last executing test programs:

3m16.267023802s ago: executing program 4 (id=1656):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003380)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000006cfa000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6002}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x4000000)

3m16.234075075s ago: executing program 4 (id=1657):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
mount$nfs4(&(0x7f00000001c0)='\x00', &(0x7f0000000000)='./file0\x00', &(0x7f00000003c0), 0x200000, 0x0)

3m16.215856256s ago: executing program 4 (id=1658):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001800", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c)
connect$pppl2tp(r1, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x2, 0x0, {0xa, 0x0, 0xf9d, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)

3m16.203465767s ago: executing program 4 (id=1659):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
ustat(0xf000000000000000, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = epoll_create1(0x80000)
r4 = fcntl$dupfd(r2, 0x406, r3)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000001c0)={0x10000014})
r5 = getpid()
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r5, r6, 0x7, r4, &(0x7f0000000100)={r3, r4})
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000008c0))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000980))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file0/file0\x00', 0x3000046, &(0x7f0000000b00), 0x1, 0x567, &(0x7f0000000b40)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9nac/KaLKMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MGQUBb2JnPRky5qkTbd2jc3nA6ecN+fkvOfJe56378mbkAAG1lj2pxDxYkR8lUQcjogk3zYc+cax1f1WHl6fyZYk6vWP/0ga+2Xl5rGazzuYF16IiF++iDhZaK+3urQ8P10qpQt5ebxWvjJeXVo+dak8PZfOpZcnp6bOvDk1+c7bb21ZrK+d/+vbj+6+f+bL4yvf/HT/yO0kzsahfFtrHLE2oN7daC2MxVh+iJE4u2bHiU0fur9t/qWiHwzleT4SWR9wOIbyrAd2v88jog4MqET+w4BqjgOa9/Yd74N3sQfvrd4Atcc/vPreSOxr3BsdWEmeuDPK7ndHt6D+rI6ff79zO1ui2/sQANvgxs2IOD083N7/JXn/125fj8c+3cM+a+vQ/8Hzczcb/7zeafxTeDT+iQ7jn4MdcvdpbJz/hftbUE1X2fjv3Y7j30eTVqNDeel/jTHfSHLxUinN+rb/R8SJGNmbldebzzmzcq/ebVvr+C9bsvqbY8H8PO4P733yObPTtelnibnVg5sRL3Uc/yaP2j/p0P7Z63G+xzqOpXde6bZt4/i3V/2HiFc7tv/jGa1k/fnJ8cb1MN68Ktr9eevYr93q3+n4s/Y/sH78o0nrfG1183V8v++ftNu2J+KP3q//PcknjfU9+WPXpmu1hYmIPcmH7Y9PPn5us9zcP4v/xPH1+79O1//+iPi0x/hvHf3x5Z7i36j9t2GSNYt/dlPtv/mVex989t3Tx5+1/xuNtRP5I730f72e4LO8dgAAAAAAANBv/o6IQ5EUivmc/qEoFIrF1c93HI0DhVKlWjt5sbJ4eTYa35UdjZFCc6b7cMvnISbyz8M2y5NrylMRcSQivh7a3ygXZyql2Z0OHgAAAAAAAAAAAAAAAAAAAPrEwS7f/8/8NrTTZwdsOz/5DYNrw/zfil96AvqS//8wuOQ/DC75D4NL/sPgkv8wuOQ/DC75D4NL/gMAAAAAAAAAAAAAAAAAAAAAAAAAAMCWOn/uXLbUVx5en8nKs1eXFucrV0/NptX5YnlxpjhTWbhSnKtU5kppcaZS3uh4pUrlysRkLF4br6XV2nh1aflCubJ4uXbhUrkwl15IR55LVAAAAAAAAAAAAAAAAAAAAPDfUl1anp8uldIFK1aeamW4P05jeT6iL05jt6zsdM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/9GwAA///PMTeG")
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x24, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file1/../file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
sync()
mlock(&(0x7f0000656000/0x3000)=nil, 0x3000)
mbind(&(0x7f000018f000/0x3000)=nil, 0x3000, 0x3, 0x0, 0x0, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000010140)=ANY=[@ANYBLOB], 0x48)
madvise(&(0x7f00000f8000/0x3000)=nil, 0x3000, 0x12)
mlockall(0x7)
setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000001400)=ANY=[], 0x835, 0x0)
truncate(0x0, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x0, 0x5f, 0x1000, &(0x7f0000000240)="e4434612258afb4da29f64e8aff0abb1407aef01451ef00b0e8cf912683373546bf06625fe9e293431a095eec40330bdfae145707d42ab814d1ec9de97fe05ada9e0b6454524e486786df04c219fe9b8b3b670de7629e7ea83ca7ff948b852", &(0x7f0000001b40)=""/4096, 0x5, 0x0, 0x52, 0xd7, &(0x7f0000000440)="7b0092b89481673ae6131dda00ed822f3197a46a4e0790ac83a8f3970f2ea5688f54b9aab2ac8ac17b3166ac23ae5fd015f9566e0fcb1d3215cf66c33163b819c0d6859b038004271d1ea03b00c021cbecdf", &(0x7f0000000680)="ef8f9800ff30f30efd22a8536ed70452d5a59c64e9730ae204252c7864a16e8dcd74705582f80f3648ae26d66ced98cd89286deb710ccc13da965e49a5fc91c32b684556aa972e666fc0ce0763d511abd0caff4abd00392c588edc70ecef5e120e7b41e5d71361ec378ff39ea97e7b4183b1f5755cc31a9ea219606cc203b4328dd40cf19669a1fb33c34364a09d2984a730a0448d8c9262ed23c0e7e6041adca551dec8a4fb47f2fa04727cd23d1b00d2a15267396a3e95892440d7dd4f26e8e07ef5d728de4acc7f783475e6245023b18012ecdf7af6", 0x6, 0x0, 0x9}, 0x50)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="51000000000b01010000000000000000030000080800034000000001050001000000000008000100292e2900080002"], 0x54}, 0x1, 0x0, 0x0, 0x60004000}, 0x48000)

3m16.068933388s ago: executing program 4 (id=1662):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000040)=0x45a0, 0x4)
sendmmsg$inet(r2, &(0x7f0000003e00)=[{{&(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x4000800)
recvfrom(r2, 0x0, 0x0, 0x2101, 0x0, 0x0)

3m15.864352214s ago: executing program 4 (id=1668):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
ustat(0xf000000000000000, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000008c0))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000980))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file0/file0\x00', 0x3000046, &(0x7f0000000b00), 0x1, 0x567, &(0x7f0000000b40)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9nac/KaLKMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MGQUBb2JnPRky5qkTbd2jc3nA6ecN+fkvOfJe56378mbkAAG1lj2pxDxYkR8lUQcjogk3zYc+cax1f1WHl6fyZYk6vWP/0ga+2Xl5rGazzuYF16IiF++iDhZaK+3urQ8P10qpQt5ebxWvjJeXVo+dak8PZfOpZcnp6bOvDk1+c7bb21ZrK+d/+vbj+6+f+bL4yvf/HT/yO0kzsahfFtrHLE2oN7daC2MxVh+iJE4u2bHiU0fur9t/qWiHwzleT4SWR9wOIbyrAd2v88jog4MqET+w4BqjgOa9/Yd74N3sQfvrd4Atcc/vPreSOxr3BsdWEmeuDPK7ndHt6D+rI6ff79zO1ui2/sQANvgxs2IOD083N7/JXn/125fj8c+3cM+a+vQ/8Hzczcb/7zeafxTeDT+iQ7jn4MdcvdpbJz/hftbUE1X2fjv3Y7j30eTVqNDeel/jTHfSHLxUinN+rb/R8SJGNmbldebzzmzcq/ebVvr+C9bsvqbY8H8PO4P733yObPTtelnibnVg5sRL3Uc/yaP2j/p0P7Z63G+xzqOpXde6bZt4/i3V/2HiFc7tv/jGa1k/fnJ8cb1MN68Ktr9eevYr93q3+n4s/Y/sH78o0nrfG1183V8v++ftNu2J+KP3q//PcknjfU9+WPXpmu1hYmIPcmH7Y9PPn5us9zcP4v/xPH1+79O1//+iPi0x/hvHf3x5Z7i36j9t2GSNYt/dlPtv/mVex989t3Tx5+1/xuNtRP5I730f72e4LO8dgAAAAAAANBv/o6IQ5EUivmc/qEoFIrF1c93HI0DhVKlWjt5sbJ4eTYa35UdjZFCc6b7cMvnISbyz8M2y5NrylMRcSQivh7a3ygXZyql2Z0OHgAAAAAAAAAAAAAAAAAAAPrEwS7f/8/8NrTTZwdsOz/5DYNrw/zfil96AvqS//8wuOQ/DC75D4NL/sPgkv8wuOQ/DC75D4NL/gMAAAAAAAAAAAAAAAAAAAAAAAAAAMCWOn/uXLbUVx5en8nKs1eXFucrV0/NptX5YnlxpjhTWbhSnKtU5kppcaZS3uh4pUrlysRkLF4br6XV2nh1aflCubJ4uXbhUrkwl15IR55LVAAAAAAAAAAAAAAAAAAAAPDfUl1anp8uldIFK1aeamW4P05jeT6iL05jt6zsdM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/9GwAA///PMTeG")
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x24, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
sync() (fail_nth: 1)
mlock(&(0x7f0000656000/0x3000)=nil, 0x3000)
mbind(&(0x7f000018f000/0x3000)=nil, 0x3000, 0x3, 0x0, 0x0, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000010140)=ANY=[@ANYBLOB], 0x48)
madvise(&(0x7f00000f8000/0x3000)=nil, 0x3000, 0x12)
mlockall(0x7)
setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000001400)=ANY=[], 0x835, 0x0)
truncate(0x0, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x0, 0x5f, 0x1000, &(0x7f0000000240)="e4434612258afb4da29f64e8aff0abb1407aef01451ef00b0e8cf912683373546bf06625fe9e293431a095eec40330bdfae145707d42ab814d1ec9de97fe05ada9e0b6454524e486786df04c219fe9b8b3b670de7629e7ea83ca7ff948b852", &(0x7f0000001b40)=""/4096, 0x5, 0x0, 0x52, 0xd7, &(0x7f0000000440)="7b0092b89481673ae6131dda00ed822f3197a46a4e0790ac83a8f3970f2ea5688f54b9aab2ac8ac17b3166ac23ae5fd015f9566e0fcb1d3215cf66c33163b819c0d6859b038004271d1ea03b00c021cbecdf", &(0x7f0000000680)="ef8f9800ff30f30efd22a8536ed70452d5a59c64e9730ae204252c7864a16e8dcd74705582f80f3648ae26d66ced98cd89286deb710ccc13da965e49a5fc91c32b684556aa972e666fc0ce0763d511abd0caff4abd00392c588edc70ecef5e120e7b41e5d71361ec378ff39ea97e7b4183b1f5755cc31a9ea219606cc203b4328dd40cf19669a1fb33c34364a09d2984a730a0448d8c9262ed23c0e7e6041adca551dec8a4fb47f2fa04727cd23d1b00d2a15267396a3e95892440d7dd4f26e8e07ef5d728de4acc7f783475e6245023b18012ecdf7af6", 0x6, 0x0, 0x9}, 0x50)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="51000000000b01010000000000000000030000080800034000000001050001000000000008000100292e2900080002"], 0x54}, 0x1, 0x0, 0x0, 0x60004000}, 0x40010)

3m15.864092554s ago: executing program 32 (id=1668):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
ustat(0xf000000000000000, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000008c0))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000980))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file0/file0\x00', 0x3000046, &(0x7f0000000b00), 0x1, 0x567, &(0x7f0000000b40)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9nac/KaLKMJh1rHbhduBtvZAgiDsR7vfdy+A/4Vwx0MGQUBb2JnPRky5qkTbd2jc3nA6ecN+fkvOfJe56378mbkAAG1lj2pxDxYkR8lUQcjogk3zYc+cax1f1WHl6fyZYk6vWP/0ga+2Xl5rGazzuYF16IiF++iDhZaK+3urQ8P10qpQt5ebxWvjJeXVo+dak8PZfOpZcnp6bOvDk1+c7bb21ZrK+d/+vbj+6+f+bL4yvf/HT/yO0kzsahfFtrHLE2oN7daC2MxVh+iJE4u2bHiU0fur9t/qWiHwzleT4SWR9wOIbyrAd2v88jog4MqET+w4BqjgOa9/Yd74N3sQfvrd4Atcc/vPreSOxr3BsdWEmeuDPK7ndHt6D+rI6ff79zO1ui2/sQANvgxs2IOD083N7/JXn/125fj8c+3cM+a+vQ/8Hzczcb/7zeafxTeDT+iQ7jn4MdcvdpbJz/hftbUE1X2fjv3Y7j30eTVqNDeel/jTHfSHLxUinN+rb/R8SJGNmbldebzzmzcq/ebVvr+C9bsvqbY8H8PO4P733yObPTtelnibnVg5sRL3Uc/yaP2j/p0P7Z63G+xzqOpXde6bZt4/i3V/2HiFc7tv/jGa1k/fnJ8cb1MN68Ktr9eevYr93q3+n4s/Y/sH78o0nrfG1183V8v++ftNu2J+KP3q//PcknjfU9+WPXpmu1hYmIPcmH7Y9PPn5us9zcP4v/xPH1+79O1//+iPi0x/hvHf3x5Z7i36j9t2GSNYt/dlPtv/mVex989t3Tx5+1/xuNtRP5I730f72e4LO8dgAAAAAAANBv/o6IQ5EUivmc/qEoFIrF1c93HI0DhVKlWjt5sbJ4eTYa35UdjZFCc6b7cMvnISbyz8M2y5NrylMRcSQivh7a3ygXZyql2Z0OHgAAAAAAAAAAAAAAAAAAAPrEwS7f/8/8NrTTZwdsOz/5DYNrw/zfil96AvqS//8wuOQ/DC75D4NL/sPgkv8wuOQ/DC75D4NL/gMAAAAAAAAAAAAAAAAAAAAAAAAAAMCWOn/uXLbUVx5en8nKs1eXFucrV0/NptX5YnlxpjhTWbhSnKtU5kppcaZS3uh4pUrlysRkLF4br6XV2nh1aflCubJ4uXbhUrkwl15IR55LVAAAAAAAAAAAAAAAAAAAAPDfUl1anp8uldIFK1aeamW4P05jeT6iL05jt6zsdM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/9GwAA///PMTeG")
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x24, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
sync() (fail_nth: 1)
mlock(&(0x7f0000656000/0x3000)=nil, 0x3000)
mbind(&(0x7f000018f000/0x3000)=nil, 0x3000, 0x3, 0x0, 0x0, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000010140)=ANY=[@ANYBLOB], 0x48)
madvise(&(0x7f00000f8000/0x3000)=nil, 0x3000, 0x12)
mlockall(0x7)
setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000001400)=ANY=[], 0x835, 0x0)
truncate(0x0, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x0, 0x5f, 0x1000, &(0x7f0000000240)="e4434612258afb4da29f64e8aff0abb1407aef01451ef00b0e8cf912683373546bf06625fe9e293431a095eec40330bdfae145707d42ab814d1ec9de97fe05ada9e0b6454524e486786df04c219fe9b8b3b670de7629e7ea83ca7ff948b852", &(0x7f0000001b40)=""/4096, 0x5, 0x0, 0x52, 0xd7, &(0x7f0000000440)="7b0092b89481673ae6131dda00ed822f3197a46a4e0790ac83a8f3970f2ea5688f54b9aab2ac8ac17b3166ac23ae5fd015f9566e0fcb1d3215cf66c33163b819c0d6859b038004271d1ea03b00c021cbecdf", &(0x7f0000000680)="ef8f9800ff30f30efd22a8536ed70452d5a59c64e9730ae204252c7864a16e8dcd74705582f80f3648ae26d66ced98cd89286deb710ccc13da965e49a5fc91c32b684556aa972e666fc0ce0763d511abd0caff4abd00392c588edc70ecef5e120e7b41e5d71361ec378ff39ea97e7b4183b1f5755cc31a9ea219606cc203b4328dd40cf19669a1fb33c34364a09d2984a730a0448d8c9262ed23c0e7e6041adca551dec8a4fb47f2fa04727cd23d1b00d2a15267396a3e95892440d7dd4f26e8e07ef5d728de4acc7f783475e6245023b18012ecdf7af6", 0x6, 0x0, 0x9}, 0x50)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="51000000000b01010000000000000000030000080800034000000001050001000000000008000100292e2900080002"], 0x54}, 0x1, 0x0, 0x0, 0x60004000}, 0x40010)

1.713917481s ago: executing program 1 (id=5377):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x50, 0x10, 0x1, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x10424}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_to_bond\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x7fffffff, 0xd9e}}]}]}, @IFLA_TXQLEN={0x8, 0xd, 0x7}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000851}, 0x40000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000003840)=@newtfilter={0x38, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {0xc, 0x4}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x80000000}]}}]}, 0x38}}, 0x20008050)
r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x7]}, 0x8, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r6, 0x6, 0x21, &(0x7f0000000040)="51b8c5970bf525c7e474bc4201b5fdab", 0x10)

1.620444459s ago: executing program 1 (id=5382):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='tasks\x00', 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000feffffff850000002d00000095", @ANYRES8=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2}, 0x18)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x52, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffea4, 0x0, 0x0, 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r6, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r9, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c)
connect$pppl2tp(r8, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x8, 0x0, 0x2, 0x0, {0xa, 0x0, 0xf9d, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32)
writev(r8, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000000314010029bd7000ffdbdf250900020073797a310000000000044100736977001404000076657468305f7466809aef7ef39e1730"], 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x20000010)
signalfd4(0xffffffffffffffff, &(0x7f00000004c0)={[0x103]}, 0x8, 0x0)
setsockopt$CAN_RAW_FD_FRAMES(r3, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4)
socket$inet6_udp(0xa, 0x2, 0x0)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x80000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}, 0x20)
preadv(r1, &(0x7f00000039c0)=[{&(0x7f0000000140)=""/142, 0x8e}], 0x1, 0x4, 0x3)

1.341317981s ago: executing program 1 (id=5389):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001600)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000426aa9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

1.312655134s ago: executing program 0 (id=5392):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x9, 0x100)
pidfd_getfd(0xffffffffffffffff, r0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000000)={0x0, 0x0})
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r1, &(0x7f00000000c0)="dc76672a00c24e35725ac85aa993790e4992eaee962668ac7ea66d4b729ddd43aff8c8e278490719262a60945d2cb5093436e1cea2bdef02c6a911b6f68a19007c0463813545ce431f14bcd0b203644c4860806fdea642da8f"}, 0x20)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f00000000c0))
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r4})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
move_mount(0xffffffffffffff9c, 0x0, r6, 0x0, 0x75)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2022220, 0x0, 0x0, 0x0, &(0x7f0000000400))
r7 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r7, 0x29, 0xc8, &(0x7f0000000000), 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$MRT6_DONE(r7, 0x29, 0xc9, 0x0, 0x0)
creat(0x0, 0x0)
r8 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
getdents(r8, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r7, &(0x7f0000001c00)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001bc0)={0x0, 0x1bc}, 0x1, 0x0, 0x0, 0x40d1}, 0x4044045)
setsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000300)={{{@in=@loopback, @in=@empty, 0x4e22, 0x0, 0x4e22, 0x2, 0x2, 0x0, 0x180, 0x5c, r4}, {0x0, 0x7fff, 0xffffffffffff0000, 0x0, 0x7, 0x2, 0x4, 0x9}, {0x5, 0xbb52, 0x401, 0x15}, 0x2, 0x6e6bb4, 0x2, 0x1, 0x4, 0x1}, {{@in6=@private1, 0x4d2, 0x3c}, 0x2, @in6=@remote, 0x3506, 0x4, 0x2, 0x6, 0x1, 0x8, 0xb3}}, 0xe8)
chroot(&(0x7f00000001c0)='./file0\x00')

