kB, failcnt 489
[  184.688513][T11278] sd 0:0:1:0: device reset
[  184.688956][T11248] memory+swap: usage 307584kB, limit 9007199254740988kB, failcnt 0
[  184.724670][T11280] loop4: detected capacity change from 0 to 1024
[  184.725067][T11248] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0
[  184.734061][T11280] EXT4-fs: Ignoring removed i_version option
[  184.735119][T11248] Memory cgroup stats for /syz2:
[  184.740418][T11248] cache 4096
[  184.769987][T11280] EXT4-fs: Ignoring removed nobh option
[  184.774580][T11248] rss 4096
[  184.834648][T11286] loop0: detected capacity change from 0 to 512
[  184.840983][T11248] shmem 0
[  184.840996][T11248] mapped_file 4096
[  184.932851][T11286] EXT4-fs (loop0): shut down requested (0)
[  184.939022][T11248] dirty 0
[  184.954484][T11248] writeback 0
[  184.954497][T11248] workingset_refault_anon 84
[  184.954507][T11248] workingset_refault_file 2925
[  184.954517][T11248] swap 401408
[  184.970514][T11248] swapcached 4096
[  184.970528][T11248] pgpgin 184907
[  184.970537][T11248] pgpgout 184901
[  184.970546][T11248] pgfault 172441
[  184.984816][T11248] pgmajfault 81
[  184.988318][T11248] inactive_anon 0
[  184.991966][T11248] active_anon 4096
[  184.995705][T11248] inactive_file 0
[  184.996431][ T8218] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  184.999369][T11248] active_file 20480
[  185.012763][T11248] unevictable 0
[  185.016235][T11248] hierarchical_memory_limit 314572800
[  185.021666][T11248] hierarchical_memsw_limit 9223372036854771712
[  185.027876][T11248] total_cache 4096
[  185.031771][T11248] total_rss 4096
[  185.035500][T11248] total_shmem 0
[  185.039024][T11248] total_mapped_file 4096
[  185.043272][T11248] total_dirty 0
[  185.047041][T11248] total_writeback 0
[  185.050866][T11248] total_workingset_refault_anon 84
[  185.055970][T11248] total_workingset_refault_file 2925
[  185.061288][T11248] total_swap 401408
[  185.065252][T11248] total_swapcached 4096
[  185.069438][T11248] total_pgpgin 184907
[  185.073427][T11248] total_pgpgout 184901
[  185.077663][T11248] total_pgfault 172441
[  185.081739][T11248] total_pgmajfault 81
[  185.085722][T11248] total_inactive_anon 0
[  185.089922][T11248] total_active_anon 4096
[  185.094169][T11248] total_inactive_file 0
[  185.098470][T11248] total_active_file 20480
[  185.102810][T11248] total_unevictable 0
[  185.106857][T11248] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2615,pid=11247,uid=0
[  185.121664][T11248] Memory cgroup out of memory: Killed process 11247 (syz.2.2615) total-vm:93956kB, anon-rss:1136kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  185.270817][T11300] netlink: 'syz.4.2630': attribute type 7 has an invalid length.
[  185.829765][   T29] kauditd_printk_skb: 410 callbacks suppressed
[  185.829780][   T29] audit: type=1400 audit(185.809:17253): avc:  denied  { setopt } for  pid=11307 comm="syz.4.2635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  185.886822][   T29] audit: type=1400 audit(185.849:17254): avc:  denied  { mounton } for  pid=11305 comm="syz.2.2634" path="/476/bus" dev="tmpfs" ino=2608 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  185.948657][   T29] audit: type=1400 audit(185.939:17255): avc:  denied  { create } for  pid=11305 comm="syz.2.2634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  185.971507][T11311] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  185.978086][T11311] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  185.985718][T11311] vhci_hcd vhci_hcd.0: Device attached
[  185.996969][   T29] audit: type=1400 audit(185.939:17256): avc:  denied  { ioctl } for  pid=11305 comm="syz.2.2634" path="socket:[29874]" dev="sockfs" ino=29874 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  186.165888][   T29] audit: type=1326 audit(186.149:17257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11331 comm="syz.4.2640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  186.166571][T11332] loop4: detected capacity change from 0 to 1024
[  186.189095][   T29] audit: type=1326 audit(186.149:17258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11331 comm="syz.4.2640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  186.197337][T11332] EXT4-fs: Ignoring removed i_version option
[  186.218418][   T29] audit: type=1326 audit(186.149:17259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11331 comm="syz.4.2640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  186.242105][T11332] EXT4-fs: Ignoring removed nobh option
[  186.247407][   T29] audit: type=1326 audit(186.149:17260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11331 comm="syz.4.2640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  186.247439][   T29] audit: type=1326 audit(186.149:17261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11331 comm="syz.4.2640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  186.299161][   T29] audit: type=1326 audit(186.149:17262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11331 comm="syz.4.2640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd48b6cf003 code=0x7ffc0000
[  186.386844][ T8221] usb 1-1: new low-speed USB device number 2 using vhci_hcd
[  186.415393][T11344] loop4: detected capacity change from 0 to 512
[  186.451395][T11344] EXT4-fs (loop4): shut down requested (0)
[  186.462492][ T8218] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  186.553758][T11358] loop1: detected capacity change from 0 to 2048
[  186.608671][T11358] Alternate GPT is invalid, using primary GPT.
