last executing test programs:

23.76371363s ago: executing program 2 (id=663):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x6, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_bp={0x0, 0x2}, 0x120, 0x10000, 0x33f8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$key(0xf, 0x3, 0x2)
r0 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x29cc, 0x10100}, &(0x7f0000000380)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000001480)=[{&(0x7f00000002c0)=""/185, 0xb9}], 0x1})
io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0)

23.725168271s ago: executing program 2 (id=667):
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180), 0x4)
fcntl$dupfd(r2, 0x406, r2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES16=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r3}, 0x18)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$tipc(0x1e, 0x4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r5}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00'}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffa}, 0x50)
ioctl$INCFS_IOC_PERMIT_FILL(r4, 0x40046721, &(0x7f0000000340)={r1})
openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x309100, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100000, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x4})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r6, 0x0)
syz_io_uring_setup(0x3480, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000240), &(0x7f0000000680))
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB='7'], 0x118)

23.481741435s ago: executing program 2 (id=673):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fc, 0x301)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x14, 0x8, 0x2}, 0x8, 0x7, 0x200, 0x0, 0x0, 0x20000, 0x0})

23.446238016s ago: executing program 2 (id=674):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000d40)=ANY=[])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b0000000700000008000000a6ad6a1a05"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000040)='fib6_table_lookup\x00', r4}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000b00)={@ifindex, 0x6, 0x1, 0x9, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0], <r5=>0x0}, 0x40)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000300)={0x8, <r6=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=r6, 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000c00)=ANY=[@ANYRES32=r3, @ANYRES32=r0, @ANYBLOB="1800000024200000", @ANYRES32=r0, @ANYBLOB="02005d4c0f0aeea0203e753c1f63a0259aecd67d22000000000000000000", @ANYRES32=r6, @ANYBLOB, @ANYRES64=r5], 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r7, &(0x7f00000007c0)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x2, @private0}, 0x1c, &(0x7f0000000d00)=[{&(0x7f00000002c0)='\n', 0x1}], 0x1}}], 0x1, 0x40088d4)
shutdown(r7, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48)
setxattr$security_capability(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000300), &(0x7f0000000340)=@v2={0x2000000, [{0x3ff, 0x1000}, {0x3, 0x2}]}, 0x14, 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000980), 0x0, 0x2f, 0xe8034000, 0x0, 0x0, 0x0, 0x0, 0x5dc}, 0x50)
perf_event_open(&(0x7f00000001c0)={0x0, 0xffffffffffffff9e, 0x20, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
getsockname$inet6(r0, &(0x7f0000000b40)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000c40)=0x1c)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x89f1, &(0x7f0000000080))
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYRESOCT=0x0, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffff07000000000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1}, &(0x7f00000004c0), &(0x7f0000000500)=r9}, 0x20)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
syz_clone(0x80200, 0x0, 0x0, 0x0, 0x0, 0x0)

23.326898899s ago: executing program 2 (id=677):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

23.211810081s ago: executing program 2 (id=685):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newlink={0x68, 0x10, 0x1, 0x70bd2c, 0x20, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8084}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_IFALIAS={0x14, 0x14, 'ip6gretap0\x00'}, @IFLA_VFINFO_LIST={0x20, 0x16, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0xffffffbc, 0x1, {0xfeffff7f, 0xae, 0xfffffff9, 0x8100}}]}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_read_part_table(0x5c3, &(0x7f00000005c0)="$eJzs2z9I22kYB/A31lBohw7XqVPbocPRpaVjM7QlSVsqhKiL3KCgiJgpghC5gKAHmkExgzi6iJDFP5Mxg5Oi4Czi4CE4uNyhi+BiDvG97e7wUI8rfD7w48n75vu+T54h4y/wXWsJvzebzUQIofnwrxPNfzjdWUtnvjzPfch3xMvCfPWXH64+Jv48HW99GdeHcb0w/6gxefY5WTtoP3/VvVlpid+PxufxYr3zDsbjni2ltp6MjRezU6XUwH62fDyxt9u2fJrO179Vqitfk596Y2471tZYh0IpjITB0BMKoRD6QvGO+s/Vjt5cPsvW1vrfX2Qa0xtvYy53yzlv2n/4xUxXtfzx9erT2Xel9Z38yYPrXOFv/l0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy/LKW2noyNF7NTpdTAfrZ8PLG327Z8ms7Xv1WqK1+Tn3pjbjvW1liHQimMhMHQEwohEfpC8Y76z9WO3lw+y9bW+t9fZBrTG29jLnfLOW/af/jFTFe1/PH16tPZd6X1nfzJg+tc4eE9/QAAAAAAAAAAAAAAAAAAAAAIIaQzX57nPuQ7QkiEn0Jr+PG3n1uu9pvxffdEzL2M9TDuL8w/akyefU7WDtrPX3VvVn6N+6PxebxY7/zPh+Ff+yMAAP//17OV3g==")
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk")
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="46040000", @ANYRES16, @ANYRESDEC=r3], 0x4}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b80)={0x198, 0x0, 0x1e17042cfb1b0e, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xdbb, 0x38}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x9}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x4}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x128, 0x3, 0x0, 0x1, [{0xa0, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x9c, 0x1, "58e3e40e921b5ac1438c1e6c44f123a6351e9b183e167d451d8e8a1128c43d1e7eac4f3cbc643ef466a9d69edd0c494a9f09f238ea04a615d1de102d13b6cb078d8141cafb4ecf91084f2b7e59f8471b0d83fd66bf1a12e3a787b173def0b2cf0a53cda452315a186e5e28c798e006694a069d34bc4e14ed400e661ee7062e49db0aff4cbeea00e6696fa20deaaea078c661b195224961b5"}}, {0x84, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x7d, 0x1, "9592783b744785e0c981d88144d7c358e717f732680a2d63fbfbb2918a55454c7d2ad7e65da8195e23e6c51bf19a827bceada2dc4e264b7452e4bbec2b3a18a7e259b723c031d4ee5492644305fd004c1c36cda151828d213fab0626b6f5b7d9a1e37f3d46d7c3fc021c6e66fc3ec43ac2f975e2fd16984598"}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x28, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0xa7}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x3}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x200}}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x4000044}, 0x24048801)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r7 = getpid()
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
syz_usbip_server_init(0x1)
r10 = syz_pidfd_open(r7, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r11 = pidfd_getfd(r10, r10, 0x0)
setns(r11, 0x66020000)
syz_clone(0x50a60080, 0x0, 0x0, 0x0, 0x0, 0x0)

23.191267971s ago: executing program 32 (id=685):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newlink={0x68, 0x10, 0x1, 0x70bd2c, 0x20, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8084}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_IFALIAS={0x14, 0x14, 'ip6gretap0\x00'}, @IFLA_VFINFO_LIST={0x20, 0x16, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0xffffffbc, 0x1, {0xfeffff7f, 0xae, 0xfffffff9, 0x8100}}]}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000084}, 0x20000010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_read_part_table(0x5c3, &(0x7f00000005c0)="$eJzs2z9I22kYB/A31lBohw7XqVPbocPRpaVjM7QlSVsqhKiL3KCgiJgpghC5gKAHmkExgzi6iJDFP5Mxg5Oi4Czi4CE4uNyhi+BiDvG97e7wUI8rfD7w48n75vu+T54h4y/wXWsJvzebzUQIofnwrxPNfzjdWUtnvjzPfch3xMvCfPWXH64+Jv48HW99GdeHcb0w/6gxefY5WTtoP3/VvVlpid+PxufxYr3zDsbjni2ltp6MjRezU6XUwH62fDyxt9u2fJrO179Vqitfk596Y2471tZYh0IpjITB0BMKoRD6QvGO+s/Vjt5cPsvW1vrfX2Qa0xtvYy53yzlv2n/4xUxXtfzx9erT2Xel9Z38yYPrXOFv/l0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy/LKW2noyNF7NTpdTAfrZ8PLG327Z8ms7Xv1WqK1+Tn3pjbjvW1liHQimMhMHQEwohEfpC8Y76z9WO3lw+y9bW+t9fZBrTG29jLnfLOW/af/jFTFe1/PH16tPZd6X1nfzJg+tc4eE9/QAAAAAAAAAAAAAAAAAAAAAIIaQzX57nPuQ7QkiEn0Jr+PG3n1uu9pvxffdEzL2M9TDuL8w/akyefU7WDtrPX3VvVn6N+6PxebxY7/zPh+Ff+yMAAP//17OV3g==")
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk")
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="46040000", @ANYRES16, @ANYRESDEC=r3], 0x4}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b80)={0x198, 0x0, 0x1e17042cfb1b0e, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xdbb, 0x38}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x9}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x4}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x128, 0x3, 0x0, 0x1, [{0xa0, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x9c, 0x1, "58e3e40e921b5ac1438c1e6c44f123a6351e9b183e167d451d8e8a1128c43d1e7eac4f3cbc643ef466a9d69edd0c494a9f09f238ea04a615d1de102d13b6cb078d8141cafb4ecf91084f2b7e59f8471b0d83fd66bf1a12e3a787b173def0b2cf0a53cda452315a186e5e28c798e006694a069d34bc4e14ed400e661ee7062e49db0aff4cbeea00e6696fa20deaaea078c661b195224961b5"}}, {0x84, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x7d, 0x1, "9592783b744785e0c981d88144d7c358e717f732680a2d63fbfbb2918a55454c7d2ad7e65da8195e23e6c51bf19a827bceada2dc4e264b7452e4bbec2b3a18a7e259b723c031d4ee5492644305fd004c1c36cda151828d213fab0626b6f5b7d9a1e37f3d46d7c3fc021c6e66fc3ec43ac2f975e2fd16984598"}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x28, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0xa7}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x3}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x200}}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x4000044}, 0x24048801)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r7 = getpid()
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
syz_usbip_server_init(0x1)
r10 = syz_pidfd_open(r7, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r11 = pidfd_getfd(r10, r10, 0x0)
setns(r11, 0x66020000)
syz_clone(0x50a60080, 0x0, 0x0, 0x0, 0x0, 0x0)

1.513608969s ago: executing program 3 (id=1041):
io_setup(0x2004, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x100, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb:\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')

1.46501734s ago: executing program 0 (id=1042):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00', r0}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0xc0, &(0x7f0000000300)=0x10001, 0x0, 0x4)
msgsnd(0x0, 0x0, 0x2000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8919, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})

1.46439808s ago: executing program 3 (id=1043):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000680)={[{@nodioread_nolock}, {@noload}, {@acl}, {@resuid}]}, 0x1, 0x797, &(0x7f0000002040)="$eJzs3c9rHGUfAPDvbJKmSfu+yQsvvG89BQQNlG5Mja2Ch4oHESwU9GwbNttQs8mW7KY0IWCLCF4EFQ+CXnr2R7159cdV/wsP0lI1LVY8SGQ2s8022Y2bNrtbzOcDs/s8M7P7PN95Zmaf2XnYDWDfGksfchFHIuK9JGIkm59ExEAt1R9xamO9u2urhXRKYn391V+S2jp31lYL0fCa1KEs8/+I+PbtiKO57eVWllfmpkul4mKWn6jOX5yoLK8cuzA/PVucLS6cmJyaOn7ymZMn9i7W335YOXzz/Zee/OLUH2/97/q73yVxKg5nyxrj2CtjMZZtk4F0E97nxb0urMeSXleAB5Iemn0bR3kciZHoq6VaGOpmzQCATlkHAPahRB8AAPaZ+vcAd9ZWC/Wp2fcETW7h/SPceiEiDm7EX7+/ubGkP7tnd7B2H3T4TnLfnZEkIkb3oPyxiPjkq9c/S6fI2sG9NKAbrlyNiHOjY9vP/8m2MQu79dROC9cH08fBrbM7MQ4DaO7rtP/zbLP+X+5e/yea9H8G62PHHtLW99h+/Odu7EExLaX9v+cbxrbdbYg/M9qX5f5V6/MNJOcvlIrpue3fETEeA4NpfrK2avOe2/jtP2+3Kr+x//frB298mpafPm+ukbvRv+UsOTNdnX7YuOtuXY14rL9Z/Mm99k9a9H/PtFnGy8+983GrZWn8abz1aXv8nbV+LeKJpu2/2ZbJjuMTJ2q7w0R9p2jiyx8/Gm5VfmP7p1Nafv1aoBvS9h/eOf7RpHG8ZmX3ZXx/beSbVsv+Pv7m+/+B5LVa+kA27/J0tbo4GXEgeWX7/OObr63n6+un8Y8/3vz43yi2+f6fXhOeazP+/ps/f/7g8XdWGv/Mrtp/94nrd+f6WpXfXvtP1VLj2Zx2zn/tVvBhth0AAAAAAAAAAAAAAAAAAAAAAAAAtCsXEYcjyeXvpXO5fH7jP7z/G8O5UrlSPXq+vLQwE7X/yh6NgVz9py5HGn4PdTL7Pfx6/viW/NMR8Z+I+HBwqJbPF8qlmV4HDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZQ03+/38gW/bTYI8rBwB0zsFeVwAA6Dqf/wCw/+zu83+oY/UAALrH9T8A7D9tf/6f62w9AIDucf0PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAh505fTqd1n9fWy2k+ZlLy0tz5UvHZoqVufz8UiFfKC9ezM+Wy7OlYr5Qnm/5Rlc2nkrl8sWpWFi6PFEtVqoTleWVs/PlpYXq2Qvz07PFs8WBrkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO2rLK/MTZdKxUWJHRNDj0Y1tiT6o1el98fmnDfj0dgaEnuZaDxLDPXuBAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwiPsrAAD///GKLI4=")
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000300)="9f8a44f147bd11c566d9c5ba3f74f99da1ee43bc3452a1bbe5d4bac2ae388b742f7b88116761f5bbee39b3aca2b60a9d44bc7c61dfe0f971f05d87acad9d7712ccca2dd30095f813cd58f85a83618716c4b31a2963743e65e94ee604d6e6c1356ab9afe45a479dfe6a38775a40b5caed04f899d342ae7047046c5e985ca7837c25b459412b91f43b6307188069a98b890ccac0794840a987b5925e3decd418a9464603fb8b510eee2dcd9bb5643afde19b8423ffde915b9779d2d530d7c9b18a5f0ff95cc37fbbe4c7e44e336dbe638f135956889c8294d809f2ae6d469100052b5306caa580af6e1203c874e5d30480a63edb5251f237dc559af667ad02f6b63d4d90d6901d567765166d8ab49c5ad4afe2429e16864d22e08addf6fa7be32f305d7f6b58cb56e87338c4e9a1cd5ba0fbc9d4d619c2128a958dbd608f5b4a97cf3974f1bc74081fbeb56b76f8cf1678b4d61611b49ba32e291a", 0x15a, 0x809000)

1.350188703s ago: executing program 3 (id=1044):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c00000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x18)
ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000000)=ANY=[@ANYBLOB="4a1800000b00000081"])

1.193873376s ago: executing program 3 (id=1046):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5")
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475486dd", 0xe, 0x0, &(0x7f0000000140), 0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'batadv_slave_1\x00'})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.078182108s ago: executing program 0 (id=1047):
mknod$loop(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x771}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000380)='memory.stat\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x400000013)

1.077788568s ago: executing program 0 (id=1048):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40000100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x800, 0xfffffffc, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5400000068000100000000000000000002000000000000000c000880050005000000000008000600ee00000008000500", @ANYRES32, @ANYBLOB="0600070002000000040004000600030000000000080001000200000004000b"], 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x20000000000002b8, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x8000, 0x0, 0x0, 0x41000}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r4}, &(0x7f0000000140), &(0x7f0000000200)}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x19383fb31bd4d798}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
ustat(0xd, &(0x7f0000000680))
io_setup(0x8f0, &(0x7f0000002400)=<r8=>0x0)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
io_submit(r8, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r7, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])
creat(&(0x7f0000000000)='./bus\x00', 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
lsetxattr$security_selinux(&(0x7f0000000280)='./bus\x00', &(0x7f0000000240), &(0x7f0000000100)='system_u:object_r:gpg_exec_t:s0\x00', 0x20, 0x2)

971.26976ms ago: executing program 3 (id=1051):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x0, &(0x7f0000000500)=[{0x6, 0x2, 0x2, 0x9}, {0x0, 0x9, 0x21, 0x40}, {0x0, 0x80, 0x6, 0x9}, {0x8, 0xa6, 0x6, 0x9}, {0x5, 0x43, 0x4, 0x8}, {0x4, 0x2, 0xfb, 0xfffffffc}, {0x7fff, 0xf8, 0x6, 0x200}]}, 0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000001300)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a0300fef0ffffff79a4f0ff00000000b7060000ffffffff2e640500000000007502faff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000026000000b70000000000002995000000000000001da5ad3548ebb63d18db6a1c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6d5b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8c18119a6926083f4a2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa387a8077927a1ad367c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f20002b35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8c367d1bfd1aea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82dc568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000000000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac6f09c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccf5e882602897a85bf8523d891080593d831d758deb4f2c7e49c6d6b35d8fd92601c8500febb0c5fe0be294bf6bbbecad444695277a9e3992a354492513b43091d161c7c7cdbbe44e8e83b4cf333238a52f214b278c6485236ea880db2f113f6381187679a4620d6149808b0af024b3b3e6ba99b4b15ca"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x143, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1000000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18040000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x43, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010a9580000000000000000000500400a7c7e28143e8d001100010000000000000000000100000a"], 0x28}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(r5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000004c0)='kfree\x00', r2}, 0x10)
close(0x3)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffe97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0x7, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bind$tipc(r7, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x4}}, 0x10)
listen(r7, 0x0)
r8 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r8, &(0x7f0000002300)={&(0x7f0000000040)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000210001000000000000000000020000000000000000000000050019"], 0x24}}, 0x0)