1.307407594s ago: executing program 1 (id=5393):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)={0xf97cff8c, 0x8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="000000848c969800"/20, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

1.141448137s ago: executing program 1 (id=5397):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/23}, 0x20)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="4c000000100037040100000001dcdf2500000000", @ANYRES32=0x0, @ANYBLOB="c93c0400000000002c0012800b0001006d616373656300001c00028005000a007d00000008000500ff0f000005000a0008f502b0d7324ae61d56258ff12f72f23e5b17145810b8f87dbf8140dc3ee85963eff2135af5cf68ba7f0d4be3e77023c3c3e47ca3b160b7cf3251ef691902fe8e5b1cfb5f5311bfdf37d9fff6036bb7079e614ebb74756f77af89e790a4385ed359bd9ecba77fd91cdbad"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000340), 0x8)
syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000040)='./file2\x00', 0x800810, &(0x7f0000000840)=ANY=[], 0x1f, 0x249, &(0x7f0000000a00)="$eJzs3T9qFGEYBvDXGJM1FqYQbCxGbKwW9QaDRBAHhJUptHIg2mRFmTSj1Z7ATryDF/AGnsJTpEq3kp0hk782mpls5veDMA95GPb9YNnd4vt23977sLP9cff9t1/fYzRKYiViFvsRmwepca25rizyWhw1CwBg2UwmRdr3DFysskyLGxGxfqrJf/QyEAAAAAAAAAAAAP/M/n8AGB77/6++skyLjebz23H2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD92Z/Pb8//8tf3fADA/+f9HwCG59XrNy/SLNuaJMkoYm9W5VVeX+v+2fNs61GysNnetVdV+fXD/nHdJ0159/7XT4uw0fRPjvfN/Wvx8EHdH3RPX2Yn+vXY7mD9AAAAAAAAAAAAAAAAAAAAcBmMk0Nnnu8fj8/r63Tk+wFOnN9fjVurnS0DAAAAAAAAAAAAAAAAAAAAltru5y87xXT6rmzD71P/GUxILscYXYSb5z8BBKGY9vzCBAAAAAAAAAAAAAAAAAAAA9Qe+u17EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoT/v7/xcXznzgn3c6XysAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsNz+BAAA//9auV53")
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x7, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c675bd9bffbcc2542ded71238259ca171ce1a311ef543dc137661d34f7c700", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204, 0x5]})
mkdir(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb01001800c9000000000068000000680000000600000005000000000000f40f000008000000030000000c0000000001000002000000fbffffff0c00000004000000000000000a00000000000000d2c6000d0001000000040000000b000000000000020400000000002e6f2e00000000000000000000a86ce820ccd4e27d5b960000"], &(0x7f0000000800)=""/231, 0x86, 0xe7, 0x1, 0x8, 0x10000}, 0x28)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYRES16=r2], &(0x7f0000000580)='GPL\x00', 0x40, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x31, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x7fff}, 0x18)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r6], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0x14, &(0x7f0000000fc0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100400000002020207b1af8ff00000000bfa100400000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000f593a6a8dfdec3e0afb1bb19b9a7ae66b5698b9d754c612c934413d0249b0624dcb86295bf61050f251d0d1f0e51bdcc6ee0aa2192bf9ca8cb3cb444706e8254f64f1350c361940e3da71b5b4b67a764e2a9e4cbfdced5d738fe6a3f4cff4be738cc71e64f25dba7af853c1dc7c65bbd10aa3fca7d82f916efc7d195333115cdf9fe7341dc3da6174be1f0db2c77da7f0edbdbb13f228f25a6dc4e9ec81ca2d23ce36dcfa756a0317519ebc9e3e403122dc9bfbf60c3ec54fc9af96b842b1e", @ANYRES32=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7bd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='kfree\x00', r9}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000006c0))
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r12=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xfff3, 0x6}, {0xffe0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
sendmsg$NL80211_CMD_VENDOR(r8, &(0x7f0000000040)={0x0, 0xfffffffffffffee9, &(0x7f0000001b40)={&(0x7f0000000180)=ANY=[@ANYRES8, @ANYRES16=r7, @ANYBLOB="a1ab00000000000000003200000008001781"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x24000804)

976.882051ms ago: executing program 1 (id=5404):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x40858}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a48000000160a01080000000000000000020000000900020073797a30000000000900010073797a30000000001c000380180003800d0001006261746164765f736c"], 0x70}}, 0x24040880)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

976.029701ms ago: executing program 5 (id=5405):
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = inotify_init1(0x0)
r3 = inotify_add_watch(r2, &(0x7f0000000080)='./file0\x00', 0x40000012)
write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYRES64=r3], 0x69)
close(r0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

959.738992ms ago: executing program 3 (id=5406):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000680)={'syztnl0\x00', <r3=>0x0, 0x80, 0x8000, 0x1dd, 0x2, {{0x1b, 0x4, 0x3, 0x0, 0x6c, 0x65, 0x0, 0x0, 0x29, 0x0, @rand_addr=0x64010101, @empty, {[@timestamp_addr={0x44, 0x4, 0x32, 0x1, 0x3}, @timestamp={0x44, 0x10, 0xcd, 0x0, 0xa, [0x9, 0x7, 0x8000]}, @generic={0x88, 0x10, "43692113e4ca7fbf9a8af1c30c42"}, @cipso={0x86, 0x34, 0x7, [{0x6, 0xa, "2dad4ae3da458ed4"}, {0x6, 0xa, "186d13bbc40451b7"}, {0x7, 0x7, "76eb8b809a"}, {0x6, 0x2}, {0x0, 0x9, "93626b905d2aee"}, {0x6, 0x8, "d1b3fa4d88ad"}]}]}}}}})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000400)={'ip6_vti0\x00', &(0x7f0000000380)={'ip6tnl0\x00', r3, 0x2f, 0x6, 0x5, 0x4, 0x41, @empty, @remote, 0x1, 0x7, 0x2, 0x2}})
sendmsg$nl_xfrm(r4, &(0x7f000001bec0)={0x0, 0x0, &(0x7f000001be80)={&(0x7f000001be40)=ANY=[@ANYBLOB="28000000120011dd28bd7000ffdbdf25fe80aa000004d20a003200"/40], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x8010)
pwritev2(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)}], 0x1, 0xe7b, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000740)='./file1\x00', 0x0, &(0x7f00000006c0), 0x4, 0x24d, &(0x7f0000000840)="$eJzs3T1oJGUcBvBnZnc9c7fIqY0gfoCIaCCcnWBzNgoHchwiggoRERslEWKCXdbKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFjZnURisqLJJjuS+f1gdmZ2Pv7vsPO8s827G6CxLie5mqSVZDpJJ0lxcId7q+ny3urK1MZs0u8/9Usx3K9ar+wfdylJL8kjSdbLIq+0k6W157Z/23zigbcXO/d/uPbs1EQvcs/O9taTux9cf+uTaw8vffXNT9eLXE33b9d1+ooR77WL5LazKPY/UbTrbgH/xY03Pv52kPvbk9w3zH8nZaoP752Fm9Y7eej9fzr23Z+/vnOSbQVOX7/fGTwDe32gccok3RTlTJJquSxnZqrv8N+1Lpavzi+8Pv3y/OLcS3X3VMBp6SZbj3924dNLh/L/Y6vKP3B+DfL/9I3V7wfLu626WwNMxF3VbJD/6ReWH4z8Q+PIPzSX/ENzyT80l/xDc8k/NJf8wznW2V/ojdx8jPzXMlYHODue/9Bc8g/NdTD/AECz9C/UPQIZqEvd/Q8AAAAAAAAAAAAAAAAAAHDUytTG7P40qZpfvJfsPJakPap+a/h/xMnNw9eLvxaD3f5SVIeN5fl7xjzBmD6qefT1LT/UW//Lu+utvzyX9N5McqXdPnr/FXv338nd+i/bOy+OWeCYikPrjz4z2fqH/bFab/1rm8nng/7nyqj+p8wdw/no/qd78CeWT+i138c8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPzZwAAAP//Fllt1Q==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r5 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757811"], 0x65)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r7 = socket$inet(0xa, 0x801, 0x84)
accept4(r7, 0x0, 0x0, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900442b8db0049d90491ceaebfd26d4eef232", 0x28}, {&(0x7f0000000200)="c67f0d7df9", 0x5}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
write$selinux_access(r6, &(0x7f00000002c0)=ANY=[@ANYBLOB='system_u:object_r:gpg_agent_exec_t:s0 u00000000000000003\x00'], 0x46)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10)

922.586945ms ago: executing program 5 (id=5408):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r2 = io_uring_setup(0x3fe, &(0x7f0000000240)={0x0, 0x0, 0x400, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000080)={0xb, 0x8, 0x4, 0x2, 0x94, 0x4, 0x6, 0x2d, 0xf9, 0x80, 0x9, 0x9, 0x75, 0xe6}, 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14028a2b11c1259d, 0xc, &(0x7f0000000b00)=ANY=[@ANYBLOB="bd79a57a1f0df8d99ac3f6f7bbd31cc79654f4a5815e937b73b65e0b484619e340e47d4e0ea076b7bfa1f528139cfd28f997527721ba13", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000070200000008000000b704000000000000850000000100000095e91b8900c424fdeef923c334480774bcf184f1e08e7f46b99d82445f2f94a422bce07c5752acc8a1f2e59ad008266e662b1ebd0337f4fb6edb82b0d56c307b086b7af9e16063996f4d95f29d2ef9eb4ca5a205049a6095075bbe6d9c97d651a18e7c1996eb8f359888f4611cf459b854581e6058771a1429342506e5d8ca07c7cc44e0c359e550dbf5ed8e41bfc62971aa345044f94af0dc7e122d76d618dbdc552d0350b368f7d8"], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x2, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x12, 0xc9, &(0x7f00000006c0)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x94)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0, 0x300}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="50000000090601020000000000000000030000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00148008000140ac1414bb0c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

726.727841ms ago: executing program 2 (id=5410):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
unshare(0x2040400)
r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80a, &(0x7f0000000940), 0x1, 0x7b7, &(0x7f0000001900)="$eJzs3d9rHNUeAPDvbJImTXtvc+HCbe9L83C5t1C6aXtjqyAY8UEECwV9tg2bbYjZZEt2U5qQB4sIgghaBAV98dkf9c1X0Wf/Bl9EpKVqWqz4ICuzP5Jtstn86CapyecDk5wze2bO+e7szJzZOewEsG8Npn8yEcci4p0k4kh9fhIRPdVUd8RIrdyDxYVcOiVRqbz0c1Itc39xIRdNy6QO1TNHI+LrNyJOZlbXW5qbnxwtFPIz9fxQeerqUGlu/tTE1Oh4fjw/fe7M8PDZ80+cP9e5WH/9dv7wnXef/9/nI7+//q9bb3+TxEgcrr/WHEenDMZg/T3pSd/ChzzX6cp2WbLbDWBL0l2zq7aXx7E4El3VFACwl6Xn/woAsM8kzv8AsM80vge4v7iQa0xLXw78Z7e+ldg5d5+NiL5a/I37m7VXuuv37Pqq90H77yfRXb8jGh283zUYER99+cqn6RTt7kO+P9yhGgFqXrsREZcHBlcf/5NVYxY26/QGygyuyG/HOAygta/S/s+Trfp/maX+Tyz1f5b1tth3t2Iw4kBzfvX+n7ndcsFnOlB5vf/3dG1sWxpoU/9vadDaQFc997c0czwiJgr59Nj294g4ET29VyYK+TMt117rJZ6498e9tepv7v/9cvPVT9L60//LJTK3u3sfXmZstDz6qHE33L0R8e/u5bF9D1Yd//uqUazc/um8i+1WfHw5+cJTb364VrE0/jTexrQ6/u1V+Tjiv9E6/oak7fjEoXTzn679bV3HF99/0L9W/c3bP53S+hvXAjsh3f797eMfSJrHa5Y6W//68bf+/B9IXq6mGweP66Pl8syZiAPJi6vnn11etpFvlE/jr0W6Mv5M289/eiV4eYMxdt/56bOtx79kW4ZYpvGPbWr7bz5x68FkV7v4R2K97V+79j1Rn7OR499GG/go7x0AAAAAAAAAAAAAAAAAAAAAAAAAbFQmIg5HkskupTOZbLb2DO9/Rn+mUCyVT14pzk6PRfVZ2QPRk2n81OWRWj5p/P7pQFP+7Ir8/yPiHxHxXu/Baj6bKxbGdjt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg7tMbz/1M/9u526wCAbdO3bol7+YeylUqlso3tAQC23/rnfwBgr2lz/j+4k+0AAHaO638A2H+c/wFg/9ni+b+n0+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgz7p44UI6VX5bXMil+bFrc7OTxWunxvKlyezUbC6bK85czY4Xi+OFfDZXnFpvfYVi8epwTM9eHyrnS+Wh0tz8pani7HT50sTU6Hj+Ur5nR6ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM0pzc1PjhYK+Zk9kXgrIh6DZmxHIonHohm7kvjh1HdH25W5uc7HeOSxiGInEr3RsRXu9pEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4K/hzwAAAP//k8okww==")
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x40, 0x1cc)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60)
listen(r0, 0x0)
poll(&(0x7f0000000000)=[{r2, 0xa080}], 0x1, 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x88a, &(0x7f00000001c0)={[{@usrquota}, {@usrjquota, 0x22}, {@data_ordered}, {@noload}, {@noinit_itable}, {@grpjquota, 0x22}, {@init_itable}, {@jqfmt_vfsold}, {@noblock_validity}]}, 0xfe, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x61, &(0x7f00000001c0)=ANY=[], 0x1, 0x0, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1000000004000000080000000500000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r7, r5}, 0x14)
syz_emit_ethernet(0xfdef, &(0x7f0000000400)=ANY=[@ANYBLOB="ae63b2a6bea9bbbbbbbbbbbb08004500ff070000000000009078ac1e0601aac9191f4d8c5d6fa54e2417c100109078e24000"], 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000ffffffffffffffe600"/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000750000000000000000000000185100000300000000000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r1, 0x1, 0x80)
r9 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

675.124325ms ago: executing program 3 (id=5411):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
unshare(0x2040400)
r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80a, &(0x7f0000000940), 0x1, 0x7b7, &(0x7f0000001900)="$eJzs3d9rHNUeAPDvbJImTXtvc+HCbe9L83C5t1C6aXtjqyAY8UEECwV9tg2bbYjZZEt2U5qQB4sIgghaBAV98dkf9c1X0Wf/Bl9EpKVqWqz4ICuzP5Jtstn86CapyecDk5wze2bO+e7szJzZOewEsG8Npn8yEcci4p0k4kh9fhIRPdVUd8RIrdyDxYVcOiVRqbz0c1Itc39xIRdNy6QO1TNHI+LrNyJOZlbXW5qbnxwtFPIz9fxQeerqUGlu/tTE1Oh4fjw/fe7M8PDZ80+cP9e5WH/9dv7wnXef/9/nI7+//q9bb3+TxEgcrr/WHEenDMZg/T3pSd/ChzzX6cp2WbLbDWBL0l2zq7aXx7E4El3VFACwl6Xn/woAsM8kzv8AsM80vge4v7iQa0xLXw78Z7e+ldg5d5+NiL5a/I37m7VXuuv37Pqq90H77yfRXb8jGh283zUYER99+cqn6RTt7kO+P9yhGgFqXrsREZcHBlcf/5NVYxY26/QGygyuyG/HOAygta/S/s+Trfp/maX+Tyz1f5b1tth3t2Iw4kBzfvX+n7ndcsFnOlB5vf/3dG1sWxpoU/9vadDaQFc997c0czwiJgr59Nj294g4ET29VyYK+TMt117rJZ6498e9tepv7v/9cvPVT9L60//LJTK3u3sfXmZstDz6qHE33L0R8e/u5bF9D1Yd//uqUazc/um8i+1WfHw5+cJTb364VrE0/jTexrQ6/u1V+Tjiv9E6/oak7fjEoXTzn679bV3HF99/0L9W/c3bP53S+hvXAjsh3f797eMfSJrHa5Y6W//68bf+/B9IXq6mGweP66Pl8syZiAPJi6vnn11etpFvlE/jr0W6Mv5M289/eiV4eYMxdt/56bOtx79kW4ZYpvGPbWr7bz5x68FkV7v4R2K97V+79j1Rn7OR499GG/go7x0AAAAAAAAAAAAAAAAAAAAAAAAAbFQmIg5HkskupTOZbLb2DO9/Rn+mUCyVT14pzk6PRfVZ2QPRk2n81OWRWj5p/P7pQFP+7Ir8/yPiHxHxXu/Baj6bKxbGdjt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg7tMbz/1M/9u526wCAbdO3bol7+YeylUqlso3tAQC23/rnfwBgr2lz/j+4k+0AAHaO638A2H+c/wFg/9ni+b+n0+0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgz7p44UI6VX5bXMil+bFrc7OTxWunxvKlyezUbC6bK85czY4Xi+OFfDZXnFpvfYVi8epwTM9eHyrnS+Wh0tz8pani7HT50sTU6Hj+Ur5nR6ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM0pzc1PjhYK+Zk9kXgrIh6DZmxHIonHohm7kvjh1HdH25W5uc7HeOSxiGInEr3RsRXu9pEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4K/hzwAAAP//k8okww==")
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x40, 0x1cc)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60)
listen(r0, 0x0)
poll(&(0x7f0000000000)=[{r2, 0xa080}], 0x1, 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x88a, &(0x7f00000001c0)={[{@usrquota}, {@usrjquota, 0x22}, {@data_ordered}, {@noload}, {@noinit_itable}, {@grpjquota, 0x22}, {@init_itable}, {@jqfmt_vfsold}, {@noblock_validity}]}, 0xfe, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x61, &(0x7f00000001c0)=ANY=[], 0x1, 0x0, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1000000004000000080000000500000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r7, r5}, 0x14)
syz_emit_ethernet(0xfdef, &(0x7f0000000400)=ANY=[@ANYBLOB="ae63b2a6bea9bbbbbbbbbbbb08004500ff070000000000009078ac1e0601aac9191f4d8c5d6fa54e2417c100109078e24000"], 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000ffffffffffffffe600"/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000750000000000000000000000185100000300000000000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r1, 0x1, 0x80)
r9 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r9, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

598.306711ms ago: executing program 2 (id=5412):
mq_open(&(0x7f0000001600)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, 0x0, 0x20008000)
recvmsg$kcm(r1, &(0x7f00000009c0)={0x0, 0x0, 0x0}, 0x40000000)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_emit_ethernet(0x33, &(0x7f0000000000)=ANY=[@ANYBLOB="e90c610faca20180c20000000800450000250000e0"], 0x0)
r2 = socket(0x200000000000011, 0x2, 0x1)
bind$packet(r2, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa424e1aa2e0d4080045000014"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x43}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)