[  186.615049][T11358]  loop1: p1 p2 p3
[  186.618940][T11358] loop1: partition table partially beyond EOD, truncated
[  186.662892][T11312] vhci_hcd: connection reset by peer
[  186.670497][   T31] vhci_hcd: stop threads
[  186.674816][   T31] vhci_hcd: release socket
[  186.679312][   T31] vhci_hcd: disconnect device
[  186.891775][T11394] loop5: detected capacity change from 0 to 512
[  186.904735][T11391] loop4: detected capacity change from 0 to 512
[  186.916045][T11394] EXT4-fs (loop5): shut down requested (0)
[  186.926584][ T8218] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  187.027017][T11407] 9pnet: Unknown protocol version 9p2000.t
[  187.054540][T11414] loop5: detected capacity change from 0 to 512
[  187.065363][T11414] EXT4-fs: Ignoring removed bh option
[  187.073363][T11416] loop4: detected capacity change from 0 to 512
[  187.080460][T11414] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  187.089626][T11416] EXT4-fs: Ignoring removed bh option
[  187.091144][T11414] EXT4-fs (loop5): 1 truncate cleaned up
[  187.105291][T11416] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  187.135524][T11416] EXT4-fs (loop4): 1 truncate cleaned up
[  187.161979][T11416] FAULT_INJECTION: forcing a failure.
[  187.161979][T11416] name failslab, interval 1, probability 0, space 0, times 0
[  187.174789][T11416] CPU: 1 UID: 0 PID: 11416 Comm: syz.4.2669 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  187.174851][T11416] Tainted: [W]=WARN
[  187.174857][T11416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  187.174869][T11416] Call Trace:
[  187.174876][T11416]  <TASK>
[  187.174884][T11416]  __dump_stack+0x1d/0x30
[  187.174911][T11416]  dump_stack_lvl+0xe8/0x140
[  187.174934][T11416]  dump_stack+0x15/0x1b
[  187.174975][T11416]  should_fail_ex+0x265/0x280
[  187.175013][T11416]  should_failslab+0x8c/0xb0
[  187.175047][T11416]  __kmalloc_noprof+0xa5/0x570
[  187.175101][T11416]  ? ext4_inlinedir_to_tree+0x143/0x710
[  187.175168][T11416]  ? ext4_get_inode_loc+0xb2/0xe0
[  187.175194][T11416]  ext4_inlinedir_to_tree+0x143/0x710
[  187.175220][T11416]  ? should_fail_ex+0x30/0x280
[  187.175269][T11416]  ext4_htree_fill_tree+0x336/0x9c0
[  187.175401][T11416]  ? native_apic_msr_write+0x3d/0x60
[  187.175437][T11416]  ? x2apic_send_IPI_self+0x10/0x20
[  187.175481][T11416]  ? kstrtoull+0x111/0x140
[  187.175636][T11416]  ext4_readdir+0x1729/0x1d40
[  187.175667][T11416]  ? 0xffffffff81000000
[  187.175681][T11416]  ? get_pid_task+0x96/0xd0
[  187.175707][T11416]  ? proc_fail_nth_write+0x13b/0x160
[  187.175814][T11416]  ? avc_policy_seqno+0x15/0x30
[  187.175836][T11416]  ? selinux_file_permission+0x1e4/0x320
[  187.175878][T11416]  iterate_dir+0x114/0x330
[  187.175903][T11416]  ? mutex_lock+0xd/0x30
[  187.175990][T11416]  __se_sys_getdents+0x88/0x1b0
[  187.176009][T11416]  ? __pfx_filldir+0x10/0x10
[  187.176072][T11416]  __x64_sys_getdents+0x43/0x50
[  187.176093][T11416]  x64_sys_call+0xee7/0x3000
[  187.176187][T11416]  do_syscall_64+0xd2/0x200
[  187.176204][T11416]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  187.176230][T11416]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  187.176295][T11416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.176321][T11416] RIP: 0033:0x7fd48b6cefc9
[  187.176335][T11416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.176352][T11416] RSP: 002b:00007fd48a137038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  187.176370][T11416] RAX: ffffffffffffffda RBX: 00007fd48b925fa0 RCX: 00007fd48b6cefc9