878.334932ms ago: executing program 3 (id=1057):
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ioctl$EVIOCGBITKEY(r0, 0x80404521, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = syz_usbip_server_init(0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=@newsa={0x164, 0x10, 0x713, 0x80ff, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0xfffc, 0x4e21, 0x2, 0x0, 0x0, 0x0, 0x6c, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in6=@mcast2, {0x0, 0x0, 0xfffffffffffffffe, 0x9, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x0, 0x1}, {0x0, 0x4}, 0x70bd2c, 0x3500, 0xa, 0x0, 0x0, 0x50}, [@algo_aead={0x72, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x130, 0x60, "210466d38547aa140db9a200000000c538c7cb7a0e2145f5a3dc7f3cc31c64f7ac3e9549168b"}}]}, 0x164}, 0x1, 0x0, 0x0, 0x880}, 0x2000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='kfree\x00', r3, 0x0, 0x1ffffffffffffffd}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x9, &(0x7f0000000840)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x1b}}, @call={0x85, 0x0, 0x0, 0x62}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x18)
r7 = getpid()
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r9, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r7}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
r10 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000240)='\xd2\xbd\x15\x00\xd8', &(0x7f0000000380)='$\x00', 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r11=>0xffffffffffffffff}, 0x4)
r12 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
sync_file_range(r12, 0x0, 0x0, 0x2)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x9, '\x00', 0x0, r0, 0x0, 0x5, 0x5}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x10, &(0x7f00000000c0)=@raw=[@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80000000}}, @alu={0x7, 0x0, 0x8, 0x1, 0x4, 0x18}, @map_val={0x18, 0x4, 0x2, 0x0, r11, 0x0, 0x0, 0x0, 0x7f}, @exit, @exit, @ldst={0x3, 0x2, 0x6, 0x5, 0x9, 0xffffffffffffffe0, 0x10}, @map_val={0x18, 0x2, 0x2, 0x0, r12, 0x0, 0x0, 0x0, 0x6}], &(0x7f0000000140)='syzkaller\x00', 0x9, 0xb0, &(0x7f0000000440)=""/176, 0x41100, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x6, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0)=[r0, r0, r4, r1, r0, r0, r13, r2], &(0x7f0000000300)=[{0x2, 0x5, 0xe, 0xa}, {0x3, 0x5, 0x9}], 0x10, 0x7000}, 0x94)
write$P9_RREAD(r0, &(0x7f0000000000)={0x41, 0x75, 0x1, {0x36, "691366a2bae3b4434c57696f7711c7e0b76c5ca9ced5b8980ee6652ca1de7bea6a00f7171354c9af5e3f0571a0d64542156bb9ffe0a2"}}, 0x70)
close(r10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000)

858.135842ms ago: executing program 0 (id=1058):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r3, r2})
sendmsg$kcm(r1, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0)
close(0x3)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x14, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xd0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)

782.092174ms ago: executing program 0 (id=1059):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r2}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r3}, 0x18)
syz_io_uring_setup(0x893, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x1, 0x220}, &(0x7f0000000000), &(0x7f0000000340))

764.512305ms ago: executing program 0 (id=1061):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@abort}, {@errors_remount}, {@quota}]}, 0x3, 0x433, &(0x7f0000000d80)="$eJzs28tvG0UYAPBv7SSlLxKq8ugDCBRExSNp0lJ64AICiQNISHAox5CkVajboCZItIogIFSOqBJ3xBGJv4ATXBBwQuIKd1SpQrm0cDJaezexHdt1Uidu699P2nZmd1Yzn3fHntnJBtC3RtN/kog9EfFnRAxXs/UFRqv/3VxZmv53ZWk6iXL5nX+SSrkbK0vTedH8vN15ZiCi8EUSh5rUu3Dp8rmpUmn2YpYfXzz/4fjCpcsvzJ2fOjt7dvbC5KlTJ45PvHRy8sWuxJnGdePgJ/OHD7zx3tW3pk9fff/X75M8/oY4umS03cGny+UuV9dbe2vSyUDHp5WLW9IaOlWsdtMYrPT/4SjG2sUbjtc/72njgC011P7wchm4h6WjeaAf5T/06fw337Zh2HHHuP5KdQKUxn0z26pHBqKQlRlsmN9202hEnF7+75t0i615DgEAUOfHdPzzfLPxXyEeqil3f7aGMhIRD0TEvog4GRH7I+LBiErZhyPikQ3W37hIsn78U7i2qcA6lI7/Xs7WturHf/noL0aKWW5vJf7B5MxcafZY9pkcjcEdaX6iTR0/vfbHV62O1Y7/0i2tPx8LZu24NrCj/pyZqcWp24m51vXPIg4ONIs/WV0JSCLiQEQc3GQdc89+d7jVsVvH30bn60wtlb+NeKZ6/ZejIf5c0n59cvy+KM0eG8/vivV++/3K263qv634uyC9/rua3v+r8Y8kteu1Cxuv48pfX7ac02z2/h9K3q3b9/HU4uLFiYih5M1qo2v3TzaUm1wrn8Z/9Ejz/r8v1j6JQxGR3sSPRsRjEfF41vYnIuLJiDjSJv5fXn3qg83Hv7XS+Gc2dP3XEkPRuKd5onju5x/qKh3ZSPzp9T9RSR3N9nTy/ddJuzZ3NwMAAMDdpxAReyIpjK2mC4Wxserf8O+PXYXS/MLic2fmP7owU31HYCQGC/mTruGa56ET2bQ+z0825I9nz42/Lu6s5Mem50szvQ4e+tzuFv0/9beXM+De14V1NOAupf9D/9L/oX/p/9C/mvT/nb1oB7D9Kv0/qd/3aY/aAmyvht9/y37QR8z/oX/p/9C/9H/oSws749YvyUtIrEtE4Y5ohsQWJXr9zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAd/wcAAP//VsrjzA==")
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
bind$can_raw(0xffffffffffffffff, &(0x7f00000005c0), 0x10)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000004c0)=0x1000000, 0x4)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f00000002c0), &(0x7f0000000480)=0x30)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, &(0x7f00000006c0), 0x0}, 0x20)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x60, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x16020, 0x0, 0x9, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0, r1}, 0x18)
r3 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = timerfd_create(0x0, 0x0)
readv(r4, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/33, 0x21}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x80, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000101d2b4b823fdcbaa53b00001985f4b26a15bd899f5a82c45202a2cc002d295b921a4a8e59897d0de29c7c390910dbd6136fc58c401dde744956d16d86d3488edb60e86ffd6bb2d400a089f9c343d7c2c800000000000000000ea52aa61fb95b292b0058cfdc9fbe338142c20bb11a64e74df69712f8ba6f812103c3df5292daba00b4667dec31e1134000"/162], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x7, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000020000000000", @ANYRESOCT=r2, @ANYRES32], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x18)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000001740)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_addr=@broadcast, @loopback}, 0x10)
setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000000000)=0x9, 0x4)
linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xffffffffffffff9c, 0x0, 0x600)

594.149228ms ago: executing program 4 (id=1067):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000240)='kfree\x00', r0}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000000)='cgroup\x00')
lsetxattr$security_selinux(&(0x7f00000012c0)='.\x00', &(0x7f0000001280), &(0x7f0000001240)='system_u:object_r:fsadm_exec_t:s0\x00', 0x15, 0x0)

568.493509ms ago: executing program 4 (id=1068):
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0x0, &(0x7f00000003c0)='fd\x00')
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029"], 0x66)

518.81416ms ago: executing program 5 (id=1069):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r0, 0x0, 0x5}, 0x18)
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000000)='./file1\x00', 0x2000c12, &(0x7f0000000440)=ANY=[], 0x12, 0xa13, &(0x7f0000001c00)="$eJzs3c1vHOd9B/Dv8EWiaUOSZdV1BdtayZVM2yxFUrVUwYdWIlcSXb4UJAVY6MFyLaoQxNatXQO2USAyEOQUIwES5JDcjJwCBDBgBIiBIPAtuSWnHAIE/heMnJQTg5ldUsvXFWm+yPLnI+zLzPzmeX7Pzuw82uXsPGFvXX9so6V3Vs1ZOLhsamGhum1x+urPvkrqfP1dHP3i408+Km8f3sm+dObl4pdJT5Ja0pXkqaR7ZHR6aqJNQbeT60k+T4ok+9N4vC/XU3wvLW+Dz1P8pKx3Xfvut2TaWeAbba/3PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBAVI6ODg0PFvoxNXn2t1pDUVhkZnZ4qsrCwesniOg2fVaN+F5+1rTcpylt6ehaH+n7qyL3FTyapncjTjamnqwHJ05MPHn3y0CtPdHUsrr9eNl/J/vsv9p33P7j9xvz83Ns7ksiD73J9cmxmamziwuV6bWxmqnb+7NnB01cuzdQujY3XZ67NzNYnaiPT9QuzU9O1vpEXakPnz5+p1QeuTV2dvDw6MF5fnHnuH4YHB8/WXh34t/qF6ZmpydOvDsyMXBkbHx+bvFzFlIvLmHPljvivY7O12fqFiVrt5q35uTMrcurMiv23DBpq15IyaLhd0PDg8PDQ0PDw0IfN0bOXZpx9+fzL5wYHuwZXyKqIHdppebA8sv5m3v6DOGxRR6P/T8YzlslczWuprflvJKOZzlQm1lnetNj/nzxd37De1v6/2ct3tSw+Wt6dyLPNyZ51+v91ctm9f+/k/XyQ23kj85nPXN7e7hre3esWLvt3aOWcy6lnMmOZyVTGMpEL1Zxac04t53M2ZzOY13MlxzKTWi5lLOOpZybXMpPZ1Ks9aiTTqedCZjOV6dTSl5G8kFqGcj7ncya11DOQa5nK1UzmckZzoSrlZm5Vr/uZDbJeChq6n6DhDYJWdeab7v/rK/9zwjfO9h/EYYsWmv3/vvahfSO7kRAAAACw7f7utzlw5PBv/pQUeab6Xv7S2Hh9cK/TAgAAALZRdbre0+VDd/nsmRQ+/wMAAMDDpqh+Y1ck6c2xxrPFX0L5EgAAAAAeEtXf/59NcezeDJ//AQAA4CHT/hr7bSOK/sXL/9ZuNB5vNCMaU0XvpbHx+sDI1PgrQzlVXWWg+qXBqtI6k6K7+vnBizneiDre23jsvVdiWWdPGTU08MpQXsyJZkP6nisfnutbI3K4Efl8I/L51sjOLIs8U0YCwMPuxAb98f32/y+mvxHRf7Tq8ruOrtEHD+pZAeBBUY2xU/brf2kOabZG/98chefZ9fr/f9zg838ZcTg3jzVOKRjIm3kr87mR/jTPODi2VqmLoxE0TkPob/NtQG/zlIXfn/tV+ld9H9Cz1NbW2LkMp3/NbwRayi0WczjTiOvcsc0AALvqRJbO/Fv383+7/r+/zef/XqcUAsADZWkE+x18stdtBACW00sDAAAAAAAAAAAAAAAAAAAAAAAAAADA9mte//cXG17A/3enkvn5uWQXBgtYetKzPMOvUmBHNozZlUEQdudJZ5K9qv2fs+m1ym38oLx0nix/svpYUez2wQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAdVySda83vSPYnGUxyevez2jl39jqB7VLb2mrF3dzNezmw3ekAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzTNa//35HG46ONWenqSE4muZ7k3/c6x+10d68T2DP/Vd23XP+/I+nOQpGuxmZP0T0yOj01UW7+Yn+5/IuPP/movLUve/WoCmUBZQ3LBpdo1tAyp3v5Wo9Xa/WOzr1z+//e+p/a6MVqx7w4e2l8dOLy9L/cC3yy+LQxBELrMAiL+f7/yV9/v2X2vmbln5YtXdS7Yb2XqnpHV9f7t2u1fp1678Ot+bnhsqbZ+muz7/73rfdaFh3O8eS5vqRveU3/Wd7Wqen4ytdzueLL4jvFgfwo16vtX74axUJRbqKDVfsfuXlrfm7gzbfmbyzl9K1lOR3KsSQ3kp77z+lYdTxZU7XXdXSXtQ5WQeXdkTblbailxKF1XtfHq12md1NtqK3fhkqb172Z0Zk1M/rB/z6RU5ve0qfa1Lim4svij8WV/CHfbhn/o6Pc/iez5rtzjSKqyJY9pXVZ17I2NyKrlg+3Lnh9ZZldm28JW/bd/Ef+aWn7d7Qc/5vbaneORy01rv2+SDb/vvjpwVU9yj1Vj3RkRY/UPPqst04zzyONqHXy/Ju8lHQd3dQR5aU2R5Sdev//uOjLn3PH+D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCDr0g615rfkZxMcijJwXK6liw0lvz88GLMnS3U19FbbDnX7bCVnL9+inUbWtzN3byXA7udEQAAAAAAAAA74+LoFx9/8lF5q/4e35m/72guqSVdSQ4VP+weGZ2emmhTUHdyffFP+j2by+F6effYvenPy6mn2qy0t6cPAMDX2l8DAAD//2yxcY0=")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r1)
sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r2, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

347.925173ms ago: executing program 1 (id=1070):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket(0xa, 0x3, 0xfc)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000240)=ANY=[@ANYBLOB="611404"], 0xa8)

321.143834ms ago: executing program 1 (id=1071):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

320.840914ms ago: executing program 5 (id=1072):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
creat(&(0x7f0000000140)='./file0\x00', 0x71)
socket(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000380)={[{@errors_remount}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=")

284.416744ms ago: executing program 1 (id=1073):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r3}, 0x18)
syz_io_uring_setup(0x893, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x1, 0x220}, &(0x7f0000000000), &(0x7f0000000340))

267.950335ms ago: executing program 4 (id=1074):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
creat(&(0x7f0000000140)='./file0\x00', 0x71)
socket(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000380)={[{@errors_remount}, {@discard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x1, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=")

213.946996ms ago: executing program 1 (id=1075):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5")
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475486dd", 0xe, 0x0, &(0x7f0000000140), 0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'batadv_slave_1\x00'})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)

177.749706ms ago: executing program 4 (id=1076):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000850000000e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffedc, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000000a0a050000000000000000000a0000090900010073797a3100000000090002"], 0x2c}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000)
r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r4 = dup(r3)
read$char_usb(r4, &(0x7f0000000180)=""/147, 0xfdef)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

120.176188ms ago: executing program 5 (id=1077):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c00028005000300010000000800024000000011080004400000000a0900020073797a32"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000804)

97.796298ms ago: executing program 4 (id=1078):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000240)='kfree\x00', r0}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000000)='cgroup\x00')
lsetxattr$security_selinux(&(0x7f00000012c0)='.\x00', &(0x7f0000001280), &(0x7f0000001240)='system_u:object_r:fsadm_exec_t:s0\x00', 0x15, 0x0)

97.505888ms ago: executing program 5 (id=1079):
r0 = socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(r1, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r3, 0x0, 0x4}, 0x18)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close_range(r0, r1, 0x0)

62.208309ms ago: executing program 4 (id=1080):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="540000000008010100000000000000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r5 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000580)='$\x00\x19y\x01\xff\xb4\x9e\x95oQE\xc9\x1f|\bZ\xf44\x7f)\x03c\x9a\x85\x01V\xb8p+\x84\xfb\xe6?\x88\xe9\x98Y\x0e\xd5P\xa2\xcc\x01*\xcd%v!\x82\xf1\xaaB\x04-\x88\xeb-q8\x03\xadO\xa0F\xc5Z\x0f\xee\x94\xfcy\xa5\xa4L\xa1\xd7g\x9d\xd2m5r\xef\xe1\xd1\x87\x1aM\xa6\xa8\xa2\xef\xb0\x9e\xa9d\xee\xacl\x9c\xcb\x03\x17\xbbG\x15\xba3\xa5r<]T\xc6R\x03\xee#\x0f\x88\xc4\xd3\x02\xd1 @\r\x1cc\xe4|\x13H\xc2\x1fq\x88\xdd\x98\xe1~\xb0\xedK\x17x\v\x9b\xaa\xb4\a\xb6\x8b\x9e*=\x8f\x05\x8b\x88\xc9\x12\xa6\x8fs\x98\xf1\xfe\xcdX\xce,AD\xd2v\xf4\xe5\xd3\xf3\xf1TY\x1c\x8a\x98\xf8\xcf6\xc3>]l\xdaQ\xac\n{)\xc9\x95\xb4\x12j}8\x03\xba&\xe8p\xe8\xf0\xa4\xa6e\xbc\xef\x93%/x\x19\xaa\xb5\x97\x98A\\\x91\x9a \xa8\xf8a\xd8\x97\x1eR\xaf\xc8\x9f', 0x0)
read$ptp(r5, 0x0, 0x0)
ioctl$VT_RESIZE(r4, 0x5609, &(0x7f0000000000)={0xfff, 0x2, 0x4})
r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0xe4001, 0x0)
bind$inet(r6, &(0x7f0000000140)={0x2, 0x4e22, @multicast1}, 0x10)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_tcp_int(r7, 0x6, 0x2, &(0x7f0000000040)=0x2801, 0x4)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10)
connect$inet(r7, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
sendmsg$inet(r7, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0)
lsm_get_self_attr(0x64, 0xffffffffffffffff, &(0x7f0000000040)=0x19, 0x1)
recvmsg(r7, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x101, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r10}, 0x10)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=ANY=[@ANYBLOB="40000000100c000000e25a016168f26b86edff00ad375c6ee10a86c1", @ANYRES32=0x0, @ANYBLOB="7f15000000000000140012800b0001006261746164760000040002800a000100bbbbbbbbbbbb0000"], 0x40}}, 0x20000840)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000001740)={[], [{@uid_lt}, {@smackfsroot={'smackfsroot', 0x3d, '*:/'}}, {@fowner_eq}]}, 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=")

