last executing test programs:

1m4.421635014s ago: executing program 3 (id=159):
syz_emit_ethernet(0x66, &(0x7f00000004c0)={@broadcast, @dev, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x88a8}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0x1, {0x1000000}}}}}}}}, 0x0)

1m4.336338195s ago: executing program 3 (id=163):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8)
r1 = gettid()
r2 = gettid()
tkill(r1, 0x12)
tkill(r1, 0x1)
tkill(r2, 0x14)

1m4.242376947s ago: executing program 3 (id=164):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x3a00, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c00028005000100000000000800074000000000180006801400040020010000000000000000000000000001"], 0xac}, 0x1, 0x0, 0x0, 0x4000}, 0x4000894)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2000005, 0x100010, 0xffffffffffffffff, 0x8528c000)
perf_event_open(&(0x7f0000000540)={0x2, 0x80, 0x23, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1110, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={&(0x7f0000000080), 0x3}, 0x12, 0x10002, 0x0, 0x8, 0x8, 0x20005, 0x2, 0x0, 0x0, 0x0, 0x11}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f00000007c0))
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x19, 0x4, 0x8, 0x1}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000006c0)=r1}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r6, r3, 0x25, 0x2, @val=@tcx}, 0x1c)
syz_emit_ethernet(0x1a, &(0x7f0000000040)={@remote, @empty, @val={@void, {0x8100, 0x2, 0x1, 0x1}}, {@llc={0x4, {@snap={0x1, 0xab, "ce", "285b94", 0xf5}}}}}, 0x0)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
ioprio_set$pid(0x2, 0x0, 0x4007)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r8}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r7}, &(0x7f0000000040), &(0x7f0000000080)=r8}, 0x20)
ioctl$USBDEVFS_GET_CAPABILITIES(r9, 0x8004551a, &(0x7f0000000300))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)

1m3.360412964s ago: executing program 3 (id=171):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000180)='initcall_level\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000026c0)={'gre0\x00', &(0x7f0000002640)={'erspan0\x00', 0x0, 0x7800, 0x10, 0x7, 0x4, {{0x5, 0x4, 0x1, 0x0, 0x14, 0x66, 0x0, 0x9, 0x4, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xb, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$sg(0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0)
openat$rtc(0xffffffffffffff9c, 0x0, 0x143000, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="000000e54947d996774df6000300000085000000860024aebd"], &(0x7f0000000440)='GPL\x00', 0xffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r5, &(0x7f00000003c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000001080)=ANY=[@ANYBLOB="10100000530400042bbd7000fddbdf2579948dd230c119eef3139e20cbe02bea2fd5f5ee566fe7ae44809d8e87203d78401e875dd6a92368e9443a234964c53c3eb96975475a2fe153d23d7dd5fd858700e0179ec636b0c27972899832911ea00d0256b3643931fc316c6bf9d90e9ce4b66ba5cc58c75627e6156cd4ffeaa834c671289bec97fd154572fc87f8862dd8c4ff57aeb94669c5e3842352f97e0fe1fbbc9f3e0ac30b651c969339a64ec3f5c8887e6fcd65efeddbc28d9350eba76b533b020871048c5456b0c87bb2e3b3cb0e4783d7f6a9fde63e65e55747492960cafa751c68f953da743347eef808d3bae1b3c3855b956e8cff0a056b2b843577a934b79ff3b5b9b133dc1fba36a7d1d2a03b58cdfa57436904d31438927abc298572de3472d85f6c1ab842af700e8d396ac32fbc0220df1ad3ad3b0d41cb9d0f9df1d01bad2d376e024482b213dc203c93159b1cd04a1adcdb9d0cbcd6501dd4b5ac0fa8b0e9445f98be47dcbb4ab0dfcc8b78adda60d49557e8251e7c23e00e2ce9063d918bf7ba2b24df23316e98230ea7b1bc6a350e17b080aa98a0e3b311423cac53439e4a44d4127246fe85fe13eb6fce54b7c345f28b754f85f6dff5514d622269a0c7f567c009e1edb63eb6b16334ef27578108bd832686d50fceb7a68ee348b70a49b5100e26f1ea27da85b94773c40b89463778dae330895f2b6aa9ef3e7d9004a8531677c272dadd8f7f3e631f8622fcfc7acc16cd8a4993b0b7dfffe2e24d895c21ef5b4c5a649f668ee69a0fb6fb4f7050283629b8bc1b0559ebe84d6c15e5921d4f56232641f04b9c4710930c8d4999336db4ae7c03c544b045fb15b4dafc9d5b9fd586dbc599b32a9769437f3f6acad8387337df13bde735e0b5c27acf1cc20e1816f577ac3fba9b202db447dce7b4f4e0fe65482888f7aad6dc771cf9169a1662e9edfe7f95266ab3f15adb7389f360c3b75daaa4d71c260b164223328de8c0765ff66f299492c3abbcf22e7a31f6eedb7d2cdee1d85e727c228cd0dcbe54974e307fae7e5c3ca67ba5e69102fd740f99953278ea6936bb8176e7b1cece95ab540e6d1dd6d8232033326dad4bf5f4952ed80555c3c684fbd27a6628f8278951d17dde493c2c467cc52782b9d9f687435f5441a3a2adc8c658e0102c1ff5a34bc55c7e17b0c5eebf3b9facd3c7aa541e1d595b8e51c625c3457bc733ff42034a674ad469b3aa9716508053e2ae323f076072e9be6d3f56ddb0094878f218c936f3f1b6e74f214a219fa4e57e7ceffcdce2c65102b878ddca3912fed0f4091f23f62481185b04a8343eeb7894ec443177f2fff6aad4d0b3fa206000028c5dce53f982ff3a66ef88fcf2978feffe92627e175f8414ec4c74a1f095c230c00628b019ff5c50104f70828024d4483b11cd6b47cfda184f620f4de9b8523ad4a047b9e4ab07787670674aa7f1443b6892138736ca5ef314b5cd746d9554d74e13ea5c5638baf20c017d355f07698d7f792f47d4f703b4580be4ec0ba9703ac423ac985186462bca7c33820dcca51bb5652d1b26a98c0777db3098ae791c3cd86ffd6a95e0cc366be04564266502ea30fcbdcf6034d41dfc636277163362a16c0b542f63accd4d5dd4ce3c78bfc043c86268f26d1ca97303547a360aed10fa630e0c4b3305ec93f2041424dbcd1e8c198d3d8cd8a5a185dea0b5ed2f53a052918a9fd04c78dabc4487fa4b6464e0406c563506c7316212f74e2468b1b4115e0cc0a17a940cd63154a6e895cfa5dc9f1874fa08af7f4885d807fa475ef841ce5ed5282f5535cd5aad75cdc33f4394c5c3c8010b704156ac5093967261ea1477c951538ae72d398787a679783160c3cf084401c6d983179bcb6b73fa58ebd7454cd3107e7754a6821095b26092f13a73373932462d83ff30940138b5f8f47e74e94a11812a94c762e09afc63cb1c276832cd052c439a368ffcf0dc18df8c8dfa11b94d8e4d3f7d104942df289e99ed3c97f34eb484a4506ffb269a271c88ecdf386bae2e4eeb345a38f213b5d5b6c0d8a5b72d2aa58e933e5918c85a9fa3001ece1cd8a4d6ac0e543075b7056e83364f85d192ff43353648fc9a64aa54acdcd258368c29f77e18b133426fc40d97328e4d099d8341e60f8faa317121a7cd75d0a93798f12d3197a389813b3932d68c2e12904c1b2f4ce0a12a6170ee2340462022921bfa8e6f7cbc9bd88f890af0d9130a2bd06be96c4225d4fc486a0df49084d630f51bc535d327eb3bedf41e2d3312571a3f584d526cf5e51fe29b18e42b0f147ff217f235fc76a1fc4ce0a63d30e706fcd2484b8988db18ad0f69f81ff4757b1d295b65fd8d42917a263b1f481a0d744100228650f3d61c2e2fead10fd3b25f448b9f3acad01aec2ea8a8f3c2a3a2456587d4d7dbf3ac36688bc22ef2f29847a321c30a71c5ff1e9f7deebfa28d301a8cec39d8abca0ab792eccd39d124a25ad900f5ac1083941ccad6dc6a15f0a535c129f945a1f11b06ae7879b11e91969c5a54d0892e7a0294bf554cefc6598e5ee6c47096cfb676443f6f6b8dd2291eb8b26099930a08242925acd4520380b2775898e32bf182740abf41413d1c4fe6d3aba66578c09d96ccbc92170fea93a8f8d139a59b0dbaac2fe6824cec5ffb92e87f4a958e1aac1a6ab2e322dfada9efd7158b635848e14c09376fadcabbb4fa385a86b97585110f81912641cabceffdb97de302de7c9958ae05747f26f78e67e185bf78762cd3046bce8ec2dc0b820beb928ab9233afb651c25e3a19d71368ced56e7b1689e3dd34732cc56df555a25654dd0655d4001c1f0fab75c7b4d9c9fea681a397856bc134d97bb8b67270dbc96a88d849afc807ebab7f1f36556f52810e3ef77e57afb2a0d1a644e3072f6374dca85fa5f1d6cd31b5c19f5f0f0e428ab368a9b1da524e7ebfb45ddefc321aeef4bb2a3cfca5204be8ed001812fd6d9e903818f6144a3b6b67a844ed870aa9cef702ee84c885048c73dde3ae584bb3de091c267d633b1442d6a1fb523798d0d22349a79e16fbcd77bdaa0076225cecc81f3101ad3d5057c2499c1799ea4cebe2609c57025b7aae50ccafb34355a40c52eaf99a938b2a385949cf993ac5a09e58121de0dcae322b8244e6aa7a6081b968adda97cee1fb09c6168068adfcd593d89bf9e333bf07a5681569cc575d3cbd5428ea93563eb83923c1636d7a5965b11e0eb8aa18a6c2cd8427d818c9a3bd96c002248c84f6a176cad635fe5b508f83b8e97b8c753d926319398dd9240220b3dda6f8d8f6b241c8b73994bd9977d21ffb5976f6346e7afdc79d8c97eae13667c88ef415eb4525e6fce956a3a1771d40b9a12fdc730535fa9642ff4366c6a0646f64440b816c68ae4071d8ace003f131923a40259368da9f5839cd6ac884c9746c083ce2e83ea93e5fd28aef30be3d8452419d73b0b5549103c66dbff95ed8ba26acc6e3e30c34e76a29ee10b1ec9033996675434b7f35ed36b17e9e6f3a8edf165cbb76c2877fd8c6b0770495550f7f3ab154002c4cf6bbad4d015d04693c89297107914b84c00fbe7a797668265d18553259188b2fc433297b0955cce33fd3c96a06301ce5d7098a6d03f5e981cffc4fe8adb6b034acf33919105fd57eb94e6927549216690ad6d645feebde89b47718baad4ebd06de60d852be0c627341c0b67cfd1e8ba02fbfd73346330a5bccffd241674db5a34d11926c088cf910c99e4ee8a8ae3422c7d6dc4c87d24a862a154117b3ea0d5829aa64021137abee468be50ae3f1ffe5a7495f0c87ac570aafb869272279df8d6ef5273cd292f22e1bcc249a6a93880ae0b008ac1b4b36f3f897a1299b4bac6810b16b380d8c78fd906e4cb59cf2b6768388c3e8acd0c6080b51026004599dce44f79660c0ed26f231c79e7bb4e5bbec6cf37c5bf49b4751452ee9b5d809fcc62310dc6e3dbcdc1c32aff34eccfc93a5682d8ce914342b7d8197f5e74ad2ee5f01695e61178e566b3b2d1a1a807ca8bb3e6309b971ce4cbb0291ea531a88411e0e62fc400256491b4708a0034e037d654ff2224bc039b5d8345fdf6f2715b55e7da3d7af5c1fd6c7e28d01f6ddec34672a07f7c86a53ed88a48287ca652ddbd685e1106a15bbe47b3a07cc39e0baac4f20d0d3f8cfaabf7dfe41d56c0128507ae36ee6dba4729d9d7268376d3d0dbefe35745bde8de0841a1f6ec56d4466dd98ce058702f7ff7211e768680be5351cb81506513343d4ed907a3f32a88cdb306b8115ebb2914375558f7c77593f52ec88370c94ca215ff19b648694193bef73b6821da89f62f94dfa101b7bcbb0a9bb1621ad8d3aba8effa96c5fcc066892186bd9929edefb77736eaa4ca7f4b15e1d5a5e37c829d575bcd365ea65ee7e1aacb99f66eba00b16862789342c02e1f4561d012dcced65b66a7c96239c4af91bc92341a8697d3b919d2cf5bc0dc9d5af43fb9c67f810eba53591ab342275bfad8e10d15a532108183fc296d70da9dc5c7b86e6ad6c271f55f44598f242c279889dc17abff9338355222df14eb4ced27a9cc8703acaa23d1ebede5a9d44b9aebae2b0fc1706c7e70ae994e3adbdbe05f2aaf060a4d1c39ada39f84c0cb97fcfdf3264d1bf7a63447b70dbd6f6144d8c7edb2602da64f84a3daa7ff547e59e8bb92279e72c23d1acc4522fb720ab2e73df677e97421654aabe2041f2b7bca566fc461326e308c54846f7ed39da9c81a36b489eef5256778bcc4d8b7a0b5f17f90aebdb9f55ce38eab2acaf052d78d1a17f58296e687c2504a65de77ca81de1eafbe11c3011fa2b2b228286af4616eb07f5bf7e8b7f2552917fcd0aae9db1e514a88d92fd05b6692869fba0dcd84e4cf62c56395f44641ca2c664eac528b160b4649d99954999ac3965af0f8ca19246007d05f3017cd234f3cd0b0a52511e23f5e83feb36240279fe4cf576b0e79f3b878aff59db040edf223ae862496625781333ce718641b54be946cea53253d8f3608a7b8185b2836322ff2afeda28db804ea4df460971b1409cccdb37e26d7f52cb896827fe430ab1b230de619e7c8dff95517835742e451e441cd017ba5ab3a1da73b46b2988164caa35d7722c7c73195cd3c6d9a4db14f7caf121cd07f1649e6ae59322d8342fff98ec5e01359946b4c12525ea3706f7ef1e42907df2e873ce8ba60212c9cd5cb4aa1acbfed67b4c8f7d205189011a5e20da14de6757568263432202dbcac52f8bdee53d618b32b6bc57a2e5e5a04ae47f2338edee2ef13b93551a71aec762370f52a3e2352328ec9b61c990579b7aea0dd680ea00b6501af3c339e3dc433e44fe1f33ee90aae35d5ee915abd0b42e3516f7620d8f39470001d49ebab51ee268d491dd9c67a78516427bfe4be6318ee616b8551d2c4d9ee7ae0adb7d5f70d423fe5f4b9b25c527171e1dbe3a643ef50ae1cc9bc5b21f4c2a93e23051d8da55e1dff88e151c2463da83811ce8861a93fb6ac82b01be6830ba0f9837f9d9a419c35f2565711704fd9fe0478d6f8a4f0c05ccb3fb0c1521d0c7ca8428a3cd2c5d6b929d4e948325bf8deacad1b93905c292950ba20805c962fcefeab5bf40db6791d9fd17905862a66e8b7e2f0da231990e1a4e7b84429ef414683bbfcc445e2c7fe92581105a963cd3269f4626b1c0c18d6221e52a818b3a03f48121482bc6c0dd7b7d939b889e78352fac40dce0d1f9a77d681ad4bb78f920537b3f5f0b15184ad7dd5c5cd2b7eaa7c4766238500eb88e923a40ed190939db26bf81f15d6313b3e9d3c36f6"], 0x1010}, 0x1, 0x0, 0x0, 0x30000040}, 0x4000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kfree\x00', r4}, 0x18)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0x2, 0x4ee, &(0x7f0000000880)="$eJzs3cFuG1sZAOB/Jja3SXNxLrC4XInbihYlFdRJGtpGLApICFaVgLIvIXGjKE5cJU7bRBWk4gGQEAIkNrBig8QDIKE+AkKqBHsECFRBCwsWhUG2xyFN7SSljg3x90mnc8547P/8tXw8Z2biCWBonY+IqYjIsiy7FBGlfH2al9htlcZ2z589XGyUJLLs1l+SSPJ17dd6K1+ezZ92JiK++qWIbySvxt3c3lldqFYrG3l7ur6WvMiyncsrawvLleXK+tzc7LX56/NX52d6kudERNz4wh+//52ffvHGLz91/3e3/zz1zVaCLfvz6KVW6sXm/0VbISI2TiLYgBSaGbZcHXBfAAA4XGN//0MR8fGIuBSlGGnuzQEAAACnSfbZ8XiRtM7/AQAAAKdTGhHjkaTl/Hrf8UjTcrl1De9HYiyt1jbrn8xKe8cLJqKY3lmpVmbyawcmopg02rP5Nbbt9pUD7bmIeCcivlcabbbLi7Xq0kCPfAAAAMDwOHtg/v/3Umv+DwAAAJwyE4PuAAAAAHDizP8BAADg9DP/BwAAgFPtyzdvNkrWvv/10r3trdXavctLlc3V8trWYnmxtnG3vFyrLTd/s2/tqNer1mp3Px3rWw+m65XN+vTm9s7ttdrWev32yku3wAYAAAD66J1zj3+bRMTuZ0bTiMiSfY8VI7KR/RsX+t8/4OSkr7PxH06uH0D/jQy6A8DA2KWH4VUcdAeAgTtqHOh68c6vet8XAADgZEx+dO/8f7MAw+Px0+YiSQbdEaDvnP+H4eX8Hwyv4mF7ACYFcOqlh3zU238Q9Obn/7Ps9XsGAAD00nizJGk5nweMR5qWyxFvN28LUEzurFQrMxHxwYj4Tan4VqM923xm4vAAAAAAAAAAAAAAAAAAAAAAAAAAABxTliWRdTG6tw0AAADw/ywi/VOS3/9rsnRx/ODxgQ8k/yg1lxFx/0e3fvBgoV7fmG2s/+ve+voP8/VX+n30AgAAAOikPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJeeP3u42C79jPv08xEx0Sl+Ic40l2eiGBFjf0uisO95SUSM9CD+7lhEvNspftLoVkzkvTgYP42I0V7Ef/Tfxz/bg/gwzB43xp/Pdfr8pXG+uez8+Svk5U11H//SvfFvpMv493anF0xfXfXek59Pd43/KOK9Qufxpx0/6RL/wjFz/PrXdna6PZb9JGKy4/dP8lKs6aRwd3pze+fyytrCcmW5sj43N3tt/vr81fmZ6Tsr1Ur+b8cY3/3YL/51WP5jXeJPHJH/xWPm/88nD559uFUtHnioGD/OsqkLnd//d7vEb3/3fSJ/uxvtyXZ9t1Xf7/2f/fr9c4fkv9Ql/6Pe/6lj5n/pK9/+/TE3BQD6YHN7Z3WhWq1sqKicWGU0+hh0IQ7bpr0T24f+fCsP9T/xFrx2ZYCDEgAAcCL+s9M/6J4AAAAAAAAAAAAAAAAAAADA8DrqZ8CiBz8ndjDm7mBSBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA41L8DAAD//y7szXE=")
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r6}, 0x10)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_MIGRATE(r7, 0x6609)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r8=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000100)={0x7, 0xb6, 0xfa00, {r8, 0x4734}}, 0x10)
close_range(r2, r2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r9 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
r10 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r10, 0x0)
write$selinux_load(r9, &(0x7f0000000000)=ANY=[], 0x44f0)
syz_emit_ethernet(0x2a4, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a6026e0000fc020000000000000000000000000000fe8000000000000000000000000000aa2234"], 0x0)

