last executing test programs:

4.793669656s ago: executing program 3 (id=607):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000100b7000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6)
unshare(0x40000bda)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_free_blocks\x00', r4, 0x0, 0x7}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000011300000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000e41f0800034000000120140000001000010000000000000000000084000a"], 0xd0}}, 0x20050800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
r8 = syz_open_dev$usbfs(0x0, 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x208e24b)
socket$inet6_sctp(0xa, 0x5, 0x84)

3.478718827s ago: executing program 2 (id=606):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000100b7000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6)
unshare(0x40000bda)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_free_blocks\x