53.329469ms ago: executing program 5 (id=1081):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

52.893229ms ago: executing program 1 (id=1082):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket(0xa, 0x3, 0xfc)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000240)=ANY=[@ANYBLOB="611404"], 0xa8)

11.1177ms ago: executing program 1 (id=1083):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
memfd_create(0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = inotify_init1(0x80000)
inotify_add_watch(r1, &(0x7f0000000200)='.\x00', 0x10000a0)
dup(r1)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r2, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0c00000004000000040000000100000000000000", @ANYRES32=r3, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000c5b07bb1cbadffffffff00"/34], 0x48)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x80, 0x461}, 0x108108, 0x1, 0x0, 0x1, 0xa, 0x21005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe2$9p(0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sched_switch\x00', r5}, 0x18)
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@noquota}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x2, 0x4f4, &(0x7f0000000cc0)="$eJzs3c9vG1kdAPDvTOMmabM4CxyWlVgqWJSuoHayYXcjDkuQEJwqUcqFUwiJE0Vx4ih22iaqUCr+ACTEL8GJExckzggJ9U9ASJXgjhACVdCWAwfAaJwxDamTONs4buPPR3qdN/Nm5vteHT/7zRt5AhhYVyJiNiIuRMRbEVHMt6d5it29lO33+NHdhSwl0Ry++bckknxb+1xJvrycHzYSEV/7SsS3kmfj1rd3Vuer1cpmvl5urG2U69s711bW5pcry5X12empd2fem3lnZvLU2vr+l/78w+/+/Mvv/+azt/8499er386qNZaX7W9HN3a73G+v6YXW/0XbUERsniTYCyzN21Pod0UAAOhK9v3twxHxyYh48pN+1wYAAADoheYXxuJfSUQTAAAAOLfS1j2wSVrK7wUYizQtlfbu4f1oXEqrtXrjM0u1rfXFvXtlx6OQLq1UK5P5vcLjUUiy9alW/un62wfWpyPi1Yj4fnG0tV5aqFUX+33xAwAAAAbE5QPj/38U98b/AAAAwDkz3u8KAAAAAD1n/A8AAADn36Hj/2TobCsCAAAA9MJXr1/PUrP9/OvFW9tbq7Vb1xYr9dXS2tZCaaG2uVFartWWW7/Zt3bc+aq12sbnYn3rTrlRqTfK9e2dubXa1npjrvVc77lKs3gmzQIAAAD2efUT9/+QRMTu50dbKXMxLyscf/hsb2sH9FJ6st2TXtUDOHsX+l0BoG/c4AuDq4sxPnDOHTOw/8GB9RNeNgAAAF4EEx97rvl/84HwEjOQh8Fl/h8Gl/l/GFzm/2HADR+/y8hhBb895boAAAA9M9ZKSVrK5wLHIk1LpYhXWo8FKCRLK9XKZER8KCJ+XywMZ+tT/a40AAAAAAAAAAAAAAAAAAAAAAAAALxkms0kmgAAAMC5FpH+Jckf5D9RfHPs4PWBi8k/i61lRNz+6c0f3ZlvNDansu1//9/2xo/z7W+3t2S+ccZXMgAAAIC29ji9PY4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNP0+NHdhXY6y7gPvxgR453iD8VIaznyq2JEXHqSxNC+45KIuHAK8XfvRcRrneInWbViPK/FwfhpRIz2Of7lU4gPg+x+1v/MZu+/woH3XxpXWsvO77+hPD2vh1cO6//Sdv/X6uc69X+vHH3qkXbm9Qe/LD9TWszj34t4fahz/9OOn3SKf7H7Nn7z6zs7h5U1fxYxccznTxa/3FjbKNe3d66trM0vV5Yr69PTU+/OvDfzzsxkeWmlWsn/7Rjjex//9X8Oi5+1/1LH+Hv976Htj4g3u2z/vx/cefSRI+Jf/VTn1/+1I+JnfxOfzj8HsvKJdn53L7/fG7/43RtHtX/xkPYf+fpHxNUu2//Wje/8qctdAYAzUN/eWZ2vViubPcmM9uzMMlmmtn7cPtn3xA8conAmfyQyvczcyF/DEx/ex04JAADoiadf+g+WnGCCBwAAAAAAAAAAAAAAAAAAAHguPf8RsuH//2WBkf41FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgSP8NAAD//121zbo=")
syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=")
bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0xfffffffd}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)

0s ago: executing program 5 (id=1084):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

kernel console output (not intermixed with test programs):