1m3.09115953s ago: executing program 3 (id=174):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
sigaltstack(&(0x7f0000000080)={&(0x7f0000000280)=""/153, 0x80000000, 0x99}, &(0x7f0000000340)={&(0x7f0000000480)=""/251, 0x0, 0xfb})

1m2.927209443s ago: executing program 3 (id=177):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[@ANYBLOB="14a379", @ANYRES16=r1, @ANYBLOB="010025bd7000fcdbdf254a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030003000800"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=@newtaction={0x61, 0x32, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x8084)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r4, 0x0, 0x100000000}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='cpuacct.usage_all\x00', 0x275a, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000700fc000000080011000700000008000e00800000000800", @ANYRES16=r5], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1m2.838777585s ago: executing program 32 (id=177):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[@ANYBLOB="14a379", @ANYRES16=r1, @ANYBLOB="010025bd7000fcdbdf254a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030003000800"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001500)=@newtaction={0x61, 0x32, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x8084)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r4, 0x0, 0x100000000}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='cpuacct.usage_all\x00', 0x275a, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000700fc000000080011000700000008000e00800000000800", @ANYRES16=r5], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

3.211774467s ago: executing program 2 (id=680):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
r2 = syz_open_dev$loop(&(0x7f00000004c0), 0x138d7c5, 0x1)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000540)={'\x00', 0x0, 0x10001, 0x115ce0, 0xee, 0x2, 0xffffffffffffffff})

2.638286538s ago: executing program 2 (id=682):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2000000a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
futex_waitv(&(0x7f0000001b40), 0x0, 0x0, &(0x7f00000012c0), 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getgroups(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
inotify_init1(0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x550, &(0x7f0000001780)="$eJzs3c9vHFcdAPDvTHYTJ3G6LnCASi2FFiUVZDeuaWtxKEVCcKqEKJyDsTeWlbU3yq7b2KrA+QuQEAIkTnDhgsQfgFRF4sKxQqoEZ5CKQIimIMEBOmh3Z9dhM2uvy/pH1p+PNJ733uzM971dz483M5oJ4NR6OiJeiYgPsix7LiIqeXmaD7HTGzqfe//+m8udIYkse+1vSSR52fAyL+azzUTE178a8e3k4bitre2bS41GqZ+vtddv1Vpb21fX1pdW66v1jYWF+RcXX1p8YfFaxFv/fzsvRcTLX/7TD7/386+8/Nbn3vjj9b9c+U6nWrP59KJ2jKm018Re08vnZoZmuP0hg51EnfaU+5nz481z9xDrAwDAaJ1j/I9ExKcj4rmoxJm9D2cBAACAR1D2xdn4dxKRFTs7ohwAAAB4hKTde2CTtJrfCzAbaVqt9u7h/VhcSBvNVvuzN5qbGyu9e2XnopzeWGvUr+X3Cs9FOenk57vp3fzzQ/mFiHg8In5QOd/NV5ebjZXjPvkBAAAAp8TFof7/Pyq9/j8AAAAwZeb2nlw5qnoAAAAAh2ef/j8AAAAwBfT/AQAAYKp97dVXO0PWf//1yutbmzebr19dqbduVtc3l6vLzdu3qqvN5mr3mX3r+y2v0Wze+nxsbN6pteutdq21tX19vbm50b6+FjNH0iAAAADgIY9/8t7vk4jY+cL57tBx9rgrBRyJ0iCV5OOCtf8Pj/XG7x5RpYAjcWbklHSQevdc8SccJ8CjrTRcMGJdB6ZP+bgrABy7ZJ/pQzfvXBik3s7Hn5p8nQAAgMm6/Ini6/+jrwv07aRHUD3gEFmJ4fQa2s9n3vUDp0f3+v+4N/I4WICpUh6jpw9MtwNe/9/19rgRsuxAFQIAACZutjskaTU/vTcbaVqtRlzqvhagnNxYa9SvRcRjEfG7SvlcJz/fnTPZt88AAAAAAAAAAAAAAAAAAAAAAAAAAPRkWRIZAAAAMNUi0j8nv+49y/9y5dnZ4fMDZ5N/dV8JfDYi3vjJaz+6s9Ru357vlL83KG//OC9//jjOYAAAAADD+v307vifx10bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbN+/ffXO4PY3z8/KTi/vVLETFXFL8UM93xTJQj4sLfkyg9MF8SEWcmEH/nbkR8vCh+0qnWIGRR/El8CfvEj7n8WyiKf3EC8eE0u9fZ/rxStP6l8XR3XLz+lSL+J/9hjd7+xWD7d2bE+n9pzBhPvPPL2sj4dyOeKBVvf/rxkxHxnxkz/re+sb09alr204jL/f1Pd4s3iDDzYKxae/1WrbW1fXVtfWm1vlrfWFiYf3HxpcUXFq/Vbqw16vnfwhjff/JXH+zV/guF+78kr83o9j9bsLyifdJ/3rlz/6P9zM7D8a88UxD/Nz/LP5HHT3bnSfM4n8nTSSSD8mSn930+6Klf/Papvdq/stv+8kF+/yujFjrsoRXlyXH/dQCAQ9Da2r651GjUb09totNLPwHVOPREVun9oielPkOJb753Av/ZvjvRBWZZlnV+gYJJ9yJinOUkMeGWpsX12U2M/FGOecMEAABM3O5B/2SupwMAAAAAAAAAAAAAAAAAAAAHdxRPWRuOufsI5GQSj9AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJiI/wYAAP//in3QFg==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

2.073239479s ago: executing program 2 (id=689):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x11f3, &(0x7f0000003f80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000240), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfff1}, {}, {0x7}}}, 0x24}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000580)=""/4077, 0xfed}], 0x1, 0x3ab3, 0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x10c000)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x10007ffffffff}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
close(r4)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x511, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000180)=@req3={0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x861}, 0x1c)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

1.863608533s ago: executing program 2 (id=692):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000200"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000040)=0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='syscall\x00')
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r3, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="5ff2565a038aa531f7628d1d6a41b3da6264a52db340880bed717aec2d5da1fa", @ANYRES16=r4, @ANYBLOB="200028bd7000fcdbdf250100000008000400ffffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x56}, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0}, 0x94)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
r8 = open(&(0x7f0000000180)='./bus\x00', 0x1c3bc2, 0x1c0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f00000008c0)={<r9=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000100)={r9, 0x1, r8, 0x7, 0x80000})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000001850000000000020000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x9a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)

1.824215954s ago: executing program 5 (id=694):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000000000079109a00000000000500000000000000950000000000000017ced8e3c51a5936ae56ee3c08bf8b01ebeeafdc554d6a2d3ff5fedbf6958e573ec7f2fb55494d4cad8c7c3c3df190e69bbdb563844c388b666b46547591abb51c6211c7d8f6eb770689287425c7c4ae983b3a73323d14187cf83df159ed7024f2e28797a7fdc8f9267635cd442342cfe7da45ef539676"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xf7}, 0x18)
ioctl$AUTOFS_IOC_SETTIMEOUT(r2, 0x80049367, &(0x7f0000000140)=0x6)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x9)
r3 = syz_open_procfs(0x0, &(0x7f0000003700)='gid_map\x00')
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r5, &(0x7f00000008c0)="3bf58d7d45d32cfe1da7c797b82fee444b", 0x11)
sendfile(r5, r4, 0x0, 0x7fffeffd)
read(r3, &(0x7f0000003780)=""/159, 0x9f)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYRES16=r2], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@mcast2, 0x0, 0x8, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}}, [@tmpl={0x44, 0x5, [{{@in=@private=0xa010101, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
r8 = gettid()
ioctl$sock_SIOCSPGRP(r7, 0x8902, &(0x7f0000000240)=r8)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc020000000000000000000000000001fe80000000000000000000000000003a00000000000000000a0000a02e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011000a010101000000000000000000f700007f000001000400000000000000000000fc020000000000000000000000000001000000000000000000000000000000013c04"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1.301104434s ago: executing program 1 (id=700):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2000000a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
futex_waitv(&(0x7f0000001b40)=[{0xb, 0x0}], 0x1, 0x0, 0x0, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getgroups(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
inotify_init1(0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x550, &(0x7f0000001780)="$eJzs3c9vHFcdAPDvTHYTJ3G6LnCASi2FFiUVZDeuaWtxKEVCcKqEKJyDsTeWlbU3yq7b2KrA+QuQEAIkTnDhgsQfgFRF4sKxQqoEZ5CKQIimIMEBOmh3Z9dhM2uvy/pH1p+PNJ733uzM971dz483M5oJ4NR6OiJeiYgPsix7LiIqeXmaD7HTGzqfe//+m8udIYkse+1vSSR52fAyL+azzUTE178a8e3k4bitre2bS41GqZ+vtddv1Vpb21fX1pdW66v1jYWF+RcXX1p8YfFaxFv/fzsvRcTLX/7TD7/386+8/Nbn3vjj9b9c+U6nWrP59KJ2jKm018Re08vnZoZmuP0hg51EnfaU+5nz481z9xDrAwDAaJ1j/I9ExKcj4rmoxJm9D2cBAACAR1D2xdn4dxKRFTs7ohwAAAB4hKTde2CTtJrfCzAbaVqt9u7h/VhcSBvNVvuzN5qbGyu9e2XnopzeWGvUr+X3Cs9FOenk57vp3fzzQ/mFiHg8In5QOd/NV5ebjZXjPvkBAAAAp8TFof7/Pyq9/j8AAAAwZeb2nlw5qnoAAAAAh2ef/j8AAAAwBfT/AQAAYKp97dVXO0PWf//1yutbmzebr19dqbduVtc3l6vLzdu3qqvN5mr3mX3r+y2v0Wze+nxsbN6pteutdq21tX19vbm50b6+FjNH0iAAAADgIY9/8t7vk4jY+cL57tBx9rgrBRyJ0iCV5OOCtf8Pj/XG7x5RpYAjcWbklHSQevdc8SccJ8CjrTRcMGJdB6ZP+bgrABy7ZJ/pQzfvXBik3s7Hn5p8nQAAgMm6/Ini6/+jrwv07aRHUD3gEFmJ4fQa2s9n3vUDp0f3+v+4N/I4WICpUh6jpw9MtwNe/9/19rgRsuxAFQIAACZutjskaTU/vTcbaVqtRlzqvhagnNxYa9SvRcRjEfG7SvlcJz/fnTPZt88AAAAAAAAAAAAAAAAAAAAAAAAAAPRkWRIZAAAAMNUi0j8nv+49y/9y5dnZ4fMDZ5N/dV8JfDYi3vjJaz+6s9Ru357vlL83KG//OC9//jjOYAAAAADD+v307vifx10bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbN+/ffXO4PY3z8/KTi/vVLETFXFL8UM93xTJQj4sLfkyg9MF8SEWcmEH/nbkR8vCh+0qnWIGRR/El8CfvEj7n8WyiKf3EC8eE0u9fZ/rxStP6l8XR3XLz+lSL+J/9hjd7+xWD7d2bE+n9pzBhPvPPL2sj4dyOeKBVvf/rxkxHxnxkz/re+sb09alr204jL/f1Pd4s3iDDzYKxae/1WrbW1fXVtfWm1vlrfWFiYf3HxpcUXFq/Vbqw16vnfwhjff/JXH+zV/guF+78kr83o9j9bsLyifdJ/3rlz/6P9zM7D8a88UxD/Nz/LP5HHT3bnSfM4n8nTSSSD8mSn930+6Klf/Papvdq/stv+8kF+/yujFjrsoRXlyXH/dQCAQ9Da2r651GjUb09totNLPwHVOPREVun9oielPkOJb753Av/ZvjvRBWZZlnV+gYJJ9yJinOUkMeGWpsX12U2M/FGOecMEAABM3O5B/2SupwMAAAAAAAAAAAAAAAAAAAAHdxRPWRuOufsI5GQSj9AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJiI/wYAAP//in3QFg==")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

1.066654309s ago: executing program 1 (id=702):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000140), 0x12)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x8, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x8, 0x6}, 0x723, 0x9, 0x0, 0x1, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x8000000000000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x300060c1)

1.01289427s ago: executing program 1 (id=703):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x11f3, &(0x7f0000003f80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000240), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfff1}, {}, {0x7}}}, 0x24}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000580)=""/4077, 0xfed}], 0x1, 0x3ab3, 0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x10c000)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x10007ffffffff}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
close(r4)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000180)=@req3={0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x861}, 0x1c)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

971.702461ms ago: executing program 5 (id=704):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8)
r1 = gettid()
r2 = gettid()
tkill(r1, 0x12)
tkill(r1, 0x1)
tkill(r2, 0x14)

869.145183ms ago: executing program 1 (id=705):
r0 = socket(0x23, 0x80805, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r2, 0x0, 0x5}, 0x18)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40))
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000000)=0x2119f99bdfd25972)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000040)=0x50)

818.966094ms ago: executing program 2 (id=707):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001"], 0xd4}}, 0x4000010)
r3 = socket(0x10, 0x803, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_DISALLOCATE(r4, 0x5608)
r5 = dup(r4)
ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f00000007c0)={0x2, {0x2, 0x101, 0x0, 0x8101}})
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x3605, 0x80, 0xfffffffc, 0x2ac, 0x0, r5})
ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x4)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x44, &(0x7f0000000640), 0x4)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r9}, 0x10)
setsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000240), 0x4)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = dup(r10)
connect$inet6(r11, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c)
setsockopt$IPT_SO_SET_REPLACE(r11, 0x4000000000000, 0x4, 0x0, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r6, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r7], 0x3c}}, 0x0)

818.374274ms ago: executing program 5 (id=708):
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000200)={'fscrypt:', @desc2}, &(0x7f0000000300)={0x0, "1e4e1557a609bff6a596dea0fb0503f22231b15d27fce60137b6c6cbf512f89b435f5dd9b4ae337bbf37b108c1ec26276567359e079abe967f5d8aad34301a48", 0x13}, 0x48, 0xfffffffffffffffc)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = syz_io_uring_setup(0x49d, &(0x7f0000000400)={0x0, 0xe7a9, 0x1, 0x3ffe, 0x1b7, 0x0, r0}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r1, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36e, &(0x7f00000007c0)="$eJzs3U1oM0UYwPEnaZImeXmbHERRkA6+CHpZ2uhZDNKCELC0jdgKwrbdaMialGyoRsS2J4+Kd0+Ch9KbBQ8F7VnoxZteRPDWi6BgBXVlv5LNV9PGpMH2/4OSycw8uzPZSXk27WYv3vj03UrJ0kp6Q6JJJRERkUuRrEQlEPEfo245IfLJd622A3n+wW8/PL22UUx6FWo5v/5CTik1N//Nex+m/G6ns3Kefevi19wv54+fP3nxz/o7ZUuVLVWtNZSutmo/NfQt01A7ZauiKbViGrplqHLVMupe+1f+dsza7m5T6dWdh+ndumFZSq82VcVoqkZNNepNpb+tl6tK0zT1MC0Ypni0uqrnRwzeHvNgMCH1el6fEZFUT0vxaCoDAgAAU9Wd/0edlH5Y/h/Syv83Za5QWFpVTud2/n/8zFnjwesnc37+f5rol/+/+KO3rY783zmdaOf/Ne/8oDQ8//9cbpD/92ZE98vI+X92AoPBaOYTPVWRjmdO/p/237+uwzePF9wC+T8AAAAAAAAAAAAAAAAAAAAAAP8Hl7adsW07EzwGP+1LCPznuJMGHf9ZEUk6R9/m+N9laxubknQv3HOOsfnxXnGv6D36Hc5ExBTjb7ubszaCK4+UIyvfmvt+/P5eccZtyZek7MTLomQk666nULxtL79aWFpUHj++dZlSOhyfk4w8Fo7/2l2dTnyuM97ff0KeexSK1yQj329LTUzZcSPb+/9oUalXXit0xafcfiLy860fFAAAAAAAxkxTLX3P3zVtULv3LSP5kvsxkSELkpG/+p/fL/Q9P49lnopNe/YAAAAAANwPVvODii5Ro+4WTLNfISUDm8ZQiHXUxEWkb+dEV038qi3PhGZ43fEkxLuDyX+d1xfBq3qTqOAfKZyBt5r8O6rIaOMJ5u/WRGLP/u43/XnTeUUOxF0AB+GmqFwjPNY9+HmnQvXt/Gjgdg79ibRqgo+NEgNeZ1np3U70ipUQ76mxI6MtgCc++/KP8b1BXjrxV8D7wzsfmoa9L9c5KF0FZxe9TfGJ/+IBAAAAcOvaSX9Q83K4OXwjkfDNcvjLPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYzSRr/TrKgze++xtThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYun8DAAD//7ct9c4=")
openat(0xffffffffffffff9c, 0x0, 0x840, 0x2c)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000080000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70300000004000085"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b100bf800", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}, 0x801}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
unshare(0x22020600)
fsmount(0xffffffffffffffff, 0x0, 0x4)
syz_pidfd_open(r4, 0x0)

794.131224ms ago: executing program 1 (id=710):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0xfffffff6, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00'}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f0000000740)="aa47f22847f5a2fc3b0e17e1a1b6c77a221c445893f162ece10e8d4bbb79a87100b93e78222b6af09a2cee125acd7efb0c32189802677e443f8441faf9fd885a710d4f48d361d7984eda7057524b27eb6ed68d4afe085f84737ad152177a651128093c00fd0d014809ab2ebfc16005a943283ed35b9b55a0c05597e53ee83989a7c120b99c08ec51aad69bf6daa12de601099c53f040e13df4ea7e5b9e040000008d008c3bf1085600939a900000000098cd4562c29ac351624c96f0c3ef0dbc6a5381e5929268f95014b97153588e1008e943fec4ec84f7047a2437463ca5eef2f37b802e8a3bb9eb6e97a750860b604608addfbb5e1eb0560fa16ab563c0a20cc480350d1d85222f37c70bdc2ee9c7487246ce9e57fb73da5d9d1727d781c82311a16ae608f648b7607b416c023cd695f8251971a09366e4e1d5b3743333dfe8d22702409433c77d890c1ef8ba8b8f058284ae17488af50f6c93a31e6e530b6beda409d7079af648287234bc2897fcd033d339e4aa1046ded9dcf46081ac3c5e1b0a40ef24f9f8", 0x188, 0x20000000, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x140341)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$chown(0x4, r7, 0xee00, 0xee01)
keyctl$chown(0x4, r7, 0xffffffffffffffff, 0x0)
r8 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$IMADDTIMER(r8, 0x80044940, &(0x7f0000000080)=0x14)
ioctl$IMADDTIMER(r8, 0x80044940, &(0x7f0000000200)=0x32)
close(r8)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='xen_mc_callback\x00'}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r9}, &(0x7f0000000380), &(0x7f00000005c0)}, 0x20)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, 0x0)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

