last executing test programs:

38.065456609s ago: executing program 4 (id=24):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) (fail_nth: 4)

38.006718603s ago: executing program 4 (id=26):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x200000007})
fcntl$lock(r0, 0x25, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x80000000}) (fail_nth: 5)

37.688513299s ago: executing program 4 (id=28):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@map=r1, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x7, 0x7ffc, 0xcc, 0x0, 0xffffffffffffffff, 0x8000c}, 0x50)

37.469700817s ago: executing program 4 (id=34):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0700000004000000800000000100000028000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00Z\x00'/34], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r3}, 0xc)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000280)='./bus\x00', 0x20c006, &(0x7f0000000480)={[{@debug}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@discard}, {@grpquota}], [{@seclabel}]}, 0x1, 0x453, &(0x7f0000001d00)="$eJzs28tvG8UfAPDvrpP0+fvVVOXRBxAoEhWPpElL6YEDIJA4gIQEh3IMiVuVug1qgkSrCgpC5YgqcUcckfgLOMEFASckrnBHlSrUSwtcjDa729quncbBiUP9+UibzOyOM/P17tizM9kAhtZ49iOJ2B4Rv0bEjjzbWmA8/3Xj2oXZP69dmE2i0Xjjj2Sp3PVrF2bLouXrtpWZkYj0kyT2dqh34dz5UzP1eu1skZ9cPP3u5MK580+fPD1zonaidmb66NHDh6aePTL9TF/izOK6vueD+X27X3nr8muzxy6//ePXSRl/Wxx9Mr7MsTQajT5XN1j/a0onIwNsCD2p5N00Rpf6/46oxK2TtyNe/nigjQPWVKPRaNzX/fDFBnAXS2LQLQAGo/yiz+5/y22dhh4bwtUX8hugLO4bxZYfGYm0KDPadn/bT+MRceziX19kW6zNPAQAQItvs/HPU8X4r2XhJ43meaH/F2so1Yi4JyJ2RsSRiNgVEfdGLJW9PyIe6LH+9kWS28c/6ZUe/2RPsvHfc8XaVuv4rxz9RbUS8Xc5XK7GaHL8ZL12sHhPDsTopiw/tUwd3730y2fdjjWP/7Itq78cCxbtuDKyqfU1czOLM/8m5mZXP4rYM9Ip/uTmSkB2WeyOiD2rrOPkE1/t63bszvG3GmvO9GGdqfFlxOP5+b8YbfGXkuXXJyc3R712cLK8Km7308+XXu9Wf6/x91t2/rd2vP5vxl9N8vXa55OI2tmF3uu49NunXe9pVnv9jyVvtux7f2Zx8exUxFjyat7o5v3TbeWmb5XP4j+wv3P/3xm33om9EZFdxA9GxEMR8XDR9kci4tGI2L9M/D+8+Ng7rXuSHuJfW1n8cys7//l6fVNiLNr3dE5UTn3/TUul1egh/uz8H15KHSj2rOTzbyXtqq/qagYAAID/njQitkeSTtxMp+nERP4//Ltia1qfX1h88vj8e2fm8mcEqjGaljNd+XxwPh86VdzWl/nptvyhYt7488qWpfzE7Hx9btDBw5Db1qX/Z36vDLp1wJrzvBYML/0fhpf+D8NL/4fh1aH/b+lQLFmPtgDrq9P3/4cDaAew/tr6v2U/GCLu/2F46f8wvPR/GEoLW+LOD8lv1MTmjdGM4UxEOrjayxmqgb8Jd3FiwB9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAffJPAAAA///j3OTQ")
r4 = syz_clone3(&(0x7f0000000780)={0x1c3002480, 0x0, 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
utimensat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x18, 0x8, 0x70bd3e, 0x25dfdbfe, {0x2, 0x0, 0x30, 0x8, 0xff, 0x0, 0x0, 0x1, 0x400}, [@RTA_GATEWAY={0x8, 0x5, @local}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0xc8c4)
ptrace(0x10, r5)
ptrace$peeksig(0x4209, r4, &(0x7f0000000140), &(0x7f0000002200))
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = memfd_create(&(0x7f0000000380)='kfree\x00', 0x3)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r8, 0x0, 0xb}, 0x18)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r9, 0x80047210, &(0x7f00000001c0))
r10 = socket$caif_stream(0x25, 0x1, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000880)=ANY=[@ANYRES64=r7, @ANYRESOCT=r10, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r11}, 0x10)
r12 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@deltaction={0x38, 0x18, 0x1, 0x70bd28, 0x25dfdbfe, {0xa}, [@TCA_ACT_TAB={0x24, 0x1, [{0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x38}}, 0x0)

36.005777485s ago: executing program 4 (id=36):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYBLOB], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000006c0)='%-010d \x00'}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000000)={&(0x7f0000000400)="fcd8a903c050185e12049d178ad04346d06ac258c3bdee78a76edfaf2f981792015f9d69b936dbebb4d1de0066b1681dc5473eb31fe0e79a87847b2c88328ae872d2ac284d1cd5c3d2ddd571bddac883f76086fa8c70e8c0795c2af3f1be1bc24a9b810c4273e7589156ff83bcc35de635c3346065a24a6aec0a957ce27aec817a5fe6f1e575fd82d45413cc71ae35bca6b0589f8a9c7a62f98ecc41ca55075bca49de1c2bb042553bb76cc60a16ca6ccfe30ac4266f1bff8a29cf3a65aa5cbb6e809764", &(0x7f0000000540)=""/197, &(0x7f00000001c0)="37e9f566513485fa623d86d82524a1e7f89663ea9b98cc008e7e3834843e15b2ca446d7edf7aae0daba30e326626e623e9e165aa5984165092ef05183130454bef66148dc2f25bcda1dcd0a927203ddc2128ffcc93736e74b520ca5dc4e46a87b923f623b7504df7c87c5290b6cb4c9cc482d3b364b03d4b6da299eb03e8018c28e4392485fb912698291780345c", &(0x7f0000000700)="082e72d4ead40e9092206d58fa4e58129bfe7c089abe16ac13d46fc8ca21699844b05029132697cee2f3fc44491cac61ebd61ae0295aed1ebf9f79dcafeb160bb3adc5c386e03a199c7cc8fc532126494b5894296dfb2ec99623b02aadf6491ccb73c9bcf83784b16a82fd6fc5befcebc0342e4daf9f9e67434791cb8fbc100438296d7a02d883a53b89fccaaf48d1687c8e75d9e0f6d57016c16142fbfa6ae593316b7ef090ca6788ae322a9706dde86cc3a634faaac621ef7c0657fda1c41d", 0x7, r2}, 0x38)
fspick(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0)

34.616577917s ago: executing program 4 (id=56):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1600000000000000040000000500000000", @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
close(0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
syz_open_procfs(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
mount(0x0, &(0x7f0000000500)='./bus\x00', &(0x7f0000000540)='virtiofs\x00', 0x80c000, 0x0)

34.615334717s ago: executing program 32 (id=56):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1600000000000000040000000500000000", @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
close(0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
syz_open_procfs(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
mount(0x0, &(0x7f0000000500)='./bus\x00', &(0x7f0000000540)='virtiofs\x00', 0x80c000, 0x0)

7.019861884s ago: executing program 0 (id=296):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
fchmodat(r4, &(0x7f0000000400)='./file0\x00', 0x123)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x4080)
r5 = socket$netlink(0x10, 0x3, 0x10)
migrate_pages(0x0, 0x4, 0x0, 0xffffffffffffffff)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r7}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/zoneinfo\x00', 0x0, 0x0)
r12 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
sendfile(r12, r11, 0x0, 0x2)
dup3(r7, r9, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r6, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x4008844)
sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x9c, r6, 0x100, 0x70bd25, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x24080804}, 0x800)

5.466215459s ago: executing program 0 (id=322):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x9, 0x3, 0x8, 0x4, 0x2}, 0x50)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000240)={'ip_vti0\x00', <r1=>0x0, 0x8000, 0x40, 0x2, 0x7ff, {{0x17, 0x4, 0x2, 0x2, 0x5c, 0x64, 0x0, 0x3, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, {[@noop, @end, @rr={0x7, 0x7, 0x18, [@dev={0xac, 0x14, 0x14, 0x2b}]}, @cipso={0x86, 0x31, 0xffffffffffffffff, [{0x5, 0xf, "44e3d2ae3e37e254af1d6af3ca"}, {0x0, 0xf, "c29f7e46b20b1fe64f1560669b"}, {0x2, 0xd, "cbf7dd743cc5c86b266189"}]}, @noop, @noop, @lsrr={0x83, 0xb, 0xd2, [@local, @multicast1]}]}}}}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x1, &(0x7f0000000d80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4000000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', r1, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@exit]}, &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)

5.461705489s ago: executing program 0 (id=323):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x80, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==")
creat(&(0x7f0000000240)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x101042, 0x1b6)
pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20)

5.124339627s ago: executing program 0 (id=328):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x8, 0x0, 0x401}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000}, 0x50)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0xc, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
mlockall(0x7)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x40, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xffff, 0x12}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x23}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x20}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1d}, @NL80211_ATTR_REASON_CODE={0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x4000)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000500)={0x1a0, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x3f}}}}, [@NL80211_ATTR_TID_CONFIG={0x180, 0x11d, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}]}, {0x15c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x118, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x64, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x6, 0x2, 0xb, 0x16, 0x6, 0x3, 0x0, 0x3, 0x57, 0x5, 0x48, 0x3, 0x16, 0x1, 0x5, 0xb, 0x18, 0x6, 0x1b, 0x6, 0xb, 0x4, 0x18, 0x48, 0x5, 0x6, 0x5, 0x24, 0x60, 0x5b, 0x24]}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x4, 0x1}, {0x0, 0x6}, {0x4, 0x1}, {0x3, 0xa}, {0x5}, {0x7}, {0x1, 0x5}, {}, {0x5, 0xa}, {0x1, 0x3}, {0x4}, {0x0, 0x7}]}, @NL80211_TXRATE_HT={0xf, 0x2, [{0x3, 0x9}, {0x1, 0x5}, {0x0, 0xa}, {0x7, 0x6}, {0x1, 0x7}, {0x0, 0x9}, {0x4, 0x9}, {0x0, 0x8}, {0x1, 0x8}, {0x4, 0x3}, {0x6, 0xa}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x3, 0x2, 0x9, 0x0, 0xd4, 0x3ff, 0x63]}}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x1c, 0x2, [{0x7, 0x6}, {0x3, 0x4}, {0x0, 0x2}, {0x0, 0x9}, {0x6, 0x5}, {0x1, 0x5}, {0x4, 0x4}, {0x4}, {0x7, 0x8}, {0x1}, {0x5, 0x3}, {0x6, 0x6}, {0x1, 0x8}, {}, {0x1, 0xa}, {0x3, 0xe}, {0x0, 0x4}, {0x7, 0x6}, {0x1}, {0x0, 0xa}, {0x5, 0x1}, {0x6, 0x2}, {0x1, 0x3}, {0x1, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_2GHZ={0x70, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x0, 0x4, 0x9, 0x8, 0xfffb, 0xc21, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7f, 0x9f8, 0x2, 0x8000, 0x9, 0x8000, 0x7, 0x100]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0xad26, 0x10, 0x4, 0x3, 0x8, 0xf, 0x800]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x5, 0x24, 0xc, 0x6]}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8001}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x6b}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x4004000}, 0x40)
getsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
modify_ldt$write2(0x11, &(0x7f0000000040)={0xd, 0x20001000, 0x400, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000000000)={0x1, 0x1000, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007006e6174"], 0x25c}}, 0x0)

4.916683214s ago: executing program 0 (id=331):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000000020"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$sg(&(0x7f00000007c0), 0xbbe, 0x100)
r6 = openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$binfmt_register(r6, &(0x7f0000000140)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2007, 0x3a, '\r', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x22, &(0x7f0000000400)=@raw=[@map_fd={0x18, 0x3, 0x1, 0x0, r5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @jmp={0x5, 0x0, 0x6, 0x4, 0x6, 0x4, 0xfffffffffffffffc}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7f}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @generic={0x7, 0x7, 0x0, 0x0, 0x9}, @jmp={0x5, 0x1, 0xa, 0x8, 0x7, 0xfffffffffffffffc}], &(0x7f00000001c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x100, 0x4, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000300)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x4, 0x10001, 0x8dc3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000380)=[r0, 0xffffffffffffffff, r0, r4, 0xffffffffffffffff, r5], 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='rxrpc_rx_lose\x00', r7, 0x0, 0x6}, 0x18)
sendfile(r5, r4, 0x0, 0x3ffff)
sendfile(r5, r4, 0x0, 0x7ffff000)

4.83199928s ago: executing program 0 (id=332):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$kcm(0x10, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000020000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)
r4 = syz_io_uring_setup(0x1da9, &(0x7f0000005b80)={0x0, 0xe874, 0x40, 0x2000000, 0x2d4}, &(0x7f0000000140), &(0x7f0000000080))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x66)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x22, &(0x7f0000000380)={0x0}, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r5 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x1c, &(0x7f00000001c0)=0x207, 0xfffffffffffffdd8)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="1800e6ffffff00000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r7, 0x0, 0x97a3}, 0x18)
r8 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0)
r9 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r9, r8, 0x0, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r10=>0x0})
sendto$packet(r6, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r10, 0x1, 0x0, 0x6, @multicast}, 0x14)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r11, 0x0, 0xfffffffffffffffd}, 0x18)
r12 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r12, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)

4.667863594s ago: executing program 5 (id=334):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1600000000000000040000000500000000", @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
close(0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
syz_open_procfs(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
mount(0x0, &(0x7f0000000500)='./bus\x00', &(0x7f0000000540)='virtiofs\x00', 0x80c000, 0x0)

3.677566843s ago: executing program 3 (id=337):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0x480, &(0x7f0000000000), 0x1, 0x7a0, &(0x7f0000001f00)="$eJzs3c9rHFUcAPDvbDZJTauNIGg9BQQNlG5Mja2Ch4oHESwU9CbYhs021GyyJbspTQjYIoKXgooHQS89W603r/646h/g3YO0VE2LEQ8Smc1sum12Y5JuupV8PjDJe/Nj3/vOz7c7j5kAdq2h9E8u4kBEfJhE7M/GJxHRW0/lI46tzre8tFhMhyRWVt74PanPc2tpsRhNy6T2ZpknIuL79yMO5taXW51fmBovl0uzWX6kNn12pDq/cOjM9PhkabI0c2R0bOzw0eePHulcrH/+tLDv+kevPvPVsb/fe/zqpR+SOBb7smnNcXTKUAxl66Q3XYV3eCXe7XRxXZV0uwJsS3po9qwe5XEgSdP5blcJANhhaSt0BQDYZZKm63+PtgAA7AKN3wFuLS0WG0N3f5G4v268HBF7VuNv3N9cnZLP7tntqd8HHbiV3HFnJImIwQ6UPxQRn3/z9pV0iB26DwnQyoWLEXFqcGj9+T9Z12dhY+s7eTy7iaWG7sqvlf9z75ZKB7bu27T980Kr9l9urf0TLdo//S2O3e1oe/yvyV3rQDFtpe2/l5r6ti03xZ8Z7MlyD9fbfL3J6TPlUnpueyQihqO3P82PblDG8M1/brab1tz+++Pjd75Iy0//354jdy3ff+cyE+O18XuJudmNixFP5lvFn6xt/6RN+/fEJst47cUPPms3LY0/jbcxrI9/Z61cjni65fa/3aMt2bB/4kh9dxhp7BQtfP3LpwPtym/e/umwvLS4kkRc6XykraXbf2Dj+AeT5v6a1a2X8ePl/d+1m9Yi/mLju9Cq1vt/X/JmPd2XjTs/XqvNjkb0Ja+vH3/49rKNfGP+NP7hp1of/xvt/2nr5NQm489f/+3L7ce/s9L4J7a0/beeuLo81dOu/M1t/7F6ajgbs5nz32YreC/rDgAAAAAAAAAAAAAAAAAAAAAAAAA2KxcR+yLJFdbSuVyhsPoO78diIFeuVGsHT1fmZiai/q7swejNNR51uT/Nv7X6PNTR7Hn4jeejHr4r/1xEPBoRn/Q/VM8XipXyRLeDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM3jbv/0/92t/t2gEAO2ZPtysAANx3rv8AsPu4/gPAbnOp2xUAALrA938A2H1c/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhJ44fT4eVv5YWi2l+4tz83FTl3KGJUnWqMD1XLBQrs2cLk5XKZLlUKFam/+vzypXK2bGYmTs/UitVayPV+YWT05W5mdrJM9Pjk6WTpd77EhUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE11fmFqvFwuzUpkiZ5szTwo9WlO5Os1S+JBqc+2ErlsBXf6ky9ERMtJfTsVxQOwMvOtQ+5AomunJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/lX8DAAD//wa+Gug=")
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r1, {0xeb26b5801c2e6480, 0xfff1}, {0xffff, 0xffff}, {0xffe0}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x101}]}, 0x2c}}, 0x4001)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r1, {}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0x8, 0x2, [@TCA_FLOW_ACT={0x4}]}}]}, 0x38}}, 0x80)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x50)
r3 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
inotify_init1(0x0)
r5 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3})
mq_timedreceive(r5, &(0x7f0000000e00)=""/152, 0x98, 0x0, &(0x7f0000000ec0))
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r6=>r5, {0xa}}, './file0\x00'})
bind$bt_sco(r6, &(0x7f0000000040)={0x1f, @none}, 0x8)
mq_timedsend(r5, 0x0, 0x0, 0x9, 0x0)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3ce, &(0x7f00000004c0)="$eJzs3M9rHFUcAPDvTH7UpjUbQVD0EvFgpJif1lbxYE5e9KR48bQk6Q9ME2lWsCVCBc8FQdCrR/8A8dKDgtW/wKtHkUKQJN5XZndmMybZtJtuHNl8PvDIe/M2+97MY2bfPN57AZxakxHxVkQMRcRsRNTy42ke4k47ZJ/b3d5cykISzeZ7fyWRRMTO9uZS8V1J/vdc/gVTaUT6RRLPH1Luxq3bH9VXV1du5umZxo2PZzZu3X7l+o361ZWrK2sLC/Pzly/OXnrtct/O9evNdz/84fe3d765M/5Mfbl2N6vv+TyvfB79MhmTnWuy3+v9LqxiT5TiyXCFFQEA4Ehp3vcfbvX/azEUe523Wtz9udLKAQAAAH3RbBZ/AQAAgMGVePcHAACAAVfMA9jZ3lwqQoXTEfiPbS1GxES7/Yv13e2c4c6a3pF963v7aTIi/p76/uUsxAmtwwYAAAA4zX5cbG/8d3D8L41nS587GxFjxd5+fTS5L31w/Cd90OciKdlajHiztLfjbqn9cxNDeerJ1lDhSHLl+urKbESMR8RUjJzJ0nNHlDH+xh/3uuWVx/+ykJVfjAXm9XgwfObf/7Ncb9Qf55zZs/V5xHPDh7V/0hnzLe+TeRyfXfvyWre8h7c/J6n5bcRLh97/ezuXJkfvzzrTeh7MFE+Fg9bu3X+hW/nav1rZ/T92dPtPJOX9ejd6L+OD++d/65Z33Of/aPJ+q4Kj+bFP643GzbmI0eSdg8fne6/zoCquR3G9svafevHw3/+i/5fkv/3jpf2he/HTL7uXuuW5/6uVtf9yT/d/75GLv353oVv5j3b/v9qqzFR+RP/v4R61gaquJwAAAAAAAAD9kbbm9iXpdCeeptPT7Xm+T8dYurq+0bhwZf2TteX2HMCJGEmLmV610nzQufYy8k56fl96ISKeioivamdb6eml9dXlqk8eAAAATolzXd7/M38eZ7EHAAAA8P80UXUFAAAAgBPn/R8AAAAG2uPs6y8iIjKokaqfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn2z8BAAD//yly2dE=")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1, 0x91)
pwrite64(r7, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r7, 0xc018937d, &(0x7f0000000f40)={{0x1, 0x1, 0x18, <r8=>r5, {0x6}}, './file0\x00'})
write$P9_RFLUSH(r8, &(0x7f0000000f80)={0x7, 0x6d, 0x2}, 0x7)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2e00, 0x20)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r0)
sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r9, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x240048d4}, 0x24000040)
r10 = fsmount(r3, 0x1, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./file0\x00', r2, 0x4000, r10}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2, 0x8, 0xc, 0x3, 0x1, 0xffffffffffffffff, 0x1, '\x00', r1, r10, 0x0, 0x1, 0x3}, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file3\x00', 0x1c0)