60.840239][ T4957] loop2: detected capacity change from 0 to 128
[   60.847239][ T4952] wireguard0: entered promiscuous mode
[   60.852968][ T4952] wireguard0: entered allmulticast mode
[   60.888127][ T4951] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6).
[   60.898215][ T4951] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   60.913865][ T4951] EXT4-fs (loop0): mount failed
[   60.940550][   T29] audit: type=1400 audit(60.913:2652): avc:  denied  { ioctl } for  pid=4950 comm="syz.0.509" path="socket:[9963]" dev="sockfs" ino=9963 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   60.943507][ T4957] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   60.972174][ T4957] FAT-fs (loop2): Filesystem has been set read-only
[   61.004441][ T4961] wireguard0: entered promiscuous mode
[   61.009987][ T4961] wireguard0: entered allmulticast mode
[   61.051488][ T4957] bio_check_eod: 46279 callbacks suppressed
[   61.051510][ T4957] syz.2.510: attempt to access beyond end of device
[   61.051510][ T4957] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   61.071111][ T4957] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   61.078935][ T4957] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   61.087016][ T4957] syz.2.510: attempt to access beyond end of device
[   61.087016][ T4957] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128
[   61.100906][ T4957] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   61.108888][ T4957] syz.2.510: attempt to access beyond end of device
[   61.108888][ T4957] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   61.123436][ T4957] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   61.131444][ T4957] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   61.134642][ T4968] syz.2.510: attempt to access beyond end of device
[   61.134642][ T4968] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[   61.152625][ T4968] buffer_io_error: 33502 callbacks suppressed
[   61.152638][ T4968] Buffer I/O error on dev loop2, logical block 2065, async page read
[   61.171971][ T4968] syz.2.510: attempt to access beyond end of device
[   61.171971][ T4968] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[   61.185210][ T4968] Buffer I/O error on dev loop2, logical block 2066, async page read
[   61.206588][ T4974] usb usb5: usbfs: process 4974 (syz.4.515) did not claim interface 0 before use
[   61.225116][ T4968] syz.2.510: attempt to access beyond end of device
[   61.225116][ T4968] loop2: rw=0, sector=2067, nr_sectors = 1 limit=128
[   61.238517][ T4968] Buffer I/O error on dev loop2, logical block 2067, async page read
[   61.263287][ T4968] syz.2.510: attempt to access beyond end of device
[   61.263287][ T4968] loop2: rw=0, sector=2068, nr_sectors = 1 limit=128
[   61.276497][ T4968] Buffer I/O error on dev loop2, logical block 2068, async page read
[   61.290091][   T29] audit: type=1326 audit(61.263:2653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   61.296641][ T4980] loop1: detected capacity change from 0 to 2048
[   61.313716][   T29] audit: type=1326 audit(61.263:2654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   61.313741][   T29] audit: type=1326 audit(61.263:2655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   61.366089][   T29] audit: type=1326 audit(61.263:2656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   61.369766][ T4968] syz.2.510: attempt to access beyond end of device
[   61.369766][ T4968] loop2: rw=0, sector=2069, nr_sectors = 1 limit=128
[   61.388864][   T29] audit: type=1326 audit(61.263:2657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   61.388891][   T29] audit: type=1326 audit(61.263:2658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   61.388935][   T29] audit: type=1326 audit(61.263:2659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   61.402038][ T4968] Buffer I/O error on dev loop2, logical block 2069, async page read
[   61.480235][ T4968] syz.2.510: attempt to access beyond end of device
[   61.480235][ T4968] loop2: rw=0, sector=2070, nr_sectors = 1 limit=128
[   61.493480][ T4968] Buffer I/O error on dev loop2, logical block 2070, async page read
[   61.516228][ T4990] loop3: detected capacity change from 0 to 128
[   61.532913][ T4990] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   61.540758][ T4990] FAT-fs (loop3): Filesystem has been set read-only
[   61.547978][ T4990] syz.3.520: attempt to access beyond end of device
[   61.547978][ T4990] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   61.551381][ T4968] Buffer I/O error on dev loop2, logical block 2071, async page read
[   61.561761][ T4990] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   61.577663][ T4990] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   61.583858][ T4968] Buffer I/O error on dev loop2, logical block 2072, async page read
[   61.587389][ T4992] Buffer I/O error on dev loop3, logical block 2065, async page read
[   61.602215][ T4992] Buffer I/O error on dev loop3, logical block 2066, async page read
[   61.870166][ T5000] wireguard0: entered promiscuous mode
[   61.875823][ T5000] wireguard0: entered allmulticast mode
[   62.483296][ T5016] usb usb5: usbfs: process 5016 (syz.0.529) did not claim interface 0 before use
[   62.694686][ T5021] loop0: detected capacity change from 0 to 2048
[   62.765571][ T5029] FAULT_INJECTION: forcing a failure.
[   62.765571][ T5029] name failslab, interval 1, probability 0, space 0, times 0
[   62.778993][ T5029] CPU: 0 UID: 0 PID: 5029 Comm: syz.3.534 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   62.779021][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   62.779032][ T5029] Call Trace:
[   62.779039][ T5029]  <TASK>
[   62.779047][ T5029]  __dump_stack+0x1d/0x30
[   62.779081][ T5029]  dump_stack_lvl+0xe8/0x140
[   62.779168][ T5029]  dump_stack+0x15/0x1b
[   62.779185][ T5029]  should_fail_ex+0x265/0x280
[   62.779208][ T5029]  should_failslab+0x8c/0xb0
[   62.779305][ T5029]  kmem_cache_alloc_node_noprof+0x57/0x320
[   62.779350][ T5029]  ? __alloc_skb+0x101/0x320
[   62.779373][ T5029]  __alloc_skb+0x101/0x320
[   62.779395][ T5029]  netlink_alloc_large_skb+0xba/0xf0
[   62.779448][ T5029]  netlink_sendmsg+0x3cf/0x6b0
[   62.779476][ T5029]  ? __pfx_netlink_sendmsg+0x10/0x10
[   62.779502][ T5029]  __sock_sendmsg+0x145/0x180
[   62.779532][ T5029]  ____sys_sendmsg+0x31e/0x4e0
[   62.779636][ T5029]  ___sys_sendmsg+0x17b/0x1d0
[   62.779670][ T5029]  __x64_sys_sendmsg+0xd4/0x160
[   62.779699][ T5029]  x64_sys_call+0x191e/0x2ff0
[   62.779721][ T5029]  do_syscall_64+0xd2/0x200
[   62.779811][ T5029]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   62.779835][ T5029]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   62.779863][ T5029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.779930][ T5029] RIP: 0033:0x7f817b4feba9
[   62.779951][ T5029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.779968][ T5029] RSP: 002b:00007f8179f5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.779992][ T5029] RAX: ffffffffffffffda RBX: 00007f817b745fa0 RCX: 00007f817b4feba9
[   62.780005][ T5029] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004
[   62.780017][ T5029] RBP: 00007f8179f5f090 R08: 0000000000000000 R09: 0000000000000000
[   62.780030][ T5029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.780041][ T5029] R13: 00007f817b746038 R14: 00007f817b745fa0 R15: 00007ffcc2c7ae48
[   62.780064][ T5029]  </TASK>
[   63.048165][ T5036] netlink: 168 bytes leftover after parsing attributes in process `syz.1.535'.
[   63.174681][ T5043] netlink: 'syz.4.538': attribute type 4 has an invalid length.
[   63.181198][ T5047] loop3: detected capacity change from 0 to 512
[   63.196025][ T5047] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   63.226281][ T5049] loop1: detected capacity change from 0 to 512
[   63.236967][ T5049] EXT4-fs error (device loop1): ext4_xattr_inode_iget:442: comm syz.1.541: error while reading EA inode 32 err=-116
[   63.252527][ T5052] usb usb5: usbfs: process 5052 (syz.4.542) did not claim interface 0 before use
[   63.299841][ T5039] loop2: detected capacity change from 0 to 2048
[   63.347757][ T5049] EXT4-fs (loop1): Remounting filesystem read-only
[   63.354387][ T5049] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   63.364661][ T5049] EXT4-fs (loop1): 1 orphan inode deleted
[   63.386333][ T5059] netlink: 20 bytes leftover after parsing attributes in process `syz.4.545'.
[   63.470805][ T5065] loop3: detected capacity change from 0 to 2048
[   63.714592][ T5080] vhci_hcd: invalid port number 96
[   63.717752][ T5087] netlink: 20 bytes leftover after parsing attributes in process `syz.3.557'.
[   63.719723][ T5080] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   63.805823][ T5094] loop3: detected capacity change from 0 to 512
[   63.834450][ T5094] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   63.850601][ T5094] EXT4-fs (loop3): mount failed
[   63.937524][ T5100] FAULT_INJECTION: forcing a failure.
[   63.937524][ T5100] name failslab, interval 1, probability 0, space 0, times 0
[   63.950185][ T5100] CPU: 1 UID: 0 PID: 5100 Comm: syz.3.563 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.950209][ T5100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   63.950220][ T5100] Call Trace:
[   63.950227][ T5100]  <TASK>
[   63.950303][ T5100]  __dump_stack+0x1d/0x30
[   63.950324][ T5100]  dump_stack_lvl+0xe8/0x140
[   63.950344][ T5100]  dump_stack+0x15/0x1b
[   63.950361][ T5100]  should_fail_ex+0x265/0x280
[   63.950386][ T5100]  should_failslab+0x8c/0xb0
[   63.950484][ T5100]  kmem_cache_alloc_node_noprof+0x57/0x320
[   63.950545][ T5100]  ? __alloc_skb+0x101/0x320
[   63.950569][ T5100]  __alloc_skb+0x101/0x320
[   63.950588][ T5100]  ? audit_log_start+0x365/0x6c0
[   63.950614][ T5100]  audit_log_start+0x380/0x6c0
[   63.950758][ T5100]  audit_seccomp+0x48/0x100
[   63.950778][ T5100]  ? __seccomp_filter+0x68c/0x10d0
[   63.950836][ T5100]  __seccomp_filter+0x69d/0x10d0
[   63.950858][ T5100]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   63.950881][ T5100]  ? vfs_write+0x7e8/0x960
[   63.950952][ T5100]  __secure_computing+0x82/0x150
[   63.950969][ T5100]  syscall_trace_enter+0xcf/0x1e0
[   63.950990][ T5100]  do_syscall_64+0xac/0x200
[   63.951067][ T5100]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   63.951086][ T5100]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   63.951117][ T5100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.951138][ T5100] RIP: 0033:0x7f817b4feba9
[   63.951154][ T5100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.951216][ T5100] RSP: 002b:00007f8179f5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
[   63.951310][ T5100] RAX: ffffffffffffffda RBX: 00007f817b745fa0 RCX: 00007f817b4feba9
[   63.951323][ T5100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[   63.951335][ T5100] RBP: 00007f8179f5f090 R08: 0000000000000000 R09: 0000000000000000
[   63.951346][ T5100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.951357][ T5100] R13: 00007f817b746038 R14: 00007f817b745fa0 R15: 00007ffcc2c7ae48
[   63.951375][ T5100]  </TASK>
[   64.171061][ T5098] wireguard0: entered promiscuous mode
[   64.176751][ T5098] wireguard0: entered allmulticast mode
[   64.291421][ T5116] loop0: detected capacity change from 0 to 128
[   64.333924][ T5120] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[   64.340473][ T5120] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   64.348270][ T5120] vhci_hcd vhci_hcd.0: Device attached
[   64.385428][ T5120] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.402494][ T5116] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   64.410474][ T5116] FAT-fs (loop0): Filesystem has been set read-only
[   64.428863][ T5120] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.437554][ T5116] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   64.446509][ T5116] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   64.486859][ T5034] syz.2.533 (5034) used greatest stack depth: 7528 bytes left
[   64.502943][ T5120] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.543154][ T5120] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.591601][ T1035] usb 3-1: new high-speed USB device number 2 using vhci_hcd
[   64.648016][ T5110] loop3: detected capacity change from 0 to 512
[   64.664880][ T5110] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   64.714527][ T5110] EXT4-fs error (device loop3): ext4_quota_enable:7124: comm syz.3.567: Bad quota inum: 2, type: 0
[   64.726242][ T5110] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   64.753747][ T5110] EXT4-fs (loop3): mount failed
[   64.827437][ T5110] loop3: detected capacity change from 0 to 2048
[   64.919057][ T3523]  loop3: p2 p3 p7
[   64.945104][ T5110]  loop3: p2 p3 p7
[   65.060598][ T5147] netlink: 'syz.3.580': attribute type 1 has an invalid length.
[   65.083048][ T3703] udevd[3703]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[   65.096479][ T3523] udevd[3523]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   65.106911][ T3969] udevd[3969]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   65.143232][ T3523] udevd[3523]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[   65.154337][ T3969] udevd[3969]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   65.171550][ T5121] vhci_hcd: connection reset by peer
[   65.252155][ T2290] vhci_hcd: stop threads
[   65.256434][ T2290] vhci_hcd: release socket
[   65.260880][ T2290] vhci_hcd: disconnect device
[   65.385215][ T5150] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=5150 comm=syz.3.580
[   65.424813][ T5149] loop3: detected capacity change from 0 to 512
[   65.446040][ T5149] ext4: Unknown parameter 'uid<00000000000000000000'
[   65.484565][ T5157] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.544434][ T5157] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.604579][ T5157] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.633159][ T5163] netlink: 4 bytes leftover after parsing attributes in process `syz.4.586'.
[   65.642857][ T5163] xt_l2tp: invalid flags combination: 8
[   65.655395][ T5157] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.738230][   T29] kauditd_printk_skb: 253 callbacks suppressed
[   65.738245][   T29] audit: type=1326 audit(65.718:2910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.790242][ T2290] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.806079][ T2290] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.816722][   T29] audit: type=1326 audit(65.718:2911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.839560][   T29] audit: type=1326 audit(65.718:2912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.862214][   T29] audit: type=1326 audit(65.718:2913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.884892][   T29] audit: type=1326 audit(65.718:2914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.884927][   T29] audit: type=1326 audit(65.718:2915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.885081][   T29] audit: type=1326 audit(65.718:2916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.885146][   T29] audit: type=1326 audit(65.718:2917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.885168][   T29] audit: type=1326 audit(65.718:2918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.885193][   T29] audit: type=1326 audit(65.718:2919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5168 comm="syz.3.589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817b4feba9 code=0x7ffc0000
[   65.908252][ T2290] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.908303][ T2290] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.209651][ T5177] loop3: detected capacity change from 0 to 512
[   66.210418][ T5177] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   66.284519][ T5177] EXT4-fs error (device loop3): ext4_quota_enable:7124: comm syz.3.591: Bad quota inum: 2, type: 0
[   66.284685][ T5177] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   66.284829][ T5177] EXT4-fs (loop3): mount failed
[   66.303358][ T5177] loop3: detected capacity change from 0 to 2048
[   66.347037][ T3969]  loop3: p2 p3 p7
[   66.356940][ T5177]  loop3: p2 p3 p7
[   66.598419][ T5183] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.642872][ T5183] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.685647][ T3703] udevd[3703]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[   66.695137][ T3969] udevd[3969]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   66.697497][ T3523] udevd[3523]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   66.752868][ T5183] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.765886][ T5193] loop2: detected capacity change from 0 to 512
[   66.774543][ T5193] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   66.823279][ T5183] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   66.849860][ T5196] loop3: detected capacity change from 0 to 2048
[   66.905232][ T5196] EXT4-fs mount: 47 callbacks suppressed
[   66.905245][ T5196] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.064630][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.188314][ T5198] loop2: detected capacity change from 0 to 512
[   67.226665][ T5198] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   67.254884][ T5198] EXT4-fs error (device loop2): ext4_quota_enable:7124: comm syz.2.599: Bad quota inum: 2, type: 0
[   67.267628][ T5198] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   67.274232][ T5229] netlink: 'syz.3.610': attribute type 1 has an invalid length.
[   67.282907][ T5198] EXT4-fs (loop2): mount failed
[   67.335355][ T5198] loop2: detected capacity change from 0 to 2048
[   67.376138][ T5198]  loop2: p2 p3 p7
[   67.409678][ T5238] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=5238 comm=syz.3.610
[   67.455947][ T5238] loop3: detected capacity change from 0 to 512
[   67.477296][ T5238] ext4: Unknown parameter 'uid<00000000000000000000'
[   67.587685][ T5237] pimreg: entered allmulticast mode
[   67.596442][ T5237] pimreg: left allmulticast mode
[   67.604562][ T5247] loop2: detected capacity change from 0 to 2048
[   67.622402][ T5247] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.753967][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.802025][ T5255] usb usb5: usbfs: process 5255 (syz.2.620) did not claim interface 0 before use
[   67.946531][ T5267] loop3: detected capacity change from 0 to 2048
[   67.963276][ T5267] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.303976][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.478977][ T5284] usb usb5: usbfs: process 5284 (syz.3.632) did not claim interface 0 before use
[   68.559022][ T5290] loop3: detected capacity change from 0 to 2048
[   68.572909][ T5290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.743010][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.909552][ T5323] loop2: detected capacity change from 0 to 512
[   68.934470][ T5323] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   68.949638][ T5323] EXT4-fs (loop2): mount failed
[   68.951945][ T5325] vhci_hcd: invalid port number 96
[   68.959639][ T5325] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   69.037393][ T5336] FAULT_INJECTION: forcing a failure.
[   69.037393][ T5336] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   69.050527][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.3.655 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   69.050553][ T5336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   69.050563][ T5336] Call Trace:
[   69.050568][ T5336]  <TASK>
[   69.050574][ T5336]  __dump_stack+0x1d/0x30
[   69.050659][ T5336]  dump_stack_lvl+0xe8/0x140
[   69.050676][ T5336]  dump_stack+0x15/0x1b
[   69.050699][ T5336]  should_fail_ex+0x265/0x280
[   69.050722][ T5336]  should_fail+0xb/0x20
[   69.050740][ T5336]  should_fail_usercopy+0x1a/0x20
[   69.050760][ T5336]  _copy_to_user+0x20/0xa0
[   69.050854][ T5336]  simple_read_from_buffer+0xb5/0x130
[   69.050924][ T5336]  proc_fail_nth_read+0x10e/0x150
[   69.051032][ T5336]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   69.051055][ T5336]  vfs_read+0x1a8/0x770
[   69.051077][ T5336]  ? __rcu_read_unlock+0x4f/0x70
[   69.051099][ T5336]  ? __fget_files+0x184/0x1c0
[   69.051201][ T5336]  ksys_read+0xda/0x1a0
[   69.051305][ T5336]  __x64_sys_read+0x40/0x50
[   69.051325][ T5336]  x64_sys_call+0x27bc/0x2ff0
[   69.051347][ T5336]  do_syscall_64+0xd2/0x200
[   69.051522][ T5336]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   69.051565][ T5336]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   69.051598][ T5336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.051619][ T5336] RIP: 0033:0x7f817b4fd5bc
[   69.051634][ T5336] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   69.051651][ T5336] RSP: 002b:00007f8179f5f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   69.051668][ T5336] RAX: ffffffffffffffda RBX: 00007f817b745fa0 RCX: 00007f817b4fd5bc
[   69.051682][ T5336] RDX: 000000000000000f RSI: 00007f8179f5f0a0 RDI: 0000000000000003
[   69.051693][ T5336] RBP: 00007f8179f5f090 R08: 0000000000000000 R09: 0000000000000000
[   69.051706][ T5336] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[   69.051716][ T5336] R13: 00007f817b746038 R14: 00007f817b745fa0 R15: 00007ffcc2c7ae48
[   69.051732][ T5336]  </TASK>
[   69.327914][ T5348] netlink: 277 bytes leftover after parsing attributes in process `syz.2.660'.
[   69.398886][    T9] Process accounting resumed
[   69.435413][ T5366] random: crng reseeded on system resumption
[   69.467444][ T5368] loop3: detected capacity change from 0 to 764
[   69.476907][ T5368] isofs: isofs_export_get_parent(): child directory not normalized!
[   69.493825][ T5368] rock: directory entry would overflow storage
[   69.500014][ T5368] rock: sig=0x4f50, size=4, remaining=3
[   69.505618][ T5368] iso9660: Corrupted directory entry in block 6 of inode 1792
[   69.542733][ T5368] vhci_hcd: invalid port number 96