408.852987ms ago: executing program 0 (id=5413):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000680)={'syztnl0\x00', <r3=>0x0, 0x80, 0x8000, 0x1dd, 0x2, {{0x18, 0x4, 0x3, 0x0, 0x60, 0x65, 0x0, 0x0, 0x29, 0x0, @rand_addr=0x64010101, @empty, {[@timestamp_addr={0x44, 0x4, 0x32, 0x1, 0x3}, @generic={0x88, 0x10, "43692113e4ca7fbf9a8af1c30c42"}, @cipso={0x86, 0x35, 0x7, [{0x6, 0xa, "2dad4ae3da458ed4"}, {0x6, 0xa, "186d13bbc40451b7"}, {0x7, 0x8, "76eb8b809a42"}, {0x6, 0x2}, {0x0, 0x9, "93626b905d2aee"}, {0x6, 0x8, "d1b3fa4d88ad"}]}]}}}}})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000400)={'ip6_vti0\x00', &(0x7f0000000380)={'ip6tnl0\x00', r3, 0x2f, 0x6, 0x5, 0x4, 0x41, @empty, @remote, 0x1, 0x7, 0x2, 0x2}})
sendmsg$nl_xfrm(r4, &(0x7f000001bec0)={0x0, 0x0, &(0x7f000001be80)={&(0x7f000001be40)=ANY=[@ANYBLOB="28000000120011dd28bd7000ffdbdf25fe80aa000004d20a003200"/40], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x8010)
pwritev2(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)}], 0x1, 0xe7b, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000740)='./file1\x00', 0x0, &(0x7f00000006c0), 0x4, 0x24d, &(0x7f0000000840)="$eJzs3T1oJGUcBvBnZnc9c7fIqY0gfoCIaCCcnWBzNgoHchwiggoRERslEWKCXdbKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFjZnURisqLJJjuS+f1gdmZ2Pv7vsPO8s827G6CxLie5mqSVZDpJJ0lxcId7q+ny3urK1MZs0u8/9Usx3K9ar+wfdylJL8kjSdbLIq+0k6W157Z/23zigbcXO/d/uPbs1EQvcs/O9taTux9cf+uTaw8vffXNT9eLXE33b9d1+ooR77WL5LazKPY/UbTrbgH/xY03Pv52kPvbk9w3zH8nZaoP752Fm9Y7eej9fzr23Z+/vnOSbQVOX7/fGTwDe32gccok3RTlTJJquSxnZqrv8N+1Lpavzi+8Pv3y/OLcS3X3VMBp6SZbj3924dNLh/L/Y6vKP3B+DfL/9I3V7wfLu626WwNMxF3VbJD/6ReWH4z8Q+PIPzSX/ENzyT80l/xDc8k/NJf8wznW2V/ojdx8jPzXMlYHODue/9Bc8g/NdTD/AECz9C/UPQIZqEvd/Q8AAAAAAAAAAAAAAAAAAHDUytTG7P40qZpfvJfsPJakPap+a/h/xMnNw9eLvxaD3f5SVIeN5fl7xjzBmD6qefT1LT/UW//Lu+utvzyX9N5McqXdPnr/FXv338nd+i/bOy+OWeCYikPrjz4z2fqH/bFab/1rm8nng/7nyqj+p8wdw/no/qd78CeWT+i138c8AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPzZwAAAP//Fllt1Q==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757811"], 0x65)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r7 = socket$inet(0xa, 0x801, 0x84)
accept4(r7, 0x0, 0x0, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900442b8db0049d90491ceaebfd26d4eef232", 0x28}, {&(0x7f0000000200)="c67f0d7df9", 0x5}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
write$selinux_access(r6, &(0x7f00000002c0)=ANY=[@ANYBLOB='system_u:object_r:gpg_agent_exec_t:s0 u00000000000000003\x00'], 0x46)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10)

408.365227ms ago: executing program 2 (id=5414):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_clone3(&(0x7f00000007c0)={0x2000000, &(0x7f0000000380), &(0x7f00000004c0), &(0x7f0000000500), {0x21}, &(0x7f0000000540)=""/71, 0x47, &(0x7f0000000700)=""/134, &(0x7f00000005c0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x7}, 0x58)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000840)={'\x00', 0x8, 0x40, 0x4, 0x3ff, 0x7, r1})
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f627269646765001400010077672b2364c26b390270bf5fc37d66b4"], 0xa8}}, 0x0)

280.638958ms ago: executing program 2 (id=5415):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000380)={<r1=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffe, 0x0, @empty, 0x4}, {0xa, 0x0, 0x0, @loopback, 0xfffffffc}, r1, 0x400}}, 0x48)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, r1, 0x30, 0x1, @ib={0x1b, 0x8000, 0xfff, {"3f8c0d6cf777eaa6ace6d3ec00ed4771"}, 0x500e, 0x0, 0x5}}}, 0xa0)

257.376329ms ago: executing program 2 (id=5416):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a300000000008000a40ffffffff580000000c0a010100000000000000000a0000060900020073797a30000000000900010073797a31000000012c0003802800008004000180200007800e000100636f6e6e6c696d69740000000c00028008"], 0xbc}, 0x1, 0x0, 0x0, 0x871}, 0x40)

223.658312ms ago: executing program 3 (id=5417):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x2}, 0x94)
dup(0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kfree\x00', r1, 0x0, 0x8000000000}, 0x18)
r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000a80)={'syz', 0x0}, &(0x7f0000000ac0)="cd", 0x1, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r2})
keyctl$KEYCTL_MOVE(0x1e, r2, 0xffffffffffffffff, r3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x3}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x2, &(0x7f0000000340)=ANY=[@ANYBLOB="91303f0000000000956088fe00000000b1ad5d3019fe2dd69c6330d8360abb714c6a1d8008d77329e25860fc6028dd92205567aa6a75136f4b24f97dc2e02cec544c7777626423a201a6fe32fd4a51e810348a9d1bc71d92e9b5e57e230ae3af01290e03c61258c51528a405cae3e8586d78a3d8bf76e04895f2380297fce30e05a8b226ece502c2648a24be24fd443e330c651fb052e0f228881c2abebec12ffe2ee6ab908c6d2a20853b00d6b1237e92b38db2aba3438cbaf49b66e339591b12598513a3acc616f4266f5a3453964625858c998555eb32752d3702f8680f2c2f12865467d9c5684c"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x18)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0xb)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001600)={r8, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000426aa9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

207.539763ms ago: executing program 5 (id=5418):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='tasks\x00', 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000feffffff850000002d00000095", @ANYRES8=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2}, 0x18)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x52, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffea4, 0x0, 0x0, 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r6, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r9, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c)
connect$pppl2tp(r8, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x8, 0x0, 0x2, 0x0, {0xa, 0x0, 0xf9d, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32)
writev(r8, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94)
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000000314010029bd7000ffdbdf250900020073797a310000000000044100736977001404000076657468305f7466809aef7ef39e1730"], 0x38}, 0x1, 0x0, 0x0, 0x8081}, 0x20000010)
signalfd4(0xffffffffffffffff, &(0x7f00000004c0)={[0x103]}, 0x8, 0x0)
setsockopt$CAN_RAW_FD_FRAMES(r3, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x80000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}, 0x20)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000040)={'lo\x00'})
preadv(r1, &(0x7f00000039c0)=[{&(0x7f0000000140)=""/142, 0x8e}], 0x1, 0x4, 0x3)

166.198796ms ago: executing program 0 (id=5419):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00a97de145c81ca5000000000000000000400000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81, 0x1080a422012f758f})
r1 = syz_io_uring_setup(0x17dc, &(0x7f0000000240)={0x0, 0xfcca, 0x100, 0x80000ffc, 0x5cc}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r1, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

165.105907ms ago: executing program 2 (id=5420):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x4, 0x0, 0x7, 0xd10, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, @perf_config_ext={0x10, 0xc}, 0x0, 0x10000, 0x0, 0x4, 0x8, 0x1020009, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0x5, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000400)={0x0, {0x2, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e24, @rand_addr=0x64010106}, 0x104, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000380)='ip6_vti0\x00', 0x9a, 0x0, 0x4})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f00001d8000/0x2000)=nil, 0x2000, 0x8, 0x12, r1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000540), 0x84)
perf_event_open(&(0x7f00000004c0)={0x8, 0x80, 0x0, 0xf, 0x0, 0x0, 0x82, 0x200000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000080), 0x9}, 0x18204, 0x0, 0x20e, 0x0, 0x0, 0x5338c7af, 0x0, 0x0, 0x8, 0x0, 0x20000002}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a017f7f00000000000000050000000900010073797a30000000000900030073797a3000000000"], 0xac}, 0x1, 0x0, 0x0, 0xc0c1}, 0x40400)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r6, 0x0, 0x5}, 0x18)
munmap(&(0x7f00001d9000/0x3000)=nil, 0x3000)

147.981648ms ago: executing program 5 (id=5421):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000019200)={0x18, 0x4, &(0x7f00000192c0)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000000)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r0, 0x0, 0x1000000000000}, 0x18)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)

111.848811ms ago: executing program 0 (id=5422):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310)
close_range(r1, 0xffffffffffffffff, 0x0)

95.013042ms ago: executing program 3 (id=5423):
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x200c0, 0x22, 0x5}, 0x18)
openat(r0, &(0x7f0000000140)='./file0\x00', 0x4083, 0x110)
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x8000000100000}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000abc010000000a05000000000000000000010000000900010073797a3000000000d30006003407ae8929b5d5805c2cb15c6832bdf04f6f732bf6c75790a071b67033b0bb7e81aac8c9ccb093263d99fcafa58fe6c7126fc1d2ccbc1888abd4a61e1818723b358b147b8836997950921d849981687e7eb599e28bd439758eefcbda6f7906db339e68d3869e4011ddfb254a2dda9b523f928b3626f8faa75357d4f9cb925df5cde675f9e8bb05e4f8cc9a0610fb2945b1b755b94883afb3697a7535ea5f9db3ce21c1f0cc3fb343e830c6a947f512c56b1a706b86e76bc58a075f7cb0322f7fa6fb5df1718361423df5cbd47608ca000900010073797a310000000008000240000000030c000440000000000000000499000600db2b252f3c9b3b419bda841c524cb69270214a733fee6d8e10561ce9d682ad271b8a317d699b2f000178b2aca7c7058e0df489887ebdcf11c4ddf03bc9b1284f5fb568bac9b64b06c9d8c2acf08c892fb2abeb7c72bc9c8fa0c7425b5aa3df8074d8412d67fad836b6cc1c0be2fff19dbd1830e29ae4bc6aaa4f42c244e40238dc8e2a247b1792a177693b55dc155f631634db5af90000000900010073797a30000000002c000000030a01020000000000"], 0x2a8}, 0x1, 0x0, 0x0, 0x84}, 0x0)

94.406682ms ago: executing program 5 (id=5424):
r0 = socket(0x2, 0x3, 0xff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x5, 0x11c, 0x0, 0x800, 0xffffffffffffffff, 0xde, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x5, 0xc}, 0x50)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000340)={<r2=>0x0, @dev, @multicast2}, &(0x7f0000000380)=0xc)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10)
mlock2(&(0x7f0000175000/0x1000)=nil, 0x1000, 0x1)
fcntl$setlease(r3, 0x400, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xa, 0x74b4, 0xd, 0x2, 0x20, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fspick(r7, &(0x7f0000000000)='.\x00', 0x0)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x5}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x7, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8159, 0x0, 0x0, 0x0, 0xfffffffc}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0xd4430a47}, @map_fd={0x18, 0x6, 0x1, 0x0, r1}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0xfe, &(0x7f0000000240)=""/254, 0x41100, 0x28, '\x00', r2, 0x0, r3, 0x8, &(0x7f00000003c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x0, 0x10, 0xe, 0x1000}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r6, r7, r8], 0x0, 0x10, 0x2}, 0x94)
sendmmsg$inet(r0, &(0x7f000000b4c0)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="8fab14940848dd95e7b8523bfbf4a6cbcc911b443e673a8fa77ce58a4a588fdabe427ade9b1ed53f450ce6c20000000000e41c12b500000000000000", 0x3c}], 0x1}}, {{&(0x7f0000000140)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000700)=[{&(0x7f0000000180)="c7b20c4080fd7dd104137ebef4009309ee7cb42a", 0x14}], 0x1}}], 0x2, 0x488c4)

93.740052ms ago: executing program 0 (id=5425):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r1 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000540)='\x00', &(0x7f0000001c80)='n', 0x1)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r2}, 0x10)
timer_gettime(0x0, 0x0)

64.713495ms ago: executing program 5 (id=5426):
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)={0xf97cff8c, 0x8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB="000000848c969800"/20, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

63.656484ms ago: executing program 3 (id=5427):
r0 = socket$inet(0x2, 0x1, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
unshare(0x2040400)
r1 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x6a, 0x3, 0x0, &(0x7f0000000180))
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x13, &(0x7f00000007c0)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRESDEC=r2, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000003000000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e62e150d4a2fddd9a976774"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x4b}, 0x48)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@loopback={0xfec0ffff00006600}, 0x8000000, 0x0, 0x1, 0x1}, 0x29)
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@private0, @in6=@loopback, 0x4e21, 0x7ff, 0x4e22, 0xfff9, 0x2, 0xe0, 0x80, 0x5e, 0x0, 0xffffffffffffffff}, {0xa, 0x46c2, 0x9, 0xc, 0x35540, 0x0, 0xfffffffffffffffe, 0x3}, {0x5, 0x6, 0x1}, 0xa, 0x6e6bb0, 0x3, 0x0, 0x1, 0x1}, {{@in=@multicast1, 0x4d3, 0xaf80948b7159becb}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3504, 0x3, 0x2, 0x5, 0x7, 0x9, 0x6b84}}, 0xe8)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x3}]}, 0x10)
r4 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r6=>0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='cachefiles_mark_failed\x00', r3, 0x0, 0x6}, 0x18)
r7 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r7, &(0x7f00000000c0)={0x18, 0x0, {0x2, @local, 'ip6_vti0\x00'}}, 0x1e)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r9 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r9, &(0x7f0000000040)={0x18, 0x0, {0x4, @random="5677dee5a538", 'ip_vti0\x00'}}, 0x1e)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)=@newqdisc={0xb4, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0xe, 0xffe0}, {0x5, 0x8}}, [@TCA_STAB={0x90, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xfb, 0x9, 0x713, 0x20, 0x2, 0xffff2a06, 0x3ff, 0x9}}, {0x16, 0x2, [0x6, 0x5, 0x4, 0xfe03, 0x9, 0x4, 0xfffc, 0x7, 0xc]}}, {{0x1c, 0x1, {0x3, 0xff, 0x2, 0x9, 0x2, 0xc4d, 0xc13, 0x9}}, {0x16, 0x2, [0xffc, 0x8, 0xfff, 0x3f, 0x6, 0x101, 0x1000, 0x6, 0x200]}}, {{0x1c, 0x1, {0x81, 0x0, 0x9, 0x9, 0x1, 0x100, 0x9, 0x1}}, {0x6, 0x2, [0x5]}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x8880}, 0x4000010)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000600)="9fd20040c73b48e2a6d8183452743d17b9f601192a05b7e24435f80163a879e2679f2547027cbdc8f55139eaa1d9fae3d16ac2b605faba9e49c46ab194ff386d2b6144e215ed076a72624284321135325bfa53558ad0b72a52d716801775be4075048d0dbe2bd2ad2a826b07ec29b6da018956b4ac48de2799664c5df440805a47a97c2fa09c0a25979a7711c43bb20d13cea10f733dedf61caaada44df901721902b69690f70845220f416d77cbf2abf80789e1291af8cb99582677da9e379aaa", 0xc1)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0), 0x4)
syz_clone(0xc43b3e80, &(0x7f0000000000)="8bf91ef3812e3e15fb8bb72f1a3cf1e9edd9fae9b117b6c61d854b51de43561d2314e3aa87dc6d3bb24d2abbe223b17bcb382b6f4729177c1fcbd7afc25b39e4624979db6e8e5c493b8e647ecc55d4ed2b85ce3538fb73800406a7ffb667286413f29e40035ed3f1063e2e808f9e9c7112f84634d6b43f5fb6c6f1b608ac1c00f5b60a47277877b9746c91861c6f615636bbab04cb74dd49566eb21f5c4f043ea7c29dfd308014f4e3aa9ad36144cd872447e1571bbe9fb7fd067ac2aa359235c6ba5d491e7d2d", 0xc7, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="59bf3e88953e2fa5330f43a1a222f46f7ecb5444958c917fcfc43a29c137195fbcb6cbdfe729498a2a88ee5c9b9858af")

857.45µs ago: executing program 0 (id=5428):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x3, 0x7ffc0001}]})
alarm(0x9)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x25, 0x2000, @fd, 0xb, 0x5, 0x8020, 0x7, 0x1, {0x2}})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200"/44, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000004401050000000000000000000000000000000000000000003200000000000000ac090000000000000000000000000000000000000000ff000000000000000000fdfffffffc02000000000000000000000000000000000000320000000000000000000000000000000000ffffac1414bb000000000000000000000000000000000000000000000000000000000000000000000001000000003c0000000200000000000000000000000000000000000000000000000103400000000000000000000000000000000000000000000000000000000000000000002b00000002000000ac141400000000000000000000000000ffffffff0000000000000000000000000000000020010000000000000000000000000001000000803c00000003000000fe88000000000000000000000000fd0100000000040200000000000000000000000000006d7f470bc36f7020a8da20b7ca4eecbc198dee75574ae7909bd576c7074e236f5839a4f90035aff143dd31e99df0d96d244a72dbb97a82de554897a9d5ffa1fac8286f9239e494f6effa6d26da962f8f"], 0x1fc}}, 0x0)
unshare(0x66000080)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r2 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000007c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r2, 0x4d10, 0x2, 0x2, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000305000000020000000800010002000000"], 0x20}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec22, 0x8, 0x0, 0x40000334}, &(0x7f00000006c0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x0, @fd=r0, 0x6, 0x0, 0x0, 0x11})
io_uring_enter(r5, 0x847ba, 0xeffd, 0xe, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000008000000000001801000020207025000000bfa100000000000007010004f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000400)='cpu_frequency_limits\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000080)=0x6, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3e08000000ba00", @ANYBLOB="000128bd7000fedbdf25810000000a00060008021100000000000e003300d400000008021100000100000a0006000802110000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4008005}, 0x0)

0s ago: executing program 3 (id=5429):
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
sigaltstack(&(0x7f00000000c0)={&(0x7f0000002400)=""/4095, 0x0, 0xfff}, 0x0)

kernel console output (not intermixed with test programs):