2.939588743s ago: executing program 5 (id=340):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1600000000000000040000000500000000000000", @ANYBLOB, @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
lchown(0x0, 0x0, 0x0)
r6 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
r7 = syz_open_procfs(0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
lseek(r8, 0x2000, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000080)={0x0, r6, 0xf4ca, 0x7fffffff, 0xfffffffffffffffc, 0x7ff})
setsockopt$inet6_int(r7, 0x29, 0x3c, &(0x7f0000000280)=0x7, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x13, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800"/12, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)

2.327782282s ago: executing program 3 (id=343):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@map=r1, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r3}, 0x18)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

2.196689293s ago: executing program 1 (id=344):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
syz_mount_image$ext4(&(0x7f0000000680)='ext3\x00', &(0x7f00000006c0)='./file0\x00', 0x0, &(0x7f0000000240)={[{@nouser_xattr}, {@orlov}, {@mb_optimize_scan}, {@i_version}, {@noacl}, {@test_dummy_encryption_v1}, {@nouser_xattr}]}, 0x1, 0x688, &(0x7f0000000dc0)="$eJzs3UtsXFcZB/DvXo9NHgN2lCxINxiyKBKK7YnjKiBQW8SCRxcguqBSJbCSiWNlnJTYrRJjRBuQeCwQ6oIukKrCgpYCwqKgFgHC4rECoUpUQkUQASuoVBW1FWKBNOiMZzzTeuy48eNG3N9Pup5zz5nJd8bJf+69yj12AKU1mr7kEUcjYiSLGO4Zq0R7cHT1eUuTy+fSlkWz+fGXssgiYnZy+Vzn+Vn78WD7xaci4pfvjzj2xfV1568snp9uNOqX2vvjC3P3jc9fWTw+Ozc9U5+pXzhRu612aqI2NXVyx97rn3/8wOHbD374J99/7vEfXv7W+b9lcUdU22O972OnjMbo2vekVyWLuGunixVkoP3vZLDoifCGfeH+019Of3+HI+JYRByK4Rhop/6Wd9z78nBc/stGr/3Xrx79517OFdh5zc9FNIFSKvrzBwAAAAAAAAAAAAAAAAAA6Go2M+v/oaSK/vwBAAAAAAAAAAAAAAAAAADWm51cPtfZ9qrmH3+2V5WAfl68MyIqq/lfam+rI5UYbT3ui8GIOPBKlp62JouIj26z9sodEaPxvkcWPnHPd9IW7c+hbf6xwBY9+FBEvLXf8T9r5X8k9rX2DrySvyb/eXpt+zH1X72B2kefT/mf/V5v36b5/88NFAE2tJ38f60n/w/fQO3j30j5//qPevsc/6Ecln5d9AyAonzomaJnAOXWOv+fqFQ2Ov/fjuHK5uP/nU/n/y+9u7fP+T+UwxOfKXoGQFF++oOiZwAU5at/KHoGUG4rd6br/87//+3vuf7P1+7/iT73/1Qj4lPbrD3183T9//bDvX2u/2HvdO7/W1p3/183/wMb3P/32BZrNP89c6Rf/5GnU/4fu9y5/y9tqX7nXkBgd734UMQtffOfreU/65P/PCKWt1hj6bf3zvXrP3x3yv8TD8g/FKP5zYhbo3/+O1JrfGHuvvH5K4vHZ+emZ+oz9QsnarfVTk3UpqZOjp+dbdQnVr/2rVF7+Orn+/W/cHvK//BV+YdipOP/gdfmvz2SXff8f2WLNT75lZGP9es/eU/K/wcmN89//sJQdneaQgy1ey5PLyxcqkUMZXet7z/xBr8BUCKdjHQylPL/zmObX//3O//fHxHPbrHm4qWnv9uv/9HHU/6//aTjPxQj5f/MBuf/m+U/9f11izXe+/Lv+y4PeupPKf9//6z8AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCzyiOiGlk+ttbO87GxiIMRcSQO5I2L8wvvOnvx/gtn0ljESAzmnd/0P7y6n6X9Wqvd3T/xuv3JiDgUEV8a2N/aHzt9sXGm6DcPJVWNuPbUp08PFT0PAAAAAAAAAAAAAAAAAACg6+Dr1v//Y2B1/T/w/6sace253zzzi9R+daDo2QB7KeX/yVfnPhLyD6Uj/1Be8g/lJf9QXvIP5SX/UF7yD+Ul/1Be8g/lJf9QXr35BwAAAAAAAAAAAAAAAAAAAAAAAAB216G3rTyfRcSD79nf2pKh9thgoTMDdlte9ASAwvjR31BelaInABTGNT6QXWd830YDK9d7JQAAAAAAAAAAAACwU249av0/lJX1/1Be1v9DeVn/D+XlGh+w/h8AAAAAAAAAAAAAbn7V1pblY+21wNXI87GxiDdHxEgMZmdnG/WJiHhLRPxuYPBNab9W9KSBbalGXPvgs0ceKXoeAAAAAAAAAAAAAAAAAABA1/yVxfPTjUb9koaGhsZao+hPJgAAAAAAAAAAAAAAAAAAKJ/uot+iZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxen+/v/da3Sr5UW+VQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiy/wUAAP//hw5PjA==")
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff})
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000440)={0x5c, 0x1, 0x7, 0x5, 0x5, 0x0, [{0x81, 0x9, 0xffff, '\x00', 0x200}, {0x0, 0x100000001, 0xffffffffffffffff, '\x00', 0x2300}, {0x1, 0xbf, 0x9, '\x00', 0x904}, {0x1, 0xfff, 0x591d, '\x00', 0x2086}, {0x3, 0x80000000, 0x5, '\x00', 0x1200}]})
inotify_init1(0x400)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, r3, 0x2, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x800, 0x47}}}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x880}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0x0, 0x0, 0xfffffffa}]}, 0x10)
r5 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000240)={&(0x7f00000001c0)=@in6={0xa, 0x4e21, 0x0, @mcast2}, 0x80, 0x0}, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00')
getdents64(r6, &(0x7f0000000000)=""/24, 0x18)
getdents64(r6, 0x0, 0x36)
r7 = open(&(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x64c42, 0x0)
pwritev2(r7, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x3000, 0x3)
write$cgroup_subtree(r7, &(0x7f0000000380)=ANY=[@ANYRESDEC=r4, @ANYRES32=r2, @ANYRESDEC=r0, @ANYBLOB="2e4c2e4d083afee148feebb54a5987c5dc4bbd73efa715ae9a968a91f70a24e074c79be15221f266d620a9893d3182adc60d26a7d02f66f9994ec1cc8dd89bf6c625175ffcb1b0881dec3216ed308915b19f9786e0ce856d109e88cab4811a1ec0e889db8d5e7b8702b262a25301"], 0xfdef)

2.143284827s ago: executing program 3 (id=345):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x4, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmsg$inet(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)="38db5e5210f0de00490e81417e0b1831b083", 0x12}, {&(0x7f0000000240)="7815137ae51f", 0x6}, {&(0x7f00000002c0)="cf6c6ccf4112fcdb417e0f7b43bf38d8830321ecf067d5ebbd1a47125b55aaf2ab55e90fa685a4c9f9be9030f136ac31567185b808cf274c", 0x38}, {&(0x7f0000001d80)="3dea231126cd59001d81b4482520dcde33173ef4625a9841570e63026abfa7fa14669f753b89aa2e03e5ffadff8369257f05c748f5140c07ee2531b3aca22c3e1d87b6dfce2eed4dfc16a9187ccbde28d995507d8af30fcc212fdfed6ea1944a5c40b9434f373b06457d23b3fb4157c64d54ad9bb7b5af99afa8f14b185c1a79f89a915083ad3b332043e6a2db5b6fa2cdc20a356b99d14468cffda1a93378cedb140a6e0a0ce775599ed13148e4afaf291bde5deab6e2bab400cc68c263f97e603ea3d84c05f28a86356949c1a93d876d4fadab3fbb101cec116b8b04e9d43584622695839e829222317f2ab580bf10f65eee107b721aec7af2b43c232f9b87fabd50282b804c24785288c6a41387f84e0c2424713ab63d2a88fde5b6e7911aa512373448ce44f4dd6bf0e9f21618d112b268b634c41da8ab9e02ac3948decb848b3fbe276ec839930a1e37619e28798f85790c430cdb27f8046130c81f9b9ea8312c76b186baa9bd09173c3314b6a62aa7a64d6cae2e19da28da31b68ae78adc33e0f9b54777073e3b50c89ea6f708d2cc0775e24bc4d223f6b85af65ec846d846b2b8ab995b2c1a6ba95db3f935609cfb2a47ecce3c63c5748411047dc80805a711dbbc24632711e9992f30efb72649fff985015a575667c8c7ecc0cf9154756054aecdba8e99e6f478ad505293325ae785069b03ecc87d56fe5141ee5b1d62064fcd10c4809c2df8fecd6ed3b3f16dea2d5ffb5b86c53a8ccc6de64e3cc0c8bb79f4668436927ea99878297520699ea8342424afa42fb2f7b2024547c00b7c689b775cba68e7a26a2f339e70f50f22f510f8c7f79614b021e2ec8d00926663b2979fd99c0cf8a9ad4c8750a5fdcfb6e7268ed049c712b7210b82fbda0fcb0dc91ce1d716dc31ffd9d6d9b520af6790a47bd50ec14f652c6feffc6acbe5149089acd6a3cf98c1e9cd0f35", 0x2ac}], 0x4}, 0x800)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
accept$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, &(0x7f00000000c0)=0x10)

1.827702233s ago: executing program 3 (id=347):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0}, &(0x7f0000000040), &(0x7f0000000080)='%-5lx  \x00'}, 0x20)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000014000e0a49bf925471e7fc50983f097013799b641ea79c734b6ef4a909f6c2743f53f288e526b45fe0769b612cae30d347d692db24c0a7fc637fa1cb855773a97058bb1e89ea2629a03a000f0f527000fbdb2d1b65fa9d7a12f86e4727da8c12d73cadf3961abdb1e575e65427efb303c637f2785cdb1d128d656102d655936b6ead69539ab7933768022578e97e1df45e204b804dce7f1b89c9e85251bbe2f57c3b4be994e3dfaefab23911bf72bf62214f8d1154befd11e305e47343dc4bc0e603181bc0bcd0a3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[], 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@deltfilter={0x5c, 0x2d, 0x400, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0x4, 0xe}, {0x4, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_RATE={0x6, 0x5, {0xf, 0x7b}}, @TCA_RATE={0x6, 0x5, {0x9, 0xe}}, @TCA_RATE={0x6, 0x5, {0x7, 0x7}}, @TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_CHAIN={0x8, 0xb, 0x7}, @TCA_CHAIN={0x8, 0xb, 0x9}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x14000000)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$kcm(0xa, 0x3, 0x87)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x13, 0x1a, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000007000000000000006600000085100000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000086000000950000000000000018110000", @ANYRES32, @ANYBLOB="000000ebd8000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000001800000005000000000000000400000018100000da07c2ad6e6f5c0204bab87dda16c39d2df32c21ee9bbaeae8ecbb8447a003096c847a609e595d4cfc2212b55c3d086ce21326d812fa137c88a47f958656b6b03a3b3ee6d85e063eaf8bd6ec3e7d17673f99a755c55cc766468dd95e02958e7723ff73f85cf40bc5139ad1a7b93fd2718d8632b372f5afebe036da4e55ab4323941cf544f5a37d011ae76bb02544a6b00554ab232c7a4b978206049f54de465bdc81a2691d4d0a2282a015b77759ccd9315fa650f3d07fcb1fc33f65381c63bd446d31d8fbd4febff94809eba4a794b4020a23620eefeb9f86a1f822226d710710bfa0d7057a2b3618bd5ac53c303d64e536d49d81225937c25963ea76722f7f91ef5483ba2f5f7a8612ba89295b4f2574b0", @ANYRES32, @ANYBLOB="000000000000000085200000020000001838000003000000000000000000000095000000000000009500"], &(0x7f0000000500)='syzkaller\x00', 0x533, 0x47, &(0x7f00000007c0)=""/71, 0x0, 0x4, '\x00', r7, @fallback=0x2c, r2, 0x8, &(0x7f0000000840)={0x9, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000c80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000cc0)=[{0x5, 0x2, 0x7, 0x4}, {0x5, 0x1, 0x8, 0x51390033210c3dd4}, {0x4, 0x5, 0x1, 0xa}, {0x5, 0x4, 0x6, 0x5}, {0x5, 0x2, 0xd, 0x1}, {0x3, 0x3, 0x9, 0xa}, {0x5, 0x1, 0x7, 0xa}, {0x5, 0x1, 0x4, 0x2}], 0x10, 0x2}, 0x94)
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$TIOCSSOFTCAR(r9, 0x541a, &(0x7f0000000080)=0x1ff)
write$binfmt_script(r9, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r9, 0x0)

1.020550918s ago: executing program 5 (id=349):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYRES32=0x0, @ANYRESHEX=0x0, @ANYBLOB='\x00'/20, @ANYRESHEX, @ANYRES32, @ANYRES32], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32=r0, @ANYBLOB="000000872cd1f851510000b70805000001e9fffffff7ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095000000006f1b9a0780a93678671018ce653efa5e8f0583885dd3d1497de9d1fc80f1f52d99edf1d69308d718000000769d33bc59eda8ed98100da71a603ae0f7b0e674c0b7c848dfcf2e3bc25107e5bc5c61734e3f4a953eba10aed7e5fc3e66b5249ac949cdb61ff0f6570061d0831ecb35a58f91000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = dup2(r1, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000fc0)={0x5, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0xffffffe2, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0xce9d8d60ab13d530, 0x0, 0x0, 0x0, 0xfffffffffffffdb3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='timerslack_ns\x00')
writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x300}], 0x1)
socketpair(0x6, 0x1, 0xd, &(0x7f0000000000))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0xf, &(0x7f0000000f40)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYRES16=r4], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2b, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='kfree\x00', r5, 0x0, 0x2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x0, 0x0})
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0xe7, 0xd7, &(0x7f00000004c0)="5a0911f2ca32a55f288f9ce87a10f1231a75b361c4168e4275fa452dc1656595708a2923cc5ff2dcd221b0daef0a148554734034eb8d7533a56cecf30651ba630b04b70812cf62466731de4405c810fddcd653ec0dfd0dd4c710cdd45e583bc1e2dcdad2c82a95dce9e36964305d14ab1d9b3e405b02def67d9a1a30750ebd9c289c97bbee0504b2d43b362d389302939b4eab4333207a8d2c2a0150c29b689356fdacb75ff868dbfafe60dfecaf5264ba4fd6dfcedd2c18d898e186e0404d59fb167f61d9dc5b47e43a7647c744b1e84619a5eb034ad9fdec38dd612463314ab97fad10beaa5f", &(0x7f00000005c0)=""/215, 0xba, 0x0, 0xeb, 0x0, &(0x7f00000006c0)="7a6f9e0f35e4b7f16de5c6c4fd273afc936c79ae4b481b64ccbe4a1e19951dc8bdbd58ca9e10f0493db57bff65845e79e17d84f3550b5f30841636d121402b818ec6fbbf10e5d2c90aec0aaaa30d7a0a7e3ff014fb7b30a81f34d680689a021fe740304f69773bb83ab8a44f047fbbe4b07f32dd56a134814a312c0456aeaeffdf63c90000d408e43d2bdcae078618945ae3a9f0564383456b3bd8e8d907eea8deaf5ca86ae4fac23e1205aa6be4601d3c6707579d9e9e54cc353024510061a94151875f86be5d00d23d5e721305dc693c2d4b0ea5dd3d6c39e1cd1e70ad83233a904cb625fb287a1d0c2c", &(0x7f0000000040), 0x2, 0x0, 0x7}, 0x50)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcc2)
lsetxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='system.posix_acl_default\x00', &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000010"], 0x54, 0x3)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000400)={'pimreg1\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @empty}, 0x3ff, 0x0, 0x2}}, 0x2e)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = creat(&(0x7f0000000300)='./file0\x00', 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r6, &(0x7f0000000900)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725416101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f842eab95248e9d064c0ec4247483f0aa0cad7ca970365e474fe73cf79cf8c70fc7a015caa273ce41723453632cf5b809584d227f7e98e8ec41494518b0b8a8adbaf5ead6529451b116fab06529b653bffdd6d98f8322265305bdc0ff69f4a70dea414fcc63d149c564c834f24b8f7495cd9ccafa1e3f652cd3270935800ee0d5598afcaa41c150dac263408d77a61b5c77e2c3644dda1b8c333a36c30ce893140ce133827dde34d896d35c498bf6dda965a27cc77e2872fcedaf9dcb89614c758cf62ad769ac05a4fb9e27b421b82c1761f1322b03cc9ea586d15f7d2ffb6ed63c639cee97d9eea8f3934045e60b15eca5c13ebe002467c09815712165cee2af784f9e5db9f7227701ca9a3de588503c84c490f4986aa26e7b63d4c5a30157cdf82e433a1b64496392a1990b2a46b910d9a16429736308f71d8e78824a26f25f21829546b973c0905b20c2ef751eb0064eaf831874f0b58ef8779cafd02bcf075a212e79e07c73c49fc240d6845877fda649d1ab59ea06b907ec5031299a0e1fa2f8cbc241a8531ad241302b569d4581dcc944f27799f25593b97ea7681ba74d6cde9c8f58840ac4c4be3aa90e6273a64e549c47c7232f423406604c9c210eabe3d6a2343bd6c2ae72ab013ce2af32467bcfa8cbf0769f9156e35424", 0x45c)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000500)=ANY=[@ANYRES32=r3], &(0x7f0000000480)='GPL\x00', 0x9b71, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x2}, 0x28)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r8, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000001a00), 0x0, 0xfeffffff, 0x10, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000280)='fsi_master_gpio_crc_cmd_error\x00', r8, 0x0, 0xfffffffffffffffd}, 0x18)