[   69.547895][ T5368] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   69.682552][ T5379] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   69.689901][ T5379] vhci_hcd: default hub control req: 2314 v0008 i0002 l0
[   69.715759][ T5381] loop2: detected capacity change from 0 to 512
[   69.741529][ T1035] vhci_hcd: vhci_device speed not set
[   69.751365][ T5381] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.777295][    T9] Process accounting resumed
[   69.798497][ T3311] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[   69.811881][ T3311] EXT4-fs error (device loop2): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[   69.898778][ T5400] loop3: detected capacity change from 0 to 512
[   69.908109][ T5400] ext3: Bad value for 'commit'
[   69.915002][ T5389] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.991773][ T5407] vhci_hcd: invalid port number 96
[   69.996930][ T5407] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   69.997061][ T5410] loop3: detected capacity change from 0 to 764
[   70.022154][  T140] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.041484][ T5410] isofs: isofs_export_get_parent(): child directory not normalized!
[   70.119945][ T5421] rock: directory entry would overflow storage
[   70.126169][ T5421] rock: sig=0x4f50, size=4, remaining=3
[   70.131785][ T5421] iso9660: Corrupted directory entry in block 6 of inode 1792
[   70.170368][ T5421] vhci_hcd: invalid port number 96
[   70.175548][ T5421] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   70.263150][  T385] bond0 (unregistering): Released all slaves
[   70.280628][  T140] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.299164][  T140] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.349058][  T140] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.446481][  T385] hsr_slave_0: left promiscuous mode
[   70.469078][  T385] hsr_slave_1: left promiscuous mode
[   70.481548][  T385] veth1_macvtap: left promiscuous mode
[   70.487038][  T385] veth0_macvtap: left promiscuous mode
[   70.555138][ T5469] loop3: detected capacity change from 0 to 764
[   70.612245][ T5469] isofs: isofs_export_get_parent(): child directory not normalized!
[   70.664684][ T5444] loop0: detected capacity change from 0 to 512
[   70.673881][ T5444] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   70.695366][ T5444] EXT4-fs error (device loop0): ext4_quota_enable:7124: comm syz.0.693: Bad quota inum: 2, type: 0
[   70.711240][ T5486] rock: directory entry would overflow storage
[   70.717471][ T5486] rock: sig=0x4f50, size=4, remaining=3
[   70.723205][ T5486] iso9660: Corrupted directory entry in block 6 of inode 1792
[   70.755288][ T5489] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   70.763494][ T5444] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   70.778696][ T5483] vhci_hcd: invalid port number 96
[   70.783872][ T5483] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   70.791058][ T5469] vhci_hcd: invalid port number 96
[   70.796280][ T5469] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   70.809301][ T5489] loop1: detected capacity change from 0 to 1024
[   70.838849][ T5412] chnl_net:caif_netlink_parms(): no params data found
[   70.841443][ T5444] EXT4-fs (loop0): mount failed
[   70.853948][ T5489] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   70.863786][ T5489] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   70.879958][   T29] kauditd_printk_skb: 614 callbacks suppressed
[   70.879969][   T29] audit: type=1326 audit(70.858:3533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2ffa12d510 code=0x7ffc0000
[   70.936360][ T5444] loop0: detected capacity change from 0 to 2048
[   70.946049][ T5489] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   70.961404][   T29] audit: type=1326 audit(70.858:3534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2ffa12e7ab code=0x7ffc0000
[   70.971904][ T5489] EXT4-fs error (device loop1): ext4_get_journal_inode:5800: inode #5: comm syz.1.704: unexpected bad inode w/o EXT4_IGET_BAD
[   70.983966][   T29] audit: type=1326 audit(70.858:3535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2ffa12d80a code=0x7ffc0000
[   71.019383][   T29] audit: type=1326 audit(70.858:3536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ffa12eba9 code=0x7ffc0000
[   71.042042][   T29] audit: type=1326 audit(70.858:3537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ffa12eba9 code=0x7ffc0000
[   71.064661][   T29] audit: type=1326 audit(70.898:3538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f2ffa12eba9 code=0x7ffc0000
[   71.087342][   T29] audit: type=1326 audit(70.898:3539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2ffa12ebe3 code=0x7ffc0000
[   71.109822][   T29] audit: type=1326 audit(70.898:3540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2ffa12d65f code=0x7ffc0000
[   71.128129][ T5489] EXT4-fs (loop1): no journal found
[   71.132335][   T29] audit: type=1326 audit(70.918:3541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f2ffa12ec37 code=0x7ffc0000
[   71.137514][ T5489] EXT4-fs (loop1): can't get journal size
[   71.160032][   T29] audit: type=1326 audit(70.918:3542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5442 comm="syz.0.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2ffa12d510 code=0x7ffc0000
[   71.175022][ T3969]  loop0: p2 p3 p7
[   71.192828][ T5489] EXT4-fs (loop1): too many log groups per flexible block group
[   71.200581][ T5489] EXT4-fs (loop1): failed to initialize mballoc (-12)
[   71.207531][ T5489] EXT4-fs (loop1): mount failed
[   71.213280][ T5412] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.220397][ T5412] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.230699][ T5444]  loop0: p2 p3 p7
[   71.239937][ T5412] bridge_slave_0: entered allmulticast mode
[   71.257779][ T2993]  loop0: p2 p3 p7
[   71.290557][ T5412] bridge_slave_0: entered promiscuous mode
[   71.361014][ T5412] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.368290][ T5412] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.405072][ T5517] loop1: detected capacity change from 0 to 1024
[   71.431681][ T5412] bridge_slave_1: entered allmulticast mode
[   71.438482][ T5517] EXT4-fs: Ignoring removed bh option
[   71.444251][ T5412] bridge_slave_1: entered promiscuous mode
[   71.462187][ T5517] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   71.489431][ T5517] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e84ce018, mo2=0000]
[   71.497887][ T5517] System zones: 0-1, 3-12
[   71.511116][ T5412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.532238][ T5412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.544077][ T5517] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #3: block 1: comm syz.1.706: lblock 1 mapped to illegal pblock 1 (length 1)
[   71.572864][ T5517] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.706: Failed to acquire dquot type 0
[   71.614398][ T5412] team0: Port device team_slave_0 added
[   71.620201][ T5517] EXT4-fs error (device loop1): ext4_free_blocks:6696: comm syz.1.706: Freeing blocks not in datazone - block = 0, count = 4096
[   71.638590][ T5412] team0: Port device team_slave_1 added
[   71.651293][ T5517] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.706: Invalid inode bitmap blk 0 in block_group 0
[   71.665403][   T31] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1)
[   71.665991][ T5412] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.679819][   T31] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:1: Failed to release dquot type 0
[   71.686628][ T5412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.699121][ T5517] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[   71.724081][ T5412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.744974][ T5517] EXT4-fs (loop1): 1 orphan inode deleted
[   71.751098][ T5517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.768476][ T5545] loop0: detected capacity change from 0 to 1024
[   71.775047][ T5540] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[   71.781562][ T5540] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   71.789146][ T5540] vhci_hcd vhci_hcd.0: Device attached
[   71.790008][ T5412] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.796661][ T5545] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   71.801895][ T5412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.801933][ T5412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.813806][ T5545] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   71.860254][ T5545] EXT4-fs (loop0): orphan cleanup on readonly fs
[   71.867033][ T5545] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix.
[   71.881530][ T5545] EXT4-fs (loop0): Cannot turn on quotas: error -5
[   71.888866][ T5545] EXT4-fs (loop0): 1 truncate cleaned up
[   71.897167][ T5545] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   71.923012][ T5412] hsr_slave_0: entered promiscuous mode
[   71.929186][ T5412] hsr_slave_1: entered promiscuous mode
[   71.935185][ T5412] debugfs: 'hsr0' already exists in 'hsr'
[   71.940919][ T5412] Cannot create hsr debugfs directory
[   71.971644][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.003421][ T5558] loop0: detected capacity change from 0 to 1024
[   72.031418][ T1035] usb 7-1: new low-speed USB device number 2 using vhci_hcd
[   72.045103][ T5558] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.072846][ T5558] netlink: 8 bytes leftover after parsing attributes in process `syz.0.715'.
[   72.079974][ T5412] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   72.095306][ T5412] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   72.106128][ T5412] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   72.120111][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.120729][ T5412] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   72.164383][ T5572] FAULT_INJECTION: forcing a failure.
[   72.164383][ T5572] name failslab, interval 1, probability 0, space 0, times 0
[   72.175354][ T5412] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.177107][ T5572] CPU: 1 UID: 0 PID: 5572 Comm: syz.0.716 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.177161][ T5572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   72.177173][ T5572] Call Trace:
[   72.177180][ T5572]  <TASK>
[   72.177187][ T5572]  __dump_stack+0x1d/0x30
[   72.177212][ T5572]  dump_stack_lvl+0xe8/0x140
[   72.177231][ T5572]  dump_stack+0x15/0x1b
[   72.177247][ T5572]  should_fail_ex+0x265/0x280
[   72.177270][ T5572]  ? __se_sys_memfd_create+0x1cc/0x590
[   72.177294][ T5572]  should_failslab+0x8c/0xb0
[   72.177318][ T5572]  __kmalloc_cache_noprof+0x4c/0x320
[   72.177347][ T5572]  __se_sys_memfd_create+0x1cc/0x590
[   72.177433][ T5572]  __x64_sys_memfd_create+0x31/0x40
[   72.177452][ T5572]  x64_sys_call+0x2abe/0x2ff0
[   72.177519][ T5572]  do_syscall_64+0xd2/0x200
[   72.177546][ T5572]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   72.177571][ T5572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.177619][ T5572] RIP: 0033:0x7f2ffa12eba9
[   72.177635][ T5572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.177711][ T5572] RSP: 002b:00007f2ff8b8ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   72.177729][ T5572] RAX: ffffffffffffffda RBX: 000000000000045c RCX: 00007f2ffa12eba9
[   72.177742][ T5572] RDX: 00007f2ff8b8eef0 RSI: 0000000000000000 RDI: 00007f2ffa1b27e8
[   72.177755][ T5572] RBP: 0000200000002400 R08: 00007f2ff8b8ebb7 R09: 00007f2ff8b8ee40
[   72.177766][ T5572] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[   72.177778][ T5572] R13: 00007f2ff8b8eef0 R14: 00007f2ff8b8eeb0 R15: 0000200000000680
[   72.177797][ T5572]  </TASK>
[   72.245479][ T5576] FAULT_INJECTION: forcing a failure.
[   72.245479][ T5576] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.253851][ T5412] 8021q: adding VLAN 0 to HW filter on device team0
[   72.254458][ T5576] CPU: 1 UID: 0 PID: 5576 Comm: syz.4.719 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.254484][ T5576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   72.254496][ T5576] Call Trace:
[   72.254502][ T5576]  <TASK>
[   72.254509][ T5576]  __dump_stack+0x1d/0x30
[   72.254530][ T5576]  dump_stack_lvl+0xe8/0x140
[   72.254548][ T5576]  dump_stack+0x15/0x1b
[   72.254587][ T5576]  should_fail_ex+0x265/0x280
[   72.254641][ T5576]  should_fail+0xb/0x20
[   72.254660][ T5576]  should_fail_usercopy+0x1a/0x20
[   72.254683][ T5576]  strncpy_from_user+0x25/0x230
[   72.254758][ T5576]  ? kmem_cache_alloc_noprof+0x186/0x310
[   72.254784][ T5576]  ? getname_flags+0x80/0x3b0
[   72.254811][ T5576]  getname_flags+0xae/0x3b0
[   72.254836][ T5576]  __se_sys_acct+0x3d/0x490
[   72.254911][ T5576]  __x64_sys_acct+0x1f/0x30
[   72.254936][ T5576]  x64_sys_call+0x2f2b/0x2ff0
[   72.254956][ T5576]  do_syscall_64+0xd2/0x200
[   72.255007][ T5576]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   72.255057][ T5576]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   72.255085][ T5576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.255105][ T5576] RIP: 0033:0x7f3d1de5eba9
[   72.255121][ T5576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.255139][ T5576] RSP: 002b:00007f3d1c8c7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[   72.255164][ T5576] RAX: ffffffffffffffda RBX: 00007f3d1e0a5fa0 RCX: 00007f3d1de5eba9
[   72.255176][ T5576] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[   72.255189][ T5576] RBP: 00007f3d1c8c7090 R08: 0000000000000000 R09: 0000000000000000
[   72.255201][ T5576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.255284][ T5576] R13: 00007f3d1e0a6038 R14: 00007f3d1e0a5fa0 R15: 00007ffdc4a38788
[   72.255302][ T5576]  </TASK>
[   72.481388][ T5541] vhci_hcd: connection reset by peer
[   72.531014][ T5412] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   72.551430][ T5582] loop0: detected capacity change from 0 to 764
[   72.556078][ T5412] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.583280][   T51] vhci_hcd: stop threads
[   72.596590][   T51] vhci_hcd: release socket
[   72.596625][   T51] vhci_hcd: disconnect device
[   72.598638][  T385] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.598689][  T385] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.603187][  T385] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.603253][  T385] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.613548][ T5582] isofs: isofs_export_get_parent(): child directory not normalized!
[   72.620287][ T5582] rock: directory entry would overflow storage
[   72.620294][ T5582] rock: sig=0x4f50, size=4, remaining=3
[   72.620306][ T5582] iso9660: Corrupted directory entry in block 6 of inode 1792
[   72.654914][ T5582] vhci_hcd: invalid port number 96
[   72.654928][ T5582] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   72.655205][ T5412] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.753421][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.844882][ T5412] veth0_vlan: entered promiscuous mode
[   72.845304][ T5606] netlink: 24 bytes leftover after parsing attributes in process `syz.1.724'.
[   72.853282][ T5412] veth1_vlan: entered promiscuous mode
[   72.874850][ T5412] veth0_macvtap: entered promiscuous mode
[   72.887089][ T5412] veth1_macvtap: entered promiscuous mode
[   72.897307][ T5608] usb usb5: usbfs: process 5608 (syz.4.725) did not claim interface 0 before use
[   72.924314][ T5412] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.938695][ T5610] FAULT_INJECTION: forcing a failure.
[   72.938695][ T5610] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.952072][ T5610] CPU: 0 UID: 0 PID: 5610 Comm: syz.0.726 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.952099][ T5610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   72.952111][ T5610] Call Trace:
[   72.952117][ T5610]  <TASK>
[   72.952124][ T5610]  __dump_stack+0x1d/0x30
[   72.952183][ T5610]  dump_stack_lvl+0xe8/0x140
[   72.952222][ T5610]  dump_stack+0x15/0x1b
[   72.952238][ T5610]  should_fail_ex+0x265/0x280
[   72.952262][ T5610]  should_fail+0xb/0x20
[   72.952282][ T5610]  should_fail_usercopy+0x1a/0x20
[   72.952306][ T5610]  _copy_to_user+0x20/0xa0
[   72.952351][ T5610]  simple_read_from_buffer+0xb5/0x130
[   72.952370][ T5610]  proc_fail_nth_read+0x10e/0x150
[   72.952393][ T5610]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   72.952418][ T5610]  vfs_read+0x1a8/0x770
[   72.952499][ T5610]  ? __rcu_read_unlock+0x4f/0x70
[   72.952517][ T5610]  ? __fget_files+0x184/0x1c0
[   72.952617][ T5610]  ksys_read+0xda/0x1a0
[   72.952698][ T5610]  __x64_sys_read+0x40/0x50
[   72.952716][ T5610]  x64_sys_call+0x27bc/0x2ff0
[   72.952777][ T5610]  do_syscall_64+0xd2/0x200
[   72.952812][ T5610]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   72.952877][ T5610]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   72.952976][ T5610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.953013][ T5610] RIP: 0033:0x7f2ffa12d5bc
[   72.953026][ T5610] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   72.953042][ T5610] RSP: 002b:00007f2ff8b8f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   72.953061][ T5610] RAX: ffffffffffffffda RBX: 00007f2ffa375fa0 RCX: 00007f2ffa12d5bc
[   72.953073][ T5610] RDX: 000000000000000f RSI: 00007f2ff8b8f0a0 RDI: 0000000000000005
[   72.953104][ T5610] RBP: 00007f2ff8b8f090 R08: 0000000000000000 R09: 0000000000000000
[   72.953116][ T5610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.953129][ T5610] R13: 00007f2ffa376038 R14: 00007f2ffa375fa0 R15: 00007ffc2e43a538
[   72.953147][ T5610]  </TASK>
[   73.179984][ T5412] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.232214][ T3432] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.256339][ T3432] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.282159][ T5624] loop0: detected capacity change from 0 to 764
[   73.282304][  T385] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.304442][ T5624] isofs: isofs_export_get_parent(): child directory not normalized!
[   73.315406][  T385] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.356770][ T5624] rock: directory entry would overflow storage
[   73.362986][ T5624] rock: sig=0x4f50, size=4, remaining=3
[   73.368552][ T5624] iso9660: Corrupted directory entry in block 6 of inode 1792
[   73.402666][ T5634] netlink: 76 bytes leftover after parsing attributes in process `syz.1.735'.
[   73.422072][ T5624] vhci_hcd: invalid port number 96
[   73.427315][ T5624] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   73.440712][ T5636] loop3: detected capacity change from 0 to 764
[   73.455237][ T5636] isofs: isofs_export_get_parent(): child directory not normalized!
[   73.472220][ T5636] rock: directory entry would overflow storage
[   73.478468][ T5636] rock: sig=0x4f50, size=4, remaining=3
[   73.484101][ T5636] iso9660: Corrupted directory entry in block 6 of inode 1792
[   73.516114][ T5636] vhci_hcd: invalid port number 96
[   73.521270][ T5636] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   73.530050][ T5639] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   73.575684][ T5639] vhci_hcd: default hub control req: 2314 v0008 i0002 l0
[   73.827745][ T5657] loop3: detected capacity change from 0 to 512
[   73.862645][ T5657] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.745: error while reading EA inode 32 err=-116
[   73.930203][ T5643] loop5: detected capacity change from 0 to 512
[   73.959858][ T5667] loop1: detected capacity change from 0 to 128
[   73.973506][ T5657] EXT4-fs (loop3): Remounting filesystem read-only
[   73.980062][ T5657] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   73.991572][ T5657] EXT4-fs (loop3): 1 orphan inode deleted
[   74.004197][ T5643] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   74.034451][ T5657] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.060595][ T5670] loop1: detected capacity change from 0 to 512
[   74.069423][ T5657] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.081078][ T5670] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   74.096458][ T5643] EXT4-fs error (device loop5): ext4_quota_enable:7124: comm syz.5.739: Bad quota inum: 2, type: 0
[   74.109643][ T5643] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   74.151703][ T5643] EXT4-fs (loop5): mount failed
[   74.168532][ T5670] EXT4-fs (loop1): 1 truncate cleaned up
[   74.174613][ T5670] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.194746][ T5670] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.274294][ T5643] loop5: detected capacity change from 0 to 2048
[   74.307819][ T5686] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   74.317386][ T5686] netlink: 196 bytes leftover after parsing attributes in process `+}[@'.
[   74.327858][ T5686] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   74.339729][ T5688] loop3: detected capacity change from 0 to 512
[   74.347298][ T5686] netlink: 196 bytes leftover after parsing attributes in process `+}[@'.
[   74.350788][ T5688] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   74.370169][ T3969]  loop5: p2 p3 p7
[   74.385807][ T5688] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.756: bg 0: block 4: invalid block bitmap
[   74.398547][ T5685] vhci_hcd: invalid port number 96
[   74.403746][ T5685] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   74.447773][ T5643]  loop5: p2 p3 p7
[   74.471635][ T5688] EXT4-fs (loop3): Remounting filesystem read-only
[   74.477097][ T5692] netlink: 'syz.1.757': attribute type 1 has an invalid length.
[   74.478795][ T5688] EXT4-fs (loop3): 1 truncate cleaned up
[   74.492232][ T5688] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.682251][ T5699] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=5699 comm=syz.1.757
[   74.698719][ T5699] loop1: detected capacity change from 0 to 512
[   74.711895][ T5699] ext4: Unknown parameter 'uid<00000000000000000000'