[  187.176384][T11416] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000004
[  187.176428][T11416] RBP: 00007fd48a137090 R08: 0000000000000000 R09: 0000000000000000
[  187.176440][T11416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.176452][T11416] R13: 00007fd48b926038 R14: 00007fd48b925fa0 R15: 00007ffd62bc8d08
[  187.176470][T11416]  </TASK>
[  187.182165][T11409] cgroup: fork rejected by pids controller in /syz2
[  187.521312][T11508] loop5: detected capacity change from 0 to 512
[  187.529482][T11508] EXT4-fs: Ignoring removed bh option
[  187.535363][T11508] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  187.576757][T11508] EXT4-fs (loop5): 1 truncate cleaned up
[  187.589137][T11508] EXT4-fs error (device loop5): ext4_lookup:1787: inode #14: comm syz.5.2676: invalid fast symlink length 39
[  187.676977][T11519] EXT4-fs error (device loop5): ext4_lookup:1787: inode #14: comm syz.5.2676: invalid fast symlink length 39
[  187.800032][T11527] loop2: detected capacity change from 0 to 512
[  187.889916][T11527] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2683: bg 0: block 248: padding at end of block bitmap is not set
[  187.908779][T11537] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  187.915339][T11537] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  187.923039][T11537] vhci_hcd vhci_hcd.0: Device attached
[  187.923676][T11527] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2683: Failed to acquire dquot type 1
[  187.940531][T11535] loop5: detected capacity change from 0 to 512
[  187.950556][T11527] EXT4-fs (loop2): 1 truncate cleaned up
[  187.968510][T11535] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2684: bg 0: block 248: padding at end of block bitmap is not set
[  187.983406][T11535] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.2684: Failed to acquire dquot type 1
[  187.995506][T11535] EXT4-fs (loop5): 1 truncate cleaned up
[  188.086863][ T3411] usb 3-1: enqueue for inactive port 0
[  188.092466][ T3411] usb 3-1: enqueue for inactive port 0
[  188.150337][T11555] rdma_rxe: rxe_newlink: failed to add bond0
[  188.167296][ T3411] vhci_hcd: vhci_device speed not set
[  188.282377][T11566] loop1: detected capacity change from 0 to 1024
[  188.289757][T11566] EXT4-fs: Ignoring removed i_version option
[  188.295929][T11566] EXT4-fs: Ignoring removed nobh option
[  188.372497][T11572] netlink: 'syz.4.2696': attribute type 7 has an invalid length.
[  188.734745][T11538] vhci_hcd: connection closed
[  188.735696][   T12] vhci_hcd: stop threads
[  188.744729][   T12] vhci_hcd: release socket
[  188.749365][   T12] vhci_hcd: disconnect device
[  188.774883][T11601] ALSA: seq fatal error: cannot create timer (-19)
[  188.788340][T11601] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2707'.
[  188.889631][T11606] loop1: detected capacity change from 0 to 1024
[  188.897366][T11606] EXT4-fs: Ignoring removed i_version option
[  188.903570][T11606] EXT4-fs: Ignoring removed nobh option
[  189.226108][T11625] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2714'.
[  189.235163][T11625] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2714'.
[  189.302664][T11631] loop1: detected capacity change from 0 to 512
[  189.319538][T11633] loop0: detected capacity change from 0 to 2048
[  189.368357][T11631] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2717'.
[  189.378865][T11633] Alternate GPT is invalid, using primary GPT.