867.840721ms ago: executing program 5 (id=350):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xb}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20200006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000100)={0x0})
socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000600)='./cgroup/../file0\x00', 0xc0ed4040, &(0x7f0000000f40)={[{@commit={'commit', 0x3d, 0x4}}, {@nobarrier}, {@barrier}, {@quota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@data_writeback}, {@jqfmt_vfsv1}]}, 0x0, 0x47e, &(0x7f0000001480)="$eJzs3M9vFFUcAPDvTLel5YdFxB8gaBWMxB8tLT/kYGI0mnjQaKIHjKe6LQQpYKAmQoiiB4zxYEi8G48m/gWe9GLUk4lXvBsSYriAntbMzkxblt2ypVu2dT+fZNj3ZmZ57ztv3vbNe9sG0LNGsn+SiI0RcTkihiOi0njCSP5y49r56j/XzleTqNXe+jvJ3hbXr52vFv9FfctsyHfUakV+XZNyL74bMTkzM326yI/Nnvhg7MzZc88eOzF5dPro9MmJQ4f279s5cHDiQEfizOK6vv3jUzu2vfrOpderhy+99+v3WX03FsfLODppJL+6TT3R6cK6bNOCdFJp913pylSGtmXt1l9sl2M4+mJo7thwvPJZVysHrLRKs5/PhQs14H8sG6gDvaj8QZ89/5bbXRp3rApXX8wnPLK4bxRbfqQy93Ta3/B820mDEXH4wr/fZFus0DwEAMBCP2bjn2eajf/SeGDBefcUayibI+LeiNgSEfcVS0X3R9TPfTAiHlpi+Y0rJLeOf9IrN2VrfUssYXHZ+O/5Ym3r5vHf3NrE5r4it6kef39y5NjM9N7imuyJ/nVZfjxaL2f89PIfXzXu+7KYZh9ZMP7Ltqz8myNMrzRO0E1Nzk4uP/Lc1U8jtleaxZ/MrQMmEbEtIrbfYRnHnvpuR6tjzeIvx8K31fY6U2u1byOezNv/QjTEX0park+OP3dw4sDYYMxM7x0r74pb/fb7xTdblb+s+Dsga//1Te//PP7sGTEZjDhz9tzx+nrtmTso5M/Pq0mLQ1tvG/+t9391d8RA8nY9PVCeVbwOJK9lL0Pl/o8mZ2dPT8y/t8zXX8fz+Pfsmo9/Mub7/5b88ax+JR6OiOwm3hkRj0TEo0XbPRYRj0fErkXC/+Wl3e+3Ota6/ReZle+gLP6pRdo/+8jLUvPtv/RE3/Gff2hVfq2t9t9fT+0p9rTz+dduBZdz7QAAAGCtSOvfgU/S0bl0mo6O5t/h3xrr00pEPH3k1Icnp/Lvym+O/rSc6RpeMB86XswNl/mJhvy+Yt74676hen60empmqtvBQ4/b0KL/Z/7q7FILsBp1YB0NWKP0f+hd+j/0Lv0fetcL3a4A0B0DzXd/crfrAXTF0sf/gytSD+Du8/wPvUv/h96l/0NPavm78emyfuV/rSYqq6MaTRNDq6MaZSLSVVGNziXe+CLvEqulPmWi0vYfs7jDxLqmh7r9yQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAZ/wUAAP//oP/aBA==")
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c000000020601030000000000000000000000010900020073797a300000000005000100060000000500050000000000050004000000000014000780080011400000000005001500000000000d000300686173683a6d6163"], 0x5c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x40000)
timerfd_create(0x8, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r4 = socket(0x10, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r5, 0x0, 0x178}, 0x18)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
sync_file_range(0xffffffffffffffff, 0x6, 0x10000000000000, 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000380)={0x8, 0x3, 0x9, 0x6, 0xe0})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1}, 0x38)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000000120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8084}, 0x4000)

867.399301ms ago: executing program 1 (id=351):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYBLOB="00000000000000000000000000000000000000007473d28aa80ab2ba412e521f", @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x449}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000020000000300"/28], 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1\x00'})
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0x10, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

820.359664ms ago: executing program 2 (id=352):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18)
syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x3810744, &(0x7f0000000000)={[{@nomblk_io_submit}, {@max_batch_time={'max_batch_time', 0x3d, 0x5314}}, {@usrquota}, {@jqfmt_vfsv1}, {@jqfmt_vfsv0}, {@delalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@i_version}]}, 0x1, 0x453, &(0x7f0000002a80)="$eJzs289vFFUcAPDvzG4BAdmK+AMEraKx8UdLCyoHPWg08aCJiR7wWNtCkIUaWhMhRKsxeDQk3o1HE/8CT56MejLxqndDQpSYgF5cM7sztLvdLf2xZSv7+SQL7+28nfe+mfdm377XCaBvDWX/JBE7I+LXiKg0ss0Fhhr/Xb96YfLvqxcmk6jV3vwjqZe7dvXCZFG0+NyOPDOcRqSfJnklzWbPnT81Ua1On83zo3On3xudPXf+6ZOnJ05Mn5g+M3706JHDY889O/5MV+LM2nRt34cz+/e++val1yePXXrnx2+y9t57oHF8cRzdMpQF/metrvXYY92urMf+rS3EmZR73RpWqhQR2eUaqI//SpRi4eJV4pVPeto4YENl9+ytnQ/P14DbWBK9bgHQG8UXffb7t3jdoqnHpnDlxcYPoCzu6/mrcaQcaV5mYAPrH4qIY/P/fJm9omUdotZm3QAAYL2+y+Y/Ty2d/9X3RhpFXtiRl61ExGBE3BURuyPi7ojYExH35GXvi4j7V1l/69bQ0vlnenmtsa1ENv97Pt/bap7/FbO/GCzluTvr8Q8kx09Wpw9FxK6IGI6BrVl+rN3Ji1O8/MvnnepfPP/LXln9xVwwP8nlcssC3dTE3ES3JqVXPo7YV24Xf3JjJyDrC3sjYt/qTr2rSJx84uv9nQrdPP5ldGGfqfZVxOON6z8fLfEXkuX3J0e3RXX60GjRK5b66eeLb3Sqf13xd0F2/bc39/+WEpW/ksX7tbOrr+Pib591/E1ZXmP/35K8Vd+z3pK/98HE3NzZsYgtyWv1fNP74wufLfJF+Sz+4YPtx//u/DNZ/A9ERNaJD0TEgxHxUH7tHo6IRyLi4DLx//DSo+92OrYZrv9U2/vfjf4/2Hz9V58onfr+2071r+z+d6SeGs7fqd//bqJzc7blJdbamwEAAOD/J42InZGkIzfSaToy0vh7+T2xPa3OzM49eXzm/TNTjWcEBmMgLVa6KovWQ8eS+fyMjfx4vlZcHD+crxt/Ubqjnh+ZnKlO9Th26Hc7Ooz/zO+lXrcO2HCe14L+1Tr+0x61A7j1fP9D/zL+oX8Z/9C/2o3/j1ry9gLg9uT7H/qX8Q/9y/iH/mX8Q19az3P9G5UoL/P0vsRmSUS6KZoh0SZR7sLo7vGNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+CwAA//9uCfIx")
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@fallback=r3, 0x16, 0x1, 0x6, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={@fallback=r3, r4, 0x2f, 0x0, 0x0, @void, @value=r3, @void, @void, r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x9a}, [@ldst={0x5, 0x0, 0x2, 0x0, 0x0, 0x50}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xd2, &(0x7f00000005c0)=""/210, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x100}, 0x10}, 0x94)
r6 = socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000100)=0x13)
ioctl$TCSETSW2(r7, 0x402c542c, &(0x7f0000000040)={0xffffffb7, 0x200401, 0x0, 0xc7cf, 0x3, "40000868245eb03100", 0x23fffd, 0x1fd})
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000140)=0x9)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x18)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x4080)

751.68306ms ago: executing program 1 (id=353):
syz_open_dev$evdev(&(0x7f0000000240), 0x201fffc, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB], 0x0, 0x2, 0x0, 0x0, 0x41000}, 0x94)
r0 = fsopen(0x0, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70ad2b, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x1}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
r6 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xfff2}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x4)

646.479108ms ago: executing program 2 (id=354):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x2, 0x4, 0x7ffc1ffb}]})
pipe2$9p(&(0x7f0000000300)={<r2=>0xffffffffffffffff}, 0x80000)
r3 = socket$pptp(0x18, 0x1, 0x2)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r5}, 0x18)
close_range(r3, r3, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
getsockopt$sock_buf(r6, 0x1, 0x1c, 0x0, &(0x7f0000000240))
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@mcast1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6}, 0x0, @in=@multicast1}}, &(0x7f0000000580)=0xe8)
stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
mount$9p_fd(0x0, &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000280), 0x30308c6, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@posixacl}, {@version_u}], [{@func={'func', 0x3d, 'FILE_MMAP'}}, {@pcr={'pcr', 0x3d, 0x3c}}, {@audit}, {@uid_gt={'uid>', r7}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@fowner_eq={'fowner', 0x3d, r8}}]}})
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r9, &(0x7f0000000140)="1a", 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r9, 0x1)
r10 = openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r10, 0xc0189374, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r11=>r0}, './file0\x00'})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r11, 0x89f3, &(0x7f0000000180)={'ip_vti0\x00', 0x0})
r12 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000240)=[{r12, 0x4120}], 0x1, 0x0, 0x0, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0)

497.98536ms ago: executing program 5 (id=355):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@map=r1, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r3}, 0x18)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

496.141281ms ago: executing program 2 (id=356):
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r1 = dup(r0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000008c0)={0x80, 0x6, 0xf00, 0x7ff, 0x0, 0x5, 0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xb635773f06ebbee2, 0x1010, 0xffffffffffffffff, 0xffffc000)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000380), &(0x7f00000003c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x18)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r7, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
setsockopt$MRT6_DEL_MIF(r1, 0x29, 0xcb, &(0x7f0000000100)={0x1, 0x1, 0x0, 0x0, 0x8}, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000f00)='kfree\x00', r8, 0x0, 0xffffdffffffffffe}, 0x18)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030003110000002cbd7000fcdbdf2503000900800000001c01ccca1d9f68846960e56de42944af05000600000000000a0000000000000000000000000000000000000000f0ff00020000000000000002000100000000000000070c0000000005000500000000000a"], 0x88}, 0x1, 0x7}, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="8c00000010001fff28bd70000000800000000000", @ANYRES32=0x0, @ANYBLOB="efb00000800000006c0012800b00010062726964676500005c00028008000500010000000c002e0001000000000000000600270005"], 0x8c}, 0x1, 0x0, 0x0, 0x4000084}, 0x14)

444.378055ms ago: executing program 1 (id=357):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r3)
fchown(0xffffffffffffffff, 0x0, 0x0)

426.998946ms ago: executing program 1 (id=358):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffd}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r0}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000040)='fib6_table_lookup\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x4, 0x0, 0x0, 0x0, 0x3, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0x0, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080))

350.103622ms ago: executing program 5 (id=359):
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x4)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000001f40)={0x9, {{0xa, 0x0, 0x3, @mcast2}}, {{0xa, 0x4e21, 0x4, @ipv4={'\x00', '\xff\xff', @local}, 0xfffffff8}}}, 0x108)
r1 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000054425737aa00001811000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0, r3}, 0x18)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r6)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0)
writev(r5, &(0x7f0000000040), 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
getrusage(0x0, &(0x7f0000000ac0))
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r9, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r9, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r9, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)

349.637642ms ago: executing program 1 (id=360):
socket$inet6(0xa, 0x1, 0x8010000000000084)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

260.341529ms ago: executing program 3 (id=361):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00"/13], 0x48)
syz_emit_ethernet(0xa6, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000fa", 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x6, 0x0, 0x0, [{0x19, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, '\x00'/12}]}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
fcntl$lock(r0, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x200000007})
fcntl$lock(r0, 0x25, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x80000000})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000ff0100000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000b000000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001e880000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, &(0x7f00000001c0)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syncfs(r0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
fcntl$setlease(r6, 0x400, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000ed24b4ad9a0c6a6e301daf000000000018120000", @ANYBLOB="aaccbf8c56ae7d4728ea92f8c4da98d25c13ada4629c44c5bbf9f325064bb1740a9344b9f483c0b42598d21c0b0402d38f8d0dd5cac3076ece3a520e39bcaf1a4e3ae09b88c37bc598805c8ab223b2c2f2eedaa3463c2f4d1bae1170", @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x18)
socket$tipc(0x1e, 0x2, 0x0)
fremovexattr(r6, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c0017"], 0x38}}, 0x0)

105.851562ms ago: executing program 2 (id=362):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00"/13], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
fcntl$lock(r0, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x200000007})
fcntl$lock(r0, 0x25, &(0x7f0000000180)={0x300, 0x1, 0x0, 0x80000000})

66.931435ms ago: executing program 2 (id=363):
getxattr(0x0, &(0x7f0000000300)=@random={'system.', '5\xf1`\xf8\x06\x006\xc7&W\xbc\xb9MS\x00v\xd3\xa5u\xea\t(\x92+]\xfbZ;<L.q\xd7\x9fw\xab[\x02O\xdb\xff\xff\xff\xca\xe5\"3I\xd4C^\x03\xd5\xd3\x17\xa3\x85\xdcP\xdc\xaf\x8f\xf1\x83f\xee\xe1'}, 0x0, 0x0)

364.08µs ago: executing program 3 (id=364):
r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x201fffc, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB], 0x0, 0x2, 0x0, 0x0, 0x41000}, 0x94)
r1 = fsopen(0x0, 0x0)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r1, 0x0, 0x6)
symlinkat(0x0, r4, &(0x7f0000000080)='./file0\x00')
readlinkat(r4, &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x2)
ioctl$EVIOCGLED(r0, 0x40284504, 0x0)
r5 = socket(0x10, 0x803, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x800)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r10, 0x10e, 0x2, &(0x7f0000000140)=0xe, 0x4)
sendmsg$nl_route_sched(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff2}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x4)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106)
pwrite64(r11, &(0x7f00000000c0)="ac86c539608158c9008dcad14777f94b49cb1283bb815a9576e6eddcd976e89a1e0d9d2f0e8df6d822c912fb64b82bfa7b47e099bcc23c52907dc1a3ccf33a1db68a8fc8da21e5914b5dcdf9a3f58f6fd347ca3a180ee33d31d14a20cea9bab68d15", 0x62, 0x3)

0s ago: executing program 2 (id=365):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000a40)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r1, &(0x7f00000009c0)="3bf58d7d45d32c", 0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000500000095000000eeff00009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0xb, 0x65, &(0x7f00000001c0)=""/101, 0x41000, 0x23, '\x00', r2, @fallback=0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xe, 0x7, 0x80000001}, 0x10, 0x0, r0, 0x6, 0x0, &(0x7f00000002c0)=[{0x2, 0x2, 0x4, 0xa}, {0x3, 0x1, 0x3, 0xa}, {0x4, 0x3, 0x6, 0x8}, {0x1, 0x3, 0x2, 0x4}, {0x0, 0x1, 0x8, 0x7}, {0x5, 0x4, 0xa, 0xc}], 0x10, 0xffff34f0}, 0x94)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7fffeffd)

kernel console output (not intermixed with test programs):

packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.459760][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.483508][ T3305] hsr_slave_0: entered promiscuous mode
[   36.489496][ T3305] hsr_slave_1: entered promiscuous mode
[   36.512500][ T3306] hsr_slave_0: entered promiscuous mode
[   36.518498][ T3306] hsr_slave_1: entered promiscuous mode
[   36.524524][ T3306] debugfs: 'hsr0' already exists in 'hsr'
[   36.530254][ T3306] Cannot create hsr debugfs directory
[   36.541361][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.548339][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.574322][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.585361][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.592328][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.618333][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.632951][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.639965][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.665971][ T3311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.700500][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.707594][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.733507][ T3311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.769061][ T3307] hsr_slave_0: entered promiscuous mode
[   36.775142][ T3307] hsr_slave_1: entered promiscuous mode
[   36.780939][ T3307] debugfs: 'hsr0' already exists in 'hsr'
[   36.786715][ T3307] Cannot create hsr debugfs directory
[   36.797372][ T3313] hsr_slave_0: entered promiscuous mode
[   36.803343][ T3313] hsr_slave_1: entered promiscuous mode
[   36.809363][ T3313] debugfs: 'hsr0' already exists in 'hsr'
[   36.815136][ T3313] Cannot create hsr debugfs directory
[   36.843800][ T3311] hsr_slave_0: entered promiscuous mode
[   36.850100][ T3311] hsr_slave_1: entered promiscuous mode
[   36.856046][ T3311] debugfs: 'hsr0' already exists in 'hsr'
[   36.861771][ T3311] Cannot create hsr debugfs directory
[   37.047622][ T3305] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   37.056467][ T3305] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   37.065444][ T3305] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   37.076907][ T3305] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   37.099818][ T3306] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   37.109249][ T3306] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   37.118333][ T3306] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   37.130005][ T3306] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   37.160758][ T3307] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   37.172838][ T3307] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   37.181901][ T3307] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   37.191297][ T3307] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   37.227014][ T3313] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   37.244414][ T3313] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   37.259912][ T3313] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   37.269110][ T3313] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   37.311448][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.318893][ T3311] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   37.328077][ T3311] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   37.337435][ T3311] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   37.347074][ T3311] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   37.358714][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.387463][ T3306] 8021q: adding VLAN 0 to HW filter on device team0
[   37.399086][ T1466] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.406271][ T1466] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.419343][ T3305] 8021q: adding VLAN 0 to HW filter on device team0
[   37.432830][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.439923][  T287] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.450291][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.457421][  T287] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.476266][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.483467][  T287] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.496897][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.518339][ T3307] 8021q: adding VLAN 0 to HW filter on device team0
[   37.540757][ T1466] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.547934][ T1466] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.566573][ T1466] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.573670][ T1466] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.608992][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.621506][ T3311] 8021q: adding VLAN 0 to HW filter on device team0
[   37.630965][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.642510][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.649608][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.675969][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.683051][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.696608][ T3313] 8021q: adding VLAN 0 to HW filter on device team0
[   37.712686][ T3311] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   37.723099][ T3311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   37.770571][  T287] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.777672][  T287] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.789816][  T287] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.796876][  T287] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.807808][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.866891][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.896986][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.942625][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.962830][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.093437][ T3307] veth0_vlan: entered promiscuous mode
[   38.127265][ T3311] veth0_vlan: entered promiscuous mode
[   38.135282][ T3307] veth1_vlan: entered promiscuous mode
[   38.151004][ T3311] veth1_vlan: entered promiscuous mode
[   38.160124][ T3306] veth0_vlan: entered promiscuous mode
[   38.167484][ T3305] veth0_vlan: entered promiscuous mode
[   38.177822][ T3305] veth1_vlan: entered promiscuous mode
[   38.199209][ T3306] veth1_vlan: entered promiscuous mode
[   38.206901][ T3307] veth0_macvtap: entered promiscuous mode
[   38.214221][ T3313] veth0_vlan: entered promiscuous mode
[   38.226065][ T3307] veth1_macvtap: entered promiscuous mode
[   38.234438][ T3311] veth0_macvtap: entered promiscuous mode
[   38.241890][ T3311] veth1_macvtap: entered promiscuous mode
[   38.252518][ T3313] veth1_vlan: entered promiscuous mode
[   38.263507][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.281124][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.289948][ T3305] veth0_macvtap: entered promiscuous mode
[   38.301434][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.317001][ T3305] veth1_macvtap: entered promiscuous mode
[   38.323453][ T3306] veth0_macvtap: entered promiscuous mode
[   38.332050][ T3313] veth0_macvtap: entered promiscuous mode
[   38.340022][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.347406][   T52] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.359850][   T52] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.369718][ T3313] veth1_macvtap: entered promiscuous mode
[   38.380539][   T52] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.391290][ T3306] veth1_macvtap: entered promiscuous mode
[   38.399709][   T52] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.409128][   T52] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.422432][   T52] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.437106][   T52] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.446059][   T52] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.455586][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.466049][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.476706][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.493334][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.505359][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.513683][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.530687][ T3307] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   38.561653][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.601149][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.652465][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.666073][   T29] kauditd_printk_skb: 27 callbacks suppressed
[   38.666089][   T29] audit: type=1400 audit(1756626367.678:99): avc:  denied  { create } for  pid=3479 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   38.697882][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.714243][ T3486] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[   38.721984][ T3486] audit: out of memory in audit_log_start
[   38.723027][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.745561][ T3490] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7'.
[   38.754369][ T3490] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7'.
[   38.763188][   T29] audit: type=1400 audit(1756626367.678:100): avc:  denied  { write } for  pid=3479 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   38.783086][   T29] audit: type=1400 audit(1756626367.678:101): avc:  denied  { ioctl } for  pid=3479 comm="syz.0.1" path="socket:[3971]" dev="sockfs" ino=3971 ioctlcmd=0x940a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   38.808079][   T29] audit: type=1400 audit(1756626367.678:102): avc:  denied  { read } for  pid=3479 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   38.827794][   T29] audit: type=1400 audit(1756626367.678:103): avc:  denied  { shutdown } for  pid=3479 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   38.847934][   T29] audit: type=1326 audit(1756626367.728:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3485 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   38.850497][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.871131][   T29] audit: type=1326 audit(1756626367.728:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3485 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   38.881571][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.903064][   T29] audit: type=1326 audit(1756626367.728:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3485 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1e4b2bd550 code=0x7ffc0000
[   38.914483][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.969583][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.990300][ T3494] loop4: detected capacity change from 0 to 1024
[   39.000663][ T3490] futex_wake_op: syz.0.7 tries to shift op by -1; fix this program
[   39.025200][   T52] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.035545][   T31] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.040165][ T3503] loop0: detected capacity change from 0 to 512
[   39.059575][   T31] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.066550][ T3503] =======================================================
[   39.066550][ T3503] WARNING: The mand mount option has been deprecated and
[   39.066550][ T3503]          and is ignored by this kernel. Remove the mand
[   39.066550][ T3503]          option from the mount to silence this warning.
[   39.066550][ T3503] =======================================================
[   39.127946][ T3503] EXT4-fs: Ignoring removed i_version option
[   39.135093][ T3494] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   39.144716][ T3503] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   39.186820][ T3494] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   39.216939][ T3494] EXT4-fs (loop4): orphan cleanup on readonly fs
[   39.223945][ T3503] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[   39.232271][ T3503] System zones: 1-12
[   39.236538][ T3494] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   39.251296][ T3494] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   39.259416][ T3503] EXT4-fs (loop0): orphan cleanup on readonly fs
[   39.266253][ T3503] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.10: invalid indirect mapped block 12 (level 1)
[   39.273325][ T3494] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.8: Freeing blocks not in datazone - block = 0, count = 4096
[   39.300180][ T3503] EXT4-fs (loop0): Remounting filesystem read-only
[   39.306980][ T3503] EXT4-fs (loop0): 1 truncate cleaned up
[   39.317081][ T3494] EXT4-fs (loop4): 1 orphan inode deleted
[   39.317729][ T3503] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[   39.329374][ T3494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   39.366469][ T3513] loop2: detected capacity change from 0 to 1024
[   39.409600][ T3513] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.425815][ T3513] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.446614][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.456388][ T3524] Zero length message leads to an empty skb
[   39.513809][ T3513] usb usb1: check_ctrlrecip: process 3513 (+}[@) requesting ep 01 but needs 81
[   39.523052][ T3513] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   39.530670][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[   39.534753][ T3513] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   39.555718][ T3513] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   39.568258][ T3513] EXT4-fs (loop2): This should not happen!! Data will be lost
[   39.568258][ T3513] 
[   39.747144][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.761032][ T3539] loop1: detected capacity change from 0 to 1024
[   39.809317][ T3539] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.821948][ T3539] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.834718][ T3539] usb usb1: check_ctrlrecip: process 3539 (+}[@) requesting ep 01 but needs 81
[   39.843721][ T3539] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   39.853447][ T3539] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   39.867760][ T3539] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   39.880298][ T3539] EXT4-fs (loop1): This should not happen!! Data will be lost
[   39.880298][ T3539] 
[   39.965273][ T3552] loop2: detected capacity change from 0 to 1024
[   39.972250][ T3552] EXT4-fs: Ignoring removed orlov option
[   39.979570][ T3552] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[   39.990549][ T3552] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   40.001523][ T3552] EXT4-fs (loop2): invalid journal inode
[   40.008525][ T3552] EXT4-fs (loop2): can't get journal size
[   40.015543][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.015790][ T3552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   40.095862][ T3557] FAULT_INJECTION: forcing a failure.
[   40.095862][ T3557] name failslab, interval 1, probability 0, space 0, times 0
[   40.108602][ T3557] CPU: 1 UID: 0 PID: 3557 Comm: syz.4.24 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   40.108625][ T3557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   40.108635][ T3557] Call Trace:
[   40.108640][ T3557]  <TASK>
[   40.108648][ T3557]  __dump_stack+0x1d/0x30
[   40.108749][ T3557]  dump_stack_lvl+0xe8/0x140
[   40.108799][ T3557]  dump_stack+0x15/0x1b
[   40.108813][ T3557]  should_fail_ex+0x265/0x280
[   40.108831][ T3557]  should_failslab+0x8c/0xb0
[   40.108875][ T3557]  kmem_cache_alloc_noprof+0x50/0x310
[   40.108898][ T3557]  ? security_file_alloc+0x32/0x100
[   40.108955][ T3557]  security_file_alloc+0x32/0x100
[   40.109031][ T3557]  init_file+0x5c/0x1d0
[   40.109114][ T3557]  alloc_empty_file+0x8b/0x200
[   40.109143][ T3557]  path_openat+0x68/0x2170
[   40.109159][ T3557]  ? _parse_integer_limit+0x170/0x190
[   40.109180][ T3557]  ? kstrtoull+0x111/0x140
[   40.109244][ T3557]  ? kstrtouint+0x76/0xc0
[   40.109262][ T3557]  do_filp_open+0x109/0x230
[   40.109287][ T3557]  do_sys_openat2+0xa6/0x110
[   40.109321][ T3557]  __x64_sys_openat+0xf2/0x120
[   40.109351][ T3557]  x64_sys_call+0x2e9c/0x2ff0
[   40.109413][ T3557]  do_syscall_64+0xd2/0x200
[   40.109472][ T3557]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   40.109504][ T3557]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   40.109526][ T3557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.109551][ T3557] RIP: 0033:0x7fc11b25ebe9
[   40.109587][ T3557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.109606][ T3557] RSP: 002b:00007fc119cc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   40.109721][ T3557] RAX: ffffffffffffffda RBX: 00007fc11b495fa0 RCX: 00007fc11b25ebe9
[   40.109732][ T3557] RDX: 0000000000000001 RSI: 0000200000000140 RDI: ffffffffffffff9c
[   40.109747][ T3557] RBP: 00007fc119cc7090 R08: 0000000000000000 R09: 0000000000000000
[   40.109763][ T3557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.109778][ T3557] R13: 00007fc11b496038 R14: 00007fc11b495fa0 R15: 00007ffd0fab90c8
[   40.109801][ T3557]  </TASK>
[   40.345134][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.390937][ T3563] FAULT_INJECTION: forcing a failure.
[   40.390937][ T3563] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   40.404117][ T3563] CPU: 0 UID: 0 PID: 3563 Comm: syz.4.26 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   40.404147][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   40.404161][ T3563] Call Trace:
[   40.404168][ T3563]  <TASK>
[   40.404175][ T3563]  __dump_stack+0x1d/0x30
[   40.404246][ T3563]  dump_stack_lvl+0xe8/0x140
[   40.404264][ T3563]  dump_stack+0x15/0x1b
[   40.404318][ T3563]  should_fail_ex+0x265/0x280
[   40.404419][ T3563]  should_fail+0xb/0x20
[   40.404439][ T3563]  should_fail_usercopy+0x1a/0x20
[   40.404465][ T3563]  _copy_to_user+0x20/0xa0
[   40.404545][ T3563]  simple_read_from_buffer+0xb5/0x130
[   40.404574][ T3563]  proc_fail_nth_read+0x10e/0x150
[   40.404609][ T3563]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   40.404702][ T3563]  vfs_read+0x1a8/0x770
[   40.404726][ T3563]  ? __rcu_read_unlock+0x4f/0x70
[   40.404747][ T3563]  ? __fget_files+0x184/0x1c0
[   40.404773][ T3563]  ksys_read+0xda/0x1a0
[   40.404795][ T3563]  __x64_sys_read+0x40/0x50
[   40.404869][ T3563]  x64_sys_call+0x27bc/0x2ff0
[   40.404895][ T3563]  do_syscall_64+0xd2/0x200
[   40.404930][ T3563]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   40.405017][ T3563]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   40.405123][ T3563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.405144][ T3563] RIP: 0033:0x7fc11b25d5fc
[   40.405159][ T3563] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   40.405176][ T3563] RSP: 002b:00007fc119cc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   40.405195][ T3563] RAX: ffffffffffffffda RBX: 00007fc11b495fa0 RCX: 00007fc11b25d5fc
[   40.405207][ T3563] RDX: 000000000000000f RSI: 00007fc119cc70a0 RDI: 0000000000000004
[   40.405224][ T3563] RBP: 00007fc119cc7090 R08: 0000000000000000 R09: 0000000000000000
[   40.405236][ T3563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.405248][ T3563] R13: 00007fc11b496038 R14: 00007fc11b495fa0 R15: 00007ffd0fab90c8
[   40.405267][ T3563]  </TASK>
[   40.667358][ T3565] loop2: detected capacity change from 0 to 1024
[   40.688821][ T3565] EXT4-fs: Ignoring removed orlov option
[   40.734646][ T3565] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.856431][ T3576] syzkaller0: entered allmulticast mode
[   40.870578][ T3576] syzkaller0: entered promiscuous mode
[   40.883073][ T3581] loop1: detected capacity change from 0 to 1024
[   40.905461][ T3581] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[   40.935841][ T3576] syzkaller0 (unregistering): left allmulticast mode
[   40.942627][ T3576] syzkaller0 (unregistering): left promiscuous mode
[   40.971719][ T3585] loop4: detected capacity change from 0 to 512
[   40.980875][ T3585] EXT4-fs: Ignoring removed mblk_io_submit option
[   40.991799][ T3585] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   41.005002][ T3585] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   41.019458][ T3587] loop3: detected capacity change from 0 to 512
[   41.173116][ T3587] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.185971][ T3587] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   41.277508][ T3585] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002]
[   41.346523][ T3585] System zones: 1-12
[   41.387120][ T3585] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   41.494908][ T3585] EXT4-fs (loop4): 1 truncate cleaned up
[   41.550871][ T3585] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.646668][ T3581] infiniband syz!: set active
[   41.651401][ T3581] infiniband syz!: added team_slave_0
[   41.715511][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.044394][ T3581] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[   42.044596][ T3581] infiniband syz!: Couldn't open port 1
[   42.085038][ T3599] IPv6: NLM_F_CREATE should be specified when creating new route
[   42.106008][ T3581] RDS/IB: syz!: added
[   42.110041][ T3581] smc: adding ib device syz! with port count 1
[   42.135284][ T3581] smc:    ib device syz! port 1 has pnetid 