[   74.732444][ T5702] loop5: detected capacity change from 0 to 128
[   74.755389][ T3703] udevd[3703]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[   74.755504][ T3969] udevd[3969]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[   74.766890][ T3523] udevd[3523]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[   74.789500][ T5703] pimreg: entered allmulticast mode
[   74.812344][ T5703] pimreg: left allmulticast mode
[   74.857216][ T5705] netlink: 'syz.5.761': attribute type 10 has an invalid length.
[   74.865160][ T5705] netlink: 40 bytes leftover after parsing attributes in process `syz.5.761'.
[   74.927971][ T5705] batman_adv: batadv0: Adding interface: veth1_vlan
[   74.934668][ T5705] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.961364][ T5705] batman_adv: batadv0: Interface activated: veth1_vlan
[   75.116477][ T5711] loop5: detected capacity change from 0 to 512
[   75.143896][ T5711] EXT4-fs error (device loop5): ext4_xattr_inode_iget:442: comm syz.5.763: error while reading EA inode 32 err=-116
[   75.166106][ T5711] EXT4-fs (loop5): Remounting filesystem read-only
[   75.172923][ T5711] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   75.209030][ T5711] EXT4-fs (loop5): 1 orphan inode deleted
[   75.230513][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.239986][ T5711] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.303911][ T5711] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.313594][ T2290] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.337180][ T2290] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.370277][ T2290] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.382131][ T5716] SELinux:  policydb table sizes (2,655368) do not match mine (8,7)
[   75.391636][ T5716] SELinux: failed to load policy
[   75.396738][ T2290] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.422691][ T5719] tipc: Started in network mode
[   75.427685][ T5719] tipc: Node identity ac14140f, cluster identity 4711
[   75.439233][ T5719] tipc: New replicast peer: 255.255.255.255
[   75.445399][ T5719] tipc: Enabled bearer <udp:s >, priority 10
[   75.469497][ T5719] loop1: detected capacity change from 0 to 1024
[   75.497519][ T5719] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   75.508636][ T5719] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   75.542800][ T5719] JBD2: no valid journal superblock found
[   75.548558][ T5719] EXT4-fs (loop1): Could not load journal inode
[   75.563592][ T5725] loop3: detected capacity change from 0 to 764
[   75.584070][ T5725] isofs: isofs_export_get_parent(): child directory not normalized!
[   75.600870][ T5725] rock: directory entry would overflow storage
[   75.601034][ T5719] SELinux: security_context_str_to_sid (�-�Xܘ7.H\��%�u@
) failed with errno=-22
[   75.607081][ T5725] rock: sig=0x4f50, size=4, remaining=3
[   75.607099][ T5725] iso9660: Corrupted directory entry in block 6 of inode 1792
[   75.660943][ T5730] vlan2: entered promiscuous mode
[   75.666457][ T5730] vlan2: entered allmulticast mode
[   75.671689][ T5730] hsr_slave_1: entered allmulticast mode
[   75.678541][ T5725] vhci_hcd: invalid port number 96
[   75.683677][ T5725] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   75.718641][ T5732] netlink: 'syz.1.772': attribute type 10 has an invalid length.
[   75.726442][ T5732] netlink: 40 bytes leftover after parsing attributes in process `syz.1.772'.
[   75.765391][ T5732] batman_adv: batadv0: Adding interface: veth1_vlan
[   75.772113][ T5732] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.802631][ T5732] batman_adv: batadv0: Interface activated: veth1_vlan
[   75.816714][ T5736] netlink: 'syz.5.771': attribute type 11 has an invalid length.
[   75.830005][ T5736] netlink: 2652 bytes leftover after parsing attributes in process `syz.5.771'.
[   75.881429][   T29] kauditd_printk_skb: 740 callbacks suppressed
[   75.881443][   T29] audit: type=1326 audit(75.859:4279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   75.910276][   T29] audit: type=1326 audit(75.859:4280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3d1de5ebe3 code=0x7ffc0000
[   75.932906][   T29] audit: type=1326 audit(75.869:4281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3d1de5d65f code=0x7ffc0000
[   75.947018][ T5741] loop3: detected capacity change from 0 to 1024
[   75.955388][   T29] audit: type=1326 audit(75.869:4282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f3d1de5ec37 code=0x7ffc0000
[   75.975858][ T5741] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.984325][   T29] audit: type=1400 audit(75.919:4283): avc:  denied  { create } for  pid=5738 comm="syz.0.775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   76.014968][   T29] audit: type=1400 audit(75.919:4284): avc:  denied  { setopt } for  pid=5738 comm="syz.0.775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   76.033691][   T29] audit: type=1326 audit(75.919:4285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3d1de5d510 code=0x7ffc0000
[   76.056358][   T29] audit: type=1326 audit(75.919:4286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3d1de5d80a code=0x7ffc0000
[   76.078880][   T29] audit: type=1326 audit(75.919:4287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   76.101726][   T29] audit: type=1326 audit(75.919:4288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.4.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   76.136820][ T5741] xt_l2tp: invalid flags combination: 8
[   76.153232][ T5739] SELinux:  Context system_u:object_r:mouse_device_t:s0 is not valid (left unmapped).
[   76.194858][  T140] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:4: bg 0: block 393: padding at end of block bitmap is not set
[   76.227691][ T5754] loop1: detected capacity change from 0 to 512
[   76.240378][ T5754] EXT4-fs: Ignoring removed oldalloc option
[   76.248111][  T140] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[   76.260773][  T140] EXT4-fs (loop3): This should not happen!! Data will be lost
[   76.260773][  T140] 
[   76.280764][ T5754] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.780: Parent and EA inode have the same ino 15
[   76.295726][ T5754] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.780: Parent and EA inode have the same ino 15
[   76.309062][ T5754] EXT4-fs (loop1): 1 orphan inode deleted
[   76.318468][ T5754] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.347803][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.407558][ T5764] loop3: detected capacity change from 0 to 512
[   76.463625][ T5764] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   76.488246][ T5764] EXT4-fs (loop3): mount failed
[   76.557614][ T5777] loop3: detected capacity change from 0 to 128
[   76.581752][ T3384] tipc: Node number set to 2886997007
[   76.592991][ T5777] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   76.601048][ T5777] FAT-fs (loop3): Filesystem has been set read-only
[   76.681417][ T5777] bio_check_eod: 105162 callbacks suppressed
[   76.681433][ T5777] syz.3.786: attempt to access beyond end of device
[   76.681433][ T5777] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   76.936829][ T5777] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   76.944814][ T5777] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   76.972443][ T5778] syz.3.786: attempt to access beyond end of device
[   76.972443][ T5778] loop3: rw=0, sector=2065, nr_sectors = 1 limit=128
[   76.985765][ T5778] buffer_io_error: 104774 callbacks suppressed
[   76.985781][ T5778] Buffer I/O error on dev loop3, logical block 2065, async page read
[   77.023369][ T5778] syz.3.786: attempt to access beyond end of device
[   77.023369][ T5778] loop3: rw=0, sector=2066, nr_sectors = 1 limit=128
[   77.036602][ T5778] Buffer I/O error on dev loop3, logical block 2066, async page read
[   77.063760][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.076049][ T5778] syz.3.786: attempt to access beyond end of device
[   77.076049][ T5778] loop3: rw=0, sector=2067, nr_sectors = 1 limit=128
[   77.089326][ T5778] Buffer I/O error on dev loop3, logical block 2067, async page read
[   77.111959][ T5778] syz.3.786: attempt to access beyond end of device
[   77.111959][ T5778] loop3: rw=0, sector=2068, nr_sectors = 1 limit=128
[   77.119432][ T1035] usb 7-1: enqueue for inactive port 0
[   77.125161][ T5778] Buffer I/O error on dev loop3, logical block 2068, async page read
[   77.138795][ T5778] syz.3.786: attempt to access beyond end of device
[   77.138795][ T5778] loop3: rw=0, sector=2069, nr_sectors = 1 limit=128
[   77.151988][ T5778] Buffer I/O error on dev loop3, logical block 2069, async page read
[   77.160156][ T5778] syz.3.786: attempt to access beyond end of device
[   77.160156][ T5778] loop3: rw=0, sector=2070, nr_sectors = 1 limit=128
[   77.166205][ T1035] usb 7-1: enqueue for inactive port 0
[   77.173430][ T5778] Buffer I/O error on dev loop3, logical block 2070, async page read
[   77.186941][ T5778] syz.3.786: attempt to access beyond end of device
[   77.186941][ T5778] loop3: rw=0, sector=2071, nr_sectors = 1 limit=128
[   77.200229][ T5778] Buffer I/O error on dev loop3, logical block 2071, async page read
[   77.208437][ T5778] syz.3.786: attempt to access beyond end of device
[   77.208437][ T5778] loop3: rw=0, sector=2072, nr_sectors = 1 limit=128
[   77.221690][ T5778] Buffer I/O error on dev loop3, logical block 2072, async page read
[   77.236954][ T5781] netlink: 'syz.1.787': attribute type 10 has an invalid length.
[   77.244796][ T5781] __nla_validate_parse: 1 callbacks suppressed
[   77.244810][ T5781] netlink: 40 bytes leftover after parsing attributes in process `syz.1.787'.
[   77.251439][ T5777] syz.3.786: attempt to access beyond end of device
[   77.251439][ T5777] loop3: rw=0, sector=2065, nr_sectors = 1 limit=128
[   77.273051][ T5777] Buffer I/O error on dev loop3, logical block 2065, async page read
[   77.292322][ T1035] vhci_hcd: vhci_device speed not set
[   77.319941][ T5777] Buffer I/O error on dev loop3, logical block 2066, async page read
[   77.353673][ T5783] netlink: 8 bytes leftover after parsing attributes in process `syz.4.788'.
[   77.399751][ T5786] netlink: 'syz.1.789': attribute type 21 has an invalid length.
[   77.521812][ T5791] vhci_hcd: invalid port number 96
[   77.527056][ T5791] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   77.569434][ T5586] Process accounting resumed
[   77.668154][ T5803] loop1: detected capacity change from 0 to 512
[   77.685724][ T5803] EXT4-fs: Ignoring removed oldalloc option
[   77.723970][ T5803] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.797: Parent and EA inode have the same ino 15
[   77.767435][ T5803] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.797: Parent and EA inode have the same ino 15
[   77.804888][ T5803] EXT4-fs (loop1): 1 orphan inode deleted
[   77.811047][ T5803] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.953503][ T5812] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.012773][ T5812] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.073110][ T5812] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.132734][ T5812] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.198960][ T3432] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.218922][ T3432] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.241458][ T3432] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.268403][ T3432] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.497992][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.620983][ T5830] FAULT_INJECTION: forcing a failure.
[   78.620983][ T5830] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.634276][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz.1.806 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   78.634300][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   78.634367][ T5830] Call Trace:
[   78.634373][ T5830]  <TASK>
[   78.634380][ T5830]  __dump_stack+0x1d/0x30
[   78.634404][ T5830]  dump_stack_lvl+0xe8/0x140
[   78.634420][ T5830]  dump_stack+0x15/0x1b
[   78.634433][ T5830]  should_fail_ex+0x265/0x280
[   78.634491][ T5830]  should_fail+0xb/0x20
[   78.634509][ T5830]  should_fail_usercopy+0x1a/0x20
[   78.634580][ T5830]  _copy_from_user+0x1c/0xb0
[   78.634605][ T5830]  ___sys_sendmsg+0xc1/0x1d0
[   78.634722][ T5830]  __sys_sendmmsg+0x178/0x300
[   78.634751][ T5830]  __x64_sys_sendmmsg+0x57/0x70
[   78.634772][ T5830]  x64_sys_call+0x1c4a/0x2ff0
[   78.634819][ T5830]  do_syscall_64+0xd2/0x200
[   78.634848][ T5830]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   78.634868][ T5830]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   78.634951][ T5830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.634970][ T5830] RIP: 0033:0x7fb36bf7eba9
[   78.635011][ T5830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.635065][ T5830] RSP: 002b:00007fb36a9e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   78.635084][ T5830] RAX: ffffffffffffffda RBX: 00007fb36c1c5fa0 RCX: 00007fb36bf7eba9
[   78.635096][ T5830] RDX: 0000000000000001 RSI: 0000200000003cc0 RDI: 0000000000000003
[   78.635108][ T5830] RBP: 00007fb36a9e7090 R08: 0000000000000000 R09: 0000000000000000
[   78.635121][ T5830] R10: 0000000044008004 R11: 0000000000000246 R12: 0000000000000001
[   78.635138][ T5830] R13: 00007fb36c1c6038 R14: 00007fb36c1c5fa0 R15: 00007ffe4bfff848
[   78.635156][ T5830]  </TASK>
[   78.835918][ T5834] bridge_slave_0: left allmulticast mode
[   78.841820][ T5834] bridge_slave_0: left promiscuous mode
[   78.847531][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.869832][ T5834] bridge_slave_1: left allmulticast mode
[   78.875911][ T5834] bridge_slave_1: left promiscuous mode
[   78.881621][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.900820][ T5834] bond0: (slave bond_slave_0): Releasing backup interface
[   78.910673][ T5834] bond0: (slave bond_slave_1): Releasing backup interface
[   78.924720][ T5834] team0: Port device team_slave_0 removed
[   78.934954][ T5834] team0: Port device team_slave_1 removed
[   78.942637][ T5834] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   78.950050][ T5834] batman_adv: batadv0: Removing interface: batadv_slave_0
[   78.968863][ T5834] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   78.976340][ T5834] batman_adv: batadv0: Removing interface: batadv_slave_1
[   79.012863][ T5850] netlink: 8 bytes leftover after parsing attributes in process `syz.1.811'.
[   79.022162][ T5834] batman_adv: batadv0: Interface deactivated: veth1_vlan
[   79.029285][ T5834] batman_adv: batadv0: Removing interface: veth1_vlan
[   79.142190][ T5858] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.206516][ T5858] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.268887][ T5858] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.372944][ T5870] loop0: detected capacity change from 0 to 512
[   79.385482][ T5858] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.397676][ T5870] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   79.445771][ T5870] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.814: bg 0: block 4: invalid block bitmap
[   79.459716][ T5870] EXT4-fs (loop0): Remounting filesystem read-only
[   79.467045][ T5870] EXT4-fs (loop0): 1 truncate cleaned up
[   79.474405][ T5870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.764625][ T5873] pimreg: entered allmulticast mode
[   79.789024][ T5870] pimreg: left allmulticast mode
[   80.007070][   T31] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.037847][   T31] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.084083][   T31] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.121800][   T31] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.217907][ T5890] usb usb5: usbfs: process 5890 (syz.3.819) did not claim interface 0 before use
[   80.374159][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.374724][ T5896] loop9: detected capacity change from 0 to 7
[   80.389612][ T5896]  loop9: unable to read partition table
[   80.395386][ T5896] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   80.395386][ T5896] 
) failed (rc=-5)
[   80.428029][ T5901] loop0: detected capacity change from 0 to 128
[   80.443674][ T5901] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   80.451583][ T5901] FAT-fs (loop0): Filesystem has been set read-only
[   80.458325][ T5901] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   80.466197][ T5901] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[   80.677387][ T5403] Process accounting resumed
[   80.723687][ T5913] loop3: detected capacity change from 0 to 1024
[   80.782790][ T5913] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.042400][   T29] kauditd_printk_skb: 397 callbacks suppressed
[   81.042415][   T29] audit: type=1326 audit(81.028:4685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.083279][ T5917] netlink: 4 bytes leftover after parsing attributes in process `syz.4.831'.
[   81.113302][ T5917] xt_l2tp: invalid flags combination: 8
[   81.149573][   T29] audit: type=1326 audit(81.058:4686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.172427][   T29] audit: type=1326 audit(81.058:4687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.195078][   T29] audit: type=1326 audit(81.058:4688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.217739][   T29] audit: type=1326 audit(81.078:4689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.240336][   T29] audit: type=1326 audit(81.078:4690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.263080][   T29] audit: type=1326 audit(81.078:4691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.286097][   T29] audit: type=1326 audit(81.078:4692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.308879][   T29] audit: type=1326 audit(81.078:4693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.331640][   T29] audit: type=1326 audit(81.078:4694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5924 comm="syz.1.834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   81.336634][ T5925] netlink: 4 bytes leftover after parsing attributes in process `syz.3.829'.
[   81.367572][ T5925] xt_l2tp: invalid flags combination: 8
[   81.420674][  T140] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:4: bg 0: block 393: padding at end of block bitmap is not set
[   81.443191][  T140] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[   81.455925][  T140] EXT4-fs (loop3): This should not happen!! Data will be lost
[   81.455925][  T140] 
[   81.508750][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.530123][ T5934] loop1: detected capacity change from 0 to 1764
[   81.548628][ T5934] iso9660: Unknown parameter 'kfree'
[   81.613124][ T5937] loop3: detected capacity change from 0 to 2048
[   81.639041][ T5938] netlink: 44 bytes leftover after parsing attributes in process `syz.1.840'.
[   81.673327][ T5937] EXT4-fs (loop3): failed to initialize system zone (-117)
[   81.680597][ T5937] EXT4-fs (loop3): mount failed
[   81.707409][ T5938] netlink: 44 bytes leftover after parsing attributes in process `syz.1.840'.
[   81.775833][ T5938] netlink: 44 bytes leftover after parsing attributes in process `syz.1.840'.
[   81.790823][ T5949] loop3: detected capacity change from 0 to 512
[   81.850296][ T5949] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   81.887292][ T5955] loop1: detected capacity change from 0 to 764
[   81.902763][ T5949] EXT4-fs (loop3): mount failed
[   81.933555][ T5955] isofs: isofs_export_get_parent(): child directory not normalized!
[   81.948652][ T5955] rock: directory entry would overflow storage
[   81.954906][ T5955] rock: sig=0x4f50, size=4, remaining=3
[   81.960455][ T5955] iso9660: Corrupted directory entry in block 6 of inode 1792
[   82.014969][ T5958] FAULT_INJECTION: forcing a failure.
[   82.014969][ T5958] name failslab, interval 1, probability 0, space 0, times 0
[   82.022028][ T5955] vhci_hcd: invalid port number 96
[   82.027705][ T5958] CPU: 1 UID: 0 PID: 5958 Comm: syz.3.845 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   82.027732][ T5958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   82.027751][ T5958] Call Trace:
[   82.027757][ T5958]  <TASK>
[   82.027764][ T5958]  __dump_stack+0x1d/0x30
[   82.027785][ T5958]  dump_stack_lvl+0xe8/0x140
[   82.027802][ T5958]  dump_stack+0x15/0x1b
[   82.027818][ T5958]  should_fail_ex+0x265/0x280
[   82.027840][ T5958]  should_failslab+0x8c/0xb0
[   82.027863][ T5958]  kmem_cache_alloc_noprof+0x50/0x310
[   82.027888][ T5958]  ? mas_alloc_nodes+0x265/0x520
[   82.027918][ T5958]  mas_alloc_nodes+0x265/0x520
[   82.027948][ T5958]  mas_preallocate+0x33e/0x520
[   82.027977][ T5958]  __split_vma+0x240/0x650
[   82.028003][ T5958]  ? __rcu_read_unlock+0x4f/0x70
[   82.028024][ T5958]  vma_modify+0x3f2/0xc80
[   82.028044][ T5958]  ? avc_has_perm+0xf7/0x180
[   82.028068][ T5958]  vma_modify_flags+0x101/0x130
[   82.028094][ T5958]  mprotect_fixup+0x2cc/0x570
[   82.028119][ T5958]  do_mprotect_pkey+0x6d6/0x980
[   82.028152][ T5958]  __x64_sys_mprotect+0x48/0x60
[   82.028173][ T5958]  x64_sys_call+0x274e/0x2ff0
[   82.028189][ T5958]  do_syscall_64+0xd2/0x200
[   82.028214][ T5958]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   82.028235][ T5958]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   82.028261][ T5958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.028280][ T5958] RIP: 0033:0x7f817b4feba9
[   82.028295][ T5958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.028311][ T5958] RSP: 002b:00007f8179f5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a
[   82.028329][ T5958] RAX: ffffffffffffffda RBX: 00007f817b745fa0 RCX: 00007f817b4feba9
[   82.028341][ T5958] RDX: 0000000000000001 RSI: 0000000000800000 RDI: 0000200000000000
[   82.028352][ T5958] RBP: 00007f8179f5f090 R08: 0000000000000000 R09: 0000000000000000
[   82.028363][ T5958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   82.028375][ T5958] R13: 00007f817b746038 R14: 00007f817b745fa0 R15: 00007ffcc2c7ae48