[  189.385185][T11633]  loop0: p1 p2 p3
[  189.388987][T11633] loop0: partition table partially beyond EOD, truncated
[  189.443529][T11638] loop1: detected capacity change from 0 to 1024
[  189.451203][T11638] EXT4-fs: Ignoring removed i_version option
[  189.457677][T11638] EXT4-fs: Ignoring removed nobh option
[  189.672467][T11643] loop1: detected capacity change from 0 to 512
[  189.692838][T11643] EXT4-fs (loop1): shut down requested (0)
[  189.701962][T11652] IPVS: length: 111 != 24
[  189.708989][ T3479] hid_parser_main: 180 callbacks suppressed
[  189.709007][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x1
[  189.722368][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  189.729791][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  189.737287][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  189.744742][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  189.752178][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  189.759672][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x4
[  189.767139][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  189.774655][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  189.782190][ T3479] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  190.082718][T11654] loop4: detected capacity change from 0 to 512
[  190.091030][T11654] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  190.107481][T11654] EXT4-fs (loop4): 1 truncate cleaned up
[  190.137107][ T3479] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  190.316755][T11666] loop1: detected capacity change from 0 to 512
[  190.340886][T11666] SELinux:  Context @ is not valid (left unmapped).
[  190.428330][T11677] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  190.434898][T11677] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  190.442457][T11677] vhci_hcd vhci_hcd.0: Device attached
[  190.560121][T11695] 9pnet: Unknown protocol version 9p20\++}
[  190.597015][T11701] loop0: detected capacity change from 0 to 256
[  190.686763][ T3479] usb 11-1: new low-speed USB device number 2 using vhci_hcd
[  190.741232][T11705] FAULT_INJECTION: forcing a failure.
[  190.741232][T11705] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.754393][T11705] CPU: 0 UID: 0 PID: 11705 Comm: syz.0.2737 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  190.754452][T11705] Tainted: [W]=WARN
[  190.754460][T11705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  190.754475][T11705] Call Trace:
[  190.754508][T11705]  <TASK>
[  190.754517][T11705]  __dump_stack+0x1d/0x30
[  190.754545][T11705]  dump_stack_lvl+0xe8/0x140
[  190.754570][T11705]  dump_stack+0x15/0x1b
[  190.754592][T11705]  should_fail_ex+0x265/0x280
[  190.754671][T11705]  should_fail+0xb/0x20
[  190.754686][T11705]  should_fail_usercopy+0x1a/0x20
[  190.754706][T11705]  _copy_from_user+0x1c/0xb0
[  190.754760][T11705]  kstrtouint_from_user+0x69/0xf0
[  190.754786][T11705]  ? 0xffffffff81000000
[  190.754803][T11705]  ? selinux_file_permission+0x1e4/0x320
[  190.754843][T11705]  proc_fail_nth_write+0x50/0x160
[  190.754933][T11705]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  190.754973][T11705]  vfs_write+0x269/0x960
[  190.755003][T11705]  ? vfs_read+0x4e6/0x770
[  190.755069][T11705]  ? __rcu_read_unlock+0x4f/0x70
[  190.755095][T11705]  ? __fget_files+0x184/0x1c0
[  190.755127][T11705]  ksys_write+0xda/0x1a0
[  190.755187][T11705]  __x64_sys_write+0x40/0x50
[  190.755219][T11705]  x64_sys_call+0x2802/0x3000
[  190.755280][T11705]  do_syscall_64+0xd2/0x200
[  190.755299][T11705]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  190.755400][T11705]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  190.755440][T11705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.755515][T11705] RIP: 0033:0x7f23f739da7f
[  190.755530][T11705] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  190.755568][T11705] RSP: 002b:00007f23f5dff030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  190.755589][T11705] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f23f739da7f
[  190.755605][T11705] RDX: 0000000000000001 RSI: 00007f23f5dff0a0 RDI: 0000000000000007
[  190.755648][T11705] RBP: 00007f23f5dff090 R08: 0000000000000000 R09: 0000000000000000
[  190.755664][T11705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  190.755679][T11705] R13: 00007f23f75f6038 R14: 00007f23f75f5fa0 R15: 00007ffd81f3b4f8
[  190.755701][T11705]  </TASK>
[  190.993601][T11710] loop1: detected capacity change from 0 to 512
[  191.000803][T11710] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  191.012995][T11710] EXT4-fs (loop1): 1 truncate cleaned up
[  191.013762][   T29] kauditd_printk_skb: 542 callbacks suppressed