 `syz.0.4476'.
[  260.718801][T15511] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  260.939804][T15529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4484'.
[  260.948788][T15529] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4484'.
[  261.108933][T15537] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  261.116847][T15537] SELinux: failed to load policy
[  261.174990][T15545] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4490'.
[  261.279892][T15549] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  261.292158][T15549] batman_adv: batadv0: Removing interface: batadv_slave_1
[  261.315041][T15551] FAULT_INJECTION: forcing a failure.
[  261.315041][T15551] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  261.328229][T15551] CPU: 1 UID: 0 PID: 15551 Comm: syz.3.4493 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  261.328335][T15551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  261.328341][T15551] Call Trace:
[  261.328346][T15551]  <TASK>
[  261.328355][T15551]  __dump_stack+0x1d/0x30
[  261.328368][T15551]  dump_stack_lvl+0xe8/0x140
[  261.328383][T15551]  dump_stack+0x15/0x1b
[  261.328454][T15551]  should_fail_ex+0x265/0x280
[  261.328466][T15551]  should_fail+0xb/0x20
[  261.328488][T15551]  should_fail_usercopy+0x1a/0x20
[  261.328499][T15551]  _copy_to_user+0x20/0xa0
[  261.328513][T15551]  ucma_destroy_id+0x1a9/0x1d0
[  261.328526][T15551]  ucma_write+0x1b3/0x250
[  261.328563][T15551]  ? __pfx_ucma_write+0x10/0x10
[  261.328574][T15551]  vfs_write+0x266/0x960
[  261.328585][T15551]  ? __rcu_read_unlock+0x4f/0x70
[  261.328604][T15551]  ? __fget_files+0x184/0x1c0
[  261.328618][T15551]  ksys_write+0xda/0x1a0
[  261.328630][T15551]  __x64_sys_write+0x40/0x50
[  261.328640][T15551]  x64_sys_call+0x27fe/0x2ff0
[  261.328652][T15551]  do_syscall_64+0xd2/0x200
[  261.328671][T15551]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  261.328687][T15551]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  261.328700][T15551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.328730][T15551] RIP: 0033:0x7f7dfb04ebe9
[  261.328738][T15551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.328748][T15551] RSP: 002b:00007f7df9ab7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  261.328778][T15551] RAX: ffffffffffffffda RBX: 00007f7dfb275fa0 RCX: 00007f7dfb04ebe9
[  261.328789][T15551] RDX: 0000000000000018 RSI: 0000200000000f80 RDI: 0000000000000003
[  261.328800][T15551] RBP: 00007f7df9ab7090 R08: 0000000000000000 R09: 0000000000000000
[  261.328811][T15551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.328820][T15551] R13: 00007f7dfb276038 R14: 00007f7dfb275fa0 R15: 00007ffcc25e10e8
[  261.328831][T15551]  </TASK>
[  261.646461][T15566] loop3: detected capacity change from 0 to 512
[  261.653392][T15566] EXT4-fs: Ignoring removed mblk_io_submit option
[  261.666083][T15566] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  261.677368][T15566] EXT4-fs (loop3): 1 truncate cleaned up
[  261.686269][T15566] EXT4-fs mount: 110 callbacks suppressed
[  261.686286][T15566] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  261.841618][T15573] tipc: Started in network mode
[  261.846685][T15573] tipc: Node identity 3627ecea76a2, cluster identity 4711
[  261.854067][T15573] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  261.908466][T15580] loop5: detected capacity change from 0 to 512
[  261.928148][T15580] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.941469][T15580] ext4 filesystem being mounted at /530/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  261.976580][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.032694][T15597] IPv6: NLM_F_CREATE should be specified when creating new route
[  262.044222][T15596] 9pnet_fd: Insufficient options for proto=fd
[  262.232249][T15609] loop5: detected capacity change from 0 to 512
[  262.246918][T15609] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.260904][T15609] ext4 filesystem being mounted at /533/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  262.277456][T15609] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  262.292408][T15609] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28
[  262.304808][T15609] EXT4-fs (loop5): This should not happen!! Data will be lost
[  262.304808][T15609] 
[  262.314489][T15609] EXT4-fs (loop5): Total free blocks count 0
[  262.320511][T15609] EXT4-fs (loop5): Free/Dirty block details
[  262.326494][T15609] EXT4-fs (loop5): free_blocks=65280
[  262.331797][T15609] EXT4-fs (loop5): dirty_blocks=1
[  262.336873][T15609] EXT4-fs (loop5): Block reservation details
[  262.342895][T15609] EXT4-fs (loop5): i_reserved_data_blocks=1
[  262.389510][T15622] FAULT_INJECTION: forcing a failure.
[  262.389510][T15622] name failslab, interval 1, probability 0, space 0, times 0
[  262.402491][T15622] CPU: 1 UID: 0 PID: 15622 Comm: syz.0.4523 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  262.402518][T15622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  262.402529][T15622] Call Trace:
[  262.402537][T15622]  <TASK>
[  262.402545][T15622]  __dump_stack+0x1d/0x30
[  262.402632][T15622]  dump_stack_lvl+0xe8/0x140
[  262.402654][T15622]  dump_stack+0x15/0x1b
[  262.402732][T15622]  should_fail_ex+0x265/0x280
[  262.402754][T15622]  should_failslab+0x8c/0xb0
[  262.402815][T15622]  kmem_cache_alloc_noprof+0x50/0x310
[  262.402847][T15622]  ? getname_flags+0x80/0x3b0
[  262.402943][T15622]  ? __rcu_read_unlock+0x4f/0x70
[  262.402969][T15622]  getname_flags+0x80/0x3b0
[  262.403002][T15622]  io_symlinkat_prep+0x127/0x1d0
[  262.403081][T15622]  io_submit_sqes+0x5ec/0x1060
[  262.403108][T15622]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  262.403132][T15622]  ? 0xffffffff81000000
[  262.403148][T15622]  ? __rcu_read_unlock+0x4f/0x70
[  262.403225][T15622]  ? get_pid_task+0x96/0xd0
[  262.403293][T15622]  ? proc_fail_nth_write+0x13b/0x160
[  262.403319][T15622]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  262.403345][T15622]  ? vfs_write+0x7e8/0x960
[  262.403371][T15622]  ? __rcu_read_unlock+0x4f/0x70
[  262.403395][T15622]  ? __fget_files+0x184/0x1c0
[  262.403425][T15622]  ? fput+0x8f/0xc0
[  262.403516][T15622]  __x64_sys_io_uring_enter+0x78/0x90
[  262.403543][T15622]  x64_sys_call+0x2de1/0x2ff0
[  262.403565][T15622]  do_syscall_64+0xd2/0x200
[  262.403677][T15622]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  262.403702][T15622]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  262.403733][T15622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.403759][T15622] RIP: 0033:0x7f7c240bebe9
[  262.403777][T15622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.403825][T15622] RSP: 002b:00007f7c22b27038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  262.403848][T15622] RAX: ffffffffffffffda RBX: 00007f7c242e5fa0 RCX: 00007f7c240bebe9
[  262.403863][T15622] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000004
[  262.403877][T15622] RBP: 00007f7c22b27090 R08: 0000000000000000 R09: 0000000000000000
[  262.403889][T15622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.403901][T15622] R13: 00007f7c242e6038 R14: 00007f7c242e5fa0 R15: 00007ffcfc9cd688
[  262.403918][T15622]  </TASK>
[  262.653881][T15565] tipc: Disabling bearer <eth:syzkaller0>
[  262.661756][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.717694][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.078436][T15632] loop5: detected capacity change from 0 to 256
[  263.215518][T15641] loop3: detected capacity change from 0 to 512
[  263.243446][T15641] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.262206][T15641] ext4 filesystem being mounted at /231/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.275001][T15645] loop5: detected capacity change from 0 to 1024
[  263.302798][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.303370][T15645] EXT4-fs: Ignoring removed nomblk_io_submit option
[  263.343556][T15645] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  263.401001][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.688910][T15675] loop3: detected capacity change from 0 to 512
[  263.730169][T15675] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.749013][T15675] ext4 filesystem being mounted at /234/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  263.818562][T15690] __nla_validate_parse: 3 callbacks suppressed
[  263.818583][T15690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4551'.
[  263.834092][T15690] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4551'.
[  263.843213][T15690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4551'.
[  263.852802][T15690] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4551'.
[  263.861759][T15690] netlink: 'syz.0.4551': attribute type 6 has an invalid length.
[  263.944896][T15702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4553'.
[  263.954090][T15702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4553'.
[  263.990206][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.287845][T15721] loop5: detected capacity change from 0 to 128
[  264.304960][T15722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4560'.
[  264.313952][T15722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4560'.
[  264.614485][T15733] tipc: Started in network mode
[  264.619475][T15733] tipc: Node identity 263ad81ca42d, cluster identity 4711
[  264.626831][T15733] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  264.683658][T15737] tipc: Disabling bearer <eth:syzkaller0>
[  264.978224][T15721] FAT-fs (loop5): Directory bread(block 32) failed
[  264.984918][T15721] FAT-fs (loop5): Directory bread(block 33) failed
[  264.991456][T15721] FAT-fs (loop5): Directory bread(block 34) failed
[  264.998072][T15721] FAT-fs (loop5): Directory bread(block 35) failed
[  265.004654][T15721] FAT-fs (loop5): Directory bread(block 36) failed
[  265.011221][T15721] FAT-fs (loop5): Directory bread(block 37) failed
[  265.017790][T15721] FAT-fs (loop5): Directory bread(block 38) failed
[  265.024343][T15721] FAT-fs (loop5): Directory bread(block 39) failed
[  265.030879][T15721] FAT-fs (loop5): Directory bread(block 40) failed
[  265.037461][T15721] FAT-fs (loop5): Directory bread(block 41) failed
[  265.151094][   T29] kauditd_printk_skb: 202 callbacks suppressed
[  265.151112][   T29] audit: type=1400 audit(1755910487.294:12063): avc:  denied  { create } for  pid=15755 comm="syz.1.4575" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  265.152801][T15756] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4575'.
[  265.185384][   T29] audit: type=1400 audit(1755910487.334:12064): avc:  denied  { create } for  pid=15753 comm="syz.2.4574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  265.207788][   T29] audit: type=1400 audit(1755910487.334:12065): avc:  denied  { getopt } for  pid=15753 comm="syz.2.4574" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  265.227805][   T29] audit: type=1326 audit(1755910487.334:12066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15753 comm="syz.2.4574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2cc1ebe9 code=0x7ffc0000
[  265.227829][T15756] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  265.227888][   T29] audit: type=1326 audit(1755910487.334:12067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15753 comm="syz.2.4574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f0d2cc1ebe9 code=0x7ffc0000
[  265.284100][   T29] audit: type=1326 audit(1755910487.334:12068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15753 comm="syz.2.4574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2cc1ebe9 code=0x7ffc0000
[  265.308012][   T29] audit: type=1326 audit(1755910487.334:12069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15753 comm="syz.2.4574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d2cc1ebe9 code=0x7ffc0000
[  265.331792][   T29] audit: type=1326 audit(1755910487.334:12070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15753 comm="syz.2.4574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2cc1ebe9 code=0x7ffc0000
[  265.355469][   T29] audit: type=1326 audit(1755910487.334:12071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15753 comm="syz.2.4574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d2cc1ebe9 code=0x7ffc0000
[  265.379204][   T29] audit: type=1326 audit(1755910487.334:12072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15753 comm="syz.2.4574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2cc1ebe9 code=0x7ffc0000
[  265.484150][T15764] FAULT_INJECTION: forcing a failure.
[  265.484150][T15764] name failslab, interval 1, probability 0, space 0, times 0
[  265.496949][T15764] CPU: 0 UID: 0 PID: 15764 Comm: syz.0.4578 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  265.496977][T15764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  265.496988][T15764] Call Trace:
[  265.496996][T15764]  <TASK>
[  265.497005][T15764]  __dump_stack+0x1d/0x30
[  265.497030][T15764]  dump_stack_lvl+0xe8/0x140
[  265.497116][T15764]  dump_stack+0x15/0x1b
[  265.497133][T15764]  should_fail_ex+0x265/0x280
[  265.497158][T15764]  should_failslab+0x8c/0xb0
[  265.497184][T15764]  __kmalloc_noprof+0xa5/0x3e0
[  265.497262][T15764]  ? cond_policydb_dup+0xa3/0x4e0
[  265.497295][T15764]  cond_policydb_dup+0xa3/0x4e0
[  265.497328][T15764]  security_set_bools+0xa0/0x340
[  265.497401][T15764]  sel_commit_bools_write+0x1ea/0x270
[  265.497509][T15764]  vfs_writev+0x406/0x8b0
[  265.497534][T15764]  ? __pfx_sel_commit_bools_write+0x10/0x10
[  265.497698][T15764]  ? mutex_lock+0xd/0x30
[  265.497777][T15764]  do_writev+0xe7/0x210
[  265.497807][T15764]  __x64_sys_writev+0x45/0x50
[  265.497829][T15764]  x64_sys_call+0x1e9a/0x2ff0
[  265.497888][T15764]  do_syscall_64+0xd2/0x200
[  265.497963][T15764]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  265.497986][T15764]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  265.498031][T15764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.498057][T15764] RIP: 0033:0x7f7c240bebe9
[  265.498076][T15764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.498095][T15764] RSP: 002b:00007f7c22b27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  265.498164][T15764] RAX: ffffffffffffffda RBX: 00007f7c242e5fa0 RCX: 00007f7c240bebe9
[  265.498178][T15764] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000006
[  265.498190][T15764] RBP: 00007f7c22b27090 R08: 0000000000000000 R09: 0000000000000000
[  265.498205][T15764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.498219][T15764] R13: 00007f7c242e6038 R14: 00007f7c242e5fa0 R15: 00007ffcfc9cd688
[  265.498302][T15764]  </TASK>
[  265.874451][T15781] loop5: detected capacity change from 0 to 512
[  265.903904][T15787] openvswitch: netlink: Message has 6 unknown bytes.
[  265.921478][T15781] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.966725][T15781] ext4 filesystem being mounted at /543/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  266.007906][T15793] netlink: 'syz.2.4588': attribute type 10 has an invalid length.
[  266.022434][T15796] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.068607][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.086181][T15793] bridge0: port 3(batadv0) entered disabled state
[  266.101158][T15793] batadv0: left allmulticast mode
[  266.106355][T15793] batadv0: left promiscuous mode
[  266.111647][T15793] bridge0: port 3(batadv0) entered disabled state
[  266.119882][T15793] 8021q: adding VLAN 0 to HW filter on device batadv0
[  266.129787][T15793] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  266.163396][T15796] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.188504][T15803] loop5: detected capacity change from 0 to 512
[  266.246402][T15796] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.257800][T15803] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.277225][T15803] ext4 filesystem being mounted at /545/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  266.291212][T15803] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  266.317889][T15803] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28
[  266.330139][T15803] EXT4-fs (loop5): This should not happen!! Data will be lost
[  266.330139][T15803] 
[  266.339840][T15803] EXT4-fs (loop5): Total free blocks count 0
[  266.345893][T15803] EXT4-fs (loop5): Free/Dirty block details
[  266.351829][T15803] EXT4-fs (loop5): free_blocks=65280
[  266.357172][T15803] EXT4-fs (loop5): dirty_blocks=1
[  266.362396][T15803] EXT4-fs (loop5): Block reservation details
[  266.368426][T15803] EXT4-fs (loop5): i_reserved_data_blocks=1
[  266.388341][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.397532][T15813] loop3: detected capacity change from 0 to 8192
[  266.400830][T15796] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.418031][T15813] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  266.429647][T15816] netlink: 'syz.2.4595': attribute type 10 has an invalid length.
[  266.507893][  T163] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  266.528784][  T163] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  266.547450][T15824] netlink: 'syz.5.4598': attribute type 4 has an invalid length.
[  266.551899][  T163] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.582054][  T163] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  266.632049][T15827] loop5: detected capacity change from 0 to 128
[  266.643937][T15827] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  266.694961][T15827] ext4 filesystem being mounted at /548/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  266.731872][T15827] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4599'.
[  266.799638][ T8046] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  266.925014][T15847] loop5: detected capacity change from 0 to 1024
[  266.934007][T15847] EXT4-fs: Ignoring removed bh option
[  266.973527][T15847] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback.
[  267.135323][T15867] FAULT_INJECTION: forcing a failure.
[  267.135323][T15867] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  267.148630][T15867] CPU: 1 UID: 0 PID: 15867 Comm: syz.0.4616 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  267.148657][T15867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  267.148667][T15867] Call Trace:
[  267.148674][T15867]  <TASK>
[  267.148682][T15867]  __dump_stack+0x1d/0x30
[  267.148748][T15867]  dump_stack_lvl+0xe8/0x140
[  267.148763][T15867]  dump_stack+0x15/0x1b
[  267.148779][T15867]  should_fail_ex+0x265/0x280
[  267.148799][T15867]  should_fail+0xb/0x20
[  267.148855][T15867]  should_fail_usercopy+0x1a/0x20
[  267.148874][T15867]  _copy_from_user+0x1c/0xb0
[  267.148894][T15867]  memdup_user+0x5e/0xd0
[  267.148913][T15867]  proc_pid_attr_write+0x15e/0x220
[  267.148990][T15867]  vfs_writev+0x406/0x8b0
[  267.149061][T15867]  ? __pfx_proc_pid_attr_write+0x10/0x10
[  267.149078][T15867]  ? mutex_lock+0xd/0x30
[  267.149112][T15867]  do_writev+0xe7/0x210
[  267.149178][T15867]  __x64_sys_writev+0x45/0x50
[  267.149190][T15867]  x64_sys_call+0x1e9a/0x2ff0
[  267.149201][T15867]  do_syscall_64+0xd2/0x200
[  267.149232][T15867]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  267.149245][T15867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.149258][T15867] RIP: 0033:0x7f7c240bebe9
[  267.149267][T15867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.149295][T15867] RSP: 002b:00007f7c22b27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  267.149313][T15867] RAX: ffffffffffffffda RBX: 00007f7c242e5fa0 RCX: 00007f7c240bebe9
[  267.149351][T15867] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: 0000000000000006
[  267.149437][T15867] RBP: 00007f7c22b27090 R08: 0000000000000000 R09: 0000000000000000
[  267.149446][T15867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.149457][T15867] R13: 00007f7c242e6038 R14: 00007f7c242e5fa0 R15: 00007ffcfc9cd688
[  267.149473][T15867]  </TASK>
[  267.397227][T15877] FAULT_INJECTION: forcing a failure.
[  267.397227][T15877] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  267.410535][T15877] CPU: 0 UID: 0 PID: 15877 Comm: syz.0.4620 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  267.410567][T15877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  267.410579][T15877] Call Trace:
[  267.410586][T15877]  <TASK>
[  267.410594][T15877]  __dump_stack+0x1d/0x30
[  267.410614][T15877]  dump_stack_lvl+0xe8/0x140
[  267.410633][T15877]  dump_stack+0x15/0x1b
[  267.410652][T15877]  should_fail_ex+0x265/0x280
[  267.410694][T15877]  should_fail+0xb/0x20
[  267.410711][T15877]  should_fail_usercopy+0x1a/0x20
[  267.410793][T15877]  strncpy_from_user+0x25/0x230
[  267.410825][T15877]  ? __kmalloc_cache_noprof+0x189/0x320
[  267.410860][T15877]  __se_sys_memfd_create+0x1ff/0x590
[  267.410883][T15877]  __x64_sys_memfd_create+0x31/0x40
[  267.410962][T15877]  x64_sys_call+0x2abe/0x2ff0
[  267.410987][T15877]  do_syscall_64+0xd2/0x200
[  267.411017][T15877]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  267.411042][T15877]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  267.411182][T15877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.411206][T15877] RIP: 0033:0x7f7c240bebe9
[  267.411222][T15877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.411243][T15877] RSP: 002b:00007f7c22b26e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  267.411268][T15877] RAX: ffffffffffffffda RBX: 00000000000007e2 RCX: 00007f7c240bebe9
[  267.411281][T15877] RDX: 00007f7c22b26ef0 RSI: 0000000000000000 RDI: 00007f7c241427e8
[  267.411308][T15877] RBP: 0000200000001000 R08: 00007f7c22b26bb7 R09: 00007f7c22b26e40
[  267.411319][T15877] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  267.411385][T15877] R13: 00007f7c22b26ef0 R14: 00007f7c22b26eb0 R15: 0000200000000d80
[  267.411403][T15877]  </TASK>