[   42.383080][ T3306] EXT4-fs error (device loop4): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /7/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   42.471482][ T3306] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   42.513829][ T3306] EXT4-fs error (device loop4): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /7/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   42.545306][ T3306] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   42.576563][ T3306] EXT4-fs error (device loop4): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /7/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   42.599362][ T3306] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   42.634213][ T3306] EXT4-fs error (device loop4): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /7/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   42.688909][ T3306] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   42.711793][ T3306] EXT4-fs error (device loop4): ext4_readdir:264: inode #11: block 54: comm syz-executor: path /7/bus/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[   42.733735][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.750774][ T3306] EXT4-fs error (device loop4): ext4_empty_dir:3120: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0
[   42.779364][ T3612] loop3: detected capacity change from 0 to 128
[   42.820296][ T3612] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[   42.864355][ T3612] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.885218][ T3622] netlink: 24 bytes leftover after parsing attributes in process `syz.2.45'.
[   42.898295][ T3612] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   42.997591][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.020562][ T3632] FAULT_INJECTION: forcing a failure.
[   43.020562][ T3632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   43.033706][ T3632] CPU: 0 UID: 0 PID: 3632 Comm: syz.0.50 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   43.033737][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   43.033753][ T3632] Call Trace:
[   43.033760][ T3632]  <TASK>
[   43.033769][ T3632]  __dump_stack+0x1d/0x30
[   43.033795][ T3632]  dump_stack_lvl+0xe8/0x140
[   43.033867][ T3632]  dump_stack+0x15/0x1b
[   43.033945][ T3632]  should_fail_ex+0x265/0x280
[   43.033973][ T3632]  should_fail+0xb/0x20
[   43.033994][ T3632]  should_fail_usercopy+0x1a/0x20
[   43.034023][ T3632]  _copy_from_iter+0xd2/0xe80
[   43.034052][ T3632]  ? should_fail_ex+0xdb/0x280
[   43.034124][ T3632]  ? should_failslab+0x8c/0xb0
[   43.034148][ T3632]  ? __kmalloc_noprof+0x1dd/0x3e0
[   43.034181][ T3632]  ? kernfs_fop_write_iter+0xe1/0x2d0
[   43.034239][ T3632]  kernfs_fop_write_iter+0x129/0x2d0
[   43.034278][ T3632]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[   43.034310][ T3632]  vfs_write+0x52a/0x960
[   43.034349][ T3632]  ksys_write+0xda/0x1a0
[   43.034371][ T3632]  __x64_sys_write+0x40/0x50
[   43.034392][ T3632]  x64_sys_call+0x27fe/0x2ff0
[   43.034427][ T3632]  do_syscall_64+0xd2/0x200
[   43.034496][ T3632]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   43.034550][ T3632]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   43.034577][ T3632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.034644][ T3632] RIP: 0033:0x7f81c43aebe9
[   43.034658][ T3632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.034675][ T3632] RSP: 002b:00007f81c2e17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   43.034693][ T3632] RAX: ffffffffffffffda RBX: 00007f81c45e5fa0 RCX: 00007f81c43aebe9
[   43.034706][ T3632] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 0000000000000007
[   43.034721][ T3632] RBP: 00007f81c2e17090 R08: 0000000000000000 R09: 0000000000000000
[   43.034735][ T3632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   43.034799][ T3632] R13: 00007f81c45e6038 R14: 00007f81c45e5fa0 R15: 00007fff4f713218
[   43.034849][ T3632]  </TASK>
[   43.241022][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.247796][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.254582][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.261415][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.268207][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.274952][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.281739][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.288641][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.295445][ T3628] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[   43.454312][ T3642] loop0: detected capacity change from 0 to 1024
[   43.477543][ T3642] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.493088][ T3642] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.523369][ T3642] usb usb1: check_ctrlrecip: process 3642 (+}[@) requesting ep 01 but needs 81
[   43.537617][ T3642] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   43.547848][ T3642] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   43.562111][ T3642] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   43.575035][ T3642] EXT4-fs (loop0): This should not happen!! Data will be lost
[   43.575035][ T3642] 
[   43.685129][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.716374][ T3597] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.751546][   T29] kauditd_printk_skb: 321 callbacks suppressed
[   43.751565][   T29] audit: type=1400 audit(1756626372.758:427): avc:  denied  { execmem } for  pid=3655 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   43.788106][   T29] audit: type=1400 audit(1756626372.798:428): avc:  denied  { mounton } for  pid=3656 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   43.841778][   T29] audit: type=1400 audit(1756626372.848:429): avc:  denied  { create } for  pid=3661 comm="syz.3.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   43.861695][   T29] audit: type=1400 audit(1756626372.848:430): avc:  denied  { setopt } for  pid=3661 comm="syz.3.59" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   43.904054][ T3650] Falling back ldisc for ttyS3.
[   43.943311][   T29] audit: type=1400 audit(1756626372.948:431): avc:  denied  { getopt } for  pid=3661 comm="syz.3.59" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   43.998174][   T29] audit: type=1400 audit(1756626373.008:432): avc:  denied  { prog_load } for  pid=3661 comm="syz.3.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   44.017687][   T29] audit: type=1400 audit(1756626373.008:433): avc:  denied  { bpf } for  pid=3661 comm="syz.3.59" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   44.038048][   T29] audit: type=1400 audit(1756626373.008:434): avc:  denied  { perfmon } for  pid=3661 comm="syz.3.59" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   44.058997][   T29] audit: type=1400 audit(1756626373.008:435): avc:  denied  { create } for  pid=3661 comm="syz.3.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   44.079246][   T29] audit: type=1400 audit(1756626373.048:436): avc:  denied  { map_create } for  pid=3666 comm="syz.2.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   44.184763][ T3673] loop2: detected capacity change from 0 to 512
[   44.197172][ T3673] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #3: comm syz.2.62: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0)
[   44.215473][ T3673] EXT4-fs error (device loop2): ext4_quota_enable:7131: comm syz.2.62: Bad quota inode: 3, type: 0
[   44.226707][ T3673] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   44.241792][ T3673] EXT4-fs (loop2): mount failed
[   44.316025][   T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   44.485242][ T3663] syz_tun: entered allmulticast mode
[   44.574875][   T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   44.635840][ T3690] loop1: detected capacity change from 0 to 512
[   44.668790][ T3661] syz_tun: left allmulticast mode
[   44.691438][ T3692] loop0: detected capacity change from 0 to 512
[   44.764329][ T3692] EXT4-fs: Ignoring removed mblk_io_submit option
[   44.785191][ T3690] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.798099][ T3690] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   44.870213][ T3692] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   44.892141][   T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   44.955278][ T3692] EXT4-fs (loop0): 1 truncate cleaned up
[   44.994321][ T3692] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.175460][   T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   45.836750][   T51] bridge_slave_1: left allmulticast mode
[   45.842523][   T51] bridge_slave_1: left promiscuous mode
[   45.848536][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.004822][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.014400][   T51] bridge_slave_0: left allmulticast mode
[   46.020058][   T51] bridge_slave_0: left promiscuous mode
[   46.025745][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.274855][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.297790][ T3732] FAULT_INJECTION: forcing a failure.
[   46.297790][ T3732] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   46.311095][ T3732] CPU: 0 UID: 0 PID: 3732 Comm: syz.0.74 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   46.311116][ T3732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   46.311126][ T3732] Call Trace:
[   46.311132][ T3732]  <TASK>
[   46.311138][ T3732]  __dump_stack+0x1d/0x30
[   46.311165][ T3732]  dump_stack_lvl+0xe8/0x140
[   46.311189][ T3732]  dump_stack+0x15/0x1b
[   46.311271][ T3732]  should_fail_ex+0x265/0x280
[   46.311300][ T3732]  should_fail+0xb/0x20
[   46.311341][ T3732]  should_fail_usercopy+0x1a/0x20
[   46.311408][ T3732]  strncpy_from_user+0x25/0x230
[   46.311430][ T3732]  ? __kmalloc_cache_noprof+0x189/0x320
[   46.311477][ T3732]  getname_flags+0x230/0x3b0
[   46.311499][ T3732]  __x64_sys_getxattr+0xfd/0x140
[   46.311530][ T3732]  x64_sys_call+0x2f41/0x2ff0
[   46.311607][ T3732]  do_syscall_64+0xd2/0x200
[   46.311629][ T3732]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   46.311647][ T3732]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   46.311734][ T3732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.311751][ T3732] RIP: 0033:0x7f81c43aebe9
[   46.311762][ T3732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   46.311775][ T3732] RSP: 002b:00007f81c2e17038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bf
[   46.311789][ T3732] RAX: ffffffffffffffda RBX: 00007f81c45e5fa0 RCX: 00007f81c43aebe9
[   46.311799][ T3732] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000003040
[   46.311808][ T3732] RBP: 00007f81c2e17090 R08: 0000000000000000 R09: 0000000000000000
[   46.311817][ T3732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   46.311858][ T3732] R13: 00007f81c45e6038 R14: 00007f81c45e5fa0 R15: 00007fff4f713218
[   46.311874][ T3732]  </TASK>
[   46.546208][ T3739] loop1: detected capacity change from 0 to 128
[   46.567396][ T3741] loop0: detected capacity change from 0 to 1024
[   46.574532][ T3741] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[   46.626730][ T3742] syz.1.76: attempt to access beyond end of device
[   46.626730][ T3742] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128
[   46.640356][ T3741] loop0: detected capacity change from 0 to 1024
[   46.640372][ T3742] syz.1.76: attempt to access beyond end of device
[   46.640372][ T3742] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128
[   46.647550][ T3741] EXT4-fs: Ignoring removed bh option
[   46.665733][ T3742] syz.1.76: attempt to access beyond end of device
[   46.665733][ T3742] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128
[   46.679302][ T3741] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   46.679771][ T3742] syz.1.76: attempt to access beyond end of device
[   46.679771][ T3742] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128
[   46.703847][ T3741] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840e118, mo2=0000]
[   46.707662][ T3742] syz.1.76: attempt to access beyond end of device
[   46.707662][ T3742] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128
[   46.712295][ T3741] System zones: 0-1, 3-12
[   46.730328][ T3742] syz.1.76: attempt to access beyond end of device
[   46.730328][ T3742] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128
[   46.734200][ T3741] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #3: block 1: comm syz.0.77: lblock 1 mapped to illegal pblock 1 (length 1)
[   46.743865][ T3742] syz.1.76: attempt to access beyond end of device
[   46.743865][ T3742] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128
[   46.762991][ T3741] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.77: Failed to acquire dquot type 0
[   46.770936][ T3742] syz.1.76: attempt to access beyond end of device
[   46.770936][ T3742] loop1: rw=2049, sector=265, nr_sectors = 8 limit=128
[   46.782563][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   46.803833][ T3742] syz.1.76: attempt to access beyond end of device
[   46.803833][ T3742] loop1: rw=2049, sector=281, nr_sectors = 8 limit=128
[   46.817982][ T3742] syz.1.76: attempt to access beyond end of device
[   46.817982][ T3742] loop1: rw=2049, sector=297, nr_sectors = 8 limit=128
[   46.818074][ T3741] EXT4-fs error (device loop0): ext4_free_blocks:6696: comm syz.0.77: Freeing blocks not in datazone - block = 0, count = 4096
[   46.845936][ T3741] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.77: Invalid inode bitmap blk 0 in block_group 0
[   46.858604][ T3741] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[   46.867607][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   46.868714][ T3741] EXT4-fs (loop0): 1 orphan inode deleted
[   46.882561][ T3741] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.893110][ T3739] netlink: 8 bytes leftover after parsing attributes in process `syz.1.76'.
[   46.905063][   T51] bond0 (unregistering): Released all slaves
[   46.914912][ T3693] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[   46.930078][ T3693] EXT4-fs error (device loop0): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 0
[   47.025496][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.027859][ T3656] chnl_net:caif_netlink_parms(): no params data found
[   47.050092][ T3757] process 'syz.3.80' launched './file0' with NULL argv: empty string added
[   47.122028][    C0] hrtimer: interrupt took 37627 ns
[   47.246224][ T3774] loop2: detected capacity change from 0 to 2048
[   47.279620][ T3774] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.343433][ T3781] loop0: detected capacity change from 0 to 1024
[   47.395773][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.419859][ T3781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.435777][ T3781] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.471814][ T3781] usb usb1: check_ctrlrecip: process 3781 (+}[@) requesting ep 01 but needs 81
[   47.481372][ T3781] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   47.497857][ T3781] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   47.517130][ T3781] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   47.529786][ T3781] EXT4-fs (loop0): This should not happen!! Data will be lost
[   47.529786][ T3781] 
[   47.574017][   T51] hsr_slave_0: left promiscuous mode
[   47.595242][ T3797] netlink: 'syz.2.89': attribute type 21 has an invalid length.
[   47.602937][ T3797] netlink: 'syz.2.89': attribute type 4 has an invalid length.
[   47.613963][   T51] hsr_slave_1: left promiscuous mode
[   47.619797][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   47.627360][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[   47.674407][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   47.681834][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[   47.695000][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.744174][   T51] veth1_macvtap: left promiscuous mode
[   47.749830][   T51] veth0_macvtap: left promiscuous mode
[   47.757048][   T51] veth1_vlan: left promiscuous mode
[   47.762343][   T51] veth0_vlan: left promiscuous mode
[   48.104213][   T51] team0 (unregistering): Port device team_slave_1 removed
[   48.158905][   T51] team0 (unregistering): Port device team_slave_0 removed
[   48.279332][ T3656] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.286488][ T3656] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.297278][ T3656] bridge_slave_0: entered allmulticast mode
[   48.305531][ T3656] bridge_slave_0: entered promiscuous mode
[   48.326534][ T3656] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.333626][ T3656] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.340957][ T3656] bridge_slave_1: entered allmulticast mode
[   48.348672][ T3656] bridge_slave_1: entered promiscuous mode
[   48.405113][ T3807] netlink: 'syz.1.92': attribute type 21 has an invalid length.
[   48.413363][ T3807] netlink: 8 bytes leftover after parsing attributes in process `syz.1.92'.
[   48.422197][ T3807] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (40192)
[   48.470512][ T3801] infiniband syz1: set active
[   48.475368][ T3801] infiniband syz1: added syz_tun
[   48.570237][ T3801] RDS/IB: syz1: added
[   48.577814][ T3801] smc: adding ib device syz1 with port count 1
[   48.584364][ T3801] smc:    ib device syz1 port 1 has pnetid 
[   48.594388][ T3802] net_ratelimit: 3320 callbacks suppressed
[   48.594403][ T3802] Set syz1 is full, maxelem 65536 reached
[   48.617042][ T3656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.656292][ T3656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.775747][   T29] kauditd_printk_skb: 249 callbacks suppressed
[   48.775765][   T29] audit: type=1400 audit(1756626377.788:683): avc:  denied  { bind } for  pid=3831 comm="syz.3.95" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   48.812382][   T29] audit: type=1400 audit(1756626377.818:684): avc:  denied  { read } for  pid=3831 comm="syz.3.95" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   48.852699][   T29] audit: type=1400 audit(1756626377.858:685): avc:  denied  { audit_read } for  pid=3835 comm="syz.2.97" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   48.884259][ T3836] program syz.2.97 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   48.893548][ T3836] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   48.903954][   T29] audit: type=1400 audit(1756626377.858:686): avc:  denied  { read write } for  pid=3835 comm="syz.2.97" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   48.928950][ T3832] netlink: 'syz.3.95': attribute type 322 has an invalid length.
[   48.937652][ T3656] team0: Port device team_slave_0 added
[   48.958334][ T3832] netlink: 2947 bytes leftover after parsing attributes in process `syz.3.95'.
[   48.964124][ T3656] team0: Port device team_slave_1 added
[   48.995041][   T29] audit: type=1400 audit(1756626377.858:687): avc:  denied  { open } for  pid=3835 comm="syz.2.97" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   49.019123][   T29] audit: type=1400 audit(1756626377.898:689): avc:  denied  { setopt } for  pid=3831 comm="syz.3.95" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   49.039514][   T29] audit: type=1400 audit(1756626377.888:688): avc:  denied  { ioctl } for  pid=3835 comm="syz.2.97" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   49.064514][   T29] audit: type=1400 audit(1756626377.898:690): avc:  denied  { setopt } for  pid=3831 comm="syz.3.95" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   49.141157][   T29] audit: type=1400 audit(1756626377.958:691): avc:  denied  { ioctl } for  pid=3831 comm="syz.3.95" path="socket:[6165]" dev="sockfs" ino=6165 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   49.165927][   T29] audit: type=1400 audit(1756626377.968:692): avc:  denied  { read } for  pid=3831 comm="syz.3.95" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   49.193298][ T3848] FAULT_INJECTION: forcing a failure.
[   49.193298][ T3848] name failslab, interval 1, probability 0, space 0, times 0
[   49.205999][ T3848] CPU: 1 UID: 0 PID: 3848 Comm: syz.2.99 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.206090][ T3848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   49.206106][ T3848] Call Trace:
[   49.206115][ T3848]  <TASK>
[   49.206125][ T3848]  __dump_stack+0x1d/0x30
[   49.206148][ T3848]  dump_stack_lvl+0xe8/0x140
[   49.206166][ T3848]  dump_stack+0x15/0x1b
[   49.206253][ T3848]  should_fail_ex+0x265/0x280
[   49.206279][ T3848]  ? serio_queue_event+0xcd/0x240
[   49.206393][ T3848]  should_failslab+0x8c/0xb0
[   49.206490][ T3848]  __kmalloc_cache_noprof+0x4c/0x320
[   49.206685][ T3848]  serio_queue_event+0xcd/0x240
[   49.206731][ T3848]  __serio_register_port+0x1b8/0x1d0
[   49.206782][ T3848]  serport_ldisc_read+0x1d6/0x300
[   49.206861][ T3848]  ? terminate_walk+0x27f/0x2a0
[   49.207031][ T3848]  tty_read+0x154/0x4a0
[   49.207060][ T3848]  ? __import_iovec+0x428/0x540
[   49.207095][ T3848]  do_iter_readv_writev+0x499/0x540
[   49.207149][ T3848]  vfs_readv+0x1ea/0x690
[   49.207296][ T3848]  do_readv+0xe7/0x210
[   49.207328][ T3848]  __x64_sys_readv+0x45/0x50
[   49.207386][ T3848]  x64_sys_call+0x29f8/0x2ff0
[   49.207412][ T3848]  do_syscall_64+0xd2/0x200
[   49.207446][ T3848]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.207473][ T3848]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.207505][ T3848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.207528][ T3848] RIP: 0033:0x7f52d2c2ebe9
[   49.207543][ T3848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.207559][ T3848] RSP: 002b:00007f52d1697038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[   49.207634][ T3848] RAX: ffffffffffffffda RBX: 00007f52d2e65fa0 RCX: 00007f52d2c2ebe9
[   49.207646][ T3848] RDX: 0000000000000001 RSI: 0000200000000600 RDI: 0000000000000006
[   49.207658][ T3848] RBP: 00007f52d1697090 R08: 0000000000000000 R09: 0000000000000000
[   49.207669][ T3848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.207681][ T3848] R13: 00007f52d2e66038 R14: 00007f52d2e65fa0 R15: 00007ffcb022b278
[   49.207704][ T3848]  </TASK>
[   49.207713][ T3848] serio: Not enough memory to queue event 3
[   49.421595][ T3848] serio: Serial port ttyS3
[   49.465001][ T3656] batman_adv: batadv0: Adding interface: batadv_slave_0