[  191.013778][   T29] audit: type=1400 audit(190.999:17801): avc:  denied  { setopt } for  pid=11712 comm="syz.0.2740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  191.027564][T11710] EXT4-fs error (device loop1): ext4_lookup:1787: inode #16: comm syz.1.2738: iget: bad i_size value: 5497558147880
[  191.056901][T11710] EXT4-fs (loop1): Remounting filesystem read-only
[  191.067560][   T29] audit: type=1400 audit(191.059:17802): avc:  denied  { ioctl } for  pid=11708 comm="syz.1.2738" path="/550/file2/file1" dev="loop1" ino=15 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  191.098001][   T29] audit: type=1400 audit(191.079:17803): avc:  denied  { ioctl } for  pid=11708 comm="syz.1.2738" path="socket:[30302]" dev="sockfs" ino=30302 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  191.123237][   T29] audit: type=1400 audit(191.079:17804): avc:  denied  { sqpoll } for  pid=11708 comm="syz.1.2738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  191.151847][   T29] audit: type=1326 audit(191.139:17805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.1.2743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  191.175022][   T29] audit: type=1326 audit(191.139:17806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.1.2743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  191.198730][   T29] audit: type=1326 audit(191.139:17807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.1.2743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  191.221785][   T29] audit: type=1326 audit(191.139:17808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.1.2743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  191.222173][T11721] loop1: detected capacity change from 0 to 2048
[  191.244760][   T29] audit: type=1326 audit(191.139:17809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.1.2743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  191.244793][   T29] audit: type=1326 audit(191.139:17810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.1.2743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09754efc9 code=0x7ffc0000
[  191.251509][T11678] vhci_hcd: connection reset by peer
[  191.303963][  T311] vhci_hcd: stop threads
[  191.308305][  T311] vhci_hcd: release socket
[  191.312804][  T311] vhci_hcd: disconnect device
[  191.335791][T11720] syzkaller0: entered promiscuous mode
[  191.341323][T11720] syzkaller0: entered allmulticast mode
[  191.347981][T11721] Alternate GPT is invalid, using primary GPT.
[  191.354340][T11721]  loop1: p1 p2 p3
[  191.358126][T11721] loop1: partition table partially beyond EOD, truncated
[  191.390326][T11724] loop2: detected capacity change from 0 to 512
[  191.411433][T11724] EXT4-fs (loop2): shut down requested (0)
[  191.420235][ T2968] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  191.446792][ T8221] usb 1-1: enqueue for inactive port 0
[  191.452377][ T8221] usb 1-1: enqueue for inactive port 0
[  191.526748][ T8221] vhci_hcd: vhci_device speed not set
[  191.822106][T11743] vlan2: entered allmulticast mode
[  191.827302][T11743] veth1_to_bond: entered allmulticast mode
[  191.995025][T11751] sit0: Caught tx_queue_len zero misconfig
[  192.038539][T11754] loop4: detected capacity change from 0 to 512
[  192.049001][T11754] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2751: bg 0: block 248: padding at end of block bitmap is not set
[  192.063758][T11754] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.2751: Failed to acquire dquot type 1
[  192.075863][T11754] EXT4-fs (loop4): 1 truncate cleaned up
[  192.096624][T11754] EXT4-fs mount: 59 callbacks suppressed
[  192.096643][T11754] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.366261][T11777] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  192.372813][T11777] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  192.380400][T11777] vhci_hcd vhci_hcd.0: Device attached
[  192.531671][T11784] loop5: detected capacity change from 0 to 764
[  192.538825][T11784] iso9660: Unknown parameter 'SMC_PNETID'
[  192.636754][ T3411] usb 3-1: new low-speed USB device number 5 using vhci_hcd
[  192.670807][T11790] loop5: detected capacity change from 0 to 512
[  192.679302][T11790] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 4294967295: comm syz.5.2762: invalid block
[  192.691760][T11790] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2762: invalid indirect mapped block 4294967295 (level 1)
[  192.705988][T11790] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2762: invalid indirect mapped block 4294967295 (level 1)
[  192.723748][T11790] EXT4-fs (loop5): 2 truncates cleaned up
[  192.730159][T11790] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.745000][T11790] netlink: 272 bytes leftover after parsing attributes in process `syz.5.2762'.