[   82.028391][ T5958]  </TASK>
[   82.124919][ T5955] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   82.279035][ T5971] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   82.295456][ T5963] netlink: 4 bytes leftover after parsing attributes in process `syz.4.847'.
[   82.298487][ T5971] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   82.420647][ T5978] netlink: 44 bytes leftover after parsing attributes in process `syz.4.854'.
[   82.467595][ T5978] netlink: 44 bytes leftover after parsing attributes in process `syz.4.854'.
[   82.507373][ T5978] netlink: 44 bytes leftover after parsing attributes in process `syz.4.854'.
[   82.593069][ T5996] netlink: 'syz.4.862': attribute type 10 has an invalid length.
[   82.600923][ T5996] netlink: 40 bytes leftover after parsing attributes in process `syz.4.862'.
[   82.626590][ T5999] loop3: detected capacity change from 0 to 512
[   82.644922][ T5999] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.861: error while reading EA inode 32 err=-116
[   82.659732][ T6002] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[   82.666253][ T6002] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   82.674012][ T6002] vhci_hcd vhci_hcd.0: Device attached
[   82.680790][ T5999] EXT4-fs (loop3): Remounting filesystem read-only
[   82.687592][ T5999] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   82.730425][ T6002] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.748291][ T5999] EXT4-fs (loop3): 1 orphan inode deleted
[   82.754480][ T5999] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.819488][ T6009] loop1: detected capacity change from 0 to 1024
[   82.822614][ T5999] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.868011][ T6002] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.880074][ T6009] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.926533][ T6002] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.931365][    T9] usb 1-1: new high-speed USB device number 2 using vhci_hcd
[   82.979762][ T6017] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[   82.986734][ T6017] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   82.995621][ T6017] vhci_hcd vhci_hcd.0: Device attached
[   82.996251][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.018546][ T6017] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.038453][ T6002] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.083791][ T6017] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.104449][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.116822][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.129282][   T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.145841][   T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.155469][ T6003] vhci_hcd: connection reset by peer
[   83.161657][   T12] vhci_hcd: stop threads
[   83.165970][   T12] vhci_hcd: release socket
[   83.170432][   T12] vhci_hcd: disconnect device
[   83.175561][ T6017] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.213092][ T6017] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.241382][ T3385] usb 7-1: new high-speed USB device number 3 using vhci_hcd
[   83.531688][ T6079] netlink: 'syz.4.875': attribute type 1 has an invalid length.
[   83.572126][ T6085] loop5: detected capacity change from 0 to 764
[   83.579874][ T6085] isofs: isofs_export_get_parent(): child directory not normalized!
[   83.593830][ T6085] rock: directory entry would overflow storage
[   83.600012][ T6085] rock: sig=0x4f50, size=4, remaining=3
[   83.605785][ T6085] iso9660: Corrupted directory entry in block 6 of inode 1792
[   83.643172][ T6085] vhci_hcd: invalid port number 96
[   83.648323][ T6085] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   83.662393][ T6092] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6092 comm=syz.4.875
[   83.690605][ T6099] netlink: 44 bytes leftover after parsing attributes in process `syz.0.879'.
[   83.790601][ T6110] usb usb5: usbfs: process 6110 (syz.0.882) did not claim interface 0 before use
[   83.820625][ T6112] loop0: detected capacity change from 0 to 1024
[   83.839515][ T6112] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.843821][ T6018] vhci_hcd: connection reset by peer
[   83.858512][   T31] vhci_hcd: stop threads
[   83.862823][   T31] vhci_hcd: release socket
[   83.862838][   T31] vhci_hcd: disconnect device
[   83.885908][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.922583][ T6116] loop0: detected capacity change from 0 to 1024
[   83.953688][ T6116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.977631][ T6118] loop5: detected capacity change from 0 to 512
[   83.985667][ T6118] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   84.020045][ T6118] EXT4-fs error (device loop5): ext4_quota_enable:7124: comm syz.5.885: Bad quota inum: 2, type: 0
[   84.048653][ T6124] netlink: 'syz.1.886': attribute type 10 has an invalid length.
[   84.056436][ T6124] netlink: 40 bytes leftover after parsing attributes in process `syz.1.886'.
[   84.066066][ T6118] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   84.066185][ T6118] EXT4-fs (loop5): mount failed
[   84.099802][ T6118] loop5: detected capacity change from 0 to 2048
[   84.132625][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.160176][ T6118]  loop5: p2 p3 p7
[   84.202807][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.220375][ T6132] netlink: 44 bytes leftover after parsing attributes in process `syz.4.890'.
[   84.227378][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.238058][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.262582][   T31] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.272968][ T6134] loop5: detected capacity change from 0 to 1024
[   84.300896][ T6134] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.360917][ T6145] netlink: 8 bytes leftover after parsing attributes in process `syz.4.895'.
[   84.383446][ T6134] netlink: 4 bytes leftover after parsing attributes in process `syz.5.891'.
[   84.401857][ T6134] xt_l2tp: invalid flags combination: 8
[   84.413195][ T6153] netlink: 'syz.0.899': attribute type 10 has an invalid length.
[   84.479563][   T31] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm kworker/u8:1: bg 0: block 393: padding at end of block bitmap is not set
[   84.494585][   T31] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[   84.507314][   T31] EXT4-fs (loop5): This should not happen!! Data will be lost
[   84.507314][   T31] 
[   84.537844][ T5412] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.613817][ T6174] FAULT_INJECTION: forcing a failure.
[   84.613817][ T6174] name failslab, interval 1, probability 0, space 0, times 0
[   84.626487][ T6174] CPU: 0 UID: 0 PID: 6174 Comm: syz.1.908 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   84.626513][ T6174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   84.626525][ T6174] Call Trace:
[   84.626531][ T6174]  <TASK>
[   84.626537][ T6174]  __dump_stack+0x1d/0x30
[   84.626555][ T6174]  dump_stack_lvl+0xe8/0x140
[   84.626574][ T6174]  dump_stack+0x15/0x1b
[   84.626630][ T6174]  should_fail_ex+0x265/0x280
[   84.626654][ T6174]  should_failslab+0x8c/0xb0
[   84.626688][ T6174]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   84.626718][ T6174]  ? sidtab_sid2str_get+0xa0/0x130
[   84.626787][ T6174]  kmemdup_noprof+0x2b/0x70
[   84.626863][ T6174]  sidtab_sid2str_get+0xa0/0x130
[   84.626882][ T6174]  security_sid_to_context_core+0x1eb/0x2e0
[   84.626906][ T6174]  security_sid_to_context+0x27/0x40
[   84.626926][ T6174]  selinux_lsmprop_to_secctx+0x67/0xf0
[   84.626949][ T6174]  security_lsmprop_to_secctx+0x43/0x80
[   84.627001][ T6174]  audit_log_task_context+0x77/0x190
[   84.627059][ T6174]  audit_log_task+0xf4/0x250
[   84.627108][ T6174]  audit_seccomp+0x61/0x100
[   84.627131][ T6174]  ? __seccomp_filter+0x68c/0x10d0
[   84.627160][ T6174]  __seccomp_filter+0x69d/0x10d0
[   84.627182][ T6174]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   84.627209][ T6174]  ? vfs_write+0x7e8/0x960
[   84.627235][ T6174]  __secure_computing+0x82/0x150
[   84.627255][ T6174]  syscall_trace_enter+0xcf/0x1e0
[   84.627332][ T6174]  do_syscall_64+0xac/0x200
[   84.627386][ T6174]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   84.627405][ T6174]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   84.627428][ T6174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.627446][ T6174] RIP: 0033:0x7fb36bf7eba9
[   84.627528][ T6174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.627543][ T6174] RSP: 002b:00007fb36a9e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[   84.627560][ T6174] RAX: ffffffffffffffda RBX: 00007fb36c1c5fa0 RCX: 00007fb36bf7eba9
[   84.627571][ T6174] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000200000000040
[   84.627581][ T6174] RBP: 00007fb36a9e7090 R08: 0000000000000000 R09: 0000000000000000
[   84.627594][ T6174] R10: fffffffffffffffe R11: 0000000000000246 R12: 0000000000000001
[   84.627606][ T6174] R13: 00007fb36c1c6038 R14: 00007fb36c1c5fa0 R15: 00007ffe4bfff848
[   84.627649][ T6174]  </TASK>
[   84.628124][ T6171] loop3: detected capacity change from 0 to 512
[   84.628480][ T6176] loop0: detected capacity change from 0 to 1024
[   84.673008][ T6171] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   84.686538][ T6180] loop5: detected capacity change from 0 to 128
[   84.723870][ T6182] loop1: detected capacity change from 0 to 128
[   84.750234][ T6176] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.760320][ T6171] EXT4-fs error (device loop3): ext4_quota_enable:7124: comm syz.3.904: Bad quota inum: 2, type: 0
[   84.802617][ T6182] FAULT_INJECTION: forcing a failure.
[   84.802617][ T6182] name failslab, interval 1, probability 0, space 0, times 0
[   84.813475][ T6171] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   84.820268][ T6182] CPU: 1 UID: 0 PID: 6182 Comm: syz.1.912 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   84.820296][ T6182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   84.820307][ T6182] Call Trace:
[   84.820316][ T6182]  <TASK>
[   84.820332][ T6182]  __dump_stack+0x1d/0x30
[   84.820361][ T6182]  dump_stack_lvl+0xe8/0x140
[   84.820380][ T6182]  dump_stack+0x15/0x1b
[   84.820395][ T6182]  should_fail_ex+0x265/0x280
[   84.820418][ T6182]  should_failslab+0x8c/0xb0
[   84.820487][ T6182]  kmem_cache_alloc_noprof+0x50/0x310
[   84.820514][ T6182]  ? getname_flags+0x80/0x3b0
[   84.820540][ T6182]  getname_flags+0x80/0x3b0
[   84.820586][ T6182]  do_sys_openat2+0x60/0x110
[   84.820690][ T6182]  __x64_sys_openat+0xf2/0x120
[   84.820768][ T6182]  x64_sys_call+0x2e9c/0x2ff0
[   84.820842][ T6182]  do_syscall_64+0xd2/0x200
[   84.820900][ T6182]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   84.820922][ T6182]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   84.820949][ T6182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.820971][ T6182] RIP: 0033:0x7fb36bf7eba9
[   84.820986][ T6182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.821003][ T6182] RSP: 002b:00007fb36a9e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   84.821023][ T6182] RAX: ffffffffffffffda RBX: 00007fb36c1c5fa0 RCX: 00007fb36bf7eba9
[   84.821090][ T6182] RDX: 0000000000105142 RSI: 0000200000000080 RDI: ffffffffffffff9c
[   84.821102][ T6182] RBP: 00007fb36a9e7090 R08: 0000000000000000 R09: 0000000000000000
[   84.821115][ T6182] R10: 000000000000002c R11: 0000000000000246 R12: 0000000000000001
[   84.821127][ T6182] R13: 00007fb36c1c6038 R14: 00007fb36c1c5fa0 R15: 00007ffe4bfff848
[   84.821145][ T6182]  </TASK>
[   85.123093][ T6171] EXT4-fs (loop3): mount failed
[   85.162536][ T6193] netlink: 'syz.1.914': attribute type 1 has an invalid length.
[   85.178630][ T6171] loop3: detected capacity change from 0 to 2048
[   85.188405][ T6196] loop5: detected capacity change from 0 to 2048
[   85.196115][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.217044][ T6196] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.232748][ T6171]  loop3: p2 p3 p7
[   85.250805][ T2993]  loop3: p2 p3 p7
[   85.314339][ T6204] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6204 comm=syz.1.914
[   85.330810][ T6206] loop3: detected capacity change from 0 to 1024
[   85.365761][ T3523] udevd[3523]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   85.366616][ T6206] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.377014][ T3969] udevd[3969]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   85.389519][ T3703] udevd[3703]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[   85.407695][ T6209] vhci_hcd: invalid port number 96
[   85.412936][ T6209] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   85.422604][ T6204] loop1: detected capacity change from 0 to 512
[   85.429644][ T6213] siw: device registration error -23
[   85.432520][ T6204] ext4: Unknown parameter 'uid<00000000000000000000'
[   85.467853][ T3703] udevd[3703]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[   85.479335][ T3523] udevd[3523]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   85.482635][ T3969] udevd[3969]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   85.489496][ T5412] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.534650][ T6214] xt_l2tp: invalid flags combination: 8
[   85.561269][ T6218] usb usb5: usbfs: process 6218 (syz.5.921) did not claim interface 0 before use
[   85.663688][ T2290] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:6: bg 0: block 393: padding at end of block bitmap is not set
[   85.679127][ T2290] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[   85.692058][ T2290] EXT4-fs (loop3): This should not happen!! Data will be lost
[   85.692058][ T2290] 
[   85.712873][ T6230] loop0: detected capacity change from 0 to 512
[   85.717322][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.731184][ T6230] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   85.766357][ T6230] EXT4-fs error (device loop0): ext4_quota_enable:7124: comm syz.0.928: Bad quota inum: 2, type: 0
[   85.833877][ T6230] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   85.868593][ T6230] EXT4-fs (loop0): mount failed
[   85.923842][ T6230] loop0: detected capacity change from 0 to 2048
[   86.062568][ T6254] loop1: detected capacity change from 0 to 512
[   86.091360][   T29] kauditd_printk_skb: 963 callbacks suppressed
[   86.091376][   T29] audit: type=1326 audit(85.968:5656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6243 comm="syz.4.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   86.120171][   T29] audit: type=1400 audit(85.978:5657): avc:  denied  { map } for  pid=6232 comm="syz.3.927" path="socket:[15912]" dev="sockfs" ino=15912 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[   86.163302][ T6254] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #2: comm syz.1.935: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[   86.186525][ T6230]  loop0: p2 p3 p7
[   86.221070][ T2993]  loop0: p2 p3 p7
[   86.234224][ T6254] EXT4-fs (loop1): get root inode failed
[   86.239997][ T6254] EXT4-fs (loop1): mount failed
[   86.341052][   T29] audit: type=1326 audit(86.128:5658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6241 comm="syz.4.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[   86.364016][   T29] audit: type=1326 audit(86.128:5659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6241 comm="syz.4.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f3d1de5eba9 code=0x7ffc0000
[   86.386605][   T29] audit: type=1326 audit(86.178:5660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.0.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f2ffa12d3ba code=0x7ffc0000
[   86.409373][   T29] audit: type=1326 audit(86.188:5661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.0.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f2ffa12d3ba code=0x7ffc0000
[   86.432001][   T29] audit: type=1326 audit(86.188:5662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.0.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f2ffa12e127 code=0x7ffc0000
[   86.454755][   T29] audit: type=1326 audit(86.188:5663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.0.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f2ffa12d3ba code=0x7ffc0000
[   86.477430][   T29] audit: type=1326 audit(86.188:5664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.0.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f2ffa12e127 code=0x7ffc0000
[   86.500138][   T29] audit: type=1326 audit(86.188:5665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.0.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f2ffa12d3ba code=0x7ffc0000
[   86.554875][ T6254] loop1: detected capacity change from 0 to 2048
[   86.765484][ T6254] Alternate GPT is invalid, using primary GPT.
[   86.771900][ T6254]  loop1: p1 p2 p3
[   86.888066][ T6266] loop5: detected capacity change from 0 to 1024
[   86.924830][ T6268] netlink: 'syz.4.939': attribute type 1 has an invalid length.
[   86.966708][ T6270] loop1: detected capacity change from 0 to 764
[   86.997237][ T6266] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.010485][ T6273] loop0: detected capacity change from 0 to 764
[   87.021365][ T6270] isofs: isofs_export_get_parent(): child directory not normalized!
[   87.053354][ T6273] isofs: isofs_export_get_parent(): child directory not normalized!
[   87.074291][ T6270] rock: directory entry would overflow storage
[   87.080460][ T6270] rock: sig=0x4f50, size=4, remaining=3
[   87.086056][ T6270] iso9660: Corrupted directory entry in block 6 of inode 1792
[   87.095937][ T6276] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6276 comm=syz.4.939
[   87.118323][ T6277] rock: directory entry would overflow storage
[   87.124634][ T6277] rock: sig=0x4f50, size=4, remaining=3
[   87.130219][ T6277] iso9660: Corrupted directory entry in block 6 of inode 1792
[   87.150983][ T6278] xt_l2tp: invalid flags combination: 8
[   87.200638][  T140] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm kworker/u8:4: bg 0: block 393: padding at end of block bitmap is not set
[   87.219645][ T6273] vhci_hcd: invalid port number 96
[   87.224780][ T6273] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   87.247193][  T140] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2035 with error 117
[   87.259875][  T140] EXT4-fs (loop5): This should not happen!! Data will be lost
[   87.259875][  T140] 
[   87.344047][ T5412] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.447621][ T6284] loop5: detected capacity change from 0 to 1024
[   87.454783][ T6284] EXT4-fs: Ignoring removed nobh option
[   87.460356][ T6284] EXT4-fs: inline encryption not supported
[   87.482942][ T6284] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.512606][ T6284] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.942: Allocating blocks 385-513 which overlap fs metadata
[   87.532268][ T6283] EXT4-fs (loop5): pa ffff88810721c620: logic 16, phys. 129, len 24
[   87.540436][ T6283] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[   87.557009][ T6288] netlink: 'syz.3.945': attribute type 10 has an invalid length.
[   87.564817][ T6288] __nla_validate_parse: 9 callbacks suppressed
[   87.564829][ T6288] netlink: 40 bytes leftover after parsing attributes in process `syz.3.945'.
[   87.616947][ T6296] loop0: detected capacity change from 0 to 2048
[   87.620713][ T6288] team0: entered promiscuous mode
[   87.628398][ T6288] team0: entered allmulticast mode
[   87.634899][ T6288] bridge0: port 1(team0) entered blocking state
[   87.641231][ T6288] bridge0: port 1(team0) entered disabled state
[   87.648593][ T5412] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.692847][ T6296] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.744319][ T6312] netlink: 'syz.3.954': attribute type 1 has an invalid length.
[   87.790351][ T6309] vhci_hcd: invalid port number 96
[   87.795539][ T6309] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   87.841856][ T6318] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   87.861610][ T6318] vhci_hcd: default hub control req: 2314 v0008 i0002 l0
[   87.892158][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.930361][ T6327] netlink: 'syz.5.961': attribute type 10 has an invalid length.
[   87.938213][ T6327] netlink: 40 bytes leftover after parsing attributes in process `syz.5.961'.
[   87.951838][ T6331] netlink: 'syz.0.960': attribute type 1 has an invalid length.
[   87.952977][ T6330] loop1: detected capacity change from 0 to 1024
[   87.967055][ T6332] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6332 comm=syz.3.954
[   87.971471][ T6327] batman_adv: batadv0: Adding interface: veth1_vlan
[   87.986424][ T6327] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.986505][ T6332] loop3: detected capacity change from 0 to 512
[   88.021994][ T6332] ext4: Unknown parameter 'uid<00000000000000000000'
[   88.043771][ T6330] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.080888][ T6327] batman_adv: batadv0: Interface activated: veth1_vlan
[   88.091347][    T9] vhci_hcd: vhci_device speed not set
[   88.095855][ T6330] netlink: 8 bytes leftover after parsing attributes in process `syz.1.962'.
[   88.114582][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.142990][ T6339] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6339 comm=syz.0.960
[   88.167631][ T6339] loop0: detected capacity change from 0 to 512
[   88.183083][ T6339] ext4: Unknown parameter 'uid<00000000000000000000'
[   88.226231][ T6343] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.240959][ T6341] loop5: detected capacity change from 0 to 8192
[   88.273176][ T6343] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.302822][ T6343] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.329869][ T6350] FAULT_INJECTION: forcing a failure.
[   88.329869][ T6350] name failslab, interval 1, probability 0, space 0, times 0