[  267.658987][T15887] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  267.677700][T15891] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=15891 comm=syz.0.4626
[  267.684272][T15890] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=15890 comm=syz.0.4626
[  267.784622][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[  267.848351][T15899] FAULT_INJECTION: forcing a failure.
[  267.848351][T15899] name failslab, interval 1, probability 0, space 0, times 0
[  267.861081][T15899] CPU: 1 UID: 0 PID: 15899 Comm: syz.5.4629 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  267.861170][T15899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  267.861176][T15899] Call Trace:
[  267.861180][T15899]  <TASK>
[  267.861185][T15899]  __dump_stack+0x1d/0x30
[  267.861198][T15899]  dump_stack_lvl+0xe8/0x140
[  267.861208][T15899]  dump_stack+0x15/0x1b
[  267.861217][T15899]  should_fail_ex+0x265/0x280
[  267.861262][T15899]  should_failslab+0x8c/0xb0
[  267.861278][T15899]  kmem_cache_alloc_noprof+0x50/0x310
[  267.861365][T15899]  ? skb_clone+0x151/0x1f0
[  267.861416][T15899]  skb_clone+0x151/0x1f0
[  267.861441][T15899]  __netlink_deliver_tap+0x2c9/0x500
[  267.861454][T15899]  netlink_unicast+0x66b/0x690
[  267.861513][T15899]  netlink_sendmsg+0x58b/0x6b0
[  267.861533][T15899]  ? __pfx_netlink_sendmsg+0x10/0x10
[  267.861550][T15899]  __sock_sendmsg+0x145/0x180
[  267.861564][T15899]  ____sys_sendmsg+0x31e/0x4e0
[  267.861577][T15899]  ___sys_sendmsg+0x17b/0x1d0
[  267.861593][T15899]  __x64_sys_sendmsg+0xd4/0x160
[  267.861642][T15899]  x64_sys_call+0x191e/0x2ff0
[  267.861653][T15899]  do_syscall_64+0xd2/0x200
[  267.861667][T15899]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  267.861730][T15899]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  267.861791][T15899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.861802][T15899] RIP: 0033:0x7ff47b35ebe9
[  267.861812][T15899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.861823][T15899] RSP: 002b:00007ff479dc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  267.861881][T15899] RAX: ffffffffffffffda RBX: 00007ff47b585fa0 RCX: 00007ff47b35ebe9
[  267.861888][T15899] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  267.861895][T15899] RBP: 00007ff479dc7090 R08: 0000000000000000 R09: 0000000000000000
[  267.861901][T15899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.861970][T15899] R13: 00007ff47b586038 R14: 00007ff47b585fa0 R15: 00007ffc8ba3bc08
[  267.862029][T15899]  </TASK>
[  268.662671][T15921] loop3: detected capacity change from 0 to 512
[  268.693799][T15921] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.725799][T15921] ext4 filesystem being mounted at /242/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  268.757737][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.999293][T15930] loop3: detected capacity change from 0 to 2048
[  269.028355][T15932] __nla_validate_parse: 2 callbacks suppressed
[  269.028396][T15932] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4640'.
[  269.067058][T15930] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  269.108004][T15932] SELinux: security policydb version 17 (MLS) not backwards compatible
[  269.143128][T15932] SELinux: failed to load policy
[  269.162255][T15928] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.4638: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  269.271575][T15928] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  269.322320][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.360911][T15943] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4643'.
[  269.417917][T15943] SELinux: security policydb version 17 (MLS) not backwards compatible
[  269.427049][T15943] SELinux: failed to load policy
[  269.551909][T15959] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4650'.
[  269.580008][T15959] FAULT_INJECTION: forcing a failure.
[  269.580008][T15959] name failslab, interval 1, probability 0, space 0, times 0
[  269.592780][T15959] CPU: 1 UID: 0 PID: 15959 Comm: syz.2.4650 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  269.592815][T15959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  269.592827][T15959] Call Trace:
[  269.592836][T15959]  <TASK>
[  269.592846][T15959]  __dump_stack+0x1d/0x30
[  269.592917][T15959]  dump_stack_lvl+0xe8/0x140
[  269.592936][T15959]  dump_stack+0x15/0x1b
[  269.592951][T15959]  should_fail_ex+0x265/0x280
[  269.592976][T15959]  should_failslab+0x8c/0xb0
[  269.593006][T15959]  kmem_cache_alloc_noprof+0x50/0x310
[  269.593113][T15959]  ? skb_clone+0x151/0x1f0
[  269.593139][T15959]  skb_clone+0x151/0x1f0
[  269.593161][T15959]  __netlink_deliver_tap+0x2c9/0x500
[  269.593183][T15959]  netlink_unicast+0x66b/0x690
[  269.593254][T15959]  netlink_sendmsg+0x58b/0x6b0
[  269.593278][T15959]  ? __pfx_netlink_sendmsg+0x10/0x10
[  269.593299][T15959]  __sock_sendmsg+0x145/0x180
[  269.593326][T15959]  __sys_sendto+0x268/0x330
[  269.593461][T15959]  __x64_sys_sendto+0x76/0x90
[  269.593484][T15959]  x64_sys_call+0x2d05/0x2ff0
[  269.593505][T15959]  do_syscall_64+0xd2/0x200
[  269.593530][T15959]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  269.593554][T15959]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  269.593656][T15959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.593679][T15959] RIP: 0033:0x7f0d2cc20a7c
[  269.593697][T15959] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  269.593717][T15959] RSP: 002b:00007f0d2b685ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  269.593739][T15959] RAX: ffffffffffffffda RBX: 00007f0d2b685fc0 RCX: 00007f0d2cc20a7c
[  269.593783][T15959] RDX: 0000000000000020 RSI: 00007f0d2b686010 RDI: 0000000000000004
[  269.593795][T15959] RBP: 0000000000000000 R08: 00007f0d2b685f14 R09: 000000000000000c
[  269.593807][T15959] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  269.593819][T15959] R13: 00007f0d2b685f68 R14: 00007f0d2b686010 R15: 0000000000000000
[  269.593836][T15959]  </TASK>
[  269.802398][T15959] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4650'.
[  269.823597][T15956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4649'.
[  269.923269][T15956] Falling back ldisc for ttyS3.
[  269.943622][T15956] loop3: detected capacity change from 0 to 2048
[  270.026580][T15978] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4658'.
[  270.039283][T15978] SELinux: security policydb version 17 (MLS) not backwards compatible
[  270.047953][T15978] SELinux: failed to load policy
[  270.172820][   T29] kauditd_printk_skb: 332 callbacks suppressed
[  270.172840][   T29] audit: type=1400 audit(1755910492.324:12403): avc:  denied  { create } for  pid=15995 comm="syz.1.4665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  270.215652][   T29] audit: type=1400 audit(1755910492.344:12404): avc:  denied  { ioctl } for  pid=15995 comm="syz.1.4665" path="socket:[52490]" dev="sockfs" ino=52490 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  270.263519][   T29] audit: type=1400 audit(1755910492.404:12405): avc:  denied  { create } for  pid=16001 comm="syz.2.4667" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  270.323540][T16006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4669'.
[  270.372465][   T29] audit: type=1400 audit(1755910492.494:12406): avc:  denied  { read } for  pid=16001 comm="syz.2.4667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  270.392120][   T29] audit: type=1400 audit(1755910492.504:12407): avc:  denied  { create } for  pid=16001 comm="syz.2.4667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  270.411855][   T29] audit: type=1400 audit(1755910492.504:12408): avc:  denied  { setopt } for  pid=16001 comm="syz.2.4667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  270.431930][T16006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4669'.
[  270.499368][   T29] audit: type=1400 audit(1755910492.644:12409): avc:  denied  { watch watch_reads } for  pid=16012 comm="syz.5.4672" path="/558/file0" dev="tmpfs" ino=3086 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  270.598300][   T29] audit: type=1326 audit(1755910492.744:12410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16014 comm="syz.1.4674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  270.622031][   T29] audit: type=1326 audit(1755910492.744:12411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16014 comm="syz.1.4674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  270.645657][   T29] audit: type=1326 audit(1755910492.744:12412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16014 comm="syz.1.4674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  270.899807][T16023] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4676'.
[  270.938420][T16023] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  270.990803][T16028] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4677'.
[  271.067688][T16028] loop3: detected capacity change from 0 to 512
[  271.124023][T16028] EXT4-fs (loop3): orphan cleanup on readonly fs
[  271.131147][T16028] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4677: bg 0: block 248: padding at end of block bitmap is not set
[  271.176444][T16037] SELinux: security policydb version 17 (MLS) not backwards compatible
[  271.184853][T16037] SELinux: failed to load policy
[  271.274251][T16028] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.4677: Failed to acquire dquot type 1
[  271.304141][T16028] EXT4-fs (loop3): 1 truncate cleaned up
[  271.310754][T16028] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  271.324667][T16028] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  271.334378][T16028] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 0
[  271.373072][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.433605][T16059] loop3: detected capacity change from 0 to 256
[  271.525954][T16069] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  271.544313][T16069] tipc: Disabling bearer <eth:syzkaller0>
[  271.579708][T16070] binfmt_misc: register: failed to install interpreter file ./file0
[  271.625907][T16075] random: crng reseeded on system resumption
[  271.652222][T16075] FAULT_INJECTION: forcing a failure.
[  271.652222][T16075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  271.665975][T16075] CPU: 0 UID: 0 PID: 16075 Comm: syz.3.4694 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  271.666019][T16075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  271.666032][T16075] Call Trace:
[  271.666038][T16075]  <TASK>
[  271.666046][T16075]  __dump_stack+0x1d/0x30
[  271.666075][T16075]  dump_stack_lvl+0xe8/0x140
[  271.666093][T16075]  dump_stack+0x15/0x1b
[  271.666179][T16075]  should_fail_ex+0x265/0x280
[  271.666199][T16075]  should_fail+0xb/0x20
[  271.666286][T16075]  should_fail_usercopy+0x1a/0x20
[  271.666538][T16075]  copy_fpstate_to_sigframe+0x628/0x7d0
[  271.666568][T16075]  ? copy_fpstate_to_sigframe+0xe6/0x7d0
[  271.666720][T16075]  ? x86_task_fpu+0x36/0x60
[  271.666748][T16075]  get_sigframe+0x34d/0x490
[  271.666810][T16075]  ? get_signal+0xdc8/0xf70
[  271.666846][T16075]  x64_setup_rt_frame+0xa8/0x580
[  271.666880][T16075]  arch_do_signal_or_restart+0x27c/0x480
[  271.666923][T16075]  exit_to_user_mode_loop+0x7a/0x100
[  271.666968][T16075]  do_syscall_64+0x1d6/0x200
[  271.666997][T16075]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  271.667029][T16075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.667051][T16075] RIP: 0033:0x7f7dfb04d69f
[  271.667076][T16075] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  271.667139][T16075] RSP: 002b:00007f7df9ab7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  271.667158][T16075] RAX: 0000000000000001 RBX: 0000000000000008 RCX: 00007f7dfb04d69f
[  271.667170][T16075] RDX: 0000000000000001 RSI: 00007f7df9ab7090 RDI: 0000000000000008
[  271.667250][T16075] RBP: 00007f7df9ab7090 R08: 0000000000000000 R09: 00007f7df9ab6df7
[  271.667262][T16075] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  271.667274][T16075] R13: 00007f7dfb276038 R14: 00007f7dfb275fa0 R15: 00007ffcc25e10e8
[  271.667291][T16075]  </TASK>
[  271.950142][T16091] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  272.226834][T16103] loop5: detected capacity change from 0 to 256
[  272.290911][T16106] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  272.300012][T16106] tipc: Disabling bearer <eth:syzkaller0>
[  272.418032][T16123] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  272.724344][T16153] FAULT_INJECTION: forcing a failure.
[  272.724344][T16153] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  272.737469][T16153] CPU: 0 UID: 0 PID: 16153 Comm: syz.5.4727 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  272.737562][T16153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  272.737583][T16153] Call Trace:
[  272.737592][T16153]  <TASK>
[  272.737602][T16153]  __dump_stack+0x1d/0x30
[  272.737627][T16153]  dump_stack_lvl+0xe8/0x140
[  272.737657][T16153]  dump_stack+0x15/0x1b
[  272.737676][T16153]  should_fail_ex+0x265/0x280
[  272.737730][T16153]  should_fail+0xb/0x20
[  272.737758][T16153]  should_fail_usercopy+0x1a/0x20
[  272.737786][T16153]  _copy_from_iter+0xd2/0xe80
[  272.737822][T16153]  ? alloc_pages_mpol+0x201/0x250
[  272.737923][T16153]  copy_page_from_iter+0x178/0x2a0
[  272.737966][T16153]  tun_get_user+0x679/0x2680
[  272.738037][T16153]  ? ref_tracker_alloc+0x1f2/0x2f0
[  272.738112][T16153]  tun_chr_write_iter+0x15e/0x210
[  272.738153][T16153]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  272.738186][T16153]  vfs_write+0x527/0x960
[  272.738217][T16153]  ksys_write+0xda/0x1a0
[  272.738302][T16153]  __x64_sys_write+0x40/0x50
[  272.738344][T16153]  x64_sys_call+0x27fe/0x2ff0
[  272.738369][T16153]  do_syscall_64+0xd2/0x200
[  272.738396][T16153]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  272.738454][T16153]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  272.738482][T16153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.738651][T16153] RIP: 0033:0x7ff47b35d69f
[  272.738668][T16153] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  272.738695][T16153] RSP: 002b:00007ff479dc7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  272.738717][T16153] RAX: ffffffffffffffda RBX: 00007ff47b585fa0 RCX: 00007ff47b35d69f
[  272.738733][T16153] RDX: 000000000000007e RSI: 00002000000003c0 RDI: 00000000000000c8
[  272.738747][T16153] RBP: 00007ff479dc7090 R08: 0000000000000000 R09: 0000000000000000
[  272.738763][T16153] R10: 000000000000007e R11: 0000000000000293 R12: 0000000000000001
[  272.738777][T16153] R13: 00007ff47b586038 R14: 00007ff47b585fa0 R15: 00007ffc8ba3bc08
[  272.738804][T16153]  </TASK>
[  272.956391][T16155] sch_tbf: burst 3292 is lower than device lo mtu (65550) !
[  273.505579][T16200] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  274.089354][T16193] Set syz1 is full, maxelem 65536 reached
[  274.265864][T16224] FAULT_INJECTION: forcing a failure.
[  274.265864][T16224] name failslab, interval 1, probability 0, space 0, times 0
[  274.278590][T16224] CPU: 1 UID: 0 PID: 16224 Comm: syz.0.4757 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  274.278623][T16224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  274.278647][T16224] Call Trace:
[  274.278656][T16224]  <TASK>
[  274.278666][T16224]  __dump_stack+0x1d/0x30
[  274.278730][T16224]  dump_stack_lvl+0xe8/0x140
[  274.278753][T16224]  dump_stack+0x15/0x1b
[  274.278773][T16224]  should_fail_ex+0x265/0x280
[  274.278798][T16224]  should_failslab+0x8c/0xb0
[  274.278860][T16224]  kmem_cache_alloc_node_noprof+0x57/0x320
[  274.278893][T16224]  ? alloc_vmap_area+0x231/0xe50
[  274.278928][T16224]  alloc_vmap_area+0x231/0xe50
[  274.278963][T16224]  ? should_failslab+0x8c/0xb0
[  274.279055][T16224]  ? __kmalloc_cache_node_noprof+0x18a/0x320
[  274.279100][T16224]  __get_vm_area_node+0x173/0x1d0
[  274.279130][T16224]  __vmalloc_node_range_noprof+0x273/0xe00
[  274.279228][T16224]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  274.279262][T16224]  ? avc_has_perm_noaudit+0x1b1/0x200
[  274.279355][T16224]  ? cred_has_capability+0x210/0x280
[  274.279380][T16224]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  274.279438][T16224]  __vmalloc_noprof+0x83/0xc0
[  274.279514][T16224]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  274.279553][T16224]  bpf_prog_alloc_no_stats+0x47/0x3a0
[  274.279620][T16224]  ? bpf_prog_alloc+0x2a/0x150
[  274.279649][T16224]  bpf_prog_alloc+0x3c/0x150
[  274.279674][T16224]  bpf_prog_load+0x514/0x1070
[  274.279709][T16224]  ? security_bpf+0x2b/0x90
[  274.279744][T16224]  __sys_bpf+0x462/0x7b0
[  274.279775][T16224]  __x64_sys_bpf+0x41/0x50
[  274.279798][T16224]  x64_sys_call+0x2aea/0x2ff0
[  274.279888][T16224]  do_syscall_64+0xd2/0x200
[  274.279919][T16224]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  274.280026][T16224]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  274.280118][T16224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.280142][T16224] RIP: 0033:0x7f7c240bebe9
[  274.280160][T16224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.280181][T16224] RSP: 002b:00007f7c22b27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  274.280204][T16224] RAX: ffffffffffffffda RBX: 00007f7c242e5fa0 RCX: 00007f7c240bebe9
[  274.280279][T16224] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
[  274.280293][T16224] RBP: 00007f7c22b27090 R08: 0000000000000000 R09: 0000000000000000
[  274.280307][T16224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.280321][T16224] R13: 00007f7c242e6038 R14: 00007f7c242e5fa0 R15: 00007ffcfc9cd688
[  274.280341][T16224]  </TASK>
[  274.280378][T16224] syz.0.4757: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0
[  274.550665][T16224] CPU: 1 UID: 0 PID: 16224 Comm: syz.0.4757 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  274.550695][T16224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  274.550708][T16224] Call Trace:
[  274.550715][T16224]  <TASK>
[  274.550724][T16224]  __dump_stack+0x1d/0x30
[  274.550754][T16224]  dump_stack_lvl+0xe8/0x140
[  274.550825][T16224]  dump_stack+0x15/0x1b
[  274.550842][T16224]  warn_alloc+0x12b/0x1a0
[  274.550876][T16224]  __vmalloc_node_range_noprof+0x297/0xe00
[  274.550911][T16224]  ? avc_has_perm_noaudit+0x1b1/0x200
[  274.550986][T16224]  ? cred_has_capability+0x210/0x280
[  274.551030][T16224]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  274.551086][T16224]  __vmalloc_noprof+0x83/0xc0
[  274.551115][T16224]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  274.551200][T16224]  bpf_prog_alloc_no_stats+0x47/0x3a0
[  274.551335][T16224]  ? bpf_prog_alloc+0x2a/0x150
[  274.551361][T16224]  bpf_prog_alloc+0x3c/0x150
[  274.551386][T16224]  bpf_prog_load+0x514/0x1070
[  274.551421][T16224]  ? security_bpf+0x2b/0x90
[  274.551473][T16224]  __sys_bpf+0x462/0x7b0
[  274.551505][T16224]  __x64_sys_bpf+0x41/0x50
[  274.551529][T16224]  x64_sys_call+0x2aea/0x2ff0
[  274.551619][T16224]  do_syscall_64+0xd2/0x200
[  274.551646][T16224]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  274.551671][T16224]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  274.551696][T16224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.551733][T16224] RIP: 0033:0x7f7c240bebe9
[  274.551749][T16224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.551766][T16224] RSP: 002b:00007f7c22b27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  274.551785][T16224] RAX: ffffffffffffffda RBX: 00007f7c242e5fa0 RCX: 00007f7c240bebe9
[  274.551797][T16224] RDX: 0000000000000094 RSI: 00002000000000c0 RDI: 0000000000000005
[  274.551809][T16224] RBP: 00007f7c22b27090 R08: 0000000000000000 R09: 0000000000000000
[  274.551884][T16224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.551948][T16224] R13: 00007f7c242e6038 R14: 00007f7c242e5fa0 R15: 00007ffcfc9cd688
[  274.551973][T16224]  </TASK>
[  274.762812][T16224] Mem-Info:
[  274.766027][T16224] active_anon:17911 inactive_anon:0 isolated_anon:0
[  274.766027][T16224]  active_file:15996 inactive_file:12581 isolated_file:0
[  274.766027][T16224]  unevictable:0 dirty:472 writeback:0
[  274.766027][T16224]  slab_reclaimable:3394 slab_unreclaimable:16343
[  274.766027][T16224]  mapped:29834 shmem:6469 pagetables:1103
[  274.766027][T16224]  sec_pagetables:0 bounce:0
[  274.766027][T16224]  kernel_misc_reclaimable:0
[  274.766027][T16224]  free:1862518 free_pcp:4750 free_cma:0
[  274.811136][T16224] Node 0 active_anon:71644kB inactive_anon:0kB active_file:63984kB inactive_file:50324kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:119336kB dirty:1888kB writeback:0kB shmem:25876kB kernel_stack:3392kB pagetables:4412kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  274.838660][T16224] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  274.867515][T16224] lowmem_reserve[]: 0 2883 7862 7862
[  274.872877][T16224] Node 0 DMA32 free:2949304kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952836kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB
[  274.903040][T16224] lowmem_reserve[]: 0 0 4978 4978
[  274.908162][T16224] Node 0 Normal free:4485408kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:60160kB inactive_anon:0kB active_file:63984kB inactive_file:50324kB unevictable:0kB writepending:1888kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:27004kB local_pcp:8308kB free_cma:0kB
[  274.940367][T16224] lowmem_reserve[]: 0 0 0 0
[  274.945166][T16224] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  274.957979][T16224] Node 0 DMA32: 4*4kB (M) 5*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949304kB
[  274.974275][T16224] Node 0 Normal: 962*4kB (UME) 557*8kB (UME) 621*16kB (UME) 502*32kB (UME) 305*64kB (UME) 154*128kB (UME) 57*256kB (UME) 28*512kB (UME) 18*1024kB (UM) 17*2048kB (UM) 1059*4096kB (UM) = 4493376kB
[  274.993889][T16224] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  275.003322][T16224] 31579 total pagecache pages
[  275.008004][T16224] 0 pages in swap cache