[  192.754445][T11790] EXT4-fs (loop5): shut down requested (2)
[  192.817138][T10715] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.826075][T11793] loop2: detected capacity change from 0 to 2048
[  192.868357][T11793] Alternate GPT is invalid, using primary GPT.
[  192.874873][T11793]  loop2: p1 p2 p3
[  192.878660][T11793] loop2: partition table partially beyond EOD, truncated
[  192.887314][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.972943][T11809] syz1: rxe_newlink: already configured on bond0
[  193.020735][T11813] loop0: detected capacity change from 0 to 512
[  193.054018][T11813] EXT4-fs (loop0): too many log groups per flexible block group
[  193.081970][T11813] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  193.115516][T11813] EXT4-fs (loop0): mount failed
[  193.144093][T11820] loop4: detected capacity change from 0 to 256
[  193.152164][T11820] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001)
[  193.160181][T11820] FAT-fs (loop4): Filesystem has been set read-only
[  193.187790][T11778] vhci_hcd: connection reset by peer
[  193.197197][   T31] vhci_hcd: stop threads
[  193.201632][   T31] vhci_hcd: release socket
[  193.206169][   T31] vhci_hcd: disconnect device
[  193.230296][T11822] loop4: detected capacity change from 0 to 512
[  193.250766][T11822] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2776: bg 0: block 248: padding at end of block bitmap is not set
[  193.265463][T11822] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.2776: Failed to acquire dquot type 1
[  193.277354][T11822] EXT4-fs (loop4): 1 truncate cleaned up
[  193.283589][T11822] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.653195][T11854] netlink: 'syz.2.2786': attribute type 7 has an invalid length.
[  193.881348][T11878] xt_policy: too many policy elements
[  193.906264][T11875] lo speed is unknown, defaulting to 1000
[  193.912344][T11875] lo speed is unknown, defaulting to 1000
[  193.918551][T11875] lo speed is unknown, defaulting to 1000
[  193.924813][T11875] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  193.926372][T11880] IPVS: Scheduler module ip_vs_€ not found
[  193.935208][T11875] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  193.955676][T11875] lo speed is unknown, defaulting to 1000
[  193.962235][T11875] lo speed is unknown, defaulting to 1000
[  193.968710][T11875] lo speed is unknown, defaulting to 1000
[  193.975257][T11875] lo speed is unknown, defaulting to 1000
[  193.982071][T11875] lo speed is unknown, defaulting to 1000
[  193.989125][T11875] lo speed is unknown, defaulting to 1000
[  194.003189][T11875] lo speed is unknown, defaulting to 1000
[  194.074263][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.098300][T11889] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  194.104867][T11889] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  194.112434][T11889] vhci_hcd vhci_hcd.0: Device attached
[  194.200079][T11903] vlan2: entered allmulticast mode
[  194.205217][T11903] batadv0: entered allmulticast mode
[  194.356905][ T2968] usb 9-1: new low-speed USB device number 5 using vhci_hcd
[  194.369656][T11914] rdma_rxe: rxe_newlink: failed to add bond0
[  194.406026][T11917] loop0: detected capacity change from 0 to 512
[  194.418517][T11920] rdma_rxe: rxe_newlink: failed to add bond0
[  194.430904][T11917] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2810: bg 0: block 248: padding at end of block bitmap is not set
[  194.445450][T11917] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.2810: Failed to acquire dquot type 1
[  194.457733][T11917] EXT4-fs (loop0): 1 truncate cleaned up
[  194.464018][T11917] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.487512][T11925] loop5: detected capacity change from 0 to 512
[  194.499036][T11925] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.569500][T11925] SELinux: failed to load policy
[  194.716341][T11933] ip6gre1: left allmulticast mode
[  195.016794][T11890] vhci_hcd: connection reset by peer
[  195.096885][ T1748] vhci_hcd: stop threads
[  195.101215][ T1748] vhci_hcd: release socket
[  195.105722][ T1748] vhci_hcd: disconnect device
[  195.259611][T10454] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.330554][T10715] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.374123][T11952] rdma_rxe: rxe_newlink: failed to add bond0
[  195.513693][T11962] netlink: 'syz.0.2824': attribute type 7 has an invalid length.