630.881478ms ago: executing program 1 (id=714):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000200"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000040)=0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='syscall\x00')
getdents(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r3, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="5ff2565a038aa531f7628d1d6a41b3da6264a52db340880bed717aec2d5da1fa", @ANYRES16=r4, @ANYBLOB="200028bd7000fcdbdf250100000008000400ffffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20040000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000100000d030000000000000003000000000000000000000105000000080000000000000000000003000000000200000002"], 0x0, 0x56}, 0x28)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x5, 0x3}, 0x0, 0x0, 0x40000, 0x0, 0x21, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a03000000000000000000001302"], 0x0, 0x56}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="17000000000000"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0}, 0x94)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
r8 = open(&(0x7f0000000180)='./bus\x00', 0x1c3bc2, 0x1c0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f00000008c0)={<r9=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000100)={r9, 0x1, r8, 0x7, 0x80000})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000001850000000000020000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x9a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)

622.714678ms ago: executing program 5 (id=715):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c00"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x8080)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)

580.120578ms ago: executing program 5 (id=716):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x11f3, &(0x7f0000003f80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000240), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfff1}, {}, {0x7}}}, 0x24}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000580)=""/4077, 0xfed}], 0x1, 0x3ab3, 0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x10c000)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x10007ffffffff}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
close(r4)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000180)=@req3={0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x861}, 0x1c)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

489.94065ms ago: executing program 5 (id=717):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r3 = accept4$unix(0xffffffffffffffff, &(0x7f00000004c0), &(0x7f00000003c0)=0x6e, 0x0)
recvmsg$unix(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000880)=""/248, 0xf8}, {&(0x7f0000001a00)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/234, 0xea}, {&(0x7f0000001bc0)=""/152, 0x98}], 0x4, &(0x7f0000001c80)=[@rights={{0x10}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf0}, 0x2d723eb101f6e528)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10)
sendmsg$rds(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0x1, {{0x3, 0x3}, {0x0, 0x1a000}, &(0x7f0000000440)=[{&(0x7f0000000a00)=""/4096, 0x1000}], 0x1, 0x60, 0x4}}], 0x48, 0x8004}, 0x0)
io_getevents(0x0, 0x100, 0x6, &(0x7f0000000740)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000380)={0x0, 0x3938700})

305.842734ms ago: executing program 4 (id=719):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0x8}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
ioctl$SIOCPNENABLEPIPE(0xffffffffffffffff, 0x89ed, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xfffffffffffffffe}, 0x0, 0x0, 0x1, 0x0, 0x2, 0x2}, {{@in6=@remote, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff, 0xfffffff9}}, 0xe8)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
sendmmsg(r2, &(0x7f0000000180), 0x400000000000077, 0x7600)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18, r2, {0x23c3}}, './file0\x00'})

305.134744ms ago: executing program 0 (id=720):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
r2 = syz_open_dev$loop(&(0x7f00000004c0), 0x138d7c5, 0x1)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000540)={'\x00', 0x0, 0x10001, 0x115ce0, 0xee, 0x2, 0xffffffffffffffff})

273.593754ms ago: executing program 4 (id=721):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = dup(r2)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000000306010200040000000000000200000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4)

272.742804ms ago: executing program 4 (id=722):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0003000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r3=>0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r3, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe14}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x8, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x5a, &(0x7f0000000440)=[{}, {}], 0x10, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x56, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'batadv0\x00', <r6=>0x0})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000780)={'syztnl1\x00', &(0x7f0000000700)={'erspan0\x00', <r7=>0x0, 0x80, 0x8000, 0x6, 0xffffffff, {{0xc, 0x4, 0x3, 0x21, 0x30, 0x66, 0x0, 0x7, 0x29, 0x0, @remote, @local, {[@generic={0xb, 0x5, "5ce9ca"}, @noop, @noop, @noop, @rr={0x7, 0x13, 0xc6, [@multicast1, @broadcast, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}})
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r9=>0x0})
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r10, &(0x7f0000000080)={0x1d, r9, 0x4, {}, 0xfd}, 0x18)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000880)={'ip6_vti0\x00', &(0x7f0000000800)={'ip6gre0\x00', <r11=>0x0, 0x4, 0x6, 0x8, 0x9, 0x27, @ipv4={'\x00', '\xff\xff', @broadcast}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x1, 0x8, 0x5}})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'vxcan1\x00', <r12=>0x0})
r13 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r13, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r14=>0x0})
r15 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r15, &(0x7f0000000080)={0x1d, r14}, 0x18)
sendmsg$can_j1939(r15, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
sendmsg$sock(r15, &(0x7f0000000600)={&(0x7f00000004c0)=@can={0x1d, r14}, 0x80, 0x0}, 0x404c000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000980)={'syztnl2\x00', &(0x7f0000000900)={'syztnl2\x00', <r16=>0x0, 0x4, 0x10, 0x8, 0x2, 0x0, @loopback, @loopback, 0x700, 0x80, 0x25, 0x2}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000a40)={0xffffffffffffffff, 0x58, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r17=>0x0}}, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_GET(0xffffffffffffffff, &(0x7f0000000d40)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xe321d9d9ba20f72}, 0xc, &(0x7f0000000d00)={&(0x7f0000000a80)={0x27c, r1, 0x76a1dfd61f9afe4f, 0x70bd2c, 0x25dfdbfc, {}, [@HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xdfe56d199941047f}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xc58be2f33970d5a8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x27c}}, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xbffffffffffffffb}, 0x18)
r18 = add_key$keyring(&(0x7f0000000300), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r18, &(0x7f0000000380)='asymmetric\x00', &(0x7f00000003c0))
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, r18)

261.120985ms ago: executing program 0 (id=723):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000001b80)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
sigaltstack(&(0x7f0000000080)={&(0x7f0000000280)=""/153, 0x80000000, 0x99}, &(0x7f0000000340)={&(0x7f0000000480)=""/251, 0x0, 0xfb})

250.086195ms ago: executing program 0 (id=724):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0xfffffff6, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00'}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f0000000740)="aa47f22847f5a2fc3b0e17e1a1b6c77a221c445893f162ece10e8d4bbb79a87100b93e78222b6af09a2cee125acd7efb0c32189802677e443f8441faf9fd885a710d4f48d361d7984eda7057524b27eb6ed68d4afe085f84737ad152177a651128093c00fd0d014809ab2ebfc16005a943283ed35b9b55a0c05597e53ee83989a7c120b99c08ec51aad69bf6daa12de601099c53f040e13df4ea7e5b9e040000008d008c3bf1085600939a900000000098cd4562c29ac351624c96f0c3ef0dbc6a5381e5929268f95014b97153588e1008e943fec4ec84f7047a2437463ca5eef2f37b802e8a3bb9eb6e97a750860b604608addfbb5e1eb0560fa16ab563c0a20cc480350d1d85222f37c70bdc2ee9c7487246ce9e57fb73da5d9d1727d781c82311a16ae608f648b7607b416c023cd695f8251971a09366e4e1d5b3743333dfe8d22702409433c77d890c1ef8ba8b8f058284ae17488af50f6c93a31e6e530b6beda409d7079af648287234bc2897fcd033d339e4aa1046ded9dcf46081ac3c5e1b0a40ef24f9f8", 0x188, 0x20000000, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x140341)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$chown(0x4, r7, 0xee00, 0xee01)
keyctl$chown(0x4, r7, 0xffffffffffffffff, 0x0)
r8 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$IMADDTIMER(r8, 0x80044940, &(0x7f0000000080)=0x14)
ioctl$IMADDTIMER(r8, 0x80044940, &(0x7f0000000200)=0x32)
close(r8)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='xen_mc_callback\x00'}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r9}, &(0x7f0000000380), &(0x7f00000005c0)}, 0x20)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, 0x0)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

234.621156ms ago: executing program 4 (id=725):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000140), 0x12)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x8, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x8, 0x6}, 0x723, 0x9, 0x0, 0x1, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x8000000000000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x300060c1)

216.153466ms ago: executing program 0 (id=726):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c000000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x8080)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)

199.731896ms ago: executing program 0 (id=727):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x11f3, &(0x7f0000003f80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000240), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfff1}, {}, {0x7}}}, 0x24}}, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000580)=""/4077, 0xfed}], 0x1, 0x3ab3, 0x3)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x10c000)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x10007ffffffff}, 0x18)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
close(r4)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000180)=@req3={0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x861}, 0x1c)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

188.212736ms ago: executing program 4 (id=728):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe83)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000080)={@mcast1, <r2=>0x0}, &(0x7f00000000c0)=0x14)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000280)={r2, 0x1, 0x6, @broadcast}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000180)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1000000000000198}, 0x1f02)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
ioctl$MON_IOCX_GET(r4, 0x40189206, &(0x7f0000000340)={&(0x7f0000000300), 0x0})
r6 = dup3(r4, r5, 0x0)
ioctl$MON_IOCX_GETX(r6, 0x4018920a, &(0x7f0000000280)={&(0x7f0000000000), 0x0})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000100000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="19"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r1, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0], <r8=>0x0, 0x1f, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0x39, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1b, 0x8, &(0x7f0000000140)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ldst={0x2, 0x3, 0x5, 0x4, 0x6, 0x30}, @alu={0x7, 0x0, 0xc, 0x3, 0x0, 0x18, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x3d}, @alu={0x4, 0x1, 0xc, 0x3, 0x1, 0x20, 0xffffffffffffffff}], &(0x7f0000000200)='GPL\x00', 0x2, 0x4e, &(0x7f00000002c0)=""/78, 0x41000, 0x36, '\x00', r2, @fallback=0x4, r6, 0x8, &(0x7f0000000340)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0x7, 0xac, 0xf370}, 0x10, r8, r1, 0xa, 0x0, &(0x7f0000000840)=[{0x4, 0x2, 0x9, 0x2}, {0x0, 0x2, 0xd, 0x4}, {0x3, 0x1, 0xc, 0x6}, {0x1, 0x4}, {0x2, 0x3, 0x8, 0x7}, {0x4, 0x1, 0x9, 0x1}, {0x2, 0x1, 0x6}, {0x2, 0x5, 0x4, 0x3}, {0x3, 0x5, 0xe, 0x1}, {0x5, 0x5, 0x6, 0x2}], 0x10, 0x88}, 0x94)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000240)={0x0, 0x1, 0x6, @random="eaa5b3724171"}, 0x10)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
semtimedop(0x0, &(0x7f0000000180)=[{0x3, 0x1}], 0x1f4, &(0x7f0000000240)={0x0, 0x989680})
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0xfffffffffffffe55, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x4000}, 0x0)

158.047117ms ago: executing program 4 (id=729):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000000000079109a00000000000500000000000000950000000000000017ced8e3c51a5936ae56ee3c08bf8b01ebeeafdc554d6a2d3ff5fedbf6958e573ec7f2fb55494d4cad8c7c3c3df190e69bbdb563844c388b666b46547591abb51c6211c7d8f6eb770689287425c7c4ae983b3a73323d14187cf83df159ed7024f2e28797a7fdc8f9267635cd442342cfe7da45ef539676"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xf7}, 0x18)
ioctl$AUTOFS_IOC_SETTIMEOUT(r2, 0x80049367, &(0x7f0000000140)=0x6)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
r3 = fsmount(0xffffffffffffffff, 0x0, 0x9)
ioctl$IOC_PR_PREEMPT_ABORT(r3, 0x401870cc, &(0x7f0000000180)={0x2, 0x60de, 0x4, 0x5})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = syz_open_procfs(0x0, &(0x7f0000003700)='gid_map\x00')
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
write(r6, &(0x7f00000008c0)="3bf58d7d45d32cfe1da7c797b82fee444b", 0x11)
sendfile(r6, r5, 0x0, 0x3ffff)
sendfile(r6, r5, 0x0, 0x7fffeffd)
read(r4, &(0x7f0000003780)=""/159, 0x9f)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_raw(0x1d, 0x3, 0x1)
gettid()
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc020000000000000000000000000001fe80000000000000000000000000003a00000000000000000a0000a02e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c0011000a010101000000000000000000f700007f000001000400000000000000000000fc020000000000000000000000000001000000000000000000000000000000013c04"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

44.439189ms ago: executing program 0 (id=730):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f00000003c0)='(', 0x1, 0x8010, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x2}, 0x1c)
r1 = socket(0x10, 0x80003, 0x0)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
close_range(r1, 0xffffffffffffffff, 0x1000000000000000)
sendto$inet6(r1, &(0x7f00000007c0)="87", 0x1, 0x4a810, 0x0, 0x0)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000340)={0x0, 0x6}, &(0x7f0000000380)=0x8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
r4 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=<r5=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x95d, 0xfa39, 0xc1, 0x0, 0x0)
io_uring_enter(r4, 0xedd, 0x8acb, 0x41, 0x0, 0x0)
io_uring_enter(r4, 0x47fa, 0x0, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d697400"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000001d40)={0x20, 0x2, 0x8, 0x201, 0x0, 0x0, {0x3, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0xc084)

0s ago: executing program 2 (id=731):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
io_uring_enter(0xffffffffffffffff, 0x57d, 0xac8b, 0x1f, &(0x7f0000000380)={[0x10000]}, 0x8)
syz_emit_ethernet(0x11e, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0xe8, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x15}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4, 0x18, "9595f429ae08a565c9a41d416c70a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f40983c"}]}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