[   49.471978][ T3656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.497965][ T3656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   49.516903][ T3866] loop2: detected capacity change from 0 to 256
[   49.664831][ T3656] batman_adv: batadv0: Adding interface: batadv_slave_1
[   49.671903][ T3656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.698155][ T3656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.864429][ T3889] loop1: detected capacity change from 0 to 512
[   49.882770][ T3890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.107'.
[   49.957138][ T3889] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.970003][ T3889] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   49.990384][ T3895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.107'.
[   50.090275][ T3896] loop0: detected capacity change from 0 to 1024
[   50.109669][ T3896] EXT4-fs: Ignoring removed orlov option
[   50.146521][ T3896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.496625][ T3656] hsr_slave_0: entered promiscuous mode
[   50.548175][ T3656] hsr_slave_1: entered promiscuous mode
[   50.665535][ T3656] debugfs: 'hsr0' already exists in 'hsr'
[   50.671440][ T3656] Cannot create hsr debugfs directory
[   50.920572][ T3905] loop2: detected capacity change from 0 to 512
[   50.989503][ T3905] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.112: bg 0: block 5: invalid block bitmap
[   51.075068][ T3905] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   51.124992][ T3905] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.112: invalid indirect mapped block 3 (level 2)
[   51.178992][ T3912] netlink: 'syz.3.114': attribute type 21 has an invalid length.
[   51.187602][ T3905] EXT4-fs (loop2): 1 orphan inode deleted
[   51.193351][ T3905] EXT4-fs (loop2): 1 truncate cleaned up
[   51.202024][ T3905] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.217351][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.258887][ T3912] netlink: 132 bytes leftover after parsing attributes in process `syz.3.114'.
[   51.323534][ T3914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.116'.
[   51.335753][ T3656] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   51.386133][ T3914] netlink: 96 bytes leftover after parsing attributes in process `syz.3.116'.
[   51.396869][ T3656] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   51.426606][ T3905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.437905][ T3656] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   51.445407][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.455763][ T3919] FAULT_INJECTION: forcing a failure.
[   51.455763][ T3919] name failslab, interval 1, probability 0, space 0, times 0
[   51.468569][ T3919] CPU: 0 UID: 0 PID: 3919 Comm: syz.3.118 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   51.468598][ T3919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   51.468611][ T3919] Call Trace:
[   51.468618][ T3919]  <TASK>
[   51.468627][ T3919]  __dump_stack+0x1d/0x30
[   51.468692][ T3919]  dump_stack_lvl+0xe8/0x140
[   51.468717][ T3919]  dump_stack+0x15/0x1b
[   51.468738][ T3919]  should_fail_ex+0x265/0x280
[   51.468821][ T3919]  should_failslab+0x8c/0xb0
[   51.468848][ T3919]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   51.468888][ T3919]  ? kernfs_node_dentry+0x1c5/0x350
[   51.468914][ T3919]  ? __pfx_kernfs_test_super+0x10/0x10
[   51.468966][ T3919]  kstrdup+0x3e/0xd0
[   51.468998][ T3919]  kernfs_node_dentry+0x1c5/0x350
[   51.469097][ T3919]  cgroup_do_get_tree+0x1ee/0x330
[   51.469140][ T3919]  cgroup_get_tree+0xd7/0x280
[   51.469251][ T3919]  vfs_get_tree+0x54/0x1d0
[   51.469281][ T3919]  vfs_cmd_create+0x8a/0x140
[   51.469313][ T3919]  vfs_fsconfig_locked+0x6f/0x210
[   51.469470][ T3919]  __se_sys_fsconfig+0x648/0x770
[   51.469506][ T3919]  __x64_sys_fsconfig+0x67/0x80
[   51.469539][ T3919]  x64_sys_call+0x1f83/0x2ff0
[   51.469567][ T3919]  do_syscall_64+0xd2/0x200
[   51.469652][ T3919]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   51.469689][ T3919]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   51.469723][ T3919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.469754][ T3919] RIP: 0033:0x7f1e4b2bebe9
[   51.469772][ T3919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.469845][ T3919] RSP: 002b:00007f1e49d27038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[   51.469869][ T3919] RAX: ffffffffffffffda RBX: 00007f1e4b4f5fa0 RCX: 00007f1e4b2bebe9
[   51.469885][ T3919] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[   51.469900][ T3919] RBP: 00007f1e49d27090 R08: 0000000000000000 R09: 0000000000000000
[   51.469915][ T3919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.469931][ T3919] R13: 00007f1e4b4f6038 R14: 00007f1e4b4f5fa0 R15: 00007ffd70780fb8
[   51.470016][ T3919]  </TASK>
[   51.684742][ T3656] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   51.709121][ T3917] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   51.830140][ T3656] 8021q: adding VLAN 0 to HW filter on device bond0
[   51.843154][ T3656] 8021q: adding VLAN 0 to HW filter on device team0
[   51.853394][  T409] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.860505][  T409] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.887393][ T3656] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   51.897904][ T3656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   51.913753][  T409] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.920861][  T409] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.941833][ T3939] lo speed is unknown, defaulting to 1000
[   51.951287][ T3939] lo speed is unknown, defaulting to 1000
[   51.957588][ T3939] lo speed is unknown, defaulting to 1000
[   51.966359][ T3939] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   51.976117][ T3939] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   51.994711][ T3936] netlink: 20 bytes leftover after parsing attributes in process `syz.3.121'.
[   52.050667][ T3939] lo speed is unknown, defaulting to 1000
[   52.073978][ T3939] lo speed is unknown, defaulting to 1000
[   52.096608][ T3939] lo speed is unknown, defaulting to 1000
[   52.142726][ T3939] lo speed is unknown, defaulting to 1000
[   52.163744][ T3939] lo speed is unknown, defaulting to 1000
[   52.174025][ T3656] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.314059][ T3957] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   52.402956][ T3972] loop0: detected capacity change from 0 to 512
[   52.480787][ T3972] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.493573][ T3972] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   52.809312][ T3978] loop1: detected capacity change from 0 to 512
[   52.868751][ T3978] EXT4-fs: Ignoring removed mblk_io_submit option
[   52.933721][ T3986] netlink: 60 bytes leftover after parsing attributes in process `syz.2.131'.
[   52.943663][ T3986] netlink: 60 bytes leftover after parsing attributes in process `syz.2.131'.
[   52.960348][ T3978] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   53.000977][ T3978] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e002c018, mo2=0002]
[   53.047876][ T3978] System zones: 1-12
[   53.097443][ T3978] EXT4-fs (loop1): 1 truncate cleaned up
[   53.163576][ T3992] loop2: detected capacity change from 0 to 764
[   53.174176][ T3978] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.206400][ T3995] tipc: Started in network mode
[   53.211382][ T3995] tipc: Node identity d6fdd78f10da, cluster identity 4711
[   53.218802][ T3995] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   53.267103][ T3978] syz.1.129 uses obsolete (PF_INET,SOCK_PACKET)
[   53.411436][ T3995] tipc: Disabling bearer <eth:syzkaller0>
[   53.465167][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.502418][ T3967] loop3: detected capacity change from 0 to 2048
[   53.709465][ T3656] veth0_vlan: entered promiscuous mode
[   53.720094][ T3656] veth1_vlan: entered promiscuous mode
[   53.742013][ T3656] veth0_macvtap: entered promiscuous mode
[   53.756720][ T3656] veth1_macvtap: entered promiscuous mode
[   53.793282][ T3656] batman_adv: batadv0: Interface activated: batadv_slave_0
[   53.838856][ T4024] loop2: detected capacity change from 0 to 1024
[   53.846856][ T3656] batman_adv: batadv0: Interface activated: batadv_slave_1
[   53.878676][   T37] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   53.892332][ T4024] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.935585][ T4024] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.967164][ T4024] usb usb1: check_ctrlrecip: process 4024 (+}[@) requesting ep 01 but needs 81
[   53.986698][   T37] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.003040][ T4024] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   54.008297][ T3967]  loop3: p1 < > p4
[   54.025972][ T4024] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   54.040364][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.049750][ T3967] loop3: p4 size 8388608 extends beyond EOD, truncated
[   54.059049][   T29] kauditd_printk_skb: 52 callbacks suppressed
[   54.059063][   T29] audit: type=1400 audit(1756626383.068:743): avc:  denied  { mounton } for  pid=3656 comm="syz-executor" path="/root/syzkaller.RsDEUO/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   54.111255][ T4024] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   54.111276][ T2994]  loop3: p1 < > p4
[   54.123676][ T4024] EXT4-fs (loop2): This should not happen!! Data will be lost
[   54.123676][ T4024] 
[   54.137538][   T37] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.144200][ T4032] loop0: detected capacity change from 0 to 1024
[   54.153524][ T4032] EXT4-fs: Ignoring removed orlov option
[   54.168851][   T29] audit: type=1400 audit(1756626383.068:744): avc:  denied  { read append } for  pid=3966 comm="syz.3.128" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   54.169205][   T37] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.192422][   T29] audit: type=1400 audit(1756626383.068:745): avc:  denied  { open } for  pid=3966 comm="syz.3.128" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   54.205902][ T4032] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.224434][   T29] audit: type=1400 audit(1756626383.098:746): avc:  denied  { mount } for  pid=3656 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   54.258963][   T29] audit: type=1400 audit(1756626383.108:747): avc:  denied  { mount } for  pid=3656 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   54.280835][   T29] audit: type=1400 audit(1756626383.108:748): avc:  denied  { mounton } for  pid=3656 comm="syz-executor" path="/root/syzkaller.RsDEUO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   54.307617][   T29] audit: type=1400 audit(1756626383.108:749): avc:  denied  { mounton } for  pid=3656 comm="syz-executor" path="/root/syzkaller.RsDEUO/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   54.320604][ T2994] loop3: p4 size 8388608 extends beyond EOD, truncated
[   54.335128][   T29] audit: type=1400 audit(1756626383.158:750): avc:  denied  { mounton } for  pid=3656 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   54.364787][   T29] audit: type=1400 audit(1756626383.158:751): avc:  denied  { mount } for  pid=3656 comm="syz-executor" name="/" dev="gadgetfs" ino=4689 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   54.455274][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.520425][   T29] audit: type=1400 audit(1756626383.528:752): avc:  denied  { bind } for  pid=4041 comm="syz.2.136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   54.599383][ T4046] loop3: detected capacity change from 0 to 512
[   54.615123][ T4046] EXT4-fs (loop3): bad geometry: block count 204800 exceeds size of device (64 blocks)
[   54.634203][ T4048] veth1_to_bond: entered allmulticast mode
[   54.645352][ T4048] veth1_to_bond: left allmulticast mode
[   54.689806][ T4051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'.
[   54.730418][ T4051] serio: Serial port ttyS3
[   54.805278][ T4062] FAULT_INJECTION: forcing a failure.
[   54.805278][ T4062] name failslab, interval 1, probability 0, space 0, times 0
[   54.818086][ T4062] CPU: 0 UID: 0 PID: 4062 Comm: syz.5.145 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.818192][ T4062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.818202][ T4062] Call Trace:
[   54.818207][ T4062]  <TASK>
[   54.818213][ T4062]  __dump_stack+0x1d/0x30
[   54.818231][ T4062]  dump_stack_lvl+0xe8/0x140
[   54.818247][ T4062]  dump_stack+0x15/0x1b
[   54.818327][ T4062]  should_fail_ex+0x265/0x280
[   54.818352][ T4062]  should_failslab+0x8c/0xb0
[   54.818381][ T4062]  __kmalloc_noprof+0xa5/0x3e0
[   54.818453][ T4062]  ? memcg_list_lru_alloc+0x195/0x490
[   54.818474][ T4062]  memcg_list_lru_alloc+0x195/0x490
[   54.818498][ T4062]  __memcg_slab_post_alloc_hook+0x1a7/0x580
[   54.818532][ T4062]  kmem_cache_alloc_lru_noprof+0x229/0x310
[   54.818620][ T4062]  ? shmem_alloc_inode+0x34/0x50
[   54.818644][ T4062]  ? __pfx_shmem_alloc_inode+0x10/0x10
[   54.818671][ T4062]  shmem_alloc_inode+0x34/0x50
[   54.818697][ T4062]  alloc_inode+0x40/0x170
[   54.818726][ T4062]  new_inode+0x1d/0xe0
[   54.818755][ T4062]  shmem_get_inode+0x244/0x750
[   54.818809][ T4062]  __shmem_file_setup+0x113/0x210
[   54.818852][ T4062]  shmem_file_setup+0x3b/0x50
[   54.818922][ T4062]  __se_sys_memfd_create+0x2c3/0x590
[   54.818949][ T4062]  __x64_sys_memfd_create+0x31/0x40
[   54.818996][ T4062]  x64_sys_call+0x2abe/0x2ff0
[   54.819020][ T4062]  do_syscall_64+0xd2/0x200
[   54.819060][ T4062]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.819151][ T4062]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.819242][ T4062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.819260][ T4062] RIP: 0033:0x7f58db36ebe9
[   54.819273][ T4062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.819287][ T4062] RSP: 002b:00007f58d9dcee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   54.819375][ T4062] RAX: ffffffffffffffda RBX: 000000000000059d RCX: 00007f58db36ebe9
[   54.819385][ T4062] RDX: 00007f58d9dceef0 RSI: 0000000000000000 RDI: 00007f58db3f27e8
[   54.819395][ T4062] RBP: 0000200000001100 R08: 00007f58d9dcebb7 R09: 00007f58d9dcee40
[   54.819437][ T4062] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000002c0
[   54.819447][ T4062] R13: 00007f58d9dceef0 R14: 00007f58d9dceeb0 R15: 0000200000000600
[   54.819462][ T4062]  </TASK>
[   54.845573][ T4061] FAULT_INJECTION: forcing a failure.
[   54.845573][ T4061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.895247][ T4065] loop5: detected capacity change from 0 to 1024
[   54.900363][ T4061] CPU: 1 UID: 0 PID: 4061 Comm: syz.2.146 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.900457][ T4061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.900472][ T4061] Call Trace:
[   54.900481][ T4061]  <TASK>
[   54.900491][ T4061]  __dump_stack+0x1d/0x30
[   54.900519][ T4061]  dump_stack_lvl+0xe8/0x140
[   54.900545][ T4061]  dump_stack+0x15/0x1b
[   54.900568][ T4061]  should_fail_ex+0x265/0x280
[   54.900603][ T4061]  should_fail+0xb/0x20
[   54.900626][ T4061]  should_fail_usercopy+0x1a/0x20
[   54.900662][ T4061]  _copy_from_user+0x1c/0xb0
[   54.900702][ T4061]  memdup_user+0x5e/0xd0
[   54.900737][ T4061]  sctp_getsockopt_connectx3+0x173/0x300
[   54.900827][ T4061]  sctp_getsockopt+0x910/0xaa0
[   54.900966][ T4061]  sock_common_getsockopt+0x5d/0x70
[   54.901006][ T4061]  ? __pfx_sock_common_getsockopt+0x10/0x10
[   54.901078][ T4061]  do_sock_getsockopt+0x1fd/0x240
[   54.901110][ T4061]  __x64_sys_getsockopt+0x11e/0x1a0
[   54.901145][ T4061]  x64_sys_call+0x2bc6/0x2ff0
[   54.901216][ T4061]  do_syscall_64+0xd2/0x200
[   54.901256][ T4061]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.901307][ T4061]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.901344][ T4061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.901395][ T4061] RIP: 0033:0x7f52d2c2ebe9
[   54.901415][ T4061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.901433][ T4061] RSP: 002b:00007f52d1697038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   54.901450][ T4061] RAX: ffffffffffffffda RBX: 00007f52d2e65fa0 RCX: 00007f52d2c2ebe9
[   54.901462][ T4061] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003
[   54.901548][ T4061] RBP: 00007f52d1697090 R08: 0000200000000140 R09: 0000000000000000
[   54.901564][ T4061] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[   54.901580][ T4061] R13: 00007f52d2e66038 R14: 00007f52d2e65fa0 R15: 00007ffcb022b278
[   54.901603][ T4061]  </TASK>
[   55.270880][ T4066] loop3: detected capacity change from 0 to 512
[   55.445380][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.490973][ T4066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.503717][ T4066] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   55.886178][ T4065] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   55.926023][ T4065] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.962561][ T4081] loop0: detected capacity change from 0 to 164
[   55.970463][ T4065] usb usb1: check_ctrlrecip: process 4065 (+}[@) requesting ep 01 but needs 81
[   56.008991][ T4081] rock: directory entry would overflow storage
[   56.015231][ T4081] rock: sig=0x66, size=4, remaining=3
[   56.024731][ T4083] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: block 1: comm syz.5.147: lblock 1 mapped to illegal pblock 1 (length 15)
[   56.042682][ T4065] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   56.057153][ T4084] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   56.091708][ T4081] rock: directory entry would overflow storage
[   56.098003][ T4081] rock: sig=0x66, size=4, remaining=3
[   56.136853][ T4086] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[   56.143447][ T4086] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   56.151110][ T4086] vhci_hcd vhci_hcd.0: Device attached
[   56.161095][ T4089] netlink: 24 bytes leftover after parsing attributes in process `syz.0.148'.
[   56.191648][ T4083] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   56.204125][ T4083] EXT4-fs (loop5): This should not happen!! Data will be lost
[   56.204125][ T4083] 
[   56.228639][ T4081] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4081 comm=syz.0.148
[   56.372914][ T4082] lo speed is unknown, defaulting to 1000
[   56.393966][ T3414] usb 5-1: new high-speed USB device number 2 using vhci_hcd
[   56.415177][ T3656] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.590485][ T4087] vhci_hcd: connection reset by peer
[   56.596237][   T31] vhci_hcd: stop threads
[   56.600514][   T31] vhci_hcd: release socket
[   56.605051][   T31] vhci_hcd: disconnect device
[   56.626299][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.686943][ T4094] netlink: 4 bytes leftover after parsing attributes in process `syz.3.151'.
[   56.697266][ T4094] netlink: 4 bytes leftover after parsing attributes in process `syz.3.151'.
[   56.820653][ T4099] loop3: detected capacity change from 0 to 1024
[   56.831184][ T4099] EXT4-fs: Ignoring removed orlov option
[   56.837070][ T4099] EXT4-fs: Ignoring removed nomblk_io_submit option
[   56.856921][ T4099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.944932][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.136073][ T4111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.156'.
[   57.151506][ T4104] loop3: detected capacity change from 0 to 1024
[   57.154760][ T4111] FAULT_INJECTION: forcing a failure.
[   57.154760][ T4111] name failslab, interval 1, probability 0, space 0, times 0
[   57.170726][ T4111] CPU: 0 UID: 0 PID: 4111 Comm: syz.2.156 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   57.170757][ T4111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   57.170816][ T4111] Call Trace:
[   57.170829][ T4111]  <TASK>
[   57.170835][ T4111]  __dump_stack+0x1d/0x30
[   57.170855][ T4111]  dump_stack_lvl+0xe8/0x140
[   57.170876][ T4111]  dump_stack+0x15/0x1b
[   57.170943][ T4111]  should_fail_ex+0x265/0x280
[   57.170969][ T4111]  should_failslab+0x8c/0xb0
[   57.170999][ T4111]  kmem_cache_alloc_node_noprof+0x57/0x320
[   57.171036][ T4111]  ? __alloc_skb+0x101/0x320
[   57.171102][ T4111]  __alloc_skb+0x101/0x320
[   57.171125][ T4111]  netlink_alloc_large_skb+0xba/0xf0
[   57.171168][ T4111]  netlink_sendmsg+0x3cf/0x6b0
[   57.171262][ T4111]  ? __pfx_netlink_sendmsg+0x10/0x10
[   57.171289][ T4111]  __sock_sendmsg+0x145/0x180
[   57.171383][ T4111]  ____sys_sendmsg+0x31e/0x4e0
[   57.171413][ T4111]  ___sys_sendmsg+0x17b/0x1d0
[   57.171514][ T4111]  __x64_sys_sendmsg+0xd4/0x160
[   57.171541][ T4111]  x64_sys_call+0x191e/0x2ff0
[   57.171561][ T4111]  do_syscall_64+0xd2/0x200
[   57.171656][ T4111]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   57.171681][ T4111]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   57.171714][ T4111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.171741][ T4111] RIP: 0033:0x7f52d2c2ebe9
[   57.171759][ T4111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.171837][ T4111] RSP: 002b:00007f52d1697038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.171861][ T4111] RAX: ffffffffffffffda RBX: 00007f52d2e65fa0 RCX: 00007f52d2c2ebe9
[   57.171875][ T4111] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000006
[   57.171900][ T4111] RBP: 00007f52d1697090 R08: 0000000000000000 R09: 0000000000000000
[   57.171913][ T4111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.171927][ T4111] R13: 00007f52d2e66038 R14: 00007f52d2e65fa0 R15: 00007ffcb022b278
[   57.171963][ T4111]  </TASK>
[   57.176403][ T4104] EXT4-fs: Ignoring removed nomblk_io_submit option
[   57.281005][ T4108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.155'.
[   57.284242][ T4104] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[   57.399703][ T4104] System zones: 0-1, 3-36