[  195.554233][T11964] pimreg: entered allmulticast mode
[  195.575761][T11964] pimreg: left allmulticast mode
[  195.735389][T11985] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  195.741945][T11985] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  195.749527][T11985] vhci_hcd vhci_hcd.0: Device attached
[  195.769282][ T3479] usb 11-1: enqueue for inactive port 0
[  195.777267][ T3479] usb 11-1: enqueue for inactive port 0
[  195.825843][T11999] netlink: 'syz.5.2837': attribute type 7 has an invalid length.
[  195.856776][ T3479] vhci_hcd: vhci_device speed not set
[  195.901062][T12005] syz1: rxe_newlink: already configured on bond0
[  195.963556][T11993] lo speed is unknown, defaulting to 1000
[  195.996960][ T8228] usb 1-1: new low-speed USB device number 3 using vhci_hcd
[  196.047684][   T29] kauditd_printk_skb: 436 callbacks suppressed
[  196.047703][   T29] audit: type=1400 audit(196.039:18241): avc:  denied  { write } for  pid=12012 comm="syz.1.2842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  196.092199][   T29] audit: type=1400 audit(196.039:18242): avc:  denied  { accept } for  pid=12012 comm="syz.1.2842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  196.097553][T12019] loop1: detected capacity change from 0 to 512
[  196.137063][   T29] audit: type=1400 audit(196.119:18243): avc:  denied  { create } for  pid=12016 comm="syz.4.2843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  196.172015][T12017] netlink: 'syz.4.2843': attribute type 10 has an invalid length.
[  196.179952][T12017] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2843'.
[  196.201710][T12017] batman_adv: batadv0: Adding interface: veth1_vlan
[  196.202021][T12019] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.208445][T12017] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.249903][T12028] loop4: detected capacity change from 0 to 512
[  196.257103][T12028] ext4: Unknown parameter 'smackfshat'
[  196.261070][T12019] EXT4-fs (loop1): shut down requested (0)
[  196.269722][T12017] batman_adv: batadv0: Interface activated: veth1_vlan
[  196.285500][   T29] audit: type=1400 audit(196.269:18244): avc:  denied  { name_bind } for  pid=12016 comm="syz.4.2843" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  196.390899][T12017] loop4: detected capacity change from 0 to 512
[  196.408798][T12017] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.422022][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.509162][T12043] netlink: 'syz.1.2849': attribute type 7 has an invalid length.
[  196.566878][T11986] vhci_hcd: connection reset by peer
[  196.575854][ T1748] vhci_hcd: stop threads
[  196.580272][ T1748] vhci_hcd: release socket
[  196.584695][ T1748] vhci_hcd: disconnect device
[  196.719591][T12062] x_tables: duplicate underflow at hook 1
[  196.929530][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.042483][   T29] audit: type=1326 audit(197.029:18245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12071 comm="syz.4.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  197.084409][   T29] audit: type=1326 audit(197.049:18246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12071 comm="syz.4.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  197.107677][   T29] audit: type=1326 audit(197.049:18247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12071 comm="syz.4.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  197.130934][   T29] audit: type=1326 audit(197.049:18248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12071 comm="syz.4.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  197.153994][   T29] audit: type=1326 audit(197.049:18249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12071 comm="syz.4.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  197.177014][   T29] audit: type=1326 audit(197.059:18250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12071 comm="syz.4.2859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fd48b6cefc9 code=0x7ffc0000
[  197.235967][T12078] loop0: detected capacity change from 0 to 2048
[  197.262046][T12078] EXT4-fs: Ignoring removed bh option
[  197.281698][T12078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  197.309178][T12078] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  197.342110][T12078] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 18 with error 28
[  197.354555][T12078] EXT4-fs (loop0): This should not happen!! Data will be lost
[  197.354555][T12078] 
[  197.364355][T12078] EXT4-fs (loop0): Total free blocks count 0
[  197.370445][T12078] EXT4-fs (loop0): Free/Dirty block details
[  197.376407][T12078] EXT4-fs (loop0): free_blocks=2415919104
[  197.382290][T12078] EXT4-fs (loop0): dirty_blocks=32
[  197.387497][T12078] EXT4-fs (loop0): Block reservation details
[  197.393565][T12078] EXT4-fs (loop0): i_reserved_data_blocks=2
[  197.429684][T12097] EXT4-fs error (device loop0): ext4_iget_extra_inode:5075: inode #12: comm syz.0.2862: corrupted in-inode xattr: e_name out of bounds
[  197.444663][T12094] netlink: 'syz.2.2864': attribute type 10 has an invalid length.