924344][ T4471]  ? __fget_files+0x184/0x1c0
[   51.924371][ T4471]  ksys_read+0xda/0x1a0
[   51.924393][ T4471]  __x64_sys_read+0x40/0x50
[   51.924464][ T4471]  x64_sys_call+0x27bc/0x2ff0
[   51.924485][ T4471]  do_syscall_64+0xd2/0x200
[   51.924534][ T4471]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   51.924560][ T4471]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   51.924712][ T4471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.924736][ T4471] RIP: 0033:0x7f6f9438d5bc
[   51.924755][ T4471] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   51.924772][ T4471] RSP: 002b:00007f6f92df7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   51.924792][ T4471] RAX: ffffffffffffffda RBX: 00007f6f945d5fa0 RCX: 00007f6f9438d5bc
[   51.924804][ T4471] RDX: 000000000000000f RSI: 00007f6f92df70a0 RDI: 0000000000000006
[   51.924859][ T4471] RBP: 00007f6f92df7090 R08: 0000000000000000 R09: 0000000000000000
[   51.924873][ T4471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.924887][ T4471] R13: 00007f6f945d6038 R14: 00007f6f945d5fa0 R15: 00007ffd6b6528e8
[   51.924908][ T4471]  </TASK>
[   52.171202][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.172361][ T4477] capability: warning: `syz.0.242' uses deprecated v2 capabilities in a way that may be insecure
[   52.180875][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.237262][   T29] kauditd_printk_skb: 299 callbacks suppressed
[   52.237280][   T29] audit: type=1400 audit(1758097443.162:3658): avc:  denied  { mount } for  pid=4478 comm="syz.4.244" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   52.265768][ T4485] netlink: 'syz.1.243': attribute type 4 has an invalid length.
[   52.273861][ T4485] netlink: 24 bytes leftover after parsing attributes in process `syz.1.243'.
[   52.283248][   T31] Buffer I/O error on dev loop5, logical block 656, lost async page write
[   52.292903][ T4482] loop2: detected capacity change from 0 to 8192
[   52.300611][   T29] audit: type=1400 audit(1758097443.232:3659): avc:  denied  { mounton } for  pid=4478 comm="syz.4.244" path="/53/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[   52.301554][ T4482] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   52.358092][ T4481] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=4481 comm=syz.1.243
[   52.417829][   T29] audit: type=1400 audit(1758097443.282:3660): avc:  denied  { listen } for  pid=4478 comm="syz.4.244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   52.437519][   T29] audit: type=1400 audit(1758097443.292:3661): avc:  denied  { unmount } for  pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   52.438503][ T4482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.241'.
[   52.457964][   T29] audit: type=1400 audit(1758097443.312:3662): avc:  denied  { cpu } for  pid=4474 comm="syz.1.243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   52.567087][ T4504] ipip0: entered promiscuous mode
[   52.577738][   T29] audit: type=1400 audit(1758097443.512:3663): avc:  denied  { write } for  pid=4503 comm="syz.2.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   52.604891][ T4504] loop2: detected capacity change from 0 to 1024
[   52.616884][   T29] audit: type=1400 audit(1758097443.532:3664): avc:  denied  { accept } for  pid=4503 comm="syz.2.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   52.625279][ T4506] loop0: detected capacity change from 0 to 1024
[   52.636533][   T29] audit: type=1400 audit(1758097443.532:3665): avc:  denied  { read } for  pid=4503 comm="syz.2.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   52.664646][ T4506] EXT4-fs: Ignoring removed bh option
[   52.665125][ T4504] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.684657][ T4506] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   52.719905][ T4504] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.251: Allocating blocks 497-513 which overlap fs metadata
[   52.722560][ T4506] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.812378][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.885134][ T4515] loop2: detected capacity change from 0 to 512
[   52.901429][ T4515] EXT4-fs warning (device loop2): ext4_xattr_inode_get:542: inode #11: comm syz.2.254: ea_inode file size=4 entry size=6
[   52.915037][ T4515] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.254: corrupted inode contents
[   52.928558][ T4515] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #15: comm syz.2.254: mark_inode_dirty error
[   52.940912][ T4515] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.254: corrupted inode contents
[   52.953404][ T4515] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2991: inode #15: comm syz.2.254: mark_inode_dirty error
[   52.965861][ T4515] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2994: inode #15: comm syz.2.254: mark inode dirty (error -117)
[   52.979197][ T4515] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[   52.989394][ T4515] EXT4-fs (loop2): 1 orphan inode deleted
[   53.006670][ T4515] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.078599][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.110286][ T4520] sch_fq: defrate 4294967295 ignored.
[   53.182809][   T29] audit: type=1326 audit(1758097444.112:3666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4487 comm="syz.5.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7fc00000
[   53.206622][   T29] audit: type=1326 audit(1758097444.112:3667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4487 comm="syz.5.246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7ff3cc84eba9 code=0x7fc00000
[   53.273017][ T4522] loop2: detected capacity change from 0 to 8192
[   53.286406][ T4528] loop5: detected capacity change from 0 to 512
[   53.300715][ T4528] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.395000][ T4527] delete_channel: no stack
[   53.434084][ T4182] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.450319][ T4535] netlink: 'syz.4.262': attribute type 10 has an invalid length.
[   53.458204][ T4535] netlink: 40 bytes leftover after parsing attributes in process `syz.4.262'.
[   53.468707][ T4535] team0: Port device geneve1 added
[   53.474213][ T2570] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   53.474955][ T4535] program syz.4.262 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   53.505274][ T2570] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   53.516824][ T2570] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   53.528471][   T51] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   53.528562][ T4535] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   53.547176][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.996947][ T4556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.265'.
[   54.230181][ T4559] loop1: detected capacity change from 0 to 512
[   54.331395][ T4559] EXT4-fs warning (device loop1): ext4_xattr_inode_get:542: inode #11: comm syz.1.267: ea_inode file size=4 entry size=6
[   54.378679][ T4559] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.267: corrupted inode contents
[   54.424479][ T4564] loop5: detected capacity change from 0 to 128
[   54.431592][ T4559] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #15: comm syz.1.267: mark_inode_dirty error
[   54.454862][ T4559] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.267: corrupted inode contents
[   54.476729][ T4559] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #15: comm syz.1.267: mark_inode_dirty error
[   54.496404][ T4559] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #15: comm syz.1.267: mark inode dirty (error -117)
[   54.512554][ T4559] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   54.522301][ T4559] EXT4-fs (loop1): 1 orphan inode deleted
[   54.529016][ T4559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.675852][ T4566] loop4: detected capacity change from 0 to 128
[   54.726119][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.808644][ T4577] netlink: 'syz.5.271': attribute type 4 has an invalid length.
[   54.813938][ T4579] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.274' resets device
[   54.835147][ T4582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.275'.
[   54.855072][ T4582] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[   54.864685][ T4582] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[   54.903856][ T4582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.275'.
[   54.915959][ T4590] netlink: 8 bytes leftover after parsing attributes in process `syz.2.278'.
[   55.014046][ T4587] loop4: detected capacity change from 0 to 8192
[   55.045861][ T4587] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   55.060442][ T4598] netlink: 4 bytes leftover after parsing attributes in process `syz.1.279'.
[   55.154962][ T4601] netlink: 4 bytes leftover after parsing attributes in process `syz.4.277'.
[   55.344490][ T4604] loop0: detected capacity change from 0 to 128
[   55.427774][ T4615] loop4: detected capacity change from 0 to 4096
[   55.441725][ T4615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.455633][ T4615] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.548363][ T4622] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.288' resets device
[   55.580550][ T4626] FAULT_INJECTION: forcing a failure.
[   55.580550][ T4626] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.593710][ T4626] CPU: 1 UID: 0 PID: 4626 Comm: syz.4.290 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   55.593743][ T4626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   55.593756][ T4626] Call Trace:
[   55.593793][ T4626]  <TASK>
[   55.593801][ T4626]  __dump_stack+0x1d/0x30
[   55.593821][ T4626]  dump_stack_lvl+0xe8/0x140
[   55.593842][ T4626]  dump_stack+0x15/0x1b
[   55.593861][ T4626]  should_fail_ex+0x265/0x280
[   55.593900][ T4626]  should_fail+0xb/0x20
[   55.593925][ T4626]  should_fail_usercopy+0x1a/0x20
[   55.593967][ T4626]  _copy_from_user+0x1c/0xb0
[   55.594020][ T4626]  __copy_msghdr+0x244/0x300
[   55.594051][ T4626]  ___sys_sendmsg+0x109/0x1d0
[   55.594156][ T4626]  __x64_sys_sendmsg+0xd4/0x160
[   55.594183][ T4626]  x64_sys_call+0x191e/0x2ff0
[   55.594227][ T4626]  do_syscall_64+0xd2/0x200
[   55.594264][ T4626]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   55.594342][ T4626]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   55.594440][ T4626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.594466][ T4626] RIP: 0033:0x7f4135e2eba9
[   55.594481][ T4626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.594579][ T4626] RSP: 002b:00007f413488f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   55.594603][ T4626] RAX: ffffffffffffffda RBX: 00007f4136075fa0 RCX: 00007f4135e2eba9
[   55.594617][ T4626] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[   55.594628][ T4626] RBP: 00007f413488f090 R08: 0000000000000000 R09: 0000000000000000
[   55.594703][ T4626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.594715][ T4626] R13: 00007f4136076038 R14: 00007f4136075fa0 R15: 00007fff46fd6388
[   55.594762][ T4626]  </TASK>
[   55.816363][ T4629] loop4: detected capacity change from 0 to 512
[   55.831130][ T4629] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   55.864630][ T4629] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.291: Failed to acquire dquot type 1
[   55.882426][ T4629] EXT4-fs (loop4): 1 truncate cleaned up
[   55.905906][ T4629] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.995697][ T4629] hub 8-0:1.0: USB hub found
[   56.001159][ T4629] hub 8-0:1.0: 8 ports detected
[   56.007171][ T4638] loop2: detected capacity change from 0 to 1024
[   56.016520][ T4638] EXT4-fs: Ignoring removed bh option
[   56.024062][ T4638] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   56.075463][ T4639] hub 9-0:1.0: USB hub found
[   56.080270][ T4639] hub 9-0:1.0: 8 ports detected
[   56.119956][ T4639] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[   56.128227][ T4639] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[   56.139949][ T4639] rdma_op ffff888102647980 conn xmit_rdma 0000000000000000
[   56.152195][ T4638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.212658][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.360118][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.370227][ T4643] loop5: detected capacity change from 0 to 128
[   56.557364][ T4643] bio_check_eod: 137 callbacks suppressed
[   56.557379][ T4643] syz.5.296: attempt to access beyond end of device
[   56.557379][ T4643] loop5: rw=2049, sector=153, nr_sectors = 8 limit=128
[   56.628368][ T4643] syz.5.296: attempt to access beyond end of device
[   56.628368][ T4643] loop5: rw=2049, sector=169, nr_sectors = 8 limit=128
[   56.884570][ T4643] syz.5.296: attempt to access beyond end of device
[   56.884570][ T4643] loop5: rw=2049, sector=185, nr_sectors = 8 limit=128
[   56.899554][ T4643] syz.5.296: attempt to access beyond end of device
[   56.899554][ T4643] loop5: rw=2049, sector=201, nr_sectors = 8 limit=128
[   56.913955][ T4643] syz.5.296: attempt to access beyond end of device
[   56.913955][ T4643] loop5: rw=2049, sector=217, nr_sectors = 8 limit=128
[   56.928552][ T4643] syz.5.296: attempt to access beyond end of device
[   56.928552][ T4643] loop5: rw=2049, sector=233, nr_sectors = 8 limit=128
[   56.946975][ T4643] syz.5.296: attempt to access beyond end of device
[   56.946975][ T4643] loop5: rw=2049, sector=249, nr_sectors = 8 limit=128
[   56.962242][ T4643] syz.5.296: attempt to access beyond end of device
[   56.962242][ T4643] loop5: rw=2049, sector=265, nr_sectors = 8 limit=128
[   57.005112][ T4643] syz.5.296: attempt to access beyond end of device
[   57.005112][ T4643] loop5: rw=2049, sector=281, nr_sectors = 8 limit=128
[   57.019372][ T4643] syz.5.296: attempt to access beyond end of device
[   57.019372][ T4643] loop5: rw=2049, sector=297, nr_sectors = 8 limit=128
[   57.082971][ T4660] syz.2.301 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   57.088160][ T4657] loop4: detected capacity change from 0 to 1024
[   57.114759][ T4652] loop1: detected capacity change from 0 to 128
[   57.128391][ T4657] EXT4-fs: Ignoring removed bh option
[   57.159608][ T4657] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   57.200937][ T4657] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.231909][ T4665] netlink: 516 bytes leftover after parsing attributes in process `syz.5.303'.
[   57.241357][   T29] kauditd_printk_skb: 498 callbacks suppressed
[   57.241375][   T29] audit: type=1400 audit(1758097448.162:4164): avc:  denied  { nlmsg_read } for  pid=4664 comm="syz.5.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   57.281103][ T4673] loop2: detected capacity change from 0 to 1024
[   57.301331][ T4673] EXT4-fs: Ignoring removed bh option
[   57.322210][   T29] audit: type=1326 audit(1758097448.252:4165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.445620][   T29] audit: type=1326 audit(1758097448.282:4166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.470094][   T29] audit: type=1326 audit(1758097448.282:4167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.494559][   T29] audit: type=1326 audit(1758097448.282:4168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.519104][   T29] audit: type=1326 audit(1758097448.282:4169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.542807][   T29] audit: type=1326 audit(1758097448.282:4170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.566358][   T29] audit: type=1326 audit(1758097448.282:4171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.589880][   T29] audit: type=1326 audit(1758097448.282:4172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.605451][ T4673] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   57.613777][   T29] audit: type=1326 audit(1758097448.282:4173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4678 comm="syz.5.307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   57.725087][ T4673] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.740436][ T4686] loop0: detected capacity change from 0 to 512
[   57.786179][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.832515][ T4694] rdma_op ffff88810473e580 conn xmit_rdma 0000000000000000
[   57.862863][ T4696] loop0: detected capacity change from 0 to 1024
[   57.879034][ T4696] EXT4-fs: Ignoring removed bh option
[   57.900604][ T4696] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   57.927288][ T4698] loop2: detected capacity change from 0 to 1024
[   57.950968][ T4696] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   57.954741][ T4698] EXT4-fs: Ignoring removed bh option
[   58.000423][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.010451][ T4698] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   58.346068][ T4715] loop4: detected capacity change from 0 to 128
[   58.400066][ T4712] netlink: 'syz.0.316': attribute type 1 has an invalid length.
[   58.728471][ T4719] Falling back ldisc for ttyS3.
[   58.773198][ T4719] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=4719 comm=syz.4.318
[   59.463305][ T4732] loop4: detected capacity change from 0 to 512
[   59.485229][ T4736] netlink: 'syz.1.323': attribute type 4 has an invalid length.
[   59.501641][ T4732] EXT4-fs: Ignoring removed oldalloc option
[   59.629232][ T4741] sch_fq: defrate 0 ignored.
[   59.629371][ T4732] ext4 filesystem being mounted at /74/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   59.665451][ T4732] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.324: bg 0: block 217: padding at end of block bitmap is not set
[   59.701319][ T4747] FAULT_INJECTION: forcing a failure.
[   59.701319][ T4747] name failslab, interval 1, probability 0, space 0, times 0
[   59.714017][ T4747] CPU: 1 UID: 0 PID: 4747 Comm: syz.5.329 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   59.714121][ T4747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   59.714135][ T4747] Call Trace:
[   59.714144][ T4747]  <TASK>
[   59.714154][ T4747]  __dump_stack+0x1d/0x30
[   59.714185][ T4747]  dump_stack_lvl+0xe8/0x140
[   59.714204][ T4747]  dump_stack+0x15/0x1b
[   59.714266][ T4747]  should_fail_ex+0x265/0x280
[   59.714290][ T4747]  should_failslab+0x8c/0xb0
[   59.714314][ T4747]  kmem_cache_alloc_noprof+0x50/0x310
[   59.714366][ T4747]  ? skb_clone+0x151/0x1f0
[   59.714398][ T4747]  skb_clone+0x151/0x1f0
[   59.714424][ T4747]  __netlink_deliver_tap+0x2c9/0x500
[   59.714456][ T4747]  netlink_unicast+0x66b/0x690
[   59.714508][ T4747]  netlink_sendmsg+0x58b/0x6b0
[   59.714540][ T4747]  ? __pfx_netlink_sendmsg+0x10/0x10
[   59.714570][ T4747]  __sock_sendmsg+0x142/0x180
[   59.714604][ T4747]  ____sys_sendmsg+0x31e/0x4e0
[   59.714701][ T4747]  ___sys_sendmsg+0x17b/0x1d0
[   59.714735][ T4747]  __x64_sys_sendmsg+0xd4/0x160
[   59.714783][ T4747]  x64_sys_call+0x191e/0x2ff0
[   59.714806][ T4747]  do_syscall_64+0xd2/0x200
[   59.714883][ T4747]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   59.714906][ T4747]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   59.714933][ T4747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.715006][ T4747] RIP: 0033:0x7ff3cc84eba9
[   59.715022][ T4747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.715126][ T4747] RSP: 002b:00007ff3cb2b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.715148][ T4747] RAX: ffffffffffffffda RBX: 00007ff3cca95fa0 RCX: 00007ff3cc84eba9
[   59.715163][ T4747] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005
[   59.715177][ T4747] RBP: 00007ff3cb2b7090 R08: 0000000000000000 R09: 0000000000000000
[   59.715191][ T4747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.715206][ T4747] R13: 00007ff3cca96038 R14: 00007ff3cca95fa0 R15: 00007fffaa1a80a8
[   59.715227][ T4747]  </TASK>
[   59.715508][ T4747] netlink: 76 bytes leftover after parsing attributes in process `syz.5.329'.
[   59.738918][ T4732] EXT4-fs (loop4): Remounting filesystem read-only
[   59.941060][ T4732] EXT4-fs warning (device loop4): ext4_xattr_inode_lookup_create:1597: inode #18: comm syz.4.324: cleanup dec ref error -117
[   60.049215][ T4749] Driver unsupported XDP return value 0 on prog  (id 268) dev N/A, expect packet loss!
[   60.100999][ T4754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'.
[   60.215849][ T4749] loop2: detected capacity change from 0 to 128
[   60.992536][ T4769] netlink: 'syz.4.333': attribute type 4 has an invalid length.
[   61.000707][ T4796] netlink: 'syz.2.335': attribute type 4 has an invalid length.
[   61.008470][ T4796] netlink: 24 bytes leftover after parsing attributes in process `syz.2.335'.
[   61.030164][ T4788] Falling back ldisc for ttyS3.
[   61.101632][ T4769] netlink: 'syz.4.333': attribute type 4 has an invalid length.
[   61.110070][ T4788] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=4788 comm=syz.2.335
[   61.773146][ T4833] loop2: detected capacity change from 0 to 8192
[   61.783364][ T4833] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   61.840177][ T4833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.345'.
[   62.070970][ T4863] rdma_op ffff8881186f2d80 conn xmit_rdma 0000000000000000
[   62.419447][ T4873] hub 9-0:1.0: USB hub found
[   62.424254][ T4873] hub 9-0:1.0: 8 ports detected
[   62.987234][ T4876] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[   62.995520][ T4876] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[   63.004699][ T4876] rdma_op ffff88811aefa980 conn xmit_rdma 0000000000000000
[   63.401412][   T29] kauditd_printk_skb: 391 callbacks suppressed
[   63.401428][   T29] audit: type=1326 audit(1758097454.242:4563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.431007][   T29] audit: type=1326 audit(1758097454.242:4564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.454447][   T29] audit: type=1326 audit(1758097454.242:4565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.477820][   T29] audit: type=1326 audit(1758097454.242:4566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.490900][ T4878] netlink: 96 bytes leftover after parsing attributes in process `syz.4.354'.