[   57.406386][ T4104] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.424965][ T4104] capability: warning: `syz.3.153' uses deprecated v2 capabilities in a way that may be insecure
[   57.514992][ T4121] loop2: detected capacity change from 0 to 512
[   57.596519][ T4121] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.609348][ T4121] ext4 filesystem being mounted at /42/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   57.640224][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.942666][ T4116] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[   59.138627][ T4127] loop0: detected capacity change from 0 to 512
[   59.179382][   T29] kauditd_printk_skb: 45 callbacks suppressed
[   59.179399][   T29] audit: type=1326 audit(1756626388.188:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.220679][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.243075][ T4127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   59.256020][ T4127] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   59.607255][ T4132] loop3: detected capacity change from 0 to 2048
[   59.623864][   T29] audit: type=1326 audit(1756626388.218:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.647196][   T29] audit: type=1326 audit(1756626388.218:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.670488][   T29] audit: type=1326 audit(1756626388.218:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.693767][   T29] audit: type=1326 audit(1756626388.218:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm=ACED exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.716372][   T29] audit: type=1326 audit(1756626388.218:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm=ACED exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.739131][   T29] audit: type=1326 audit(1756626388.218:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm=ACED exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.761830][   T29] audit: type=1326 audit(1756626388.218:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm=ACED exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.784494][   T29] audit: type=1326 audit(1756626388.218:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm=ACED exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.807253][   T29] audit: type=1326 audit(1756626388.218:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4130 comm=ACED exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   59.979245][ T3501]  loop3: p2 p3 p7
[   60.146861][ T4139] loop5: detected capacity change from 0 to 512
[   60.187876][ T4139] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   60.303200][ T4139] EXT4-fs (loop5): 1 orphan inode deleted
[   60.310146][ T4139] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   60.353996][   T31] EXT4-fs error (device loop5): ext4_release_dquot:6973: comm kworker/u8:1: Failed to release dquot type 1
[   60.374237][ T4139] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.457570][ T4143] loop2: detected capacity change from 0 to 1024
[   60.470094][ T4139] vhci_hcd: invalid port number 96
[   60.475317][ T4139] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[   60.529437][ T4143] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.576699][ T4143] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.656973][ T4143] usb usb1: check_ctrlrecip: process 4143 (+}[@) requesting ep 01 but needs 81
[   60.696494][ T4143] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   60.728078][ T4146] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm syz.2.161: lblock 1 mapped to illegal pblock 1 (length 15)
[   60.792877][ T4146] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   60.805356][ T4146] EXT4-fs (loop2): This should not happen!! Data will be lost
[   60.805356][ T4146] 
[   60.885423][ T3501] udevd[3501]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   60.900991][ T3707] udevd[3707]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   60.912729][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[   60.926717][ T3311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   60.981699][ T4149] loop3: detected capacity change from 0 to 1024
[   61.008667][ T4149] EXT4-fs: Ignoring removed orlov option
[   61.019896][ T4149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.167121][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.359747][ T4170] tipc: Started in network mode
[   61.364812][ T4170] tipc: Node identity 62d354662087, cluster identity 4711
[   61.372023][ T4170] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.454902][ T4170] tipc: Disabling bearer <eth:syzkaller0>
[   61.461878][ T3656] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.485222][ T3414] vhci_hcd: vhci_device speed not set
[   61.618290][ T4181] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4181 comm=syz.5.168
[   61.631695][ T4181] netlink: 24 bytes leftover after parsing attributes in process `syz.5.168'.
[   61.632521][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.665054][ T4183] netlink: 'syz.0.170': attribute type 3 has an invalid length.
[   61.688032][ T4184] loop5: detected capacity change from 0 to 1024
[   61.711984][ T4184] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.168: Failed to acquire dquot type 0
[   61.729323][ T4186] loop1: detected capacity change from 0 to 1024
[   61.739071][ T4184] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   61.756538][ T4184] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #13: comm syz.5.168: corrupted inode contents
[   61.769393][ T4184] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #13: comm syz.5.168: mark_inode_dirty error
[   61.781464][ T4184] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #13: comm syz.5.168: corrupted inode contents
[   61.797333][ T4186] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   61.828132][ T4186] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.851242][ T4184] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #13: comm syz.5.168: mark_inode_dirty error
[   61.862937][ T4194] loop3: detected capacity change from 0 to 512
[   61.890262][ T4194] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.903010][ T4194] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   61.956326][ T4186] usb usb1: check_ctrlrecip: process 4186 (+}[@) requesting ep 01 but needs 81
[   62.001668][ T4198] loop2: detected capacity change from 0 to 128
[   62.010672][ T4186] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   62.021995][ T4199] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm syz.1.171: lblock 1 mapped to illegal pblock 1 (length 15)
[   62.049387][ T4198] ext4 filesystem being mounted at /46/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   62.103566][ T4199] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   62.115993][ T4199] EXT4-fs (loop1): This should not happen!! Data will be lost
[   62.115993][ T4199] 
[   62.245327][ T4184] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #13: comm syz.5.168: corrupted inode contents
[   62.289382][ T4184] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[   62.348289][ T4184] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #13: comm syz.5.168: corrupted inode contents
[   62.397109][ T4184] EXT4-fs error (device loop5): ext4_truncate:4666: inode #13: comm syz.5.168: mark_inode_dirty error
[   62.435476][ T4184] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[   62.469364][ T4184] EXT4-fs (loop5): 1 truncate cleaned up
[   62.746314][ T4209] loop0: detected capacity change from 0 to 1024
[   62.780297][ T4209] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.802809][ T4209] usb usb1: check_ctrlrecip: process 4209 (+}[@) requesting ep 01 but needs 81
[   62.855581][ T4221] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 1: comm syz.0.174: lblock 1 mapped to illegal pblock 1 (length 15)
[   62.875243][ T4209] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   62.912838][ T4221] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   62.925466][ T4221] EXT4-fs (loop0): This should not happen!! Data will be lost
[   62.925466][ T4221] 
[   63.570516][ T4259] netlink: 104 bytes leftover after parsing attributes in process `syz.2.181'.
[   63.643758][ T4234] loop0: detected capacity change from 0 to 2048
[   63.676212][ T4274] netlink: 'syz.5.183': attribute type 5 has an invalid length.
[   63.683969][ T4274] netlink: 'syz.5.183': attribute type 6 has an invalid length.
[   63.695832][ T4234]  loop0: p1 < > p4
[   63.701236][ T4234] loop0: p4 size 8388608 extends beyond EOD, truncated
[   63.714107][ T4276] loop3: detected capacity change from 0 to 512
[   63.746853][ T4276] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   63.774629][ T4276] EXT4-fs (loop3): orphan cleanup on readonly fs
[   63.818244][ T4276] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.185: Block bitmap for bg 0 marked uninitialized
[   63.857854][ T4285] 9pnet_fd: Insufficient options for proto=fd
[   63.866923][ T4282] loop1: detected capacity change from 0 to 1024
[   63.890159][ T4276] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   63.901338][ T4282] EXT4-fs: Ignoring removed orlov option
[   63.950495][ T4276] EXT4-fs (loop3): 1 orphan inode deleted
[   63.991273][ T4292] loop2: detected capacity change from 0 to 1024
[   64.039257][ T4292] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.115652][ T4301] loop0: detected capacity change from 0 to 1024
[   64.137182][ T4292] usb usb1: check_ctrlrecip: process 4292 (+}[@) requesting ep 01 but needs 81
[   64.147040][ T4301] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.157823][ T4292] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   64.179471][ T4292] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   64.184329][ T4301] usb usb1: check_ctrlrecip: process 4301 (+}[@) requesting ep 01 but needs 81
[   64.202307][ T4301] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   64.215512][ T4292] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   64.227932][ T4292] EXT4-fs (loop2): This should not happen!! Data will be lost
[   64.227932][ T4292] 
[   64.246974][ T4301] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   64.262675][ T4308] pim6reg: entered allmulticast mode
[   64.271215][ T4308] pim6reg: left allmulticast mode
[   64.278407][ T4301] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   64.280404][ T4305] netlink: 12 bytes leftover after parsing attributes in process `syz.5.192'.
[   64.290795][ T4301] EXT4-fs (loop0): This should not happen!! Data will be lost
[   64.290795][ T4301] 
[   64.339537][   T29] kauditd_printk_skb: 159 callbacks suppressed
[   64.339555][   T29] audit: type=1400 audit(1756626393.348:964): avc:  denied  { ioctl } for  pid=4304 comm="{/}\" path="socket:[6759]" dev="sockfs" ino=6759 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   64.377941][   T29] audit: type=1400 audit(1756626393.358:965): avc:  denied  { getopt } for  pid=4307 comm="syz.3.191" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   64.378867][   T51] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   64.428274][   T51] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   64.468202][  T409] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   64.490986][   T37] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   64.699100][   T29] audit: type=1400 audit(1756626393.708:966): avc:  denied  { create } for  pid=4338 comm="syz.0.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   64.832906][ T4343] netlink: 20 bytes leftover after parsing attributes in process `syz.2.200'.
[   64.843468][ T4343] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[   64.900223][ T4343] loop2: detected capacity change from 0 to 512
[   64.912563][ T4343] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   64.921071][ T4339] loop0: detected capacity change from 0 to 32768
[   65.060890][   T29] audit: type=1400 audit(1756626394.058:967): avc:  denied  { write } for  pid=4338 comm="syz.0.199" path="socket:[6797]" dev="sockfs" ino=6797 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   65.063925][ T4357] netlink: 24 bytes leftover after parsing attributes in process `syz.0.199'.
[   65.084099][   T29] audit: type=1326 audit(1756626394.068:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4338 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81c43aebe9 code=0x7ffc0000
[   65.084135][   T29] audit: type=1326 audit(1756626394.068:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4338 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81c43aebe9 code=0x7ffc0000
[   65.124298][ T3299]  loop0: p1 p3 < >
[   65.139468][   T29] audit: type=1326 audit(1756626394.068:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4338 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f81c43aebe9 code=0x7ffc0000
[   65.166434][   T29] audit: type=1326 audit(1756626394.068:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4338 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81c43aebe9 code=0x7ffc0000
[   65.189819][   T29] audit: type=1326 audit(1756626394.068:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4338 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81c43aebe9 code=0x7ffc0000
[   65.213180][   T29] audit: type=1326 audit(1756626394.068:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4338 comm="syz.0.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81c43aebe9 code=0x7ffc0000
[   65.291725][ T4339]  loop0: p1 p3 < >
[   65.532369][ T4373] netlink: 132 bytes leftover after parsing attributes in process `syz.3.204'.
[   65.604221][ T4381] netlink: 'syz.0.209': attribute type 1 has an invalid length.
[   65.769807][ T4391] netlink: 'syz.1.210': attribute type 13 has an invalid length.
[   65.777632][ T4391] netlink: 'syz.1.210': attribute type 14 has an invalid length.
[   65.905610][ T4397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   65.914346][ T4397] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   65.970032][ T4401] loop2: detected capacity change from 0 to 164
[   65.982171][ T4381] 8021q: adding VLAN 0 to HW filter on device bond1
[   66.001824][ T4390] ip6erspan0: entered promiscuous mode
[   66.018632][ T4390] bond1: (slave ip6erspan0): making interface the new active one
[   66.038915][ T4390] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[   66.052554][ T4392] macvlan2: entered promiscuous mode
[   66.060322][ T4392] bond1: entered promiscuous mode
[   66.065781][ T4392] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   66.073805][ T4392] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[   66.090148][ T4392] bond1: left promiscuous mode
[   66.097197][ T4408] loop5: detected capacity change from 0 to 256
[   66.107763][ T4408] netlink: 4 bytes leftover after parsing attributes in process `syz.5.216'.
[   66.278617][ T2994]  loop0: p1 p3 < >
[   66.360165][ T4420] pim6reg: entered allmulticast mode
[   66.369472][ T4420] pim6reg: left allmulticast mode
[   66.386366][ T2994]  loop0: p1 p3 < >
[   66.538298][ T4436] IPv6: Can't replace route, no match found
[   66.554977][ T4437] netlink: 202920 bytes leftover after parsing attributes in process `syz.5.224'.
[   66.618177][ T4437] loop5: detected capacity change from 0 to 8192
[   66.694568][ T4441] loop2: detected capacity change from 0 to 1024
[   66.705358][ T4441] EXT4-fs: Ignoring removed orlov option
[   66.804132][ T4446] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   67.024939][ T2994]  loop0: p1 p3 < >
[   67.095702][ T4456] netlink: 12 bytes leftover after parsing attributes in process `syz.0.233'.
[   67.225244][ T4465] loop5: detected capacity change from 0 to 1024
[   67.246835][ T4465] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.260778][ T4465] usb usb1: check_ctrlrecip: process 4465 (+}[@) requesting ep 01 but needs 81
[   67.270386][ T4465] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   67.281686][ T4465] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   67.298337][ T4465] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   67.310841][ T4465] EXT4-fs (loop5): This should not happen!! Data will be lost
[   67.310841][ T4465] 
[   67.486742][ T4471] loop2: detected capacity change from 0 to 256
[   67.513111][ T4471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.235'.
[   67.691698][ T4479] loop3: detected capacity change from 0 to 1024
[   67.716133][ T4479] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.731438][ T4479] usb usb1: check_ctrlrecip: process 4479 (+}[@) requesting ep 01 but needs 81
[   67.732638][ T2994]  loop0: p1 p3 < >
[   67.754515][ T4479] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   67.765668][ T4479] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 1: comm +}[@: lblock 1 mapped to illegal pblock 1 (length 15)
[   67.798762][ T4479] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   67.811266][ T4479] EXT4-fs (loop3): This should not happen!! Data will be lost
[   67.811266][ T4479] 
[   67.873553][ T4488] netlink: 12 bytes leftover after parsing attributes in process `syz.2.240'.
[   67.927513][ T4496] loop5: detected capacity change from 0 to 128
[   67.952269][ T2994]  loop0: p1 p3 < >
[   67.985828][ T4499] loop2: detected capacity change from 0 to 2048
[   68.034951][ T3299]  loop2: p3 p4 < >
[   68.044117][ T3299] loop2: p3 size 57344 extends beyond EOD, truncated
[   68.063693][ T4499]  loop2: p3 p4 < >
[   68.072261][ T4499] loop2: p3 size 57344 extends beyond EOD, truncated
[   68.092382][ T4494] syz.2.242 (4494) used greatest stack depth: 10176 bytes left
[   68.127478][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   68.140774][ T3501] udevd[3501]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   68.158687][ T4501] loop3: detected capacity change from 0 to 2048
[   68.220275][ T4513] loop1: detected capacity change from 0 to 512
[   68.264845][ T4513] ext4 filesystem being mounted at /41/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   68.304195][ T4513] netlink: 'syz.1.250': attribute type 13 has an invalid length.
[   68.355864][ T4526] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.250: iget: bad i_size value: 2533274857506816
[   68.369643][ T4526] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.250: iget: bad i_size value: 2533274857506816
[   68.382675][ T4526] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.250: iget: bad i_size value: 2533274857506816
[   68.396510][ T4526] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.250: iget: bad i_size value: 2533274857506816
[   68.396800][ T4526] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.250: iget: bad i_size value: 2533274857506816
[   68.489619][ T4513] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.496839][ T4513] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.881234][ T4513] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   68.895695][ T4513] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   68.900497][ T4532] loop5: detected capacity change from 0 to 512
[   68.911323][ T4532] EXT4-fs (loop5): bad geometry: block count 204800 exceeds size of device (64 blocks)
[   68.927421][ T4532] FAULT_INJECTION: forcing a failure.
[   68.927421][ T4532] name failslab, interval 1, probability 0, space 0, times 0
[   68.940123][ T4532] CPU: 0 UID: 0 PID: 4532 Comm: syz.5.256 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   68.940155][ T4532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   68.940169][ T4532] Call Trace:
[   68.940174][ T4532]  <TASK>
[   68.940181][ T4532]  __dump_stack+0x1d/0x30
[   68.940205][ T4532]  dump_stack_lvl+0xe8/0x140
[   68.940228][ T4532]  dump_stack+0x15/0x1b
[   68.940315][ T4532]  should_fail_ex+0x265/0x280
[   68.940339][ T4532]  ? __se_sys_mount+0xef/0x2e0
[   68.940367][ T4532]  should_failslab+0x8c/0xb0
[   68.940452][ T4532]  __kmalloc_cache_noprof+0x4c/0x320
[   68.940487][ T4532]  ? memdup_user+0x99/0xd0
[   68.940520][ T4532]  __se_sys_mount+0xef/0x2e0
[   68.940547][ T4532]  ? fput+0x8f/0xc0
[   68.940713][ T4532]  ? ksys_write+0x192/0x1a0
[   68.940738][ T4532]  __x64_sys_mount+0x67/0x80
[   68.940766][ T4532]  x64_sys_call+0x2b4d/0x2ff0
[   68.940792][ T4532]  do_syscall_64+0xd2/0x200
[   68.940902][ T4532]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   68.940939][ T4532]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   68.940972][ T4532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.940999][ T4532] RIP: 0033:0x7f58db36ebe9
[   68.941016][ T4532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.941034][ T4532] RSP: 002b:00007f58d9dcf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   68.941055][ T4532] RAX: ffffffffffffffda RBX: 00007f58db5a5fa0 RCX: 00007f58db36ebe9
[   68.941068][ T4532] RDX: 0000200000000100 RSI: 0000200000000500 RDI: 0000000000000000
[   68.941103][ T4532] RBP: 00007f58d9dcf090 R08: 0000200000000a40 R09: 0000000000000000
[   68.941114][ T4532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.941125][ T4532] R13: 00007f58db5a6038 R14: 00007f58db5a5fa0 R15: 00007ffc891d40b8
[   68.941228][ T4532]  </TASK>
[   69.150997][ T2994]  loop0: p1 p3 < >
[   69.231765][ T2994]  loop0: p1 p3 < >
[   69.562685][   T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.575696][   T29] kauditd_printk_skb: 284 callbacks suppressed
[   69.575714][   T29] audit: type=1400 audit(1756626398.588:1258): avc:  denied  { unmount } for  pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   69.608770][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.627499][ T3305] EXT4-fs unmount: 23 callbacks suppressed