[  275.012207][T16224] Free swap  = 124996kB
[  275.016363][T16224] Total swap = 124996kB
[  275.020529][T16224] 2097051 pages RAM
[  275.024443][T16224] 0 pages HighMem/MovableOnly
[  275.029139][T16224] 80442 pages reserved
[  275.034557][T16227] __nla_validate_parse: 13 callbacks suppressed
[  275.034576][T16227] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4758'.
[  275.056028][T16227] loop5: detected capacity change from 0 to 128
[  275.074333][T16227] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  275.102262][T16227] ext4 filesystem being mounted at /574/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  275.162197][T16227] SELinux: security policydb version 17 (MLS) not backwards compatible
[  275.238317][T16227] SELinux: failed to load policy
[  275.317578][ T8046] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  275.327890][T16243] netlink: 'syz.1.4763': attribute type 1 has an invalid length.
[  275.337215][T16243] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  275.363216][   T29] kauditd_printk_skb: 214 callbacks suppressed
[  275.363235][   T29] audit: type=1326 audit(1755910497.514:12625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.406866][   T29] audit: type=1326 audit(1755910497.524:12626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.430674][   T29] audit: type=1326 audit(1755910497.554:12627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.454293][   T29] audit: type=1326 audit(1755910497.554:12628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.478119][   T29] audit: type=1326 audit(1755910497.554:12629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.501790][   T29] audit: type=1326 audit(1755910497.554:12630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.525580][   T29] audit: type=1326 audit(1755910497.554:12631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.549222][   T29] audit: type=1326 audit(1755910497.554:12632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.572975][   T29] audit: type=1326 audit(1755910497.554:12633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.596770][   T29] audit: type=1326 audit(1755910497.554:12634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16250 comm="syz.1.4766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  275.702212][T16265] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  275.710446][T16265] tipc: Disabling bearer <eth:syzkaller0>
[  275.721712][T16263] loop5: detected capacity change from 0 to 1024
[  275.728550][T16263] EXT4-fs: Ignoring removed nomblk_io_submit option
[  275.754058][T16263] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.770945][T16270] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4771'.
[  275.780207][T16270] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  275.811632][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.863881][T16280] wg2: entered promiscuous mode
[  275.869029][T16280] wg2: entered allmulticast mode
[  275.884211][T16281] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4772'.
[  275.885065][T16280] atomic_op ffff88811faedd28 conn xmit_atomic 0000000000000000
[  275.893287][T16281] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4772'.
[  276.185120][T16297] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  276.291568][T16302] SELinux:  Context @ is not valid (left unmapped).
[  276.481572][T16308] netlink: 'syz.5.4787': attribute type 10 has an invalid length.
[  276.489541][T16308] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4787'.
[  276.730418][T16325] tipc: Started in network mode
[  276.735417][T16325] tipc: Node identity cab36f2f3624, cluster identity 4711
[  276.742646][T16325] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  276.751064][T16324] tipc: Disabling bearer <eth:syzkaller0>
[  276.830924][T16329] loop5: detected capacity change from 0 to 512
[  276.853809][T16329] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.866448][T16329] ext4 filesystem being mounted at /584/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  276.881729][T16329] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  276.896791][T16329] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28
[  276.909099][T16329] EXT4-fs (loop5): This should not happen!! Data will be lost
[  276.909099][T16329] 
[  276.918770][T16329] EXT4-fs (loop5): Total free blocks count 0
[  276.924787][T16329] EXT4-fs (loop5): Free/Dirty block details
[  276.930746][T16329] EXT4-fs (loop5): free_blocks=65280
[  276.936112][T16329] EXT4-fs (loop5): dirty_blocks=1
[  276.941284][T16329] EXT4-fs (loop5): Block reservation details
[  276.947290][T16329] EXT4-fs (loop5): i_reserved_data_blocks=1
[  276.968432][T16335] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4796'.
[  276.977511][T16335] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  276.987226][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.106881][T16348] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[  277.125012][T16348] sch_tbf: burst 2 is lower than device lo mtu (65550) !
[  277.243854][T16355] wg2: entered promiscuous mode
[  277.248766][T16355] wg2: entered allmulticast mode
[  277.256711][T16355] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4804'.
[  277.691860][T16383] netlink: 'syz.1.4816': attribute type 1 has an invalid length.
[  277.730283][T16392] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4819'.
[  277.741758][T16392] SELinux: security policydb version 17 (MLS) not backwards compatible
[  277.750492][T16392] SELinux: failed to load policy
[  277.766937][T16395] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4820'.
[  277.975278][T16419] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4832'.
[  277.986068][T16415] loop5: detected capacity change from 0 to 512
[  277.996014][T16415] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  278.013610][T16415] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c0a8, mo2=0002]
[  278.024832][T16415] System zones: 1-12
[  278.030418][T16415] EXT4-fs error (device loop5): ext4_xattr_inode_iget:437: inode #11: comm syz.5.4831: iget: bogus i_mode (700)
[  278.053622][T16415] EXT4-fs (loop5): Remounting filesystem read-only
[  278.060224][T16415] EXT4-fs (loop5): 1 orphan inode deleted
[  278.066926][T16415] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.111376][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.138770][T16425] loop5: detected capacity change from 0 to 2048
[  278.154006][T16425] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.173082][T16425] EXT4-fs error (device loop5): ext4_find_extent:939: inode #2: comm syz.5.4834: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  278.239482][T16425] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  278.280874][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.597124][T16450] SELinux: security policydb version 17 (MLS) not backwards compatible
[  278.605609][T16450] SELinux: failed to load policy
[  278.947754][T16473] random: crng reseeded on system resumption
[  279.021653][T16476] vlan2: entered promiscuous mode
[  279.026780][T16476] bridge0: entered promiscuous mode
[  279.202350][T16482] random: crng reseeded on system resumption
[  279.505604][T16484] loop5: detected capacity change from 0 to 8192
[  279.762772][T16519] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  280.030810][T16540] loop3: detected capacity change from 0 to 128
[  280.164149][T16548] __nla_validate_parse: 5 callbacks suppressed
[  280.164165][T16548] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4876'.
[  280.196543][ T3404] IPVS: starting estimator thread 0...
[  280.216618][T16548] loop3: detected capacity change from 0 to 512
[  280.255042][T16548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.292141][T16549] IPVS: using max 2832 ests per chain, 141600 per kthread
[  280.304826][T16548] ext4 filesystem being mounted at /258/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  280.323218][T16548] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #4: comm syz.3.4876: corrupted inode contents
[  280.353462][T16548] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #4: comm syz.3.4876: mark_inode_dirty error
[  280.370180][T16556] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4878'.
[  280.382398][   T29] kauditd_printk_skb: 707 callbacks suppressed
[  280.382464][   T29] audit: type=1326 audit(1755910502.534:13342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  280.412944][T16548] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #4: comm syz.3.4876: corrupted inode contents
[  280.422318][   T29] audit: type=1326 audit(1755910502.574:13343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  280.428385][T16548] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #4: comm syz.3.4876: mark_inode_dirty error
[  280.449042][   T29] audit: type=1326 audit(1755910502.574:13344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  280.461192][T16559] loop5: detected capacity change from 0 to 2048
[  280.484279][   T29] audit: type=1326 audit(1755910502.574:13345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  280.516256][T16548] Quota error (device loop3): write_blk: dquota write failed
[  280.517617][T16556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4878'.
[  280.523925][T16548] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  280.533127][T16556] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  280.542891][T16548] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.4876: Failed to acquire dquot type 1
[  280.551640][T16556] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (133)
[  280.575545][   T29] audit: type=1326 audit(1755910502.664:13346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f4291920a7c code=0x7ffc0000
[  280.599196][   T29] audit: type=1326 audit(1755910502.664:13347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f42919209b4 code=0x7ffc0000
[  280.623183][   T29] audit: type=1326 audit(1755910502.664:13348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f42919209b4 code=0x7ffc0000
[  280.626219][T16562] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #4: comm syz.3.4876: corrupted inode contents
[  280.646893][   T29] audit: type=1326 audit(1755910502.664:13349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16555 comm="syz.1.4878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  280.694582][T16559] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  280.710458][T16562] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #4: comm syz.3.4876: mark_inode_dirty error
[  280.723303][T16559] EXT4-fs error (device loop5): ext4_find_extent:939: inode #2: comm syz.5.4880: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  280.743223][T16562] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #4: comm syz.3.4876: corrupted inode contents
[  280.760206][T16559] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  280.769441][T16562] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #4: comm syz.3.4876: mark_inode_dirty error
[  280.794325][T16562] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.4876: Failed to acquire dquot type 1
[  280.808212][ T8046] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.818142][T16576] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.4884'.
[  280.835173][T16576] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4884'.
[  280.873558][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.884172][T16586] FAULT_INJECTION: forcing a failure.
[  280.884172][T16586] name failslab, interval 1, probability 0, space 0, times 0
[  280.896944][T16586] CPU: 1 UID: 0 PID: 16586 Comm: syz.5.4889 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  280.896979][T16586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  280.896995][T16586] Call Trace:
[  280.897003][T16586]  <TASK>
[  280.897013][T16586]  __dump_stack+0x1d/0x30
[  280.897039][T16586]  dump_stack_lvl+0xe8/0x140
[  280.897138][T16586]  dump_stack+0x15/0x1b
[  280.897159][T16586]  should_fail_ex+0x265/0x280
[  280.897184][T16586]  ? ftrace_profile_set_filter+0x96/0x1b0
[  280.897224][T16586]  should_failslab+0x8c/0xb0
[  280.897264][T16586]  __kmalloc_cache_noprof+0x4c/0x320
[  280.897332][T16586]  ftrace_profile_set_filter+0x96/0x1b0
[  280.897373][T16586]  perf_ioctl+0x7b3/0x12e0
[  280.897401][T16586]  ? ioctl_has_perm+0x289/0x2a0
[  280.897449][T16586]  ? do_vfs_ioctl+0x866/0xe10
[  280.897470][T16586]  ? selinux_file_ioctl+0x308/0x3a0
[  280.897494][T16586]  ? __fget_files+0x184/0x1c0
[  280.897525][T16586]  ? __pfx_perf_ioctl+0x10/0x10
[  280.897568][T16586]  __se_sys_ioctl+0xce/0x140
[  280.897601][T16586]  __x64_sys_ioctl+0x43/0x50
[  280.897659][T16586]  x64_sys_call+0x1816/0x2ff0
[  280.897685][T16586]  do_syscall_64+0xd2/0x200
[  280.897713][T16586]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  280.897736][T16586]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  280.897813][T16586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.897839][T16586] RIP: 0033:0x7ff47b35ebe9
[  280.897854][T16586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.897876][T16586] RSP: 002b:00007ff479dc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.897927][T16586] RAX: ffffffffffffffda RBX: 00007ff47b585fa0 RCX: 00007ff47b35ebe9
[  280.897944][T16586] RDX: 00002000000001c0 RSI: 0000000040082406 RDI: 0000000000000003
[  280.897960][T16586] RBP: 00007ff479dc7090 R08: 0000000000000000 R09: 0000000000000000
[  280.897975][T16586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.897989][T16586] R13: 00007ff47b586038 R14: 00007ff47b585fa0 R15: 00007ffc8ba3bc08
[  280.898006][T16586]  </TASK>
[  281.473606][T16612] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4901'.
[  281.526466][T16612] SELinux: security policydb version 17 (MLS) not backwards compatible
[  281.559264][T16612] SELinux: failed to load policy
[  281.897571][ T2663] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.058261][ T2663] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.126078][ T2663] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.254438][ T2663] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  282.390093][ T2663] bridge0: port 3(batadv0) entered disabled state
[  282.412291][ T2663] bridge_slave_1: left allmulticast mode
[  282.417969][ T2663] bridge_slave_1: left promiscuous mode
[  282.423793][ T2663] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.459273][ T2663] bridge_slave_0: left allmulticast mode
[  282.465002][ T2663] bridge_slave_0: left promiscuous mode
[  282.470766][ T2663] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.651498][ T2663] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  282.692286][ T2663] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  282.719963][ T2663] bond0 (unregistering): Released all slaves
[  282.834230][ T2663] tipc: Left network mode
[  283.022055][ T2663] hsr_slave_0: left promiscuous mode
[  283.097004][ T2663] hsr_slave_1: left promiscuous mode
[  283.102739][ T2663] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  283.110120][ T2663] batman_adv: batadv0: Removing interface: batadv_slave_0
[  283.132501][T16636] Set syz1 is full, maxelem 65536 reached
[  283.141511][ T2663] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  283.149030][ T2663] batman_adv: batadv0: Removing interface: batadv_slave_1
[  283.162118][ T2663] veth1_macvtap: left promiscuous mode
[  283.167769][ T2663] veth0_macvtap: left promiscuous mode
[  283.173503][ T2663] veth1_vlan: left promiscuous mode
[  283.291751][T16669] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4918'.
[  283.301070][T16669] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  283.312664][ T2663] team0 (unregistering): Port device team_slave_1 removed
[  283.334078][ T2663] team0 (unregistering): Port device team_slave_0 removed
[  283.380530][T16615] chnl_net:caif_netlink_parms(): no params data found
[  283.577764][T16615] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.584899][T16615] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.612127][T16615] bridge_slave_0: entered allmulticast mode
[  283.618667][T16615] bridge_slave_0: entered promiscuous mode
[  283.625614][T16615] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.632856][T16615] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.640163][T16615] bridge_slave_1: entered allmulticast mode
[  283.647153][T16615] bridge_slave_1: entered promiscuous mode
[  283.667788][T16615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  283.682474][T16615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  283.709764][T16615] team0: Port device team_slave_0 added
[  283.748360][ T2663] IPVS: stop unused estimator thread 0...
[  283.756090][T16615] team0: Port device team_slave_1 added
[  283.778473][T16615] batman_adv: batadv0: Adding interface: batadv_slave_0
[  283.785496][T16615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.811715][T16615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  283.834768][T16615] batman_adv: batadv0: Adding interface: batadv_slave_1
[  283.841880][T16615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.867908][T16615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  283.929724][T16615] hsr_slave_0: entered promiscuous mode
[  283.941120][T16615] hsr_slave_1: entered promiscuous mode
[  283.951037][T16615] debugfs: 'hsr0' already exists in 'hsr'
[  283.956849][T16615] Cannot create hsr debugfs directory
[  283.998763][T16711] FAULT_INJECTION: forcing a failure.
[  283.998763][T16711] name failslab, interval 1, probability 0, space 0, times 0
[  284.011683][T16711] CPU: 1 UID: 0 PID: 16711 Comm: syz.0.4933 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  284.011715][T16711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  284.011832][T16711] Call Trace:
[  284.011838][T16711]  <TASK>
[  284.011845][T16711]  __dump_stack+0x1d/0x30
[  284.011933][T16711]  dump_stack_lvl+0xe8/0x140
[  284.011972][T16711]  dump_stack+0x15/0x1b
[  284.012070][T16711]  should_fail_ex+0x265/0x280
[  284.012089][T16711]  ? proc_do_submiturb+0x83d/0x1d20
[  284.012117][T16711]  should_failslab+0x8c/0xb0
[  284.012216][T16711]  __kmalloc_cache_noprof+0x4c/0x320
[  284.012244][T16711]  proc_do_submiturb+0x83d/0x1d20
[  284.012273][T16711]  ? proc_do_submiturb+0xc1/0x1d20
[  284.012343][T16711]  ? should_fail_ex+0xdb/0x280
[  284.012363][T16711]  proc_submiturb+0x7b/0xa0
[  284.012388][T16711]  usbdev_ioctl+0xcc2/0x1710
[  284.012419][T16711]  ? __pfx_usbdev_ioctl+0x10/0x10
[  284.012479][T16711]  __se_sys_ioctl+0xce/0x140
[  284.012546][T16711]  __x64_sys_ioctl+0x43/0x50
[  284.012574][T16711]  x64_sys_call+0x1816/0x2ff0
[  284.012594][T16711]  do_syscall_64+0xd2/0x200
[  284.012618][T16711]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  284.012674][T16711]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  284.012697][T16711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.012717][T16711] RIP: 0033:0x7f7c240bebe9
[  284.012732][T16711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.012765][T16711] RSP: 002b:00007f7c22b27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  284.012784][T16711] RAX: ffffffffffffffda RBX: 00007f7c242e5fa0 RCX: 00007f7c240bebe9
[  284.012796][T16711] RDX: 0000200000000000 RSI: 000000008038550a RDI: 0000000000000006
[  284.012870][T16711] RBP: 00007f7c22b27090 R08: 0000000000000000 R09: 0000000000000000
[  284.012881][T16711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.012899][T16711] R13: 00007f7c242e6038 R14: 00007f7c242e5fa0 R15: 00007ffcfc9cd688
[  284.012917][T16711]  </TASK>
[  284.147135][T16717] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4935'.
[  284.222392][T16717] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4935'.
[  284.545406][T16615] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  284.556108][T16615] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  284.566368][T16615] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  284.578824][T16615] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  284.663359][T16615] 8021q: adding VLAN 0 to HW filter on device bond0
[  284.676841][T16615] 8021q: adding VLAN 0 to HW filter on device team0
[  284.684348][T16754] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4948'.
[  284.705037][T16753] loop3: detected capacity change from 0 to 512
[  284.714204][ T3326] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.721363][ T3326] bridge0: port 1(bridge_slave_0) entered forwarding state
[  284.724099][T16754] SELinux: security policydb version 17 (MLS) not backwards compatible
[  284.738509][T16754] SELinux: failed to load policy
[  284.745657][ T3445] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.752774][ T3445] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.786846][T16753] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.809851][T16753] ext4 filesystem being mounted at /268/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  284.814553][T16615] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  284.830679][T16615] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  284.926159][T16753] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  284.950355][T16753] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28
[  284.962768][T16753] EXT4-fs (loop3): This should not happen!! Data will be lost
[  284.962768][T16753] 
[  284.972522][T16753] EXT4-fs (loop3): Total free blocks count 0
[  284.978629][T16753] EXT4-fs (loop3): Free/Dirty block details
[  284.984634][T16753] EXT4-fs (loop3): free_blocks=65280
[  284.990077][T16753] EXT4-fs (loop3): dirty_blocks=1
[  284.995175][T16753] EXT4-fs (loop3): Block reservation details
[  284.995247][T16615] 8021q: adding VLAN 0 to HW filter on device batadv0
[  285.001165][T16753] EXT4-fs (loop3): i_reserved_data_blocks=1
[  285.055758][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.146445][T16792] loop3: detected capacity change from 0 to 2048