[   63.501322][   T29] audit: type=1326 audit(1758097454.242:4567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.501360][   T29] audit: type=1326 audit(1758097454.242:4568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.557430][   T29] audit: type=1326 audit(1758097454.242:4569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.581073][   T29] audit: type=1326 audit(1758097454.252:4570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.604522][   T29] audit: type=1326 audit(1758097454.252:4571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.628174][   T29] audit: type=1326 audit(1758097454.252:4572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.0.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7fc00000
[   63.633082][ T4884] loop1: detected capacity change from 0 to 512
[   63.679579][ T4886] loop4: detected capacity change from 0 to 512
[   63.714135][ T4886] EXT4-fs warning (device loop4): ext4_xattr_inode_get:542: inode #11: comm syz.4.356: ea_inode file size=4 entry size=6
[   63.727890][ T4886] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #15: comm syz.4.356: corrupted inode contents
[   63.754965][ T4884] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   63.779594][ T4886] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #15: comm syz.4.356: mark_inode_dirty error
[   63.801760][ T4886] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #15: comm syz.4.356: corrupted inode contents
[   63.821558][ T4886] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2991: inode #15: comm syz.4.356: mark_inode_dirty error
[   63.909997][ T4886] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2994: inode #15: comm syz.4.356: mark inode dirty (error -117)
[   63.932053][ T4884] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.355: Failed to acquire dquot type 1
[   63.932312][ T4886] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117)
[   63.953185][ T4886] EXT4-fs (loop4): 1 orphan inode deleted
[   63.954282][ T4884] EXT4-fs (loop1): 1 truncate cleaned up
[   64.022264][ T4883] hub 8-0:1.0: USB hub found
[   64.135761][ T4883] hub 8-0:1.0: 8 ports detected
[   64.455853][ T4898] FAULT_INJECTION: forcing a failure.
[   64.455853][ T4898] name failslab, interval 1, probability 0, space 0, times 0
[   64.468662][ T4898] CPU: 0 UID: 0 PID: 4898 Comm: syz.4.359 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   64.468701][ T4898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   64.468774][ T4898] Call Trace:
[   64.468800][ T4898]  <TASK>
[   64.468809][ T4898]  __dump_stack+0x1d/0x30
[   64.468833][ T4898]  dump_stack_lvl+0xe8/0x140
[   64.468854][ T4898]  dump_stack+0x15/0x1b
[   64.468873][ T4898]  should_fail_ex+0x265/0x280
[   64.468898][ T4898]  should_failslab+0x8c/0xb0
[   64.468998][ T4898]  kmem_cache_alloc_node_noprof+0x57/0x320
[   64.469028][ T4898]  ? __alloc_skb+0x101/0x320
[   64.469055][ T4898]  __alloc_skb+0x101/0x320
[   64.469095][ T4898]  inet_netconf_notify_devconf+0x173/0x230
[   64.469118][ T4898]  inetdev_event+0x743/0xc10
[   64.469212][ T4898]  ? __pfx_ib_netdevice_event+0x10/0x10
[   64.469301][ T4898]  ? ib_netdevice_event+0x186/0x5f0
[   64.469402][ T4898]  ? __pfx_inetdev_event+0x10/0x10
[   64.469427][ T4898]  raw_notifier_call_chain+0x6f/0x1b0
[   64.469463][ T4898]  ? call_netdevice_notifiers_info+0x9c/0x100
[   64.469598][ T4898]  call_netdevice_notifiers_info+0xae/0x100
[   64.469644][ T4898]  unregister_netdevice_many_notify+0xda9/0x15d0
[   64.469741][ T4898]  unregister_netdevice_queue+0x1f5/0x220
[   64.469776][ T4898]  __tun_detach+0x7db/0xad0
[   64.469801][ T4898]  ? __fsnotify_parent+0x152/0x330
[   64.469837][ T4898]  ? locks_remove_posix+0x1b4/0x300
[   64.469867][ T4898]  ? __pfx_tun_chr_close+0x10/0x10
[   64.469948][ T4898]  tun_chr_close+0x5a/0x100
[   64.470015][ T4898]  __fput+0x298/0x650
[   64.470058][ T4898]  fput_close_sync+0x6e/0x120
[   64.470094][ T4898]  __x64_sys_close+0x56/0xf0
[   64.470203][ T4898]  x64_sys_call+0x2738/0x2ff0
[   64.470228][ T4898]  do_syscall_64+0xd2/0x200
[   64.470264][ T4898]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   64.470295][ T4898]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   64.470324][ T4898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.470344][ T4898] RIP: 0033:0x7f4135e2eba9
[   64.470404][ T4898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.470425][ T4898] RSP: 002b:00007f413488f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   64.470446][ T4898] RAX: ffffffffffffffda RBX: 00007f4136075fa0 RCX: 00007f4135e2eba9
[   64.470460][ T4898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   64.470473][ T4898] RBP: 00007f413488f090 R08: 0000000000000000 R09: 0000000000000000
[   64.470487][ T4898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.470547][ T4898] R13: 00007f4136076038 R14: 00007f4136075fa0 R15: 00007fff46fd6388
[   64.470573][ T4898]  </TASK>
[   64.822949][ T4902] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.895061][ T4902] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.951408][ T4902] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.035353][ T4902] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.089150][ T4813] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.097482][ T4918] sch_fq: defrate 0 ignored.
[   65.105458][ T4813] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.117066][ T4813] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.134359][ T4813] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.281061][ T4930] loop2: detected capacity change from 0 to 512
[   65.301519][ T4930] EXT4-fs warning (device loop2): ext4_xattr_inode_get:542: inode #11: comm syz.2.372: ea_inode file size=4 entry size=6
[   65.314586][ T4930] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.372: corrupted inode contents
[   65.338177][ T4930] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #15: comm syz.2.372: mark_inode_dirty error
[   65.464314][ T4934] hub 9-0:1.0: USB hub found
[   65.469549][ T4934] hub 9-0:1.0: 8 ports detected
[   65.494292][ T4930] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.372: corrupted inode contents
[   66.305935][ T4930] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2991: inode #15: comm syz.2.372: mark_inode_dirty error
[   66.755391][ T4930] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2994: inode #15: comm syz.2.372: mark inode dirty (error -117)
[   66.797974][ T4930] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[   66.827241][ T4942] loop0: detected capacity change from 0 to 512
[   66.835038][ T4930] EXT4-fs (loop2): 1 orphan inode deleted
[   66.849999][ T4942] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   66.898780][ T4942] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.376: Failed to acquire dquot type 1
[   66.927945][ T4944] loop4: detected capacity change from 0 to 512
[   66.935750][ T4944] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   66.945560][ T4942] EXT4-fs (loop0): 1 truncate cleaned up
[   66.977948][ T4944] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.377: Failed to acquire dquot type 1
[   66.990777][ T4942] hub 8-0:1.0: USB hub found
[   67.000998][ T4942] hub 8-0:1.0: 8 ports detected
[   67.015105][ T4944] EXT4-fs (loop4): 1 truncate cleaned up
[   67.084785][ T4944] hub 8-0:1.0: USB hub found
[   67.109405][ T4944] hub 8-0:1.0: 8 ports detected
[   67.208978][ T3303] EXT4-fs unmount: 14 callbacks suppressed
[   67.208993][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.255903][ T4974] hub 9-0:1.0: USB hub found
[   68.266890][ T4974] hub 9-0:1.0: 8 ports detected
[   69.092832][    C1] vcan0: j1939_tp_rxtimer: 0xffff88810ad07000: rx timeout, send abort
[   69.101227][    C1] vcan0: j1939_tp_rxtimer: 0xffff88810ad07200: rx timeout, send abort
[   69.109510][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88810ad07000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   69.123986][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88810ad07200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   69.139744][   T29] kauditd_printk_skb: 252 callbacks suppressed
[   69.139757][   T29] audit: type=1400 audit(1758097460.072:4819): avc:  denied  { read } for  pid=2976 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   69.167957][   T29] audit: type=1400 audit(1758097460.072:4820): avc:  denied  { search } for  pid=2976 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   69.189593][   T29] audit: type=1400 audit(1758097460.072:4821): avc:  denied  { append } for  pid=2976 comm="syslogd" name="messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   69.212067][   T29] audit: type=1400 audit(1758097460.072:4822): avc:  denied  { open } for  pid=2976 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   69.243381][   T29] audit: type=1400 audit(1758097460.142:4823): avc:  denied  { getattr } for  pid=2976 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   69.266335][   T29] audit: type=1400 audit(1758097460.152:4824): avc:  denied  { create } for  pid=4975 comm="syz.2.396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   69.285770][   T29] audit: type=1400 audit(1758097460.162:4825): avc:  denied  { create } for  pid=4975 comm="syz.2.396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   69.305468][   T29] audit: type=1400 audit(1758097460.162:4826): avc:  denied  { connect } for  pid=4975 comm="syz.2.396" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   69.325798][   T29] audit: type=1400 audit(1758097460.162:4827): avc:  denied  { ioctl } for  pid=4975 comm="syz.2.396" path="socket:[10299]" dev="sockfs" ino=10299 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   69.350679][   T29] audit: type=1400 audit(1758097460.162:4828): avc:  denied  { write } for  pid=4975 comm="syz.2.396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   69.541799][ T4983] loop2: detected capacity change from 0 to 512
[   69.597121][ T4983] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.610171][ T4983] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   70.382184][ T4994] loop1: detected capacity change from 0 to 512
[   70.454639][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.472425][ T4994] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   70.599585][ T4994] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.392: Failed to acquire dquot type 1
[   70.723698][ T4994] EXT4-fs (loop1): 1 truncate cleaned up
[   70.763330][ T4994] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.802127][ T5004] netlink: 'syz.2.390': attribute type 4 has an invalid length.
[   70.802160][ T5008] loop4: detected capacity change from 0 to 1024
[   70.818389][ T5008] EXT4-fs: Ignoring removed bh option
[   70.835731][ T5004] netlink: 'syz.2.390': attribute type 4 has an invalid length.
[   70.847325][ T5004] FAULT_INJECTION: forcing a failure.
[   70.847325][ T5004] name failslab, interval 1, probability 0, space 0, times 0
[   70.860308][ T5004] CPU: 0 UID: 0 PID: 5004 Comm: syz.2.390 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.860346][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   70.860357][ T5004] Call Trace:
[   70.860363][ T5004]  <TASK>
[   70.860372][ T5004]  __dump_stack+0x1d/0x30
[   70.860398][ T5004]  dump_stack_lvl+0xe8/0x140
[   70.860421][ T5004]  dump_stack+0x15/0x1b
[   70.860506][ T5004]  should_fail_ex+0x265/0x280
[   70.860541][ T5004]  ? igmpv3_add_delrec+0x89/0x2e0
[   70.860590][ T5004]  should_failslab+0x8c/0xb0
[   70.860614][ T5004]  __kmalloc_cache_noprof+0x4c/0x320
[   70.860646][ T5004]  ? __mod_timer+0x86/0x840
[   70.860688][ T5004]  igmpv3_add_delrec+0x89/0x2e0
[   70.860763][ T5004]  __igmp_group_dropped+0x409/0x460
[   70.860793][ T5004]  ? mod_timer+0x1f/0x30
[   70.860819][ T5004]  ? ip_mc_del_src+0x35d/0x480
[   70.860877][ T5004]  __ip_mc_dec_group+0x194/0x3d0
[   70.860905][ T5004]  ip_mc_leave_group+0x2f8/0x370
[   70.861056][ T5004]  do_ip_setsockopt+0x1e98/0x2240
[   70.861078][ T5004]  ip_setsockopt+0x58/0x110
[   70.861102][ T5004]  udp_setsockopt+0x99/0xb0
[   70.861153][ T5004]  sock_common_setsockopt+0x66/0x80
[   70.861213][ T5004]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   70.861246][ T5004]  __sys_setsockopt+0x181/0x200
[   70.861299][ T5004]  __x64_sys_setsockopt+0x64/0x80
[   70.861328][ T5004]  x64_sys_call+0x20ec/0x2ff0
[   70.861351][ T5004]  do_syscall_64+0xd2/0x200
[   70.861428][ T5004]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   70.861451][ T5004]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   70.861478][ T5004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.861569][ T5004] RIP: 0033:0x7fd5decfeba9
[   70.861614][ T5004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.861633][ T5004] RSP: 002b:00007fd5dd75f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   70.861653][ T5004] RAX: ffffffffffffffda RBX: 00007fd5def45fa0 RCX: 00007fd5decfeba9
[   70.861667][ T5004] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000006
[   70.861681][ T5004] RBP: 00007fd5dd75f090 R08: 000000000000000c R09: 0000000000000000
[   70.861759][ T5004] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001
[   70.861774][ T5004] R13: 00007fd5def46038 R14: 00007fd5def45fa0 R15: 00007ffc626f1588
[   70.861792][ T5004]  </TASK>
[   70.864275][ T5008] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   71.177798][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.194340][ T5008] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.260581][ T5020] hub 9-0:1.0: USB hub found
[   71.284446][ T5024] loop1: detected capacity change from 0 to 512
[   71.299968][ T5020] hub 9-0:1.0: 8 ports detected
[   71.330231][ T5025] hub 9-0:1.0: USB hub found
[   71.336283][ T5025] hub 9-0:1.0: 8 ports detected
[   71.347968][ T5024] EXT4-fs warning (device loop1): ext4_xattr_inode_get:542: inode #11: comm syz.1.398: ea_inode file size=4 entry size=6
[   71.387102][ T5024] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.398: corrupted inode contents
[   71.435520][ T5028] loop2: detected capacity change from 0 to 1024
[   71.445003][ T5028] EXT4-fs: Ignoring removed bh option
[   71.454826][ T5024] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #15: comm syz.1.398: mark_inode_dirty error
[   71.468774][ T5028] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   71.479812][ T5024] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.398: corrupted inode contents
[   71.494024][ T5024] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #15: comm syz.1.398: mark_inode_dirty error
[   71.507348][ T5024] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #15: comm syz.1.398: mark inode dirty (error -117)
[   71.524281][ T5028] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.614176][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.646246][ T5024] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   71.675814][ T5024] EXT4-fs (loop1): 1 orphan inode deleted
[   71.693628][ T5024] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.766770][ T5040] loop5: detected capacity change from 0 to 512
[   71.962848][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.490401][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.519524][ T5058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.408'.
[   72.551006][ T5060] loop2: detected capacity change from 0 to 512
[   72.562015][ T5060] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   72.589786][ T5060] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.409: Failed to acquire dquot type 1
[   72.602653][ T5060] EXT4-fs (loop2): 1 truncate cleaned up
[   72.609943][ T5060] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.652877][ T5060] hub 8-0:1.0: USB hub found
[   72.659452][ T5060] hub 8-0:1.0: 8 ports detected
[   72.685464][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.063797][ T5075] loop2: detected capacity change from 0 to 128
[   73.073029][ T5075] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   73.086102][ T5075] ext4 filesystem being mounted at /85/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   73.413315][ T5080] loop1: detected capacity change from 0 to 512
[   73.718128][ T5084] loop5: detected capacity change from 0 to 1024
[   73.725383][ T5084] EXT4-fs: Ignoring removed bh option
[   73.731647][ T5084] EXT4-fs: inline encryption not supported
[   73.738434][ T5084] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   73.750649][ T5084] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[   73.760188][ T5084] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.418: lblock 2 mapped to illegal pblock 2 (length 1)
[   73.774686][ T5084] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 48: comm syz.5.418: lblock 0 mapped to illegal pblock 48 (length 1)
[   73.788876][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a2da400: rx timeout, send abort
[   73.788946][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a2dac00: rx timeout, send abort
[   73.797171][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a2da400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   73.797236][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a2dac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   73.836234][ T5084] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.418: Failed to acquire dquot type 0
[   73.848354][ T5084] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: Corrupt filesystem
[   73.860122][ T5084] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.418: mark_inode_dirty error
[   73.872113][ T5084] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   73.880135][ T5090] netlink: 20 bytes leftover after parsing attributes in process `syz.0.420'.
[   73.883711][ T5084] EXT4-fs (loop5): 1 orphan inode deleted
[   73.915889][ T5084] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.932201][   T51] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1)
[   73.946888][   T51] EXT4-fs error (device loop5): ext4_release_dquot:6973: comm kworker/u8:3: Failed to release dquot type 0
[   73.961574][ T5084] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.971028][ T5092] loop0: detected capacity change from 0 to 512
[   73.973238][ T3309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.979550][ T5084] EXT4-fs error (device loop5): __ext4_get_inode_loc:4861: comm syz.5.418: Invalid inode table block 1 in block_group 0
[   74.001072][ T5092] EXT4-fs warning (device loop0): ext4_xattr_inode_get:542: inode #11: comm syz.0.421: ea_inode file size=4 entry size=6
[   74.011488][ T5084] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: Corrupt filesystem
[   74.024272][ T5092] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.421: corrupted inode contents
[   74.036484][ T5092] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #15: comm syz.0.421: mark_inode_dirty error
[   74.036843][ T5084] EXT4-fs error (device loop5): ext4_quota_off:7221: inode #3: comm syz.5.418: mark_inode_dirty error
[   74.051778][ T5092] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.421: corrupted inode contents
[   74.098291][ T5092] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2991: inode #15: comm syz.0.421: mark_inode_dirty error
[   74.124375][ T5092] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2994: inode #15: comm syz.0.421: mark inode dirty (error -117)
[   74.141158][ T5084] loop5: detected capacity change from 0 to 512
[   74.148944][ T5084] ext4: Unknown parameter 'nouser_xattr'
[   74.156140][ T5092] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117)
[   74.170627][ T5092] EXT4-fs (loop0): 1 orphan inode deleted
[   74.176758][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.198171][   T29] kauditd_printk_skb: 242 callbacks suppressed
[   74.198188][   T29] audit: type=1326 audit(1758097465.102:5064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5094 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   74.227911][   T29] audit: type=1326 audit(1758097465.102:5065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5094 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   74.251350][   T29] audit: type=1326 audit(1758097465.132:5066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5094 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   74.274757][   T29] audit: type=1326 audit(1758097465.132:5067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5094 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   74.298263][   T29] audit: type=1326 audit(1758097465.132:5068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5094 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   74.321604][   T29] audit: type=1326 audit(1758097465.132:5069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5094 comm="syz.2.422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   74.510797][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.522699][   T29] audit: type=1400 audit(1758097465.132:5070): avc:  denied  { write } for  pid=5083 comm="syz.5.418" name="secretmem" dev="secretmem" ino=9821 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   74.546106][   T29] audit: type=1400 audit(1758097465.302:5071): avc:  denied  { unlink } for  pid=4182 comm="syz-executor" name="file0" dev="tmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   74.757342][   T29] audit: type=1326 audit(1758097465.572:5072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5101 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe87663eba9 code=0x7ffc0000
[   74.781222][   T29] audit: type=1326 audit(1758097465.572:5073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5101 comm="syz.1.425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe87663eba9 code=0x7ffc0000
[   74.885406][ T5112] netlink: 4 bytes leftover after parsing attributes in process `syz.5.426'.
[   75.047245][ T5113] Falling back ldisc for ttyS3.