[   69.627516][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.643412][   T29] audit: type=1400 audit(1756626398.648:1259): avc:  denied  { read } for  pid=4551 comm="syz.3.263" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   69.645527][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.666637][   T29] audit: type=1400 audit(1756626398.648:1260): avc:  denied  { open } for  pid=4551 comm="syz.3.263" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   69.703681][   T29] audit: type=1400 audit(1756626398.658:1261): avc:  denied  { create } for  pid=4549 comm="syz.2.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.724119][   T29] audit: type=1400 audit(1756626398.658:1262): avc:  denied  { bind } for  pid=4549 comm="syz.2.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.745721][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.776763][ T4550] unsupported nla_type 52263
[   69.782553][   T29] audit: type=1400 audit(1756626398.778:1263): avc:  denied  { create } for  pid=4549 comm="syz.2.260" anonclass=[secretmem] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   69.803972][   T29] audit: type=1400 audit(1756626398.788:1264): avc:  denied  { setattr } for  pid=4549 comm="syz.2.260" name="secretmem" dev="secretmem" ino=7064 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   69.834043][   T29] audit: type=1400 audit(1756626398.818:1265): avc:  denied  { setopt } for  pid=4549 comm="syz.2.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.854531][   T29] audit: type=1400 audit(1756626398.828:1266): avc:  denied  { write } for  pid=4549 comm="syz.2.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.874939][   T29] audit: type=1400 audit(1756626398.828:1267): avc:  denied  { read } for  pid=4549 comm="syz.2.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   69.919025][ T2994]  loop0: p1 p3 < >
[   69.924803][ T4561] pim6reg: entered allmulticast mode
[   69.937427][ T4556] __nla_validate_parse: 1 callbacks suppressed
[   69.937440][ T4556] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'.
[   69.943859][ T4562] loop5: detected capacity change from 0 to 2048
[   69.961899][ T4561] pim6reg: left allmulticast mode
[   69.975504][ T2994]  loop0: p1 p3 < >
[   70.010575][ T3299]  loop5: p1 < > p4
[   70.016141][ T3299] loop5: p4 size 8388608 extends beyond EOD, truncated
[   70.035677][ T4562]  loop5: p1 < > p4
[   70.047088][ T4572] syz.2.269 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   70.058304][ T4562] loop5: p4 size 8388608 extends beyond EOD, truncated
[   70.088039][  T409] smc: removing ib device syz1
[   70.135986][ T4567] netlink: 148 bytes leftover after parsing attributes in process `syz.3.268'.
[   70.145054][ T4567] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[   70.183284][ T3394] syz1: Port: 1 Link DOWN
[   70.235674][ T4584] netlink: 8 bytes leftover after parsing attributes in process `syz.2.272'.
[   70.244556][ T4584] netlink: 4 bytes leftover after parsing attributes in process `syz.2.272'.
[   70.477560][ T4599] FAULT_INJECTION: forcing a failure.
[   70.477560][ T4599] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   70.490706][ T4599] CPU: 1 UID: 0 PID: 4599 Comm: syz.1.277 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.490815][ T4599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   70.490855][ T4599] Call Trace:
[   70.490861][ T4599]  <TASK>
[   70.490868][ T4599]  __dump_stack+0x1d/0x30
[   70.490892][ T4599]  dump_stack_lvl+0xe8/0x140
[   70.490916][ T4599]  dump_stack+0x15/0x1b
[   70.490935][ T4599]  should_fail_ex+0x265/0x280
[   70.491017][ T4599]  should_fail+0xb/0x20
[   70.491038][ T4599]  should_fail_usercopy+0x1a/0x20
[   70.491060][ T4599]  _copy_from_user+0x1c/0xb0
[   70.491094][ T4599]  do_sys_poll+0x149/0xbd0
[   70.491129][ T4599]  ? selinux_file_open+0x2df/0x330
[   70.491257][ T4599]  __se_sys_poll+0xdd/0x200
[   70.491280][ T4599]  __x64_sys_poll+0x43/0x50
[   70.491309][ T4599]  x64_sys_call+0x27d2/0x2ff0
[   70.491334][ T4599]  do_syscall_64+0xd2/0x200
[   70.491381][ T4599]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   70.491407][ T4599]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   70.491439][ T4599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.491465][ T4599] RIP: 0033:0x7fe643a1ebe9
[   70.491482][ T4599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.491553][ T4599] RSP: 002b:00007fe64247f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[   70.491575][ T4599] RAX: ffffffffffffffda RBX: 00007fe643c55fa0 RCX: 00007fe643a1ebe9
[   70.491590][ T4599] RDX: 0000000000000009 RSI: 20000000000000b5 RDI: 0000200000000000
[   70.491604][ T4599] RBP: 00007fe64247f090 R08: 0000000000000000 R09: 0000000000000000
[   70.491618][ T4599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.491632][ T4599] R13: 00007fe643c56038 R14: 00007fe643c55fa0 R15: 00007fff7cfb9608
[   70.491720][ T4599]  </TASK>
[   70.699192][ T2994]  loop0: p1 p3 < >
[   70.716797][ T4605] pim6reg: entered allmulticast mode
[   70.726622][ T4605] pim6reg: left allmulticast mode
[   70.752942][ T2994]  loop0: p1 p3 < >
[   70.852678][ T4617] loop1: detected capacity change from 0 to 1024
[   70.888868][ T4623] loop3: detected capacity change from 0 to 1024
[   70.891094][ T4622] 9pnet_fd: Insufficient options for proto=fd
[   70.927024][ T4617] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.947108][ T4623] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   70.955098][ T4625] netlink: 32 bytes leftover after parsing attributes in process `+}[@'.
[   70.977575][ T4617] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.988310][ T4623] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.999771][ T4621] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: comm syz.3.286: lblock 0 mapped to illegal pblock 0 (length 1)
[   71.016029][ T4634] loop2: detected capacity change from 0 to 256
[   71.023975][ T4621] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[   71.036385][ T4621] EXT4-fs (loop3): This should not happen!! Data will be lost
[   71.036385][ T4621] 
[   71.053295][ T4635] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: comm syz.3.286: lblock 0 mapped to illegal pblock 0 (length 1)
[   71.070951][ T4617] usb usb1: check_ctrlrecip: process 4617 (+}[@) requesting ep 01 but needs 81
[   71.083765][ T4635] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 3: comm syz.3.286: lblock 3 mapped to illegal pblock 3 (length 3)
[   71.086143][ T4617] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   71.108668][ T4642] FAULT_INJECTION: forcing a failure.
[   71.108668][ T4642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   71.111381][ T4641] netlink: 4 bytes leftover after parsing attributes in process `syz.2.290'.
[   71.121947][ T4642] CPU: 1 UID: 0 PID: 4642 Comm: syz.5.291 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   71.121985][ T4642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   71.122002][ T4642] Call Trace:
[   71.122011][ T4642]  <TASK>
[   71.122022][ T4642]  __dump_stack+0x1d/0x30
[   71.122070][ T4642]  dump_stack_lvl+0xe8/0x140
[   71.122097][ T4642]  dump_stack+0x15/0x1b
[   71.122192][ T4642]  should_fail_ex+0x265/0x280
[   71.122323][ T4642]  should_fail+0xb/0x20
[   71.122348][ T4642]  should_fail_usercopy+0x1a/0x20
[   71.122388][ T4642]  strncpy_from_user+0x25/0x230
[   71.122429][ T4642]  ? __kmalloc_cache_noprof+0x189/0x320
[   71.122488][ T4642]  __se_sys_memfd_create+0x1ff/0x590
[   71.122515][ T4642]  __x64_sys_memfd_create+0x31/0x40
[   71.122538][ T4642]  x64_sys_call+0x2abe/0x2ff0
[   71.122590][ T4642]  do_syscall_64+0xd2/0x200
[   71.122639][ T4642]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   71.122721][ T4642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.122770][ T4642] RIP: 0033:0x7f58db36ebe9
[   71.122843][ T4642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.122867][ T4642] RSP: 002b:00007f58d9dade18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   71.122893][ T4642] RAX: ffffffffffffffda RBX: 0000000000000497 RCX: 00007f58db36ebe9
[   71.122910][ T4642] RDX: 00007f58d9dadef0 RSI: 0000000000000000 RDI: 00007f58db3f27e8
[   71.123001][ T4642] RBP: 0000200000001540 R08: 00007f58d9dadbb7 R09: 00007f58d9dade40
[   71.123017][ T4642] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080
[   71.123034][ T4642] R13: 00007f58d9dadef0 R14: 00007f58d9dadeb0 R15: 00002000000000c0
[   71.123061][ T4642]  </TASK>
[   71.123557][ T4635] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[   71.314787][ T4635] EXT4-fs (loop3): This should not happen!! Data will be lost
[   71.314787][ T4635] 
[   71.327807][ T2994]  loop0: p1 p3 < >
[   71.342430][ T2994]  loop0: p1 p3 < >
[   71.364548][   T31] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 8: comm kworker/u8:1: lblock 8 mapped to illegal pblock 8 (length 8)
[   71.385799][   T31] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[   71.398222][   T31] EXT4-fs (loop3): This should not happen!! Data will be lost
[   71.398222][   T31] 
[   71.423828][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.433420][ T4651] netlink: 'syz.0.296': attribute type 1 has an invalid length.
[   71.450068][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   71.574396][ T4659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   71.584027][ T4651] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.598715][ T4659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   71.632588][ T4657] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   71.737479][ T4670] loop1: detected capacity change from 0 to 256
[   71.751359][ T4670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.303'.
[   71.894915][ T4651] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.977833][ T4676] loop5: detected capacity change from 0 to 2048
[   72.017891][ T4676]  loop5: p1 < > p4
[   72.022514][ T4676] loop5: p4 size 8388608 extends beyond EOD, truncated
[   72.098180][ T4651] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.135888][ T4682] loop5: detected capacity change from 0 to 1024
[   72.159714][ T4682] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.175864][ T4682] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   72.192208][ T4682] usb usb1: check_ctrlrecip: process 4682 (+}[@) requesting ep 01 but needs 81
[   72.227256][ T4682] vhci_hcd: default hub control req: 020f v0004 i0001 l0
[   72.249829][ T4693] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: block 1: comm syz.5.307: lblock 1 mapped to illegal pblock 1 (length 15)
[   72.318013][ T4651] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.335945][ T4693] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117
[   72.348590][ T4693] EXT4-fs (loop5): This should not happen!! Data will be lost
[   72.348590][ T4693] 
[   72.409866][ T4667] lo speed is unknown, defaulting to 1000
[   72.484781][ T3656] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.655355][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.717075][ T4711] loop5: detected capacity change from 0 to 512
[   72.729909][ T4711] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.316: bg 0: block 393: padding at end of block bitmap is not set
[   72.744803][ T4711] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   72.758963][ T4711] EXT4-fs (loop5): 2 truncates cleaned up
[   72.765399][ T4711] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.804755][ T3656] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.815346][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.823740][   T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.851777][   T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.893315][ T2994]  loop0: p1 p3 < >
[   72.919204][ T4721] FAULT_INJECTION: forcing a failure.
[   72.919204][ T4721] name failslab, interval 1, probability 0, space 0, times 0
[   72.939353][ T4721] CPU: 1 UID: 0 PID: 4721 Comm: syz.5.318 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.939386][ T4721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   72.939401][ T4721] Call Trace:
[   72.939409][ T4721]  <TASK>
[   72.939419][ T4721]  __dump_stack+0x1d/0x30
[   72.939444][ T4721]  dump_stack_lvl+0xe8/0x140
[   72.939502][ T4721]  dump_stack+0x15/0x1b
[   72.939522][ T4721]  should_fail_ex+0x265/0x280
[   72.939549][ T4721]  should_failslab+0x8c/0xb0
[   72.939579][ T4721]  __kmalloc_cache_node_noprof+0x54/0x320
[   72.939615][ T4721]  ? sched_setaffinity+0x152/0x210
[   72.939665][ T4721]  sched_setaffinity+0x152/0x210
[   72.939689][ T4721]  __x64_sys_sched_setaffinity+0x5a/0xa0
[   72.939751][ T4721]  x64_sys_call+0x132b/0x2ff0
[   72.939776][ T4721]  do_syscall_64+0xd2/0x200
[   72.939810][ T4721]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   72.939842][ T4721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.939895][ T4721] RIP: 0033:0x7f58db36ebe9
[   72.939962][ T4721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.940055][ T4721] RSP: 002b:00007f58d9dcf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000cb
[   72.940077][ T4721] RAX: ffffffffffffffda RBX: 00007f58db5a5fa0 RCX: 00007f58db36ebe9
[   72.940092][ T4721] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   72.940105][ T4721] RBP: 00007f58d9dcf090 R08: 0000000000000000 R09: 0000000000000000
[   72.940119][ T4721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.940133][ T4721] R13: 00007f58db5a6038 R14: 00007f58db5a5fa0 R15: 00007ffc891d40b8
[   72.940299][ T4721]  </TASK>
[   73.125844][ T4726] netlink: 28 bytes leftover after parsing attributes in process `syz.1.324'.
[   73.136417][ T4722] (unnamed net_device) (uninitialized): option ad_select: invalid value (34)
[   73.176295][ T2994]  loop0: p1 p3 < >
[   73.223582][ T4736] pim6reg: entered allmulticast mode
[   73.256687][ T4734] mmap: syz.2.326 (4734) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   73.280169][ T2994]  loop0: p1 p3 < >
[   73.294826][ T4736] pim6reg: left allmulticast mode
[   73.332119][ T2994]  loop0: p1 p3 < >
[   73.596924][ T4749] hub 2-0:1.0: USB hub found
[   73.601739][ T4749] hub 2-0:1.0: 8 ports detected
[   73.630555][ T4749] netlink: 'syz.0.332': attribute type 39 has an invalid length.
[   73.747278][ T4718] Set syz1 is full, maxelem 65536 reached
[   73.776531][ T4758] netlink: 60 bytes leftover after parsing attributes in process `syz.3.335'.
[   73.785576][ T4758] netlink: 60 bytes leftover after parsing attributes in process `syz.3.335'.
[   73.865126][ T4762] loop5: detected capacity change from 0 to 512
[   73.888367][ T4762] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.901079][ T4762] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   74.727766][ T4773] loop3: detected capacity change from 0 to 2048
[   74.777905][ T4773] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.876397][   T29] kauditd_printk_skb: 256 callbacks suppressed
[   74.876411][   T29] audit: type=1326 audit(1756626403.878:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   74.906311][   T29] audit: type=1326 audit(1756626403.878:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   74.929668][   T29] audit: type=1326 audit(1756626403.878:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   74.953191][   T29] audit: type=1326 audit(1756626403.878:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   74.976613][   T29] audit: type=1326 audit(1756626403.878:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   75.000068][   T29] audit: type=1326 audit(1756626403.878:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   75.023591][   T29] audit: type=1326 audit(1756626403.878:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   75.046935][   T29] audit: type=1326 audit(1756626403.878:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   75.070411][   T29] audit: type=1326 audit(1756626403.878:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   75.093770][   T29] audit: type=1326 audit(1756626403.878:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4b2bebe9 code=0x7ffc0000
[   75.133843][ T4779] EXT4-fs error (device loop3): ext4_search_dir:1474: inode #2: block 16: comm syz.3.337: bad entry in directory: directory entry overrun - offset=60, inode=15, rec_len=23312, size=2048 fake=0
[   75.155118][ T4773] EXT4-fs error (device loop3): ext4_search_dir:1474: inode #2: block 16: comm syz.3.337: bad entry in directory: directory entry overrun - offset=60, inode=15, rec_len=23312, size=2048 fake=0
[   75.241492][ T4752] Set syz1 is full, maxelem 65536 reached
[   75.464591][ T3656] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.596094][ T4798] loop5: detected capacity change from 0 to 512
[   75.727566][ T4798] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.740142][ T4798] ext4 filesystem being mounted at /48/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   75.785673][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.285652][ T4809] loop1: detected capacity change from 0 to 1024
[   76.523576][ T4809] ext3: Unknown parameter 'nouser_xattr'
[   76.580154][ T4813] loop2: detected capacity change from 0 to 512
[   76.778771][ T4815] vlan2: entered allmulticast mode
[   76.784308][ T4815] dummy0: entered allmulticast mode
[   77.385760][ T3656] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.481049][ T4826] loop5: detected capacity change from 0 to 512
[   77.492643][ T4826] EXT4-fs (loop5): external journal device major/minor numbers have changed
[   77.506734][ T4826] EXT4-fs (loop5): failed to open journal device unknown-block(128,0) -6
[   77.610388][ T4831] loop2: detected capacity change from 0 to 512
[   77.634512][ T4831] EXT4-fs: Ignoring removed nomblk_io_submit option
[   77.646180][ T4831] EXT4-fs: Ignoring removed i_version option
[   77.659564][ T4831] EXT4-fs (loop2): 1 orphan inode deleted
[   77.669671][ T4831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.717577][ T4831] netlink: 'syz.2.352': attribute type 1 has an invalid length.
[   77.764757][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.927478][ T4842] vhci_hcd: invalid port number 255
[   77.995360][ T4842] tipc: New replicast peer: 255.255.255.255
[   78.001541][ T4842] tipc: Enabled bearer <udp:syz2>, priority 10
[   78.045416][ T4842] __nla_validate_parse: 4 callbacks suppressed
[   78.045501][ T4842] netlink: 60 bytes leftover after parsing attributes in process `syz.2.356'.
[   78.069559][ T4815] syz.3.347 (4815) used greatest stack depth: 10080 bytes left
[   78.352035][ T4881] loop2: detected capacity change from 0 to 512
[   78.359317][ T4881] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   78.370244][ T4881] EXT4-fs (loop2): 1 truncate cleaned up
[   78.376448][ T4881] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.522823][ T4881] ==================================================================
[   78.531043][ T4881] BUG: KCSAN: data-race in __writeback_single_inode / xas_set_mark
[   78.538952][ T4881] 
[   78.541270][ T4881] write to 0xffff8881071836ac of 4 bytes by task 4884 on cpu 1:
[   78.548892][ T4881]  xas_set_mark+0x12b/0x140
[   78.553405][ T4881]  __folio_start_writeback+0x1dd/0x440
[   78.558927][ T4881]  ext4_bio_write_folio+0x5ad/0x9f0
[   78.564142][ T4881]  mpage_process_page_bufs+0x4a1/0x620
[   78.569613][ T4881]  mpage_prepare_extent_to_map+0x786/0xc00
[   78.575423][ T4881]  ext4_do_writepages+0xa05/0x2750
[   78.580564][ T4881]  ext4_writepages+0x176/0x300
[   78.585328][ T4881]  do_writepages+0x1c3/0x310
[   78.589929][ T4881]  file_write_and_wait_range+0x156/0x2c0
[   78.595577][ T4881]  generic_buffers_fsync_noflush+0x45/0x120
[   78.601482][ T4881]  ext4_sync_file+0x1ab/0x690
[   78.606175][ T4881]  vfs_fsync_range+0x10d/0x130
[   78.610973][ T4881]  ext4_buffered_write_iter+0x34f/0x3c0
[   78.616533][ T4881]  ext4_file_write_iter+0xdbf/0xf00
[   78.621747][ T4881]  iter_file_splice_write+0x663/0xa60
[   78.627124][ T4881]  direct_splice_actor+0x153/0x2a0
[   78.632241][ T4881]  splice_direct_to_actor+0x30f/0x680
[   78.637627][ T4881]  do_splice_direct+0xda/0x150
[   78.642391][ T4881]  do_sendfile+0x380/0x650
[   78.646817][ T4881]  __x64_sys_sendfile64+0x105/0x150
[   78.652033][ T4881]  x64_sys_call+0x2bb0/0x2ff0
[   78.656721][ T4881]  do_syscall_64+0xd2/0x200
[   78.661247][ T4881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.667238][ T4881] 
[   78.669566][ T4881] read to 0xffff8881071836ac of 4 bytes by task 4881 on cpu 0:
[   78.677103][ T4881]  __writeback_single_inode+0x1f9/0x7c0
[   78.682671][ T4881]  writeback_single_inode+0x167/0x3e0
[   78.688069][ T4881]  sync_inode_metadata+0x5b/0x90
[   78.693012][ T4881]  generic_buffers_fsync_noflush+0xd9/0x120
[   78.698913][ T4881]  ext4_sync_file+0x1ab/0x690
[   78.703595][ T4881]  vfs_fsync_range+0x10d/0x130
[   78.708359][ T4881]  ext4_buffered_write_iter+0x34f/0x3c0
[   78.713938][ T4881]  ext4_file_write_iter+0xdbf/0xf00
[   78.719162][ T4881]  iter_file_splice_write+0x663/0xa60
[   78.724530][ T4881]  direct_splice_actor+0x153/0x2a0
[   78.729643][ T4881]  splice_direct_to_actor+0x30f/0x680
[   78.735009][ T4881]  do_splice_direct+0xda/0x150
[   78.739787][ T4881]  do_sendfile+0x380/0x650
[   78.744208][ T4881]  __x64_sys_sendfile64+0x105/0x150
[   78.749423][ T4881]  x64_sys_call+0x2bb0/0x2ff0
[   78.754098][ T4881]  do_syscall_64+0xd2/0x200
[   78.758630][ T4881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.764566][ T4881] 
[   78.766887][ T4881] value changed: 0x0a000021 -> 0x04000021
[   78.772607][ T4881] 
[   78.774944][ T4881] Reported by Kernel Concurrency Sanitizer on:
[   78.781104][ T4881] CPU: 0 UID: 0 PID: 4881 Comm: syz.2.365 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.790771][ T4881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   78.800826][ T4881] ==================================================================
[   79.003944][ T3371] tipc: Node number set to 3324499855
[   79.249664][ T4884] syz.2.365 (4884) used greatest stack depth: 10032 bytes left
[   79.284916][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.754949][ T2994]  loop0: p1 p3 < >