[  285.195011][T16792] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  285.232582][T16615] veth0_vlan: entered promiscuous mode
[  285.242333][T16615] veth1_vlan: entered promiscuous mode
[  285.262645][T16615] veth0_macvtap: entered promiscuous mode
[  285.270875][T16615] veth1_macvtap: entered promiscuous mode
[  285.343599][T16615] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.386326][T16615] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.423305][   T29] kauditd_printk_skb: 313 callbacks suppressed
[  285.423323][   T29] audit: type=1326 audit(1755910507.574:13660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.454100][T16812] xt_limit: Overflow, try lower: 604147548/4200216962
[  285.473786][  T163] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.520962][   T29] audit: type=1326 audit(1755910507.604:13661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.544575][   T29] audit: type=1326 audit(1755910507.604:13662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.568243][   T29] audit: type=1326 audit(1755910507.604:13663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.591888][   T29] audit: type=1326 audit(1755910507.604:13664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.615520][   T29] audit: type=1326 audit(1755910507.604:13665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.663960][   T29] audit: type=1326 audit(1755910507.724:13666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.687732][   T29] audit: type=1326 audit(1755910507.724:13667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16806 comm="syz.0.4961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  285.747371][  T163] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.768594][  T163] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.768683][T16738] Set syz1 is full, maxelem 65536 reached
[  285.768715][  T163] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.779048][   T29] audit: type=1400 audit(1755910507.904:13668): avc:  denied  { mounton } for  pid=16615 comm="syz-executor" path="/root/syzkaller.azz8h1/syz-tmp" dev="sda1" ino=2057 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  285.816665][   T29] audit: type=1400 audit(1755910507.904:13669): avc:  denied  { mount } for  pid=16615 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  285.985024][T16792] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.198976][T16832] loop5: detected capacity change from 0 to 512
[  286.228183][T16832] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.249045][T16832] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  286.275570][T16832] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.4968: corrupted inode contents
[  286.308369][T16844] loop3: detected capacity change from 0 to 256
[  286.310513][T16832] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.4968: mark_inode_dirty error
[  286.328309][T16832] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.4968: corrupted inode contents
[  286.340714][T16849] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.4968: corrupted inode contents
[  286.353119][T16849] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.4968: mark_inode_dirty error
[  286.366306][T16849] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.4968: corrupted inode contents
[  286.452920][T16832] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.4968: corrupted inode contents
[  286.475674][T16832] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #2: comm syz.5.4968: mark_inode_dirty error
[  286.489416][T16859] loop3: detected capacity change from 0 to 512
[  286.500463][T16832] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #2: comm syz.5.4968: corrupted inode contents
[  286.515639][T16859] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.528901][T16859] ext4 filesystem being mounted at /273/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  286.539556][T16832] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.4968: mark_inode_dirty error
[  286.561782][T16859] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  286.582954][T16867] netlink: 'syz.0.4980': attribute type 1 has an invalid length.
[  286.603122][T16859] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28
[  286.615499][T16859] EXT4-fs (loop3): This should not happen!! Data will be lost
[  286.615499][T16859] 
[  286.625174][T16859] EXT4-fs (loop3): Total free blocks count 0
[  286.631177][T16859] EXT4-fs (loop3): Free/Dirty block details
[  286.637124][T16859] EXT4-fs (loop3): free_blocks=65280
[  286.642516][T16859] EXT4-fs (loop3): dirty_blocks=1
[  286.647582][T16859] EXT4-fs (loop3): Block reservation details
[  286.653615][T16859] EXT4-fs (loop3): i_reserved_data_blocks=1
[  286.697771][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.736569][T16873] loop3: detected capacity change from 0 to 1024
[  286.757048][T16873] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  286.767978][T16873] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  286.796329][T16873] JBD2: no valid journal superblock found
[  286.802148][T16873] EXT4-fs (loop3): Could not load journal inode
[  286.810390][T16875] __nla_validate_parse: 2 callbacks suppressed
[  286.810404][T16875] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4983'.
[  286.828339][T16875] SELinux: security policydb version 17 (MLS) not backwards compatible
[  286.836820][T16875] SELinux: failed to load policy
[  287.017806][T16890] FAULT_INJECTION: forcing a failure.
[  287.017806][T16890] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.031116][T16890] CPU: 1 UID: 0 PID: 16890 Comm: syz.2.4989 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  287.031221][T16890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  287.031236][T16890] Call Trace:
[  287.031266][T16890]  <TASK>
[  287.031274][T16890]  __dump_stack+0x1d/0x30
[  287.031295][T16890]  dump_stack_lvl+0xe8/0x140
[  287.031385][T16890]  dump_stack+0x15/0x1b
[  287.031403][T16890]  should_fail_ex+0x265/0x280
[  287.031427][T16890]  should_fail+0xb/0x20
[  287.031446][T16890]  should_fail_usercopy+0x1a/0x20
[  287.031471][T16890]  _copy_to_user+0x20/0xa0
[  287.031582][T16890]  ucma_destroy_id+0x1a9/0x1d0
[  287.031610][T16890]  ucma_write+0x1b3/0x250
[  287.031630][T16890]  ? __pfx_ucma_write+0x10/0x10
[  287.031715][T16890]  vfs_write+0x266/0x960
[  287.031739][T16890]  ? __rcu_read_unlock+0x4f/0x70
[  287.031759][T16890]  ? __fget_files+0x184/0x1c0
[  287.031784][T16890]  ksys_write+0xda/0x1a0
[  287.031884][T16890]  __x64_sys_write+0x40/0x50
[  287.031905][T16890]  x64_sys_call+0x27fe/0x2ff0
[  287.031942][T16890]  do_syscall_64+0xd2/0x200
[  287.031978][T16890]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  287.032075][T16890]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  287.032159][T16890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.032236][T16890] RIP: 0033:0x7f0d2cc1ebe9
[  287.032253][T16890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.032322][T16890] RSP: 002b:00007f0d2b687038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  287.032347][T16890] RAX: ffffffffffffffda RBX: 00007f0d2ce45fa0 RCX: 00007f0d2cc1ebe9
[  287.032361][T16890] RDX: 0000000000000018 RSI: 0000200000000f80 RDI: 0000000000000003
[  287.032376][T16890] RBP: 00007f0d2b687090 R08: 0000000000000000 R09: 0000000000000000
[  287.032390][T16890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.032434][T16890] R13: 00007f0d2ce46038 R14: 00007f0d2ce45fa0 R15: 00007ffde3c78eb8
[  287.032453][T16890]  </TASK>
[  288.149464][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.159669][T16934] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5007'.
[  288.294065][T16944] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5011'.
[  288.303851][T16944] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  288.316018][T16947] loop5: detected capacity change from 0 to 512
[  288.367528][T16922] Set syz1 is full, maxelem 65536 reached
[  288.813244][T16964] loop5: detected capacity change from 0 to 128
[  289.193049][T16985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5024'.
[  289.202026][T16985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5024'.
[  289.329400][T16991] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5028'.
[  289.700914][T17020] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5041'.
[  289.714032][T17021] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5038'.
[  289.722995][T17021] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5038'.
[  289.863109][T17034] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5047'.
[  289.903696][T17034] SELinux: security policydb version 17 (MLS) not backwards compatible
[  289.918898][T17034] SELinux: failed to load policy
[  290.047276][T17053] FAULT_INJECTION: forcing a failure.
[  290.047276][T17053] name failslab, interval 1, probability 0, space 0, times 0
[  290.060107][T17053] CPU: 0 UID: 0 PID: 17053 Comm: syz.2.5056 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  290.060139][T17053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  290.060150][T17053] Call Trace:
[  290.060157][T17053]  <TASK>
[  290.060166][T17053]  __dump_stack+0x1d/0x30
[  290.060189][T17053]  dump_stack_lvl+0xe8/0x140
[  290.060213][T17053]  dump_stack+0x15/0x1b
[  290.060234][T17053]  should_fail_ex+0x265/0x280
[  290.060288][T17053]  should_failslab+0x8c/0xb0
[  290.060317][T17053]  kmem_cache_alloc_noprof+0x50/0x310
[  290.060350][T17053]  ? audit_log_start+0x365/0x6c0
[  290.060448][T17053]  audit_log_start+0x365/0x6c0
[  290.060479][T17053]  audit_seccomp+0x48/0x100
[  290.060514][T17053]  ? __seccomp_filter+0x68c/0x10d0
[  290.060539][T17053]  __seccomp_filter+0x69d/0x10d0
[  290.060566][T17053]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  290.060597][T17053]  ? vfs_write+0x7e8/0x960
[  290.060638][T17053]  __secure_computing+0x82/0x150
[  290.060663][T17053]  syscall_trace_enter+0xcf/0x1e0
[  290.060692][T17053]  do_syscall_64+0xac/0x200
[  290.060742][T17053]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  290.060765][T17053]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  290.060795][T17053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.060876][T17053] RIP: 0033:0x7f0d2cc1ebe9
[  290.060900][T17053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.060942][T17053] RSP: 002b:00007f0d2b687038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046
[  290.060967][T17053] RAX: ffffffffffffffda RBX: 00007f0d2ce45fa0 RCX: 00007f0d2cc1ebe9
[  290.060983][T17053] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  290.060998][T17053] RBP: 00007f0d2b687090 R08: 0000000000000000 R09: 0000000000000000
[  290.061014][T17053] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  290.061028][T17053] R13: 00007f0d2ce46038 R14: 00007f0d2ce45fa0 R15: 00007ffde3c78eb8
[  290.061065][T17053]  </TASK>
[  290.479282][T17070] loop5: detected capacity change from 0 to 1024
[  290.502278][T17070] EXT4-fs: Ignoring removed orlov option
[  290.516102][T17070] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.808378][T17093] SELinux: security policydb version 17 (MLS) not backwards compatible
[  290.817679][T17093] SELinux: failed to load policy
[  290.835701][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.860474][T17095] bridge: RTM_NEWNEIGH with invalid ether address
[  290.955767][T17104] loop5: detected capacity change from 0 to 256
[  291.089261][T17124] bridge: RTM_NEWNEIGH with invalid ether address
[  291.159541][   T29] kauditd_printk_skb: 426 callbacks suppressed
[  291.159559][   T29] audit: type=1326 audit(1755910513.294:14094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.189516][   T29] audit: type=1326 audit(1755910513.294:14095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.213194][   T29] audit: type=1326 audit(1755910513.294:14096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.236786][   T29] audit: type=1326 audit(1755910513.294:14097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.260694][   T29] audit: type=1326 audit(1755910513.294:14098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.284493][   T29] audit: type=1326 audit(1755910513.294:14099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.308655][   T29] audit: type=1326 audit(1755910513.294:14100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.332630][   T29] audit: type=1326 audit(1755910513.294:14101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.356711][   T29] audit: type=1326 audit(1755910513.294:14102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.380348][   T29] audit: type=1326 audit(1755910513.294:14103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17129 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f429191ebe9 code=0x7ffc0000
[  291.556729][T17151] FAULT_INJECTION: forcing a failure.
[  291.556729][T17151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  291.569923][T17151] CPU: 1 UID: 0 PID: 17151 Comm: syz.5.5099 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  291.570023][T17151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.570037][T17151] Call Trace:
[  291.570049][T17151]  <TASK>
[  291.570058][T17151]  __dump_stack+0x1d/0x30
[  291.570083][T17151]  dump_stack_lvl+0xe8/0x140
[  291.570187][T17151]  dump_stack+0x15/0x1b
[  291.570205][T17151]  should_fail_ex+0x265/0x280
[  291.570227][T17151]  should_fail+0xb/0x20
[  291.570247][T17151]  should_fail_usercopy+0x1a/0x20
[  291.570302][T17151]  strncpy_from_user+0x25/0x230
[  291.570335][T17151]  ? kmem_cache_alloc_noprof+0x186/0x310
[  291.570361][T17151]  ? getname_flags+0x80/0x3b0
[  291.570387][T17151]  getname_flags+0xae/0x3b0
[  291.570445][T17151]  do_sys_openat2+0x60/0x110
[  291.570545][T17151]  __x64_sys_openat+0xf2/0x120
[  291.570578][T17151]  x64_sys_call+0x2e9c/0x2ff0
[  291.570658][T17151]  do_syscall_64+0xd2/0x200
[  291.570684][T17151]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  291.570708][T17151]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  291.570757][T17151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.570784][T17151] RIP: 0033:0x7fd4784cd550
[  291.570822][T17151] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  291.570845][T17151] RSP: 002b:00007fd476f36f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  291.570870][T17151] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd4784cd550
[  291.570887][T17151] RDX: 0000000000000002 RSI: 00007fd476f36fa0 RDI: 00000000ffffff9c
[  291.570900][T17151] RBP: 00007fd476f36fa0 R08: 0000000000000000 R09: 0000000000000000
[  291.570915][T17151] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  291.570929][T17151] R13: 00007fd4786f6038 R14: 00007fd4786f5fa0 R15: 00007ffc026cc938
[  291.571028][T17151]  </TASK>
[  291.980715][T17172] __nla_validate_parse: 7 callbacks suppressed
[  291.980733][T17172] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5107'.
[  292.396743][T17199] FAULT_INJECTION: forcing a failure.
[  292.396743][T17199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  292.409869][T17199] CPU: 0 UID: 0 PID: 17199 Comm: syz.0.5119 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  292.409899][T17199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  292.409914][T17199] Call Trace:
[  292.409923][T17199]  <TASK>
[  292.409931][T17199]  __dump_stack+0x1d/0x30
[  292.409952][T17199]  dump_stack_lvl+0xe8/0x140
[  292.410028][T17199]  dump_stack+0x15/0x1b
[  292.410044][T17199]  should_fail_ex+0x265/0x280
[  292.410099][T17199]  should_fail+0xb/0x20
[  292.410119][T17199]  should_fail_usercopy+0x1a/0x20
[  292.410143][T17199]  _copy_from_user+0x1c/0xb0
[  292.410176][T17199]  bpf_test_init+0xdf/0x160
[  292.410197][T17199]  bpf_prog_test_run_skb+0x144/0xbd0
[  292.410224][T17199]  ? __rcu_read_unlock+0x4f/0x70
[  292.410293][T17199]  ? __fget_files+0x184/0x1c0
[  292.410319][T17199]  ? __rcu_read_unlock+0x4f/0x70
[  292.410407][T17199]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  292.410427][T17199]  bpf_prog_test_run+0x227/0x390
[  292.410462][T17199]  __sys_bpf+0x4b9/0x7b0
[  292.410570][T17199]  __x64_sys_bpf+0x41/0x50
[  292.410625][T17199]  x64_sys_call+0x2aea/0x2ff0
[  292.410645][T17199]  do_syscall_64+0xd2/0x200
[  292.410726][T17199]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  292.410752][T17199]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  292.410853][T17199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.410875][T17199] RIP: 0033:0x7f7c240bebe9
[  292.410891][T17199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  292.410908][T17199] RSP: 002b:00007f7c22b27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  292.410928][T17199] RAX: ffffffffffffffda RBX: 00007f7c242e5fa0 RCX: 00007f7c240bebe9
[  292.410941][T17199] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 000000000000000a
[  292.411037][T17199] RBP: 00007f7c22b27090 R08: 0000000000000000 R09: 0000000000000000
[  292.411051][T17199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  292.411064][T17199] R13: 00007f7c242e6038 R14: 00007f7c242e5fa0 R15: 00007ffcfc9cd688
[  292.411084][T17199]  </TASK>
[  292.645026][T17203] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5120'.
[  292.660916][T17203] SELinux: security policydb version 17 (MLS) not backwards compatible
[  292.682149][T17203] SELinux: failed to load policy
[  292.805417][T17216] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5124'.
[  292.814369][T17216] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5124'.
[  292.827552][T17218] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5126'.
[  292.836546][T17218] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5126'.
[  293.182552][T17238] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  293.394758][T17237] netlink: 120 bytes leftover after parsing attributes in process `syz.0.5132'.
[  293.574072][T17247] loop5: detected capacity change from 0 to 512
[  293.582949][T17247] EXT4-fs: Ignoring removed bh option
[  293.589090][T17247] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  293.598214][T17247] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  293.612470][T17247] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended
[  293.623093][T17247] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  293.631738][T17247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  293.652663][T17247] netlink: 180 bytes leftover after parsing attributes in process `syz.5.5136'.
[  293.663917][T17247] netlink: 180 bytes leftover after parsing attributes in process `syz.5.5136'.
[  293.673853][T17247] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.5136: bg 0: block 353: padding at end of block bitmap is not set
[  293.721585][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.749069][T17256] loop5: detected capacity change from 0 to 2048
[  293.807034][T17256] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  293.823153][T17256] EXT4-fs error (device loop5): ext4_find_extent:939: inode #2: comm syz.5.5139: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  293.868309][T17256] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  293.906495][T17266] netlink: 'syz.3.5143': attribute type 11 has an invalid length.
[  293.966297][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.991517][T17273] bridge: RTM_NEWNEIGH with invalid ether address
[  294.007693][   T23] Process accounting resumed
[  294.141296][T17286] loop5: detected capacity change from 0 to 2048
[  294.174043][T17286] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.188596][T17286] EXT4-fs error (device loop5): ext4_find_extent:939: inode #2: comm syz.5.5152: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  294.205116][T17291] macvtap0: refused to change device tx_queue_len
[  294.227865][T17286] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  294.264831][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.283253][T17298] loop5: detected capacity change from 0 to 128
[  294.335722][T17305] bridge: RTM_NEWNEIGH with invalid ether address
[  294.435992][T17315] loop5: detected capacity change from 0 to 512
[  294.450985][T17315] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  294.471329][T17315] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.5163: bad orphan inode 15
[  294.493704][T17315] ext4_test_bit(bit=14, block=18) = 1
[  294.499133][T17315] is_bad_inode(inode)=0
[  294.503331][T17315] NEXT_ORPHAN(inode)=1023
[  294.507687][T17315] max_ino=32
[  294.510892][T17315] i_nlink=0
[  294.515089][T17315] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2962: inode #15: comm syz.5.5163: corrupted xattr block 19: invalid header
[  294.528959][T17315] EXT4-fs warning (device loop5): ext4_evict_inode:274: xattr delete (err -117)
[  294.539679][T17315] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  294.552997][T17315] ext2 filesystem being mounted at /37/�q�Y�3aK supports timestamps until 2038-01-19 (0x7fffffff)
[  294.764524][T17323] loop3: detected capacity change from 0 to 256
[  294.810622][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  295.003583][T17337] loop5: detected capacity change from 0 to 128
[  295.123933][T17341] netlink: 'syz.3.5172': attribute type 6 has an invalid length.
[  295.148920][T17341] bridge: RTM_NEWNEIGH with invalid ether address
[  295.228741][T17345] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5174'.
[  295.381456][T17354] FAULT_INJECTION: forcing a failure.
[  295.381456][T17354] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  295.394869][T17354] CPU: 0 UID: 0 PID: 17354 Comm: syz.2.5176 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  295.394901][T17354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  295.394916][T17354] Call Trace:
[  295.394925][T17354]  <TASK>
[  295.394935][T17354]  __dump_stack+0x1d/0x30
[  295.394977][T17354]  dump_stack_lvl+0xe8/0x140
[  295.394996][T17354]  dump_stack+0x15/0x1b
[  295.395016][T17354]  should_fail_ex+0x265/0x280