[   75.083531][ T5113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5113 comm=syz.4.428
[   75.207158][ T5128] hub 9-0:1.0: USB hub found
[   75.213064][ T5128] hub 9-0:1.0: 8 ports detected
[   75.292874][ T5129] rdma_op ffff888118c94180 conn xmit_rdma 0000000000000000
[   75.398868][ T5130] loop2: detected capacity change from 0 to 128
[   75.576929][ T5130] bio_check_eod: 19 callbacks suppressed
[   75.576948][ T5130] syz.2.430: attempt to access beyond end of device
[   75.576948][ T5130] loop2: rw=2049, sector=153, nr_sectors = 8 limit=128
[   75.753625][ T5130] syz.2.430: attempt to access beyond end of device
[   75.753625][ T5130] loop2: rw=2049, sector=169, nr_sectors = 8 limit=128
[   76.009590][ T5130] syz.2.430: attempt to access beyond end of device
[   76.009590][ T5130] loop2: rw=2049, sector=185, nr_sectors = 8 limit=128
[   76.023546][ T5130] syz.2.430: attempt to access beyond end of device
[   76.023546][ T5130] loop2: rw=2049, sector=201, nr_sectors = 8 limit=128
[   76.148458][ T5130] syz.2.430: attempt to access beyond end of device
[   76.148458][ T5130] loop2: rw=2049, sector=217, nr_sectors = 8 limit=128
[   76.162638][ T5130] syz.2.430: attempt to access beyond end of device
[   76.162638][ T5130] loop2: rw=2049, sector=233, nr_sectors = 8 limit=128
[   76.176466][ T5130] syz.2.430: attempt to access beyond end of device
[   76.176466][ T5130] loop2: rw=2049, sector=249, nr_sectors = 8 limit=128
[   76.182949][ T5137] loop4: detected capacity change from 0 to 512
[   76.217636][ T5142] loop0: detected capacity change from 0 to 512
[   76.251151][ T5137] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.432: bg 0: block 248: padding at end of block bitmap is not set
[   76.269203][ T5142] EXT4-fs warning (device loop0): ext4_xattr_inode_get:542: inode #11: comm syz.0.433: ea_inode file size=4 entry size=6
[   76.297882][ T5152] netlink: 'syz.5.434': attribute type 4 has an invalid length.
[   76.302602][ T5142] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.433: corrupted inode contents
[   76.326557][   T59] kworker/u8:4: attempt to access beyond end of device
[   76.326557][   T59] loop2: rw=1, sector=265, nr_sectors = 8 limit=128
[   76.333223][ T5137] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.432: Failed to acquire dquot type 1
[   76.354949][   T59] kworker/u8:4: attempt to access beyond end of device
[   76.354949][   T59] loop2: rw=1, sector=281, nr_sectors = 8 limit=128
[   76.369255][ T5137] EXT4-fs (loop4): 1 truncate cleaned up
[   76.375764][ T5137] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.417641][ T5142] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #15: comm syz.0.433: mark_inode_dirty error
[   76.430283][   T59] kworker/u8:4: attempt to access beyond end of device
[   76.430283][   T59] loop2: rw=1, sector=297, nr_sectors = 8 limit=128
[   76.444894][ T5137] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.455950][ T5142] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.433: corrupted inode contents
[   76.472804][ T5142] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2991: inode #15: comm syz.0.433: mark_inode_dirty error
[   76.489972][ T5142] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2994: inode #15: comm syz.0.433: mark inode dirty (error -117)
[   76.503313][ T5142] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117)
[   76.517171][ T5142] EXT4-fs (loop0): 1 orphan inode deleted
[   76.523624][ T5142] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.545674][ T5137] syz.4.432 (5137) used greatest stack depth: 9200 bytes left
[   76.555826][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.606575][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.637015][ T5169] bridge0: port 3(macsec1) entered blocking state
[   76.643614][ T5169] bridge0: port 3(macsec1) entered disabled state
[   76.667808][ T5169] macsec1: entered allmulticast mode
[   76.673246][ T5169] bridge0: entered allmulticast mode
[   76.696786][ T5169] macsec1: left allmulticast mode
[   76.701981][ T5169] bridge0: left allmulticast mode
[   76.853009][ T5174] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[   77.075383][ T5184] loop4: detected capacity change from 0 to 128
[   77.218012][ T5189] Falling back ldisc for ttyS3.
[   77.226036][ T5189] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5189 comm=syz.1.443
[   77.476844][ T5212] netlink: 'syz.2.453': attribute type 1 has an invalid length.
[   77.510143][ T5212] bond1: entered promiscuous mode
[   77.510165][ T5212] bond1: entered allmulticast mode
[   77.520039][ T5212] geneve2: entered allmulticast mode
[   77.522041][ T5212] bond1: (slave geneve2): making interface the new active one
[   77.522062][ T5212] geneve2: entered promiscuous mode
[   77.522698][ T5212] bond1: (slave geneve2): Enslaving as an active interface with an up link
[   77.627183][ T5223] netlink: 'syz.0.455': attribute type 4 has an invalid length.
[   77.793138][ T5228] loop4: detected capacity change from 0 to 1024
[   77.804075][ T5228] EXT4-fs: Ignoring removed bh option
[   77.825065][ T5228] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   77.892969][ T5231] hub 9-0:1.0: USB hub found
[   77.897695][ T5231] hub 9-0:1.0: 8 ports detected
[   77.907817][ T5231] rdma_op ffff888102646d80 conn xmit_rdma 0000000000000000
[   78.020622][ T5228] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.625647][ T5243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.463'.
[   78.677776][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.766215][ T5250] loop2: detected capacity change from 0 to 1024
[   78.778005][ T5250] EXT4-fs: Ignoring removed bh option
[   78.786642][ T5250] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   78.820759][ T5250] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.896239][ T5255] loop0: detected capacity change from 0 to 512
[   78.929065][ T5255] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.468: bad orphan inode 11862016
[   79.019134][ T5255] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   79.032803][ T5255] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.045827][ T5268] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5268 comm=syz.5.470
[   79.141520][ T5270] hub 9-0:1.0: USB hub found
[   79.146510][ T5270] hub 9-0:1.0: 8 ports detected
[   79.158689][ T5270] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[   79.166955][ T5270] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[   79.807803][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.840200][   T29] kauditd_printk_skb: 204 callbacks suppressed
[   79.840218][   T29] audit: type=1326 audit(1758097470.772:5276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   79.870543][   T29] audit: type=1326 audit(1758097470.772:5277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   79.894037][   T29] audit: type=1326 audit(1758097470.772:5278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   79.917562][   T29] audit: type=1326 audit(1758097470.772:5279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   79.942447][   T29] audit: type=1326 audit(1758097470.772:5280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   79.980787][   T29] audit: type=1326 audit(1758097470.902:5281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   80.004358][   T29] audit: type=1326 audit(1758097470.902:5282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   80.027866][   T29] audit: type=1326 audit(1758097470.902:5283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   80.051292][   T29] audit: type=1326 audit(1758097470.902:5284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   80.075006][   T29] audit: type=1326 audit(1758097470.902:5285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5275 comm="syz.5.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff3cc84eba9 code=0x7ffc0000
[   80.123408][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   80.146696][ T5280] loop2: detected capacity change from 0 to 764
[   80.155413][ T5280] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   80.190214][ T5284] loop0: detected capacity change from 0 to 1024
[   80.196954][ T5284] EXT4-fs: Ignoring removed bh option
[   80.206733][ T5284] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   80.281789][ T5284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.298887][ T5299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.480'.
[   81.326312][ T5299] macvtap1: entered promiscuous mode
[   81.331764][ T5299] syz_tun: entered promiscuous mode
[   81.337048][ T5299] macvtap1: entered allmulticast mode
[   81.342616][ T5299] syz_tun: entered allmulticast mode
[   81.382810][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.795885][ T5315] hub 9-0:1.0: USB hub found
[   81.800852][ T5315] hub 9-0:1.0: 8 ports detected
[   81.815365][ T5315] rdma_op ffff88810a46fd80 conn xmit_rdma 0000000000000000
[   83.065984][ T5319] rdma_op ffff8881003dbd80 conn xmit_rdma 0000000000000000
[   83.396459][ T5322] loop4: detected capacity change from 0 to 1024
[   83.422041][ T5322] EXT4-fs: Ignoring removed nobh option
[   83.519161][ T5322] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.546281][ T5331] netlink: 'syz.2.489': attribute type 4 has an invalid length.
[   83.659347][ T5347] loop1: detected capacity change from 0 to 1024
[   83.669725][ T5347] EXT4-fs: Ignoring removed bh option
[   83.681936][ T5347] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   83.700675][ T5347] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.746043][ T5352] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   83.781814][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.864239][ T5356] loop4: detected capacity change from 0 to 512
[   83.913489][ T5356] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   83.949149][ T5356] EXT4-fs (loop4): invalid journal inode
[   83.973929][ T5356] EXT4-fs (loop4): can't get journal size
[   83.982977][ T5356] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e056c118, mo2=0002]
[   83.991496][ T5356] System zones: 1-12, 13-13
[   83.996683][ T5356] EXT4-fs (loop4): 1 truncate cleaned up
[   84.003351][ T5356] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.112140][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.594870][ T5369] netlink: 'syz.0.499': attribute type 4 has an invalid length.
[   84.602651][ T5369] netlink: 24 bytes leftover after parsing attributes in process `syz.0.499'.
[   84.735181][ T5375] loop4: detected capacity change from 0 to 128
[   84.745562][ T5371] Falling back ldisc for ttyS3.
[   84.794314][ T5371] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5371 comm=syz.0.499
[   84.849607][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.866073][ T5379] bio_check_eod: 214 callbacks suppressed
[   84.866088][ T5379] syz.4.501: attempt to access beyond end of device
[   84.866088][ T5379] loop4: rw=2049, sector=153, nr_sectors = 8 limit=128
[   84.919106][ T5379] syz.4.501: attempt to access beyond end of device
[   84.919106][ T5379] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[   84.923247][   T29] kauditd_printk_skb: 838 callbacks suppressed
[   84.923263][   T29] audit: type=1326 audit(1758097475.852:6124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5373 comm="syz.4.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7ffc0000
[   84.941139][ T5379] syz.4.501: attempt to access beyond end of device
[   84.941139][ T5379] loop4: rw=2049, sector=185, nr_sectors = 8 limit=128
[   84.962784][   T29] audit: type=1326 audit(1758097475.902:6125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5373 comm="syz.4.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7ffc0000
[   84.977626][ T5379] syz.4.501: attempt to access beyond end of device
[   84.977626][ T5379] loop4: rw=2049, sector=201, nr_sectors = 8 limit=128
[   85.013448][ T5379] syz.4.501: attempt to access beyond end of device
[   85.013448][ T5379] loop4: rw=2049, sector=217, nr_sectors = 8 limit=128
[   85.026981][ T5379] syz.4.501: attempt to access beyond end of device
[   85.026981][ T5379] loop4: rw=2049, sector=233, nr_sectors = 8 limit=128
[   85.041299][ T5379] syz.4.501: attempt to access beyond end of device
[   85.041299][ T5379] loop4: rw=2049, sector=249, nr_sectors = 8 limit=128
[   85.055183][ T5379] syz.4.501: attempt to access beyond end of device
[   85.055183][ T5379] loop4: rw=2049, sector=265, nr_sectors = 8 limit=128
[   85.070102][ T5379] syz.4.501: attempt to access beyond end of device
[   85.070102][ T5379] loop4: rw=2049, sector=281, nr_sectors = 8 limit=128
[   85.084503][ T5379] syz.4.501: attempt to access beyond end of device
[   85.084503][ T5379] loop4: rw=2049, sector=297, nr_sectors = 8 limit=128
[   85.244314][   T29] audit: type=1400 audit(1758097476.172:6126): avc:  denied  { unmount } for  pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   85.327169][ T5393] hub 9-0:1.0: USB hub found
[   85.332344][ T5393] hub 9-0:1.0: 8 ports detected
[   85.353479][ T5393] rdma_op ffff88811afdb980 conn xmit_rdma 0000000000000000
[   85.427188][   T29] audit: type=1326 audit(1758097476.352:6127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5392 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7ffc0000
[   85.662161][ T5396] sch_fq: defrate 0 ignored.
[   85.854448][ T5404] netlink: 'syz.5.509': attribute type 4 has an invalid length.
[   86.075823][   T29] audit: type=1400 audit(1758097476.392:6128): avc:  denied  { write } for  pid=5394 comm="syz.4.507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   86.095554][   T29] audit: type=1400 audit(1758097476.392:6129): avc:  denied  { name_connect } for  pid=5394 comm="syz.4.507" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[   86.115845][   T29] audit: type=1326 audit(1758097476.392:6130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5392 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7ffc0000
[   86.139349][   T29] audit: type=1326 audit(1758097476.392:6131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5392 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6f9438eba9 code=0x7ffc0000
[   86.164108][   T29] audit: type=1326 audit(1758097476.392:6132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5392 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7ffc0000
[   86.189571][   T29] audit: type=1326 audit(1758097476.392:6133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5392 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f9438eba9 code=0x7ffc0000
[   86.293491][ T5410] loop1: detected capacity change from 0 to 1024
[   86.331602][ T5410] EXT4-fs: Ignoring removed bh option
[   86.356945][ T5410] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   86.532770][ T5414] hub 9-0:1.0: USB hub found
[   86.537720][ T5414] hub 9-0:1.0: 8 ports detected
[   86.554588][ T5414] rdma_op ffff888119410580 conn xmit_rdma 0000000000000000
[   87.387726][ T5410] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.678917][ T5434] hub 9-0:1.0: USB hub found
[   87.683850][ T5434] hub 9-0:1.0: 8 ports detected
[   87.700249][ T5434] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[   87.708846][ T5434] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[   88.458212][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.619778][ T5453] sch_fq: defrate 0 ignored.
[   88.699645][ T5460] rdma_op ffff88811aefad80 conn xmit_rdma 0000000000000000
[   88.870390][ T5467] hub 9-0:1.0: USB hub found
[   88.876362][ T5467] hub 9-0:1.0: 8 ports detected
[   88.889710][ T5467] rdma_op ffff888119410580 conn xmit_rdma 0000000000000000
[   89.395235][ T5475] loop1: detected capacity change from 0 to 1024
[   89.468408][ T5475] EXT4-fs: Ignoring removed bh option
[   89.559777][ T5475] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   89.589670][ T5480] loop5: detected capacity change from 0 to 2048
[   89.609228][ T5475] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.740968][ T5488] sch_fq: defrate 0 ignored.
[   89.756025][ T5492] loop5: detected capacity change from 0 to 128
[   89.834374][ T5496] loop2: detected capacity change from 0 to 512
[   89.851518][ T5496] EXT4-fs: Ignoring removed bh option
[   89.873477][ T5496] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[   89.882627][ T5496] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   89.893337][ T5496] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[   89.918080][ T5496] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[   89.934538][ T5496] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.965742][   T29] kauditd_printk_skb: 212 callbacks suppressed
[   89.965760][   T29] audit: type=1400 audit(1758097480.892:6346): avc:  denied  { create } for  pid=5495 comm="syz.2.541" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   90.054262][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.088047][  T159] bio_check_eod: 147 callbacks suppressed
[   90.088064][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.088064][  T159] loop5: rw=1, sector=873, nr_sectors = 8 limit=128
[   90.110605][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.110605][  T159] loop5: rw=1, sector=889, nr_sectors = 8 limit=128
[   90.125465][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.125465][  T159] loop5: rw=1, sector=905, nr_sectors = 8 limit=128
[   90.152511][   T29] audit: type=1326 audit(1758097481.082:6347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.176431][   T29] audit: type=1326 audit(1758097481.082:6348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.199944][   T29] audit: type=1326 audit(1758097481.082:6349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.209307][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.223279][   T29] audit: type=1326 audit(1758097481.082:6350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.223310][   T29] audit: type=1326 audit(1758097481.082:6351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.223332][   T29] audit: type=1326 audit(1758097481.082:6352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.279213][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.279213][  T159] loop5: rw=1, sector=921, nr_sectors = 8 limit=128
[   90.279270][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.279270][  T159] loop5: rw=1, sector=937, nr_sectors = 8 limit=128
[   90.279303][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.279303][  T159] loop5: rw=1, sector=953, nr_sectors = 8 limit=128
[   90.279335][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.279335][  T159] loop5: rw=1, sector=969, nr_sectors = 8 limit=128
[   90.302773][   T29] audit: type=1326 audit(1758097481.082:6353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.316271][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.316271][  T159] loop5: rw=1, sector=985, nr_sectors = 8 limit=128
[   90.329659][   T29] audit: type=1326 audit(1758097481.082:6354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.343403][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.343403][  T159] loop5: rw=1, sector=1001, nr_sectors = 8 limit=128
[   90.380429][   T29] audit: type=1326 audit(1758097481.082:6355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5499 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   90.417344][  T159] kworker/u8:5: attempt to access beyond end of device
[   90.417344][  T159] loop5: rw=1, sector=1017, nr_sectors = 8 limit=128
[   90.519106][ T5502] netlink: 8 bytes leftover after parsing attributes in process `syz.5.543'.
[   90.553409][ T5502] bond1: entered promiscuous mode
[   90.558669][ T5502] bond1: entered allmulticast mode
[   90.564446][ T5502] 8021q: adding VLAN 0 to HW filter on device bond1
[   90.662216][ T5520] netlink: 24 bytes leftover after parsing attributes in process `syz.0.551'.
[   90.749372][ T5525] netlink: 'syz.1.552': attribute type 4 has an invalid length.
[   92.178220][ T5547] Falling back ldisc for ttyS3.
[   92.179954][ T5548] netlink: 'syz.1.560': attribute type 4 has an invalid length.
[   92.191035][ T5548] netlink: 24 bytes leftover after parsing attributes in process `syz.1.560'.
[   92.203010][ T5547] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5547 comm=syz.1.560
[   92.688956][ T5566] loop4: detected capacity change from 0 to 128
[   93.062215][ T5573] rdma_op ffff88810ad45d80 conn xmit_rdma 0000000000000000
[   93.649423][ T5586] netlink: 'syz.5.576': attribute type 1 has an invalid length.
[   93.681735][ T5588] FAULT_INJECTION: forcing a failure.
[   93.681735][ T5588] name failslab, interval 1, probability 0, space 0, times 0
[   93.694797][ T5588] CPU: 1 UID: 0 PID: 5588 Comm: syz.4.577 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   93.694888][ T5588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   93.694902][ T5588] Call Trace:
[   93.694911][ T5588]  <TASK>
[   93.694946][ T5588]  __dump_stack+0x1d/0x30
[   93.694968][ T5588]  dump_stack_lvl+0xe8/0x140
[   93.694989][ T5588]  dump_stack+0x15/0x1b
[   93.695009][ T5588]  should_fail_ex+0x265/0x280
[   93.695104][ T5588]  should_failslab+0x8c/0xb0
[   93.695128][ T5588]  kmem_cache_alloc_noprof+0x50/0x310
[   93.695156][ T5588]  ? dst_alloc+0xbd/0x100
[   93.695242][ T5588]  dst_alloc+0xbd/0x100
[   93.695269][ T5588]  ip_route_output_key_hash_rcu+0xf29/0x1380
[   93.695311][ T5588]  ip_route_output_flow+0x7b/0x130
[   93.695349][ T5588]  udp_sendmsg+0x11b0/0x13c0
[   93.695521][ T5588]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   93.695560][ T5588]  ? avc_has_perm+0xf7/0x180
[   93.695630][ T5588]  ? __pfx_udp_sendmsg+0x10/0x10
[   93.695713][ T5588]  inet_sendmsg+0xac/0xd0
[   93.695751][ T5588]  __sock_sendmsg+0x102/0x180
[   93.695871][ T5588]  ____sys_sendmsg+0x345/0x4e0
[   93.695945][ T5588]  ___sys_sendmsg+0x17b/0x1d0
[   93.695987][ T5588]  __sys_sendmmsg+0x178/0x300
[   93.696019][ T5588]  __x64_sys_sendmmsg+0x57/0x70
[   93.696043][ T5588]  x64_sys_call+0x1c4a/0x2ff0
[   93.696111][ T5588]  do_syscall_64+0xd2/0x200