[   88.342651][ T6350] CPU: 1 UID: 0 PID: 6350 Comm: syz.1.968 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   88.342677][ T6350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   88.342753][ T6350] Call Trace:
[   88.342760][ T6350]  <TASK>
[   88.342767][ T6350]  __dump_stack+0x1d/0x30
[   88.342934][ T6350]  dump_stack_lvl+0xe8/0x140
[   88.342954][ T6350]  dump_stack+0x15/0x1b
[   88.342971][ T6350]  should_fail_ex+0x265/0x280
[   88.342992][ T6350]  should_failslab+0x8c/0xb0
[   88.343015][ T6350]  kmem_cache_alloc_noprof+0x50/0x310
[   88.343064][ T6350]  ? copy_fs_struct+0x31/0x110
[   88.343088][ T6350]  copy_fs_struct+0x31/0x110
[   88.343170][ T6350]  ksys_unshare+0x2c6/0x6d0
[   88.343253][ T6350]  ? ksys_write+0x15f/0x1a0
[   88.343276][ T6350]  __x64_sys_unshare+0x1f/0x30
[   88.343302][ T6350]  x64_sys_call+0x2911/0x2ff0
[   88.343322][ T6350]  do_syscall_64+0xd2/0x200
[   88.343418][ T6350]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   88.343502][ T6350]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   88.343531][ T6350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.343553][ T6350] RIP: 0033:0x7fb36bf7eba9
[   88.343568][ T6350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.343614][ T6350] RSP: 002b:00007fb36a9e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   88.343633][ T6350] RAX: ffffffffffffffda RBX: 00007fb36c1c5fa0 RCX: 00007fb36bf7eba9
[   88.343647][ T6350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022020600
[   88.343727][ T6350] RBP: 00007fb36a9e7090 R08: 0000000000000000 R09: 0000000000000000
[   88.343750][ T6350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.343762][ T6350] R13: 00007fb36c1c6038 R14: 00007fb36c1c5fa0 R15: 00007ffe4bfff848
[   88.343778][ T6350]  </TASK>
[   88.531051][ T3385] vhci_hcd: vhci_device speed not set
[   88.546714][ T6343] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.568299][ T3412] Process accounting resumed
[   88.597401][  T385] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.621907][  T385] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.630121][  T385] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.642326][ T6355] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   88.656805][ T6362] netlink: 'syz.4.974': attribute type 10 has an invalid length.
[   88.661077][ T6355] vhci_hcd: default hub control req: 2314 v0008 i0002 l0
[   88.664648][ T6362] netlink: 40 bytes leftover after parsing attributes in process `syz.4.974'.
[   88.680766][  T385] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.686500][ T6363] siw: device registration error -23
[   88.735149][ T6365] loop0: detected capacity change from 0 to 764
[   88.758733][ T6365] isofs: isofs_export_get_parent(): child directory not normalized!
[   88.776904][ T6369] loop3: detected capacity change from 0 to 512
[   88.786927][ T6367] SELinux:  Context system_u:object_r:fsa is not valid (left unmapped).
[   88.802086][ T6365] rock: directory entry would overflow storage
[   88.808282][ T6365] rock: sig=0x4f50, size=4, remaining=3
[   88.811863][ T6371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.978'.
[   88.813956][ T6365] iso9660: Corrupted directory entry in block 6 of inode 1792
[   88.822929][ T6371] xt_l2tp: invalid flags combination: 8
[   88.842934][ T6369] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.976: error while reading EA inode 32 err=-116
[   88.861123][ T6369] EXT4-fs (loop3): Remounting filesystem read-only
[   88.867786][ T6369] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   88.880000][ T6369] EXT4-fs (loop3): 1 orphan inode deleted
[   88.886345][ T6369] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.900140][ T6369] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.909769][ T6365] vhci_hcd: invalid port number 96
[   88.914957][ T6365] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   88.970959][ T1035] Process accounting resumed
[   88.989818][ T6380] netlink: 'syz.3.982': attribute type 1 has an invalid length.
[   89.024820][ T6386] loop5: detected capacity change from 0 to 1024
[   89.046536][ T6386] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.116455][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.5.984'.
[   89.136187][ T5412] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.208822][ T6403] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6403 comm=syz.3.982
[   89.254109][ T6403] loop3: detected capacity change from 0 to 512
[   89.289068][ T6403] ext4: Unknown parameter 'uid<00000000000000000000'
[   89.520111][ T6413] netlink: 8 bytes leftover after parsing attributes in process `syz.5.991'.
[   89.572896][ T5586] Process accounting resumed
[   89.580923][ T6413] netlink: 312 bytes leftover after parsing attributes in process `syz.5.991'.
[   89.590085][ T6413] netlink: 8 bytes leftover after parsing attributes in process `syz.5.991'.
[   89.654652][ T6420] netlink: 44 bytes leftover after parsing attributes in process `syz.0.997'.
[   89.788341][ T6426] netlink: 'syz.0.998': attribute type 5 has an invalid length.
[   89.828063][ T6428] loop5: detected capacity change from 0 to 1764
[   89.838758][ T6430] veth1_to_bond: entered allmulticast mode
[   89.840240][ T6426] netlink: 'syz.0.998': attribute type 3 has an invalid length.
[   89.854674][ T6428] iso9660: Unknown parameter 'kfree'
[   89.872478][ T6429] veth1_to_bond: left allmulticast mode
[   89.924325][ T6438] loop0: detected capacity change from 0 to 764
[   89.930915][ T6439] loop3: detected capacity change from 0 to 128
[   89.944606][ T6439] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   89.952663][ T6439] FAT-fs (loop3): Filesystem has been set read-only
[   90.020229][ T6438] isofs: isofs_export_get_parent(): child directory not normalized!
[   90.031671][ T6439] bio_check_eod: 56488 callbacks suppressed
[   90.031687][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.031687][ T6439] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   90.053879][ T6438] rock: directory entry would overflow storage
[   90.060048][ T6438] rock: sig=0x4f50, size=4, remaining=3
[   90.065675][ T6438] iso9660: Corrupted directory entry in block 6 of inode 1792
[   90.073420][ T6440] loop5: detected capacity change from 0 to 512
[   90.082677][ T6439] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   90.090614][ T6439] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   90.105657][   T23] Process accounting resumed
[   90.105795][ T6440] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   90.121793][ T6438] vhci_hcd: invalid port number 96
[   90.126973][ T6438] vhci_hcd: default hub control req: 2000 vfffc i0060 l7
[   90.137259][ T6439] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   90.150203][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.150203][ T6439] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   90.166088][ T6440] EXT4-fs error (device loop5): ext4_quota_enable:7124: comm syz.5.1004: Bad quota inum: 2, type: 0
[   90.174273][ T6439] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   90.181949][ T6440] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   90.184859][ T6439] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   90.202550][ T6440] EXT4-fs (loop5): mount failed
[   90.212648][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.212648][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.227479][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.227479][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.257728][ T6455] netlink: 'syz.1.1010': attribute type 1 has an invalid length.
[   90.268619][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.268619][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.290388][ T6440] loop5: detected capacity change from 0 to 2048
[   90.297079][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.297079][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.310611][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.310611][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.324666][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.324666][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.338223][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.338223][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.345384][ T2993]  loop5: p2 p3 p7
[   90.360084][ T6439] syz.3.1005: attempt to access beyond end of device
[   90.360084][ T6439] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   90.364854][ T6440]  loop5: p2 p3 p7
[   90.380209][ T6459] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6459 comm=syz.1.1010
[   90.396156][ T6459] loop1: detected capacity change from 0 to 512
[   90.403447][ T6459] ext4: Unknown parameter 'uid<00000000000000000000'
[   90.446736][ T2993]  loop5: p2 p3 p7
[   90.519205][ T6461] loop0: detected capacity change from 0 to 1764
[   90.573623][ T6461] iso9660: Unknown parameter 'kfree'
[   90.638498][ T3978] udevd[3978]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[   90.645081][ T3523] udevd[3523]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[   90.660632][ T3703] udevd[3703]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[   90.693176][ T6465] xt_l2tp: invalid flags combination: 8
[   90.717559][   T23] Process accounting resumed
[   90.738863][ T6475] siw: device registration error -23
[   90.830740][ T6488] loop3: detected capacity change from 0 to 512
[   90.881385][ T6488] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.1025: error while reading EA inode 32 err=-116
[   90.888938][ T6496] loop5: detected capacity change from 0 to 1024
[   90.915112][ T6496] EXT4-fs: Ignoring removed nomblk_io_submit option
[   90.927587][ T6488] EXT4-fs (loop3): Remounting filesystem read-only
[   90.934206][ T6488] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   90.950168][ T6496] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[   90.951056][ T6488] EXT4-fs (loop3): 1 orphan inode deleted
[   90.965243][ T6488] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.988408][ T6496] System zones: 0-1, 3-36
[   91.004266][ T6496] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.053737][ T6504] netlink: 'syz.0.1032': attribute type 1 has an invalid length.
[   91.080562][ T6507] usb usb5: usbfs: process 6507 (syz.3.1033) did not claim interface 0 before use
[   91.172007][ T6515] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6515 comm=syz.0.1032
[   91.190839][ T6496] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.1029: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[   91.208100][ T6515] loop0: detected capacity change from 0 to 512
[   91.219312][ T6501] pimreg: entered allmulticast mode
[   91.227176][   T29] kauditd_printk_skb: 481 callbacks suppressed
[   91.227203][   T29] audit: type=1400 audit(91.208:6147): avc:  denied  { unmount } for  pid=5412 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   91.233938][ T6515] ext4: Unknown parameter 'uid<00000000000000000000'
[   91.265919][ T6514] siw: device registration error -23
[   91.273251][ T6505] pimreg: left allmulticast mode
[   91.286044][ T6518] loop5: detected capacity change from 0 to 128
[   91.310007][ T6518] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[   91.317990][ T6518] FAT-fs (loop5): Filesystem has been set read-only
[   91.325493][   T29] audit: type=1326 audit(91.308:6148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   91.327288][ T6518] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[   91.355883][ T6518] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[   91.378874][   T29] audit: type=1326 audit(91.348:6149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   91.412516][   T29] audit: type=1326 audit(91.398:6150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb36bf7eba9 code=0x7ffc0000
[   91.434481][   T29] audit: type=1326 audit(91.398:6151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb36bf7ebe3 code=0x7ffc0000
[   91.456612][   T29] audit: type=1326 audit(91.428:6152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb36bf7d65f code=0x7ffc0000
[   91.478527][   T29] audit: type=1326 audit(91.428:6153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb36bf7ec37 code=0x7ffc0000
[   91.481232][ T6490] loop1: detected capacity change from 0 to 1024
[   91.506738][   T29] audit: type=1326 audit(91.458:6154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb36bf7d510 code=0x7ffc0000
[   91.529197][   T29] audit: type=1326 audit(91.458:6155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb36bf7e7ab code=0x7ffc0000
[   91.560879][   T29] audit: type=1326 audit(91.538:6156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6489 comm="-" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb36bf7d80a code=0x7ffc0000
[   91.638397][ T6534] SELinux: security_context_str_to_sid () failed with errno=-22
[   91.718467][ T6538] loop3: detected capacity change from 0 to 2048
[   91.758833][   T41] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[   91.800391][   T41] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   91.812702][   T41] EXT4-fs (loop3): This should not happen!! Data will be lost
[   91.812702][   T41] 
[   91.822506][   T41] EXT4-fs (loop3): Total free blocks count 0
[   91.828620][   T41] EXT4-fs (loop3): Free/Dirty block details
[   91.834660][   T41] EXT4-fs (loop3): free_blocks=2415919504
[   91.840449][   T41] EXT4-fs (loop3): dirty_blocks=32
[   91.845690][   T41] EXT4-fs (loop3): Block reservation details
[   91.851860][   T41] EXT4-fs (loop3): i_reserved_data_blocks=2
[   91.865646][   T41] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4114 with max blocks 1 with error 28
[   91.878708][   T41] EXT4-fs (loop3): This should not happen!! Data will be lost
[   91.878708][   T41] 
[   91.909551][ T6545] usb usb5: usbfs: process 6545 (syz.3.1044) did not claim interface 0 before use
[   91.973725][ T6547] loop3: detected capacity change from 0 to 512
[   92.007501][ T6547] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   92.095836][ T6547] EXT4-fs (loop3): mount failed
[   92.149692][ T6555] SELinux:  Context system_u:object_r:gpg_exec_t:s0 is not valid (left unmapped).
[   92.163530][ T6558] netlink: 'syz.1.1049': attribute type 1 has an invalid length.
[   92.217535][ T6565] SELinux:  policydb table sizes (2,0) do not match mine (8,7)
[   92.225582][ T6565] SELinux: failed to load policy
[   92.270280][ T6577] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[   92.276845][ T6577] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   92.284712][ T6577] vhci_hcd vhci_hcd.0: Device attached
[   92.295949][ T6583] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6583 comm=syz.1.1049
[   92.313059][ T6577] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.326478][ T6583] loop1: detected capacity change from 0 to 512
[   92.335370][ T6583] ext4: Unknown parameter 'uid<00000000000000000000'
[   92.384922][ T6577] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.403210][ T6590] loop0: detected capacity change from 0 to 512
[   92.410254][ T6590] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   92.456563][ T6590] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.1061: bg 0: block 4: invalid block bitmap
[   92.469439][ T6590] EXT4-fs (loop0): Remounting filesystem read-only
[   92.479751][ T6590] EXT4-fs (loop0): 1 truncate cleaned up
[   92.486924][ T6577] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.517016][ T6603] FAULT_INJECTION: forcing a failure.
[   92.517016][ T6603] name failslab, interval 1, probability 0, space 0, times 0
[   92.529770][ T6603] CPU: 1 UID: 0 PID: 6603 Comm: syz.5.1066 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   92.529794][ T6603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   92.529803][ T6603] Call Trace:
[   92.529809][ T6603]  <TASK>
[   92.529815][ T6603]  __dump_stack+0x1d/0x30
[   92.529884][ T6603]  dump_stack_lvl+0xe8/0x140
[   92.529898][ T6603]  dump_stack+0x15/0x1b
[   92.529992][ T6603]  should_fail_ex+0x265/0x280
[   92.530013][ T6603]  should_failslab+0x8c/0xb0
[   92.530033][ T6603]  kmem_cache_alloc_node_noprof+0x57/0x320
[   92.530137][ T6603]  ? __alloc_skb+0x101/0x320
[   92.530156][ T6603]  __alloc_skb+0x101/0x320
[   92.530174][ T6603]  tipc_msg_create+0x47/0x230
[   92.530272][ T6603]  tipc_group_proto_xmit+0xb7/0x2f0
[   92.530353][ T6603]  tipc_group_delete+0x97/0x290
[   92.530455][ T6603]  tipc_sk_leave+0xa9/0x270
[   92.530474][ T6603]  tipc_release+0x83/0xd20
[   92.530489][ T6603]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   92.530510][ T6603]  ? locks_remove_posix+0x1b4/0x300
[   92.530586][ T6603]  ? vfs_write+0x7e8/0x960
[   92.530606][ T6603]  sock_close+0x68/0x150
[   92.530634][ T6603]  ? __pfx_sock_close+0x10/0x10
[   92.530679][ T6603]  __fput+0x298/0x650
[   92.530887][ T6603]  fput_close_sync+0x6e/0x120
[   92.530988][ T6603]  __x64_sys_close+0x56/0xf0
[   92.531005][ T6603]  x64_sys_call+0x2738/0x2ff0
[   92.531024][ T6603]  do_syscall_64+0xd2/0x200
[   92.531094][ T6603]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   92.531171][ T6603]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   92.531196][ T6603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.531215][ T6603] RIP: 0033:0x7fe97428eba9
[   92.531284][ T6603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.531341][ T6603] RSP: 002b:00007fe972cef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   92.531358][ T6603] RAX: ffffffffffffffda RBX: 00007fe9744d5fa0 RCX: 00007fe97428eba9
[   92.531372][ T6603] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   92.531383][ T6603] RBP: 00007fe972cef090 R08: 0000000000000000 R09: 0000000000000000
[   92.531396][ T6603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.531458][ T6603] R13: 00007fe9744d6038 R14: 00007fe9744d5fa0 R15: 00007ffcca1f22d8
[   92.531475][ T6603]  </TASK>
[   92.531511][    T9] usb 7-1: new high-speed USB device number 4 using vhci_hcd
[   92.664397][ T6611] loop5: detected capacity change from 0 to 1764
[   92.731538][ T6577] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.755914][ T6611] iso9660: Unknown parameter 'kfree'
[   92.829253][ T6613] pimreg: entered allmulticast mode
[   92.835079][ T6590] pimreg: left allmulticast mode
[   92.847883][ T6620] loop5: detected capacity change from 0 to 512
[   92.882178][ T6620] EXT4-fs error (device loop5): ext4_xattr_inode_iget:442: comm syz.5.1072: error while reading EA inode 32 err=-116
[   92.892647][  T140] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.915921][  T140] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.925103][  T140] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.930465][ T6620] EXT4-fs (loop5): Remounting filesystem read-only
[   92.940012][ T6620] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   92.942222][  T140] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.973932][ T6627] loop1: detected capacity change from 0 to 512
[   92.983136][ T6620] EXT4-fs (loop5): 1 orphan inode deleted
[   93.009829][ T6627] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   93.037969][ T6627] EXT4-fs (loop1): mount failed
[   93.043469][ T6578] vhci_hcd: connection reset by peer
[   93.054575][  T140] vhci_hcd: stop threads
[   93.058876][  T140] vhci_hcd: release socket
[   93.063385][  T140] vhci_hcd: disconnect device
[   93.106255][ T6640] validate_nla: 1 callbacks suppressed
[   93.106329][ T6640] netlink: 'syz.4.1080': attribute type 1 has an invalid length.
[   93.209422][ T6646] loop1: detected capacity change from 0 to 512
[   93.216622][ T6646] ==================================================================
[   93.224804][ T6646] BUG: KCSAN: data-race in fsnotify_detach_mark / fsnotify_handle_inode_event
[   93.233692][ T6646] 
[   93.236012][ T6646] write to 0xffff888103fe39a4 of 4 bytes by task 3969 on cpu 1:
[   93.243631][ T6646]  fsnotify_detach_mark+0xba/0x160
[   93.248739][ T6646]  fsnotify_destroy_mark+0x70/0x150
[   93.253959][ T6646]  __se_sys_inotify_rm_watch+0xe8/0x170
[   93.259503][ T6646]  __x64_sys_inotify_rm_watch+0x31/0x40
[   93.265037][ T6646]  x64_sys_call+0x2e86/0x2ff0
[   93.269715][ T6646]  do_syscall_64+0xd2/0x200
[   93.274220][ T6646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.280196][ T6646] 
[   93.282505][ T6646] read to 0xffff888103fe39a4 of 4 bytes by task 6646 on cpu 0:
[   93.290035][ T6646]  fsnotify_handle_inode_event+0x125/0x220
[   93.295849][ T6646]  fsnotify+0x13c9/0x14b0
[   93.300202][ T6646]  __fsnotify_parent+0x2ed/0x330
[   93.305171][ T6646]  __fput+0x1de/0x650
[   93.309153][ T6646]  fput_close_sync+0x6e/0x120
[   93.313821][ T6646]  __x64_sys_close+0x56/0xf0
[   93.318394][ T6646]  x64_sys_call+0x2738/0x2ff0
[   93.323063][ T6646]  do_syscall_64+0xd2/0x200
[   93.327563][ T6646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.333444][ T6646] 
[   93.335749][ T6646] value changed: 0x00000003 -> 0x00000000
[   93.341447][ T6646] 
[   93.343850][ T6646] Reported by Kernel Concurrency Sanitizer on:
[   93.349983][ T6646] CPU: 0 UID: 0 PID: 6646 Comm: syz.1.1083 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   93.359686][ T6646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   93.369732][ T6646] ==================================================================
[   93.383485][ T6651] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3088 sclass=netlink_route_socket pid=6651 comm=syz.4.1080
[   93.399966][ T6646] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   93.418400][ T6646] EXT4-fs error (device loop1): ext4_quota_enable:7124: comm syz.1.1083: Bad quota inum: 2, type: 0
[   93.434859][ T6646] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-117, ino=2). Please run e2fsck to fix.
[   93.450619][ T6646] EXT4-fs (loop1): mount failed
[   93.475118][ T6646] loop1: detected capacity change from 0 to 2048
[   93.526257][ T3523]  loop1: p2 p3 p7
[   93.539635][ T6646]  loop1: p2 p3 p7
[   97.821357][    T9] vhci_hcd: vhci_device speed not set