[  295.395039][T17354]  should_fail_alloc_page+0xf2/0x100
[  295.395071][T17354]  __alloc_frozen_pages_noprof+0xff/0x360
[  295.395107][T17354]  alloc_pages_mpol+0xb3/0x250
[  295.395139][T17354]  folio_alloc_mpol_noprof+0x39/0x80
[  295.395204][T17354]  shmem_get_folio_gfp+0x3cf/0xd60
[  295.395254][T17354]  ? simple_xattr_get+0xb9/0x120
[  295.395284][T17354]  shmem_write_begin+0xa8/0x190
[  295.395304][T17354]  generic_perform_write+0x184/0x490
[  295.395329][T17354]  ? _raw_spin_unlock+0x26/0x50
[  295.395406][T17354]  shmem_file_write_iter+0xc5/0xf0
[  295.395429][T17354]  iter_file_splice_write+0x666/0xa60
[  295.395461][T17354]  ? __pfx_iter_file_splice_write+0x10/0x10
[  295.395486][T17354]  do_splice+0x977/0x10b0
[  295.395586][T17354]  ? __rcu_read_unlock+0x4f/0x70
[  295.395606][T17354]  ? __fget_files+0x184/0x1c0
[  295.395635][T17354]  __se_sys_splice+0x26c/0x3a0
[  295.395660][T17354]  __x64_sys_splice+0x78/0x90
[  295.395685][T17354]  x64_sys_call+0x28a3/0x2ff0
[  295.395710][T17354]  do_syscall_64+0xd2/0x200
[  295.395735][T17354]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  295.395763][T17354]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  295.395815][T17354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.395842][T17354] RIP: 0033:0x7f0d2cc1ebe9
[  295.395858][T17354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.395875][T17354] RSP: 002b:00007f0d2b666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  295.395895][T17354] RAX: ffffffffffffffda RBX: 00007f0d2ce46090 RCX: 00007f0d2cc1ebe9
[  295.395944][T17354] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  295.395959][T17354] RBP: 00007f0d2b666090 R08: 0000000100000004 R09: 0000000000000000
[  295.395974][T17354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.395989][T17354] R13: 00007f0d2ce46128 R14: 00007f0d2ce46090 R15: 00007ffde3c78eb8
[  295.396007][T17354]  </TASK>
[  295.930473][T17376] loop3: detected capacity change from 0 to 1024
[  295.937922][T17376] EXT4-fs: Ignoring removed orlov option
[  295.947551][T17376] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  296.156900][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.236239][T17395] loop3: detected capacity change from 0 to 128
[  296.246991][T17395] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  296.260568][   T29] kauditd_printk_skb: 385 callbacks suppressed
[  296.260585][   T29] audit: type=1326 audit(1755910518.404:14489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.266997][T17395] ext4 filesystem being mounted at /311/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  296.302704][   T29] audit: type=1326 audit(1755910518.434:14490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.310940][T17395] SELinux: security policydb version 17 (MLS) not backwards compatible
[  296.326605][   T29] audit: type=1326 audit(1755910518.434:14491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.358509][   T29] audit: type=1326 audit(1755910518.434:14492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.382178][   T29] audit: type=1326 audit(1755910518.434:14493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.405777][   T29] audit: type=1326 audit(1755910518.434:14494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.411091][T17395] SELinux: failed to load policy
[  296.429492][   T29] audit: type=1326 audit(1755910518.434:14495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.429534][   T29] audit: type=1326 audit(1755910518.434:14496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.429563][   T29] audit: type=1326 audit(1755910518.444:14497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.505299][   T29] audit: type=1326 audit(1755910518.444:14498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17388 comm="syz.0.5191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f7c240bebe9 code=0x7ffc0000
[  296.553325][T17407] netlink: 'syz.1.5196': attribute type 10 has an invalid length.
[  296.573264][T12171] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  296.579326][T17407] bridge0: port 3(batadv0) entered disabled state
[  296.589788][T17407] batadv0: left allmulticast mode
[  296.595129][T17407] batadv0: left promiscuous mode
[  296.600319][T17407] bridge0: port 3(batadv0) entered disabled state
[  296.607328][T17410] netlink: 'syz.0.5198': attribute type 21 has an invalid length.
[  296.618814][T17407] 8021q: adding VLAN 0 to HW filter on device batadv0
[  296.631051][T17407] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  297.080715][T17448] lo speed is unknown, defaulting to 1000
[  297.087555][T17448] lo speed is unknown, defaulting to 1000
[  297.094465][T17448] lo speed is unknown, defaulting to 1000
[  297.100984][T17448] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  297.112318][T17448] lo speed is unknown, defaulting to 1000
[  297.118550][T17448] lo speed is unknown, defaulting to 1000
[  297.124719][T17448] lo speed is unknown, defaulting to 1000
[  297.130950][T17448] lo speed is unknown, defaulting to 1000
[  297.137153][T17448] lo speed is unknown, defaulting to 1000
[  298.110128][T17483] __nla_validate_parse: 5 callbacks suppressed
[  298.110143][T17483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5226'.
[  298.158137][T17486] netlink: 'syz.3.5227': attribute type 6 has an invalid length.
[  298.179453][T17483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5226'.
[  298.202960][T17486] bridge: RTM_NEWNEIGH with invalid ether address
[  298.239784][T17483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5226'.
[  298.371313][T17500] IPv6: Can't replace route, no match found
[  298.430978][T17500] rdma_op ffff88811a280180 conn xmit_rdma 0000000000000000
[  298.521238][T17500] loop3: detected capacity change from 0 to 2048
[  298.618346][T17500] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  298.706201][T17479] Set syz1 is full, maxelem 65536 reached
[  298.745004][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.813444][T17518] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5238'.
[  298.823687][T17518] loop5: detected capacity change from 0 to 128
[  298.839198][T17518] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  298.861700][T17518] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  298.986529][T17526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5241'.
[  299.019295][T17526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5241'.
[  299.058200][T16615] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  299.085273][T17526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5241'.
[  299.178730][T17543] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5248'.
[  299.245421][T17553] macvtap0: refused to change device tx_queue_len
[  299.306905][T17564] netlink: 92 bytes leftover after parsing attributes in process `syz.2.5256'.
[  299.438669][T17581] loop3: detected capacity change from 0 to 2048
[  299.466181][T17581] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  299.490353][T17581] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.5264: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  299.541602][T17581] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  299.575903][T17597] netlink: 'syz.2.5270': attribute type 10 has an invalid length.
[  299.588107][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.838119][T17614] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5278'.
[  299.885325][T17632] loop9: detected capacity change from 0 to 7
[  299.894294][T17632] Buffer I/O error on dev loop9, logical block 0, async page read
[  299.918044][T17634] loop3: detected capacity change from 0 to 2048
[  299.925159][T17632] Buffer I/O error on dev loop9, logical block 0, async page read
[  299.933154][T17632]  loop9: unable to read partition table
[  299.939679][T17632] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  299.939679][T17632] 
) failed (rc=-5)
[  299.958958][T17632] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17632 comm=syz.0.5283
[  299.982839][T17634] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  300.013792][T17634] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.5285: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  300.062693][T17634] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  300.218701][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.450282][T17674] loop5: detected capacity change from 0 to 736
[  300.465556][T17691] pim6reg: entered allmulticast mode
[  300.475468][T17691] pim6reg: left allmulticast mode
[  300.581401][T17674] rock: directory entry would overflow storage
[  300.588740][T17674] rock: sig=0x3b10, size=4, remaining=3
[  300.730723][T17696] tipc: Enabled bearer <eth:macvtap0>, priority 10
[  300.823091][T17698] loop3: detected capacity change from 0 to 128
[  300.842675][T17698] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  300.856733][T17698] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  300.868701][T17698] SELinux: security policydb version 17 (MLS) not backwards compatible
[  300.878240][T17698] SELinux: failed to load policy
[  301.003568][T12171] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  301.052060][T17706] netlink: 'syz.0.5316': attribute type 10 has an invalid length.
[  301.056325][T17708] netlink: 'syz.3.5315': attribute type 10 has an invalid length.
[  301.071996][T17706] bridge0: port 3(batadv0) entered disabled state
[  301.085703][T17706] batadv0: left allmulticast mode
[  301.090864][T17706] batadv0: left promiscuous mode
[  301.096196][T17706] bridge0: port 3(batadv0) entered disabled state
[  301.233921][T17706] 8021q: adding VLAN 0 to HW filter on device batadv0
[  301.243390][T17706] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  301.254327][T17708] bridge0: port 3(batadv0) entered disabled state
[  301.263088][T17708] batadv0: left allmulticast mode
[  301.268169][T17708] batadv0: left promiscuous mode
[  301.273354][T17708] bridge0: port 3(batadv0) entered disabled state
[  301.293272][T17708] 8021q: adding VLAN 0 to HW filter on device batadv0
[  301.327039][T17708] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  301.327786][T17713] loop5: detected capacity change from 0 to 512
[  301.362234][T17715] SELinux: security policydb version 17 (MLS) not backwards compatible
[  301.374964][T17713] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.387586][T17715] SELinux: failed to load policy
[  301.402056][T17713] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  301.452543][T17713] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  301.480064][   T29] kauditd_printk_skb: 439 callbacks suppressed
[  301.480091][   T29] audit: type=1326 audit(1755910523.624:14938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.490083][T17713] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28
[  301.509932][   T29] audit: type=1326 audit(1755910523.624:14939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.522317][T17713] EXT4-fs (loop5): This should not happen!! Data will be lost
[  301.522317][T17713] 
[  301.555648][T17713] EXT4-fs (loop5): Total free blocks count 0
[  301.561747][T17713] EXT4-fs (loop5): Free/Dirty block details
[  301.567776][T17713] EXT4-fs (loop5): free_blocks=65280
[  301.573274][T17713] EXT4-fs (loop5): dirty_blocks=1
[  301.578354][T17713] EXT4-fs (loop5): Block reservation details
[  301.584425][T17713] EXT4-fs (loop5): i_reserved_data_blocks=1
[  301.643517][   T29] audit: type=1326 audit(1755910523.624:14940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.667923][   T29] audit: type=1326 audit(1755910523.624:14941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.691859][   T29] audit: type=1326 audit(1755910523.624:14942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.715617][   T29] audit: type=1326 audit(1755910523.624:14943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.739529][   T29] audit: type=1326 audit(1755910523.624:14944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.763321][   T29] audit: type=1326 audit(1755910523.624:14945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.787274][   T29] audit: type=1326 audit(1755910523.624:14946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.789888][T17732] SELinux: security policydb version 17 (MLS) not backwards compatible
[  301.810945][   T29] audit: type=1326 audit(1755910523.624:14947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17720 comm="syz.3.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfb04ebe9 code=0x7ffc0000
[  301.830007][T17732] SELinux: failed to load policy
[  301.842906][ T3390] tipc: Node number set to 1082518762
[  301.858803][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.899469][T17738] loop9: detected capacity change from 0 to 7
[  301.912184][T17738] Buffer I/O error on dev loop9, logical block 0, async page read
[  301.932238][T17738] Buffer I/O error on dev loop9, logical block 0, async page read
[  301.940088][T17738]  loop9: unable to read partition table
[  301.962273][T17738] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  301.962273][T17738] 
) failed (rc=-5)
[  301.996570][T17743] netlink: 'syz.0.5329': attribute type 10 has an invalid length.
[  302.053974][T17751] lo speed is unknown, defaulting to 1000
[  302.258773][T17767] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[  302.283905][T17771] macvtap0: refused to change device tx_queue_len
[  302.340517][T17783] loop9: detected capacity change from 0 to 7
[  302.347020][T17783] Buffer I/O error on dev loop9, logical block 0, async page read
[  302.380403][T17783] Buffer I/O error on dev loop9, logical block 0, async page read
[  302.388397][T17783]  loop9: unable to read partition table
[  302.394417][T17783] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  302.394417][T17783] 
) failed (rc=-5)
[  302.916570][T17807] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17807 comm=syz.0.5357
[  303.074531][T17820] macvtap0: refused to change device tx_queue_len
[  303.251484][T17793] Set syz1 is full, maxelem 65536 reached
[  303.271591][T17828] loop5: detected capacity change from 0 to 512
[  303.334772][T17828] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  303.357739][T17828] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.378693][T17828] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  303.398024][T17838] __nla_validate_parse: 9 callbacks suppressed
[  303.398043][T17838] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5369'.
[  303.402100][T17828] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28
[  303.425909][T17828] EXT4-fs (loop5): This should not happen!! Data will be lost
[  303.425909][T17828] 
[  303.435855][T17828] EXT4-fs (loop5): Total free blocks count 0
[  303.441857][T17828] EXT4-fs (loop5): Free/Dirty block details
[  303.447800][T17828] EXT4-fs (loop5): free_blocks=65280
[  303.453308][T17828] EXT4-fs (loop5): dirty_blocks=1
[  303.458407][T17828] EXT4-fs (loop5): Block reservation details
[  303.464453][T17828] EXT4-fs (loop5): i_reserved_data_blocks=1
[  303.510694][T16615] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.694275][T17869] FAULT_INJECTION: forcing a failure.
[  303.694275][T17869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  303.707517][T17869] CPU: 1 UID: 0 PID: 17869 Comm: syz.2.5376 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  303.707549][T17869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  303.707563][T17869] Call Trace:
[  303.707571][T17869]  <TASK>
[  303.707580][T17869]  __dump_stack+0x1d/0x30
[  303.707604][T17869]  dump_stack_lvl+0xe8/0x140
[  303.707623][T17869]  dump_stack+0x15/0x1b
[  303.707652][T17869]  should_fail_ex+0x265/0x280
[  303.707672][T17869]  should_fail+0xb/0x20
[  303.707689][T17869]  should_fail_usercopy+0x1a/0x20
[  303.707779][T17869]  strncpy_from_user+0x25/0x230
[  303.707820][T17869]  ? kmem_cache_alloc_noprof+0x186/0x310
[  303.707847][T17869]  ? getname_flags+0x80/0x3b0
[  303.707873][T17869]  getname_flags+0xae/0x3b0
[  303.707963][T17869]  do_readlinkat+0x64/0x320
[  303.707995][T17869]  __x64_sys_readlink+0x47/0x60
[  303.708022][T17869]  x64_sys_call+0x28da/0x2ff0
[  303.708126][T17869]  do_syscall_64+0xd2/0x200
[  303.708150][T17869]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  303.708175][T17869]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  303.708204][T17869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.708227][T17869] RIP: 0033:0x7f0d2cc1ebe9
[  303.708245][T17869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.708264][T17869] RSP: 002b:00007f0d2b687038 EFLAGS: 00000246 ORIG_RAX: 0000000000000059
[  303.708283][T17869] RAX: ffffffffffffffda RBX: 00007f0d2ce45fa0 RCX: 00007f0d2cc1ebe9
[  303.708297][T17869] RDX: 0000000000001000 RSI: 0000200000001200 RDI: 0000200000000240
[  303.708365][T17869] RBP: 00007f0d2b687090 R08: 0000000000000000 R09: 0000000000000000
[  303.708377][T17869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  303.708389][T17869] R13: 00007f0d2ce46038 R14: 00007f0d2ce45fa0 R15: 00007ffde3c78eb8
[  303.708409][T17869]  </TASK>
[  303.921233][T17871] netlink: 80 bytes leftover after parsing attributes in process `syz.5.5380'.
[  303.924013][T17874] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5382'.
[  304.036482][T17896] netlink: 87 bytes leftover after parsing attributes in process `syz.3.5391'.
[  304.052742][T17899] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5394'.
[  304.073105][T17899] SELinux:  policydb table sizes (0,0) do not match mine (6,7)
[  304.081072][T17899] SELinux: failed to load policy
[  304.184093][T17904] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17904 comm=syz.3.5395
[  304.210840][T17908] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5396'.
[  304.210892][T17907] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5397'.
[  304.346661][T17919] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5402'.
[  304.389476][T17928] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5406'.
[  304.405784][T17928] loop3: detected capacity change from 0 to 128
[  304.424181][T17928] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  304.491277][T17928] ext4 filesystem being mounted at /371/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  304.524152][T17937] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5409'.
[  304.530549][T17928] SELinux:  policydb table sizes (0,0) do not match mine (6,7)
[  304.541046][T17928] SELinux: failed to load policy
[  304.667721][T12171] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  304.765656][T17942] loop3: detected capacity change from 0 to 2048
[  304.854154][T17942] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  304.870366][T17942] EXT4-fs error (device loop3): ext4_find_extent:939: inode #2: comm syz.3.5411: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  304.894971][T17949] SELinux: security policydb version 17 (MLS) not backwards compatible
[  304.904123][T17949] SELinux: failed to load policy
[  305.023947][T17942] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  305.059791][T17930] Set syz1 is full, maxelem 65536 reached
[  305.115769][T12171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.305992][T12171] ==================================================================
[  305.314314][T12171] BUG: KCSAN: data-race in __bpf_get_stackid / bcmp
[  305.320947][T12171] 
[  305.323288][T12171] write to 0xffff88812106b898 of 112 bytes by task 28 on cpu 0:
[  305.330932][T12171]  __bpf_get_stackid+0x761/0x800
[  305.335896][T12171]  bpf_get_stackid+0xee/0x120
[  305.340682][T12171]  bpf_get_stackid_raw_tp+0xf6/0x120
[  305.345987][T12171]  bpf_prog_e6fc920cfeff8120+0x2a/0x32
[  305.351463][T12171]  bpf_trace_run2+0x104/0x1c0
[  305.356176][T12171]  __traceiter_kfree+0x2b/0x50
[  305.360962][T12171]  kfree+0x27b/0x320
[  305.364891][T12171]  __bpf_prog_put_noref+0xac/0x230
[  305.370031][T12171]  bpf_prog_put_deferred+0x1f9/0x230
[  305.375352][T12171]  bpf_link_defer_dealloc_mult_rcu_gp+0x1dd/0x1f0
[  305.381807][T12171]  rcu_tasks_invoke_cbs+0x28a/0x340
[  305.387033][T12171]  rcu_tasks_one_gp+0x891/0x8e0
[  305.391903][T12171]  rcu_tasks_kthread+0xf7/0x110
[  305.396768][T12171]  kthread+0x486/0x510
[  305.400874][T12171]  ret_from_fork+0xda/0x150
[  305.405410][T12171]  ret_from_fork_asm+0x1a/0x30
[  305.410201][T12171] 
[  305.412540][T12171] read to 0xffff88812106b8e8 of 8 bytes by task 12171 on cpu 1:
[  305.420186][T12171]  bcmp+0x23/0x90
[  305.423846][T12171]  __bpf_get_stackid+0x371/0x800
[  305.428815][T12171]  bpf_get_stackid+0xee/0x120
[  305.433604][T12171]  bpf_get_stackid_raw_tp+0xf6/0x120
[  305.438901][T12171]  bpf_prog_e6fc920cfeff8120+0x2a/0x32
[  305.444380][T12171]  bpf_trace_run2+0x104/0x1c0
[  305.449082][T12171]  __traceiter_kfree+0x2b/0x50
[  305.453863][T12171]  kfree+0x27b/0x320
[  305.457777][T12171]  security_compute_sid+0x11da/0x1290
[  305.463246][T12171]  security_transition_sid+0x5a/0x70
[  305.468530][T12171]  selinux_socket_post_create+0x254/0x2a0
[  305.474256][T12171]  security_socket_post_create+0x5d/0xb0
[  305.479905][T12171]  __sock_create+0x362/0x5b0
[  305.484501][T12171]  __sys_socket+0xb0/0x180
[  305.488929][T12171]  __x64_sys_socket+0x3f/0x50
[  305.493616][T12171]  x64_sys_call+0x1147/0x2ff0
[  305.498320][T12171]  do_syscall_64+0xd2/0x200
[  305.502920][T12171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.508816][T12171] 
[  305.511136][T12171] value changed: 0xffffffff844a21a0 -> 0xffffffff8148b727
[  305.518340][T12171] 
[  305.520665][T12171] Reported by Kernel Concurrency Sanitizer on:
[  305.526828][T12171] CPU: 1 UID: 0 PID: 12171 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  305.537005][T12171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  305.547151][T12171] ==================================================================
[  305.596676][T17981] lo speed is unknown, defaulting to 1000