[   93.696140][ T5588]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   93.696168][ T5588]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   93.696242][ T5588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.696267][ T5588] RIP: 0033:0x7f4135e2eba9
[   93.696287][ T5588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.696381][ T5588] RSP: 002b:00007f413488f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   93.696405][ T5588] RAX: ffffffffffffffda RBX: 00007f4136075fa0 RCX: 00007f4135e2eba9
[   93.696441][ T5588] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003
[   93.696455][ T5588] RBP: 00007f413488f090 R08: 0000000000000000 R09: 0000000000000000
[   93.696470][ T5588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   93.696519][ T5588] R13: 00007f4136076038 R14: 00007f4136075fa0 R15: 00007fff46fd6388
[   93.696535][ T5588]  </TASK>
[   93.988919][ T5586] bond2: entered promiscuous mode
[   93.994008][ T5586] bond2: entered allmulticast mode
[   94.016843][ T5586] netlink: 28 bytes leftover after parsing attributes in process `syz.5.576'.
[   94.047493][ T5590] geneve2: entered allmulticast mode
[   94.074161][ T5590] bond2: (slave geneve2): making interface the new active one
[   94.081722][ T5590] geneve2: entered promiscuous mode
[   94.095839][ T5590] bond2: (slave geneve2): Enslaving as an active interface with an up link
[   94.118615][ T5586] bond2: left promiscuous mode
[   94.123435][ T5586] geneve2: left promiscuous mode
[   94.128593][ T5586] bond2: left allmulticast mode
[   94.134848][ T5586] 8021q: adding VLAN 0 to HW filter on device bond2
[   94.142331][ T5598] sch_fq: defrate 0 ignored.
[   94.362023][ T5619] netlink: 'syz.4.586': attribute type 4 has an invalid length.
[   94.371858][ T5620] netlink: 'syz.5.587': attribute type 4 has an invalid length.
[   94.410787][ T5621] netlink: 'syz.1.588': attribute type 4 has an invalid length.
[   94.418568][ T5621] netlink: 24 bytes leftover after parsing attributes in process `syz.1.588'.
[   94.428347][ T5621] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5621 comm=syz.1.588
[   94.438492][ T5618] Falling back ldisc for ttyS3.
[   94.964775][ T5615] syz.5.587 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[   94.976271][ T5615] CPU: 1 UID: 0 PID: 5615 Comm: syz.5.587 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   94.976321][ T5615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   94.976333][ T5615] Call Trace:
[   94.976342][ T5615]  <TASK>
[   94.976351][ T5615]  __dump_stack+0x1d/0x30
[   94.976376][ T5615]  dump_stack_lvl+0xe8/0x140
[   94.976395][ T5615]  dump_stack+0x15/0x1b
[   94.976468][ T5615]  dump_header+0x81/0x220
[   94.976508][ T5615]  oom_kill_process+0x342/0x400
[   94.976544][ T5615]  out_of_memory+0x979/0xb80
[   94.976645][ T5615]  try_charge_memcg+0x5e6/0x9e0
[   94.976709][ T5615]  charge_memcg+0x51/0xc0
[   94.976775][ T5615]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   94.976810][ T5615]  __read_swap_cache_async+0x1df/0x350
[   94.976845][ T5615]  swap_cluster_readahead+0x277/0x3e0
[   94.976884][ T5615]  swapin_readahead+0xde/0x6f0
[   94.976931][ T5615]  ? __filemap_get_folio+0x4f7/0x6b0
[   94.977010][ T5615]  ? ktime_get+0x1eb/0x210
[   94.977040][ T5615]  ? swap_cache_get_folio+0x77/0x200
[   94.977072][ T5615]  do_swap_page+0x301/0x2430
[   94.977201][ T5615]  ? _raw_spin_unlock+0x14/0x50
[   94.977224][ T5615]  ? finish_task_switch+0xb6/0x2b0
[   94.977343][ T5615]  ? __pfx_default_wake_function+0x10/0x10
[   94.977366][ T5615]  handle_mm_fault+0x9a5/0x2c20
[   94.977427][ T5615]  do_user_addr_fault+0x636/0x1090
[   94.977463][ T5615]  ? fpregs_restore_userregs+0xe2/0x1d0
[   94.977554][ T5615]  ? switch_fpu_return+0xe/0x20
[   94.977584][ T5615]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   94.977613][ T5615]  exc_page_fault+0x62/0xa0
[   94.977652][ T5615]  asm_exc_page_fault+0x26/0x30
[   94.977673][ T5615] RIP: 0033:0x7ff3cc7255fc
[   94.977690][ T5615] Code: 66 0f 1f 44 00 00 69 3d b6 00 ea 00 e8 03 00 00 48 8d 1d b7 09 37 00 e8 12 95 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00
[   94.977707][ T5615] RSP: 002b:00007fffaa1a8210 EFLAGS: 00010202
[   94.977725][ T5615] RAX: 0000000000000000 RBX: 00007ff3cca95fa0 RCX: 0000000000000000
[   94.977739][ T5615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555584d6c808
[   94.977774][ T5615] RBP: 00007ff3cca97da0 R08: 0000000000000000 R09: 7fffffffffffffff
[   94.977795][ T5615] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000017389
[   94.977808][ T5615] R13: 00007ff3cca96090 R14: ffffffffffffffff R15: 00007fffaa1a8320
[   94.977827][ T5615]  </TASK>
[   95.207678][ T5615] memory: usage 307200kB, limit 307200kB, failcnt 2230
[   95.214722][ T5615] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0
[   95.222699][ T5615] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[   95.230031][ T5615] Memory cgroup stats for /syz5:
[   95.293647][ T5615] cache 0
[   95.301687][ T5615] rss 8192
[   95.304715][ T5615] shmem 0
[   95.307842][ T5615] mapped_file 0
[   95.311347][ T5615] dirty 0
[   95.314369][ T5615] writeback 0
[   95.317925][ T5615] workingset_refault_anon 49
[   95.318446][ T5628] sch_fq: defrate 0 ignored.
[   95.322587][ T5615] workingset_refault_file 0
[   95.322599][ T5615] swap 192512
[   95.334981][ T5615] swapcached 12288
[   95.338743][ T5615] pgpgin 56318
[   95.342147][ T5615] pgpgout 56315
[   95.345629][ T5615] pgfault 38420
[   95.349207][ T5615] pgmajfault 10
[   95.352733][ T5615] inactive_anon 8192
[   95.356652][ T5615] active_anon 4096
[   95.360473][ T5615] inactive_file 0
[   95.364111][ T5615] active_file 0
[   95.367623][ T5615] unevictable 0
[   95.371224][ T5615] hierarchical_memory_limit 314572800
[   95.376872][ T5615] hierarchical_memsw_limit 9223372036854771712
[   95.383194][ T5615] total_cache 0
[   95.386659][ T5615] total_rss 8192
[   95.390238][ T5615] total_shmem 0
[   95.393703][ T5615] total_mapped_file 0
[   95.397869][ T5615] total_dirty 0
[   95.401344][ T5615] total_writeback 0
[   95.405157][ T5615] total_workingset_refault_anon 49
[   95.410310][ T5615] total_workingset_refault_file 0
[   95.415375][ T5615] total_swap 192512
[   95.419212][ T5615] total_swapcached 12288
[   95.423465][ T5615] total_pgpgin 56318
[   95.427370][ T5615] total_pgpgout 56315
[   95.431408][ T5615] total_pgfault 38420
[   95.435396][ T5615] total_pgmajfault 10
[   95.439430][ T5615] total_inactive_anon 8192
[   95.443948][ T5615] total_active_anon 4096
[   95.448332][ T5615] total_inactive_file 0
[   95.452569][ T5615] total_active_file 0
[   95.456561][ T5615] total_unevictable 0
[   95.460623][ T5615] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.587,pid=5615,uid=0
[   95.475884][ T5615] Memory cgroup out of memory: Killed process 5615 (syz.5.587) total-vm:95940kB, anon-rss:1072kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[   95.682798][   T29] kauditd_printk_skb: 388 callbacks suppressed
[   95.682828][   T29] audit: type=1400 audit(1758097486.612:6744): avc:  denied  { sqpoll } for  pid=5634 comm="syz.5.594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   95.709907][ T5636] rdma_op ffff888118cc7d80 conn xmit_rdma 0000000000000000
[   95.975527][ T5641] loop4: detected capacity change from 0 to 2048
[   96.052082][ T5641] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.165270][ T5641] EXT4-fs error (device loop4): ext4_free_inode:354: comm +}[@: bit already cleared for inode 15
[   96.183345][   T29] audit: type=1400 audit(1758097487.092:6745): avc:  denied  { remove_name } for  pid=5640 comm="+}[@" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   96.205663][   T29] audit: type=1400 audit(1758097487.092:6746): avc:  denied  { unlink } for  pid=5640 comm="+}[@" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   96.302832][ T5654] loop1: detected capacity change from 0 to 1024
[   96.335334][ T5654] EXT4-fs: Ignoring removed bh option
[   96.384159][ T5654] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   96.394945][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.440792][ T5654] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.453204][   T29] audit: type=1400 audit(1758097487.242:6747): avc:  denied  { create } for  pid=5655 comm="syz.2.600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   96.473019][   T29] audit: type=1400 audit(1758097487.292:6748): avc:  denied  { write } for  pid=5655 comm="syz.2.600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   96.492571][   T29] audit: type=1326 audit(1758097487.292:6749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   96.516142][   T29] audit: type=1326 audit(1758097487.292:6750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   96.540317][   T29] audit: type=1326 audit(1758097487.302:6751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   96.563993][   T29] audit: type=1326 audit(1758097487.302:6752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   96.587686][   T29] audit: type=1326 audit(1758097487.302:6753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5655 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd5decfeba9 code=0x7ffc0000
[   96.645139][ T5666] sch_fq: defrate 0 ignored.
[   96.794577][ T5678] netlink: 'syz.4.606': attribute type 4 has an invalid length.
[   96.830627][ T5679] loop5: detected capacity change from 0 to 1024
[   96.839520][ T5679] EXT4-fs: Ignoring removed bh option
[   96.882602][ T5679] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   97.009260][ T5679] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.074360][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.312041][ T5700] Falling back ldisc for ttyS3.
[   97.359611][ T5703] netlink: 'syz.1.610': attribute type 4 has an invalid length.
[   97.367475][ T5703] netlink: 24 bytes leftover after parsing attributes in process `syz.1.610'.
[   97.504459][ T5700] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5700 comm=syz.1.610
[   97.672450][ T4182] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.676496][ T3303] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   97.692617][ T3303] CPU: 1 UID: 0 PID: 3303 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[   97.692645][ T3303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   97.692659][ T3303] Call Trace:
[   97.692666][ T3303]  <TASK>
[   97.692674][ T3303]  __dump_stack+0x1d/0x30
[   97.692746][ T3303]  dump_stack_lvl+0xe8/0x140
[   97.692767][ T3303]  dump_stack+0x15/0x1b
[   97.692785][ T3303]  dump_header+0x81/0x220
[   97.692821][ T3303]  oom_kill_process+0x342/0x400
[   97.692926][ T3303]  out_of_memory+0x979/0xb80
[   97.692959][ T3303]  try_charge_memcg+0x5e6/0x9e0
[   97.692993][ T3303]  charge_memcg+0x51/0xc0
[   97.693041][ T3303]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   97.693062][ T3303]  __read_swap_cache_async+0x1df/0x350
[   97.693234][ T3303]  swap_cluster_readahead+0x277/0x3e0
[   97.693275][ T3303]  swapin_readahead+0xde/0x6f0
[   97.693309][ T3303]  ? __filemap_get_folio+0x4f7/0x6b0
[   97.693347][ T3303]  ? ktime_get+0x1eb/0x210
[   97.693433][ T3303]  ? swap_cache_get_folio+0x77/0x200
[   97.693470][ T3303]  do_swap_page+0x301/0x2430
[   97.693494][ T3303]  ? finish_task_switch+0xad/0x2b0
[   97.693518][ T3303]  ? __pfx_default_wake_function+0x10/0x10
[   97.693546][ T3303]  handle_mm_fault+0x9a5/0x2c20
[   97.693591][ T3303]  do_user_addr_fault+0x636/0x1090
[   97.693622][ T3303]  ? fpregs_restore_userregs+0xe2/0x1d0
[   97.693694][ T3303]  ? switch_fpu_return+0xe/0x20
[   97.693728][ T3303]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   97.693755][ T3303]  exc_page_fault+0x62/0xa0
[   97.693787][ T3303]  asm_exc_page_fault+0x26/0x30
[   97.693883][ T3303] RIP: 0033:0x7f4135e61425
[   97.693899][ T3303] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 3e 71 1e 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[   97.693918][ T3303] RSP: 002b:00007fff46fd66c8 EFLAGS: 00010246
[   97.693937][ T3303] RAX: 0000000000000000 RBX: 0000000000000186 RCX: 00007f4135e61423
[   97.693952][ T3303] RDX: 00007fff46fd66e0 RSI: 0000000000000000 RDI: 0000000000000000
[   97.693966][ T3303] RBP: 00007fff46fd674c R08: 000000000b484450 R09: 0000000000000000
[   97.693980][ T3303] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[   97.694044][ T3303] R13: 00000000000927c0 R14: 0000000000017a33 R15: 00007fff46fd67a0
[   97.694066][ T3303]  </TASK>
[   97.694074][ T3303] memory: usage 307200kB, limit 307200kB, failcnt 1035
[   97.928017][ T3303] memory+swap: usage 278536kB, limit 9007199254740988kB, failcnt 0
[   97.935929][ T3303] kmem: usage 278144kB, limit 9007199254740988kB, failcnt 0
[   97.943328][ T3303] Memory cgroup stats for /syz4:
[   97.944140][ T3303] cache 0
[   97.952062][ T3303] rss 0
[   97.954879][ T3303] shmem 0
[   97.957852][ T3303] mapped_file 0
[   97.961333][ T3303] dirty 0
[   97.964312][ T3303] writeback 0
[   97.968554][ T3303] workingset_refault_anon 56
[   97.973871][ T3303] workingset_refault_file 287
[   97.978814][ T3303] swap 200704
[   97.982145][ T3303] swapcached 4096
[   97.985834][ T3303] pgpgin 45532
[   97.989484][ T3303] pgpgout 45527
[   97.993152][ T3303] pgfault 56794
[   97.996709][ T3303] pgmajfault 46
[   98.000612][ T3303] inactive_anon 4096
[   98.004788][ T3303] active_anon 0
[   98.008287][ T3303] inactive_file 16384
[   98.012368][ T3303] active_file 0
[   98.015852][ T3303] unevictable 0
[   98.019354][ T3303] hierarchical_memory_limit 314572800
[   98.024812][ T3303] hierarchical_memsw_limit 9223372036854771712
[   98.031037][ T3303] total_cache 0
[   98.034512][ T3303] total_rss 0
[   98.037904][ T3303] total_shmem 0
[   98.041371][ T3303] total_mapped_file 0
[   98.045450][ T3303] total_dirty 0
[   98.049163][ T3303] total_writeback 0
[   98.053081][ T3303] total_workingset_refault_anon 56
[   98.058670][ T3303] total_workingset_refault_file 287
[   98.063993][ T3303] total_swap 200704
[   98.068012][ T3303] total_swapcached 4096
[   98.072278][ T3303] total_pgpgin 45532
[   98.076193][ T3303] total_pgpgout 45527
[   98.080360][ T3303] total_pgfault 56794
[   98.084380][ T3303] total_pgmajfault 46
[   98.088579][ T3303] total_inactive_anon 4096
[   98.093349][ T3303] total_active_anon 0
[   98.097635][ T3303] total_inactive_file 16384
[   98.102154][ T3303] total_active_file 0
[   98.106230][ T3303] total_unevictable 0
[   98.110343][ T3303] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.606,pid=5671,uid=0
[   98.125007][ T3303] Memory cgroup out of memory: Killed process 5671 (syz.4.606) total-vm:93892kB, anon-rss:1072kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   98.199877][ T5720] FAULT_INJECTION: forcing a failure.
[   98.199877][ T5720] name failslab, interval 1, probability 0, space 0, times 0
[   98.212888][ T5720] CPU: 0 UID: 0 PID: 5720 Comm: syz.1.612 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   98.212936][ T5720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   98.212947][ T5720] Call Trace:
[   98.212962][ T5720]  <TASK>
[   98.212970][ T5720]  __dump_stack+0x1d/0x30
[   98.212995][ T5720]  dump_stack_lvl+0xe8/0x140
[   98.213018][ T5720]  dump_stack+0x15/0x1b
[   98.213037][ T5720]  should_fail_ex+0x265/0x280
[   98.213112][ T5720]  should_failslab+0x8c/0xb0
[   98.213162][ T5720]  kmem_cache_alloc_noprof+0x50/0x310
[   98.213188][ T5720]  ? alloc_empty_file+0x76/0x200
[   98.213215][ T5720]  ? mntput+0x4b/0x80
[   98.213306][ T5720]  alloc_empty_file+0x76/0x200
[   98.213339][ T5720]  path_openat+0x68/0x2170
[   98.213362][ T5720]  ? _parse_integer_limit+0x170/0x190
[   98.213433][ T5720]  ? kstrtoull+0x111/0x140
[   98.213456][ T5720]  ? kstrtouint+0x76/0xc0
[   98.213477][ T5720]  do_filp_open+0x109/0x230
[   98.213503][ T5720]  do_sys_openat2+0xa6/0x110
[   98.213547][ T5720]  __x64_sys_openat+0xf2/0x120
[   98.213650][ T5720]  x64_sys_call+0x2e9c/0x2ff0
[   98.213676][ T5720]  do_syscall_64+0xd2/0x200
[   98.213708][ T5720]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   98.213906][ T5720]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   98.213932][ T5720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.213964][ T5720] RIP: 0033:0x7fe87663eba9
[   98.213983][ T5720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.214037][ T5720] RSP: 002b:00007fe87509f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   98.214069][ T5720] RAX: ffffffffffffffda RBX: 00007fe876885fa0 RCX: 00007fe87663eba9
[   98.214084][ T5720] RDX: 0000000000105440 RSI: 0000200000000000 RDI: ffffffffffffff9c
[   98.214099][ T5720] RBP: 00007fe87509f090 R08: 0000000000000000 R09: 0000000000000000
[   98.214114][ T5720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.214126][ T5720] R13: 00007fe876886038 R14: 00007fe876885fa0 R15: 00007ffefab78348
[   98.214142][ T5720]  </TASK>
[   98.448132][ T5725] loop1: detected capacity change from 0 to 512
[   98.490949][ T5725] EXT4-fs warning (device loop1): ext4_xattr_inode_get:542: inode #11: comm syz.1.614: ea_inode file size=4 entry size=6
[   98.525676][ T5725] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.614: corrupted inode contents
[   98.578825][ T5725] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #15: comm syz.1.614: mark_inode_dirty error
[   98.608063][ T5737] sch_fq: defrate 0 ignored.
[   98.614387][ T5725] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.614: corrupted inode contents
[   98.743337][ T5725] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #15: comm syz.1.614: mark_inode_dirty error
[   98.772868][ T5725] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #15: comm syz.1.614: mark inode dirty (error -117)
[   98.786290][ T5725] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   98.807733][ T5725] EXT4-fs (loop1): 1 orphan inode deleted
[   98.815170][ T5725] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.919240][    C0] vcan0: j1939_tp_rxtimer: 0xffff888103860200: rx timeout, send abort
[   98.927884][    C0] vcan0: j1939_tp_rxtimer: 0xffff888103861200: rx timeout, send abort
[   98.936681][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888103860200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   98.951550][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888103861200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   98.962829][ T5751] loop0: detected capacity change from 0 to 1024
[   99.133883][ T5751] EXT4-fs: Ignoring removed bh option
[   99.183558][ T5751] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   99.196912][ T5754] loop5: detected capacity change from 0 to 1024
[   99.229362][ T5754] EXT4-fs: Ignoring removed bh option
[   99.255064][ T5754] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   99.267280][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.276819][ T5751] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.278898][ T5754] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.418355][ T5763] Falling back ldisc for ttyS3.
[   99.425628][ T5763] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5763 comm=syz.1.622
[   99.682345][ T5768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.624'.
[   99.692623][ T5768] IPVS: Error joining to the multicast group
[   99.766759][ T5768] tipc: Started in network mode
[   99.772107][ T5768] tipc: Node identity b2ee82bb969f, cluster identity 4711
[   99.779430][ T5768] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   99.800949][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.804586][ T5768] loop2: detected capacity change from 0 to 512
[   99.817299][ T5768] EXT4-fs: Ignoring removed bh option
[   99.822893][ T5768] EXT4-fs: Ignoring removed mblk_io_submit option
[   99.829457][ T5768] EXT4-fs: Ignoring removed mblk_io_submit option
[   99.893264][ T5768] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   99.906206][ T5771] loop0: detected capacity change from 0 to 512
[   99.915688][ T5771] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   99.926389][ T5768] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   99.934766][ T5768] EXT4-fs (loop2): failed to initialize system zone (-117)
[   99.942271][ T5768] EXT4-fs (loop2): mount failed
[   99.950626][ T5771] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.625: Failed to acquire dquot type 1
[   99.950726][ T4182] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.971823][ T5771] EXT4-fs (loop0): 1 truncate cleaned up
[   99.979659][ T5767] tipc: Resetting bearer <eth:syzkaller0>
[  100.000736][ T5771] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.040307][ T5767] tipc: Disabling bearer <eth:syzkaller0>
[  100.052935][ T5771] hub 8-0:1.0: USB hub found
[  100.057926][ T5771] hub 8-0:1.0: 8 ports detected
[  100.108322][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.129434][ T5782] sch_fq: defrate 0 ignored.
[  100.134393][ T5780] loop5: detected capacity change from 0 to 8192
[  100.149990][ T5780] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  100.164909][ T5780] netlink: 4 bytes leftover after parsing attributes in process `syz.5.627'.
[  100.306137][ T5792] loop1: detected capacity change from 0 to 512
[  100.333375][ T5792] EXT4-fs warning (device loop1): ext4_xattr_inode_get:542: inode #11: comm syz.1.632: ea_inode file size=4 entry size=6
[  100.493063][ T5792] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.632: corrupted inode contents
[  100.511029][ T5792] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #15: comm syz.1.632: mark_inode_dirty error
[  100.523112][ T5792] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.632: corrupted inode contents
[  100.535918][ T5792] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #15: comm syz.1.632: mark_inode_dirty error
[  100.548005][ T5792] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #15: comm syz.1.632: mark inode dirty (error -117)
[  100.561723][ T5792] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[  100.570876][ T5792] EXT4-fs (loop1): 1 orphan inode deleted
[  100.577180][ T5792] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.689386][   T29] kauditd_printk_skb: 431 callbacks suppressed