[  197.454184][T12094] team0: Port device dummy0 added
[  197.462131][T12094] loop2: detected capacity change from 0 to 256
[  197.479530][T12094] vfat: Unknown parameter ''
[  197.503261][T10454] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.698449][ T3411] usb 3-1: enqueue for inactive port 0
[  197.703994][ T3411] usb 3-1: enqueue for inactive port 0
[  197.796742][ T3411] vhci_hcd: vhci_device speed not set
[  197.864519][T12125] netlink: 'syz.0.2873': attribute type 1 has an invalid length.
[  197.872323][T12125] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2873'.
[  197.883994][T12126] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  197.890540][T12126] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  197.898237][T12126] vhci_hcd vhci_hcd.0: Device attached
[  197.990500][T12056] syz.1.2854 (12056) used greatest stack depth: 6168 bytes left
[  198.101097][T12148] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2879'.
[  198.166790][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  198.210470][T12145] ==================================================================
[  198.216738][ T8221] usb 5-1: new low-speed USB device number 3 using vhci_hcd
[  198.218596][T12145] BUG: KCSAN: data-race in __umount_mnt / choose_mountpoint_rcu
[  198.233515][T12145] 
[  198.235850][T12145] write to 0xffff88811a499c90 of 8 bytes by task 12153 on cpu 0:
[  198.243584][T12145]  __umount_mnt+0x4e/0x2c0
[  198.248027][T12145]  umount_tree+0x547/0x7f0
[  198.252456][T12145]  path_umount+0x7c8/0x7e0
[  198.256885][T12145]  __x64_sys_umount+0xb6/0xe0
[  198.261576][T12145]  x64_sys_call+0xdd2/0x3000
[  198.266191][T12145]  do_syscall_64+0xd2/0x200
[  198.270732][T12145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.276641][T12145] 
[  198.278970][T12145] read to 0xffff88811a499c90 of 8 bytes by task 12145 on cpu 1:
[  198.286612][T12145]  choose_mountpoint_rcu+0x2a/0x130
[  198.291861][T12145]  handle_dots+0x520/0x750
[  198.296315][T12145]  link_path_walk+0x6d3/0x900
[  198.301029][T12145]  path_lookupat+0x63/0x2a0
[  198.305560][T12145]  filename_lookup+0x147/0x340
[  198.310351][T12145]  user_path_at+0x3e/0x130
[  198.314781][T12145]  __x64_sys_umount+0x85/0xe0
[  198.319481][T12145]  x64_sys_call+0xdd2/0x3000
[  198.324183][T12145]  do_syscall_64+0xd2/0x200
[  198.328692][T12145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.334605][T12145] 
[  198.336949][T12145] value changed: 0xffff88811a488a80 -> 0xffff88811a499c80
[  198.344063][T12145] 
[  198.346389][T12145] Reported by Kernel Concurrency Sanitizer on:
[  198.352555][T12145] CPU: 1 UID: 0 PID: 12145 Comm: syz.5.2878 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  198.364023][T12145] Tainted: [W]=WARN
[  198.367827][T12145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  198.377988][T12145] ==================================================================
[  198.697214][T12127] vhci_hcd: connection reset by peer
[  198.703040][ T1748] vhci_hcd: stop threads
[  198.707442][ T1748] vhci_hcd: release socket
[  198.711875][ T1748] vhci_hcd: disconnect device
[  199.366778][ T2968] usb 9-1: enqueue for inactive port 0
[  199.372328][ T2968] usb 9-1: enqueue for inactive port 0
[  199.446875][ T2968] vhci_hcd: vhci_device speed not set
[  201.046759][ T8228] usb 1-1: enqueue for inactive port 0
[  201.052315][ T8228] usb 1-1: enqueue for inactive port 0
[  201.126826][ T8228] vhci_hcd: vhci_device speed not set
[  203.286984][ T8221] usb 5-1: enqueue for inactive port 0
[  203.292484][ T8221] usb 5-1: enqueue for inactive port 0
[  203.366747][ T8221] vhci_hcd: vhci_device speed not set