[  100.689404][   T29] audit: type=1326 audit(1758097491.612:7183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.719116][   T29] audit: type=1326 audit(1758097491.622:7184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.742750][   T29] audit: type=1326 audit(1758097491.622:7185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.766248][   T29] audit: type=1326 audit(1758097491.622:7186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.789726][   T29] audit: type=1326 audit(1758097491.622:7187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.813226][   T29] audit: type=1326 audit(1758097491.622:7188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.836708][   T29] audit: type=1326 audit(1758097491.622:7189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.860172][   T29] audit: type=1326 audit(1758097491.622:7190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.884142][   T29] audit: type=1326 audit(1758097491.622:7191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5765 comm="syz.4.623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4135e2eba9 code=0x7fc00000
[  100.910758][ T5799] audit: audit_backlog=65 > audit_backlog_limit=64
[  101.052379][ T5803] loop4: detected capacity change from 0 to 1024
[  101.059526][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.071223][ T5803] EXT4-fs: Ignoring removed bh option
[  101.082868][ T5803] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  101.306045][ T5803] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.377369][    C1] vcan0: j1939_tp_rxtimer: 0xffff888119c15200: rx timeout, send abort
[  101.385772][    C1] vcan0: j1939_tp_rxtimer: 0xffff888119c15c00: rx timeout, send abort
[  101.394309][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888119c15200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  101.409167][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888119c15c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  101.573522][ T5815] netlink: 'syz.2.638': attribute type 4 has an invalid length.
[  101.710142][ T5820] sch_fq: defrate 0 ignored.
[  101.899912][ T5824] loop5: detected capacity change from 0 to 512
[  101.943203][ T5824] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  101.983727][ T5824] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.642: Failed to acquire dquot type 1
[  102.006237][ T5824] EXT4-fs (loop5): 1 truncate cleaned up
[  102.029661][ T5824] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.083521][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.106620][ T5824] hub 8-0:1.0: USB hub found
[  102.112666][ T5824] hub 8-0:1.0: 8 ports detected
[  102.201662][ T3309] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  102.212649][ T3309] CPU: 0 UID: 0 PID: 3309 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  102.212741][ T3309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  102.212753][ T3309] Call Trace:
[  102.212761][ T3309]  <TASK>
[  102.212770][ T3309]  __dump_stack+0x1d/0x30
[  102.212795][ T3309]  dump_stack_lvl+0xe8/0x140
[  102.212816][ T3309]  dump_stack+0x15/0x1b
[  102.212892][ T3309]  dump_header+0x81/0x220
[  102.212937][ T3309]  oom_kill_process+0x342/0x400
[  102.213044][ T3309]  out_of_memory+0x979/0xb80
[  102.213077][ T3309]  try_charge_memcg+0x5e6/0x9e0
[  102.213109][ T3309]  charge_memcg+0x51/0xc0
[  102.213128][ T3309]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  102.213207][ T3309]  __read_swap_cache_async+0x1df/0x350
[  102.213251][ T3309]  swap_cluster_readahead+0x277/0x3e0
[  102.213289][ T3309]  swapin_readahead+0xde/0x6f0
[  102.213320][ T3309]  ? __filemap_get_folio+0x4f7/0x6b0
[  102.213408][ T3309]  ? swap_cache_get_folio+0x77/0x200
[  102.213439][ T3309]  do_swap_page+0x301/0x2430
[  102.213554][ T3309]  ? finish_task_switch+0xad/0x2b0
[  102.213580][ T3309]  ? __pfx_default_wake_function+0x10/0x10
[  102.213605][ T3309]  handle_mm_fault+0x9a5/0x2c20
[  102.213650][ T3309]  do_user_addr_fault+0x636/0x1090
[  102.213679][ T3309]  ? fpregs_restore_userregs+0xe2/0x1d0
[  102.213708][ T3309]  ? switch_fpu_return+0xe/0x20
[  102.213816][ T3309]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  102.213920][ T3309]  exc_page_fault+0x62/0xa0
[  102.213952][ T3309]  asm_exc_page_fault+0x26/0x30
[  102.213975][ T3309] RIP: 0033:0x7fd5ded31425
[  102.213992][ T3309] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 3e 71 1e 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  102.214009][ T3309] RSP: 002b:00007ffc626f18c8 EFLAGS: 00010246
[  102.214098][ T3309] RAX: 0000000000000000 RBX: 0000000000000166 RCX: 00007fd5ded31423
[  102.214113][ T3309] RDX: 00007ffc626f18e0 RSI: 0000000000000000 RDI: 0000000000000000
[  102.214128][ T3309] RBP: 00007ffc626f194c R08: 0000000007097a29 R09: 0000000000000000
[  102.214213][ T3309] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  102.214226][ T3309] R13: 00000000000927c0 R14: 0000000000018cc0 R15: 00007ffc626f19a0
[  102.214246][ T3309]  </TASK>
[  102.214253][ T3309] memory: usage 302260kB, limit 307200kB, failcnt 1535
[  102.442917][ T3309] memory+swap: usage 1072kB, limit 9007199254740988kB, failcnt 0
[  102.450924][ T3309] kmem: usage 684kB, limit 9007199254740988kB, failcnt 0
[  102.458049][ T3309] Memory cgroup stats for /syz2:
[  102.458331][ T3309] cache 0
[  102.466284][ T3309] rss 16384
[  102.469631][ T3309] shmem 0
[  102.472595][ T3309] mapped_file 0
[  102.476068][ T3309] dirty 0
[  102.479070][ T3309] writeback 8192
[  102.482725][ T3309] workingset_refault_anon 60
[  102.487483][ T3309] workingset_refault_file 490
[  102.492205][ T3309] swap 155648
[  102.495621][ T3309] swapcached 40960
[  102.499504][ T3309] pgpgin 60513
[  102.502920][ T3309] pgpgout 60499
[  102.506397][ T3309] pgfault 64038
[  102.509974][ T3309] pgmajfault 29
[  102.513442][ T3309] inactive_anon 24576
[  102.517467][ T3309] active_anon 24576
[  102.521383][ T3309] inactive_file 8192
[  102.525351][ T3309] active_file 0
[  102.529017][ T3309] unevictable 0
[  102.532701][ T3309] hierarchical_memory_limit 314572800
[  102.538188][ T3309] hierarchical_memsw_limit 9223372036854771712
[  102.544428][ T3309] total_cache 0
[  102.547946][ T3309] total_rss 16384
[  102.551941][ T3309] total_shmem 0
[  102.555412][ T3309] total_mapped_file 0
[  102.559538][ T3309] total_dirty 0
[  102.563002][ T3309] total_writeback 8192
[  102.567070][ T3309] total_workingset_refault_anon 60
[  102.572311][ T3309] total_workingset_refault_file 490
[  102.577601][ T3309] total_swap 155648
[  102.581671][ T3309] total_swapcached 40960
[  102.586108][ T3309] total_pgpgin 60513
[  102.590040][ T3309] total_pgpgout 60499
[  102.594021][ T3309] total_pgfault 64038
[  102.598048][ T3309] total_pgmajfault 29
[  102.602042][ T3309] total_inactive_anon 24576
[  102.606529][ T3309] total_active_anon 24576
[  102.610868][ T3309] total_inactive_file 8192
[  102.615287][ T3309] total_active_file 0
[  102.619331][ T3309] total_unevictable 0
[  102.623315][ T3309] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.638,pid=5810,uid=0
[  102.638097][ T3309] Memory cgroup out of memory: Killed process 5810 (syz.2.638) total-vm:93892kB, anon-rss:1200kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  102.657359][ T4182] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.712954][ T5852] loop2: detected capacity change from 0 to 1024
[  102.748101][ T5852] EXT4-fs: Ignoring removed bh option
[  102.755691][ T5852] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  102.798232][ T5852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.831718][ T5850] sch_fq: defrate 0 ignored.
[  103.015300][ T5863] rdma_op ffff8881003d9980 conn xmit_rdma 0000000000000000
[  103.644183][ T5871] loop5: detected capacity change from 0 to 1024
[  103.715341][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.731564][ T5871] EXT4-fs: Ignoring removed bh option
[  103.751904][ T5871] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  103.803361][ T5871] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.895079][ T5885] loop0: detected capacity change from 0 to 8192
[  103.921565][ T5885] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  103.996786][ T5891] netlink: 4 bytes leftover after parsing attributes in process `syz.0.663'.
[  104.110799][ T5896] hub 9-0:1.0: USB hub found
[  104.115876][ T5896] hub 9-0:1.0: 8 ports detected
[  104.131964][ T5896] rdma_op ffff8881408f2180 conn xmit_rdma 0000000000000000
[  104.942254][ T4182] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.052683][ T5902] loop2: detected capacity change from 0 to 8192
[  105.066130][ T5902] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  105.174475][ T5902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.666'.
[  105.242990][ T5915] rdma_op ffff888118c95180 conn xmit_rdma 0000000000000000
[  105.324582][ T5927] loop5: detected capacity change from 0 to 8192
[  105.344547][ T5927] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  105.426137][ T5927] netlink: 4 bytes leftover after parsing attributes in process `syz.5.675'.
[  105.632571][ T5939] Falling back ldisc for ttyS3.
[  105.700424][ T5941] netlink: 'syz.0.678': attribute type 4 has an invalid length.
[  105.708567][ T5941] netlink: 24 bytes leftover after parsing attributes in process `syz.0.678'.
[  106.250194][ T5939] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=280 sclass=netlink_route_socket pid=5939 comm=syz.0.678
[  106.301348][   T29] kauditd_printk_skb: 201 callbacks suppressed
[  106.301367][   T29] audit: type=1400 audit(1758097497.212:7380): avc:  denied  { read open } for  pid=5948 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  106.333545][   T29] audit: type=1400 audit(1758097497.212:7381): avc:  denied  { getattr } for  pid=5948 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  106.381441][ T5951] loop2: detected capacity change from 0 to 512
[  106.409858][ T5951] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  106.433034][ T5958] loop4: detected capacity change from 0 to 512
[  106.446857][   T29] audit: type=1400 audit(1758097497.362:7382): avc:  denied  { mount } for  pid=5961 comm="syz.0.685" name="/" dev="ramfs" ino=12878 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  106.473617][ T5958] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  106.497006][   T29] audit: type=1400 audit(1758097497.412:7383): avc:  denied  { allowed } for  pid=5963 comm="syz.1.686" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  106.516424][   T29] audit: type=1400 audit(1758097497.412:7384): avc:  denied  { create } for  pid=5963 comm="syz.1.686" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  106.556772][ T5958] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  106.564555][   T29] audit: type=1400 audit(1758097497.472:7385): avc:  denied  { add_name } for  pid=5946 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  106.566897][ T5958] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  106.589484][   T29] audit: type=1400 audit(1758097497.472:7386): avc:  denied  { create } for  pid=5946 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  106.589592][   T29] audit: type=1400 audit(1758097497.472:7387): avc:  denied  { write } for  pid=5946 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.sl0.link" dev="tmpfs" ino=5299 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  106.599703][ T5958] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.684: Failed to acquire dquot type 1
[  106.659636][ T5972] netlink: 4 bytes leftover after parsing attributes in process `syz.1.686'.
[  106.670833][ T5980] netlink: 'syz.0.688': attribute type 10 has an invalid length.
[  106.673981][ T5972] syz_tun: entered promiscuous mode
[  106.678686][ T5980] netlink: 40 bytes leftover after parsing attributes in process `syz.0.688'.
[  106.688642][ T5951] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.682: Failed to acquire dquot type 1
[  106.693254][ T5972] macvtap1: entered promiscuous mode
[  106.709886][ T5972] macvtap1: entered allmulticast mode
[  106.712540][ T5951] EXT4-fs (loop2): 1 truncate cleaned up
[  106.715330][ T5972] syz_tun: entered allmulticast mode
[  106.719784][ T5958] EXT4-fs (loop4): 1 truncate cleaned up
[  106.721558][ T5951] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.726781][ T5958] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.773885][ T5951] hub 8-0:1.0: USB hub found
[  106.787449][ T5951] hub 8-0:1.0: 8 ports detected
[  106.804323][ T5980] team0: Port device geneve1 added
[  106.833707][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.924974][ T5999] loop2: detected capacity change from 0 to 8192
[  106.934752][ T5999] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  106.936337][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881190b8000: rx timeout, send abort
[  106.953475][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a2d7c00: rx timeout, send abort
[  106.961877][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881190b8000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  106.976313][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a2d7c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  106.982905][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.2.689'.
[  107.008568][ T6005] netlink: 12 bytes leftover after parsing attributes in process `syz.5.691'.
[  107.017701][ T5958] hub 8-0:1.0: USB hub found
[  107.022771][ T5958] hub 8-0:1.0: 8 ports detected
[  107.087565][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.092807][ T6010] loop5: detected capacity change from 0 to 1024
[  107.105675][ T6010] EXT4-fs: Ignoring removed bh option
[  107.123183][ T6010] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  107.150529][ T6010] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.322013][ T6022] rdma_op ffff88811afdb180 conn xmit_rdma 0000000000000000
[  107.361583][ T6026] loop1: detected capacity change from 0 to 512
[  107.372053][ T6026] EXT4-fs warning (device loop1): ext4_xattr_inode_get:542: inode #11: comm syz.1.698: ea_inode file size=4 entry size=6
[  107.396991][ T6026] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.698: corrupted inode contents
[  107.410428][ T6026] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #15: comm syz.1.698: mark_inode_dirty error
[  107.422127][ T6026] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #15: comm syz.1.698: corrupted inode contents
[  107.434320][ T6026] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #15: comm syz.1.698: mark_inode_dirty error
[  107.449374][ T6026] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #15: comm syz.1.698: mark inode dirty (error -117)
[  107.462134][ T6026] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[  107.471579][ T6026] EXT4-fs (loop1): 1 orphan inode deleted
[  107.478087][ T6026] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.537368][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.570908][ T6029] netlink: 20 bytes leftover after parsing attributes in process `syz.1.699'.
[  107.642614][ T6031] loop1: detected capacity change from 0 to 512
[  107.653519][ T6031] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  107.691129][ T6031] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.700: Failed to acquire dquot type 1
[  107.708593][ T6031] EXT4-fs (loop1): 1 truncate cleaned up
[  107.728499][ T6031] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.786528][ T6031] hub 8-0:1.0: USB hub found
[  107.791935][ T6031] hub 8-0:1.0: 8 ports detected
[  107.841633][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.935869][ T4182] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.945290][ T6040] loop1: detected capacity change from 0 to 8192
[  107.957113][ T6040] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  108.006058][ T6040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.703'.
[  108.066962][ T6047] 9pnet_fd: Insufficient options for proto=fd
[  108.128787][ T6052] loop5: detected capacity change from 0 to 128
[  108.142011][ T6052] netlink: zone id is out of range
[  108.147221][ T6052] netlink: zone id is out of range
[  108.156412][ T6061] syz_tun: entered promiscuous mode
[  108.165404][ T6052] netlink: zone id is out of range
[  108.170653][ T6052] netlink: zone id is out of range
[  108.176259][ T6061] macvtap1: entered promiscuous mode
[  108.181894][ T6061] macvtap1: entered allmulticast mode
[  108.183459][ T6052] netlink: zone id is out of range
[  108.187319][ T6061] syz_tun: entered allmulticast mode
[  108.192478][ T6052] netlink: zone id is out of range
[  108.192490][ T6052] netlink: zone id is out of range
[  108.208354][ T6052] netlink: zone id is out of range
[  108.213572][ T6052] netlink: zone id is out of range
[  108.252410][ T6052] netlink: zone id is out of range
[  108.254442][ T6066] loop4: detected capacity change from 0 to 512
[  108.265220][ T6066] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  108.288768][ T6066] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.713: Failed to acquire dquot type 1
[  108.307335][ T6066] EXT4-fs (loop4): 1 truncate cleaned up
[  108.314288][ T6066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.356902][ T6074] loop5: detected capacity change from 0 to 8192
[  108.362242][ T6066] hub 8-0:1.0: USB hub found
[  108.365094][ T6074] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  108.371879][ T6066] hub 8-0:1.0: 8 ports detected
[  108.439554][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.545987][ T6082] sg_write: data in/out 197376/1 bytes for SCSI command 0x8-- guessing data in;
[  108.545987][ T6082]    program syz.4.718 not setting count and/or reply_len properly
[  108.578831][ T6080] rdma_op ffff888118c94180 conn xmit_rdma 0000000000000000
[  108.767388][ T6100] loop0: detected capacity change from 0 to 8192
[  108.770538][ T6104] loop4: detected capacity change from 0 to 1024
[  108.781549][ T6100] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  108.782924][ T6104] EXT4-fs: Ignoring removed bh option
[  108.800380][ T6104] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  108.823348][ T6104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.935884][ T6104] ==================================================================
[  108.944022][ T6104] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark
[  108.951187][ T6104] 
[  108.953525][ T6104] write to 0xffff888106fb2dfc of 4 bytes by task 6111 on cpu 1:
[  108.961182][ T6104]  xas_set_mark+0x12b/0x140
[  108.965726][ T6104]  __folio_start_writeback+0x1dd/0x440
[  108.971223][ T6104]  ext4_bio_write_folio+0x5ad/0x9f0
[  108.976461][ T6104]  mpage_process_page_bufs+0x4a1/0x620
[  108.981935][ T6104]  mpage_prepare_extent_to_map+0x786/0xc00
[  108.987763][ T6104]  ext4_do_writepages+0xa05/0x2750
[  108.992907][ T6104]  ext4_writepages+0x176/0x300
[  108.997695][ T6104]  do_writepages+0x1c6/0x310
[  109.002318][ T6104]  file_write_and_wait_range+0x156/0x2c0
[  109.007974][ T6104]  generic_buffers_fsync_noflush+0x45/0x120
[  109.013912][ T6104]  ext4_sync_file+0x1ab/0x690
[  109.018615][ T6104]  vfs_fsync_range+0x10d/0x130
[  109.023410][ T6104]  ext4_buffered_write_iter+0x34f/0x3c0
[  109.029348][ T6104]  ext4_file_write_iter+0xdbf/0xf00
[  109.034592][ T6104]  iter_file_splice_write+0x663/0xa60
[  109.040005][ T6104]  direct_splice_actor+0x153/0x2a0
[  109.045134][ T6104]  splice_direct_to_actor+0x30f/0x680
[  109.050704][ T6104]  do_splice_direct+0xda/0x150
[  109.055576][ T6104]  do_sendfile+0x380/0x650
[  109.060043][ T6104]  __x64_sys_sendfile64+0x105/0x150
[  109.065360][ T6104]  x64_sys_call+0x2bb0/0x2ff0
[  109.070067][ T6104]  do_syscall_64+0xd2/0x200
[  109.074620][ T6104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.080543][ T6104] 
[  109.082886][ T6104] read to 0xffff888106fb2dfc of 4 bytes by task 6104 on cpu 0:
[  109.090456][ T6104]  xas_find_marked+0x5dc/0x620
[  109.095335][ T6104]  find_get_entry+0x5d/0x380
[  109.099950][ T6104]  filemap_get_folios_tag+0x92/0x210
[  109.105262][ T6104]  mpage_prepare_extent_to_map+0x320/0xc00
[  109.111094][ T6104]  ext4_do_writepages+0xa05/0x2750
[  109.116350][ T6104]  ext4_writepages+0x176/0x300
[  109.121145][ T6104]  do_writepages+0x1c6/0x310
[  109.125944][ T6104]  file_write_and_wait_range+0x156/0x2c0
[  109.131620][ T6104]  generic_buffers_fsync_noflush+0x45/0x120
[  109.137539][ T6104]  ext4_sync_file+0x1ab/0x690
[  109.142238][ T6104]  vfs_fsync_range+0x10d/0x130
[  109.147205][ T6104]  ext4_buffered_write_iter+0x34f/0x3c0
[  109.152785][ T6104]  ext4_file_write_iter+0xdbf/0xf00
[  109.158017][ T6104]  iter_file_splice_write+0x663/0xa60
[  109.163403][ T6104]  direct_splice_actor+0x153/0x2a0
[  109.168644][ T6104]  splice_direct_to_actor+0x30f/0x680
[  109.174044][ T6104]  do_splice_direct+0xda/0x150
[  109.178829][ T6104]  do_sendfile+0x380/0x650
[  109.183270][ T6104]  __x64_sys_sendfile64+0x105/0x150
[  109.188503][ T6104]  x64_sys_call+0x2bb0/0x2ff0
[  109.193202][ T6104]  do_syscall_64+0xd2/0x200
[  109.197738][ T6104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.203735][ T6104] 
[  109.206077][ T6104] value changed: 0x0a000021 -> 0x04000021
[  109.211807][ T6104] 
[  109.214153][ T6104] Reported by Kernel Concurrency Sanitizer on:
[  109.220322][ T6104] CPU: 0 UID: 0 PID: 6104 Comm: syz.4.729 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  109.229975][ T6104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  109.240052][ T6104] ==================================================================
[  109.404886][ T6110] __nla_validate_parse: 4 callbacks suppressed
[  109.404998][ T6110] netlink: 12 bytes leftover after parsing attributes in process `syz.0.730'.
[  109.421820][ T6110] netlink: 12 bytes leftover after parsing attributes in process `syz.0.730'.
[  109.603598][ T6104] syz.4.729 (6104) used greatest stack depth: 9024 bytes left
[  109.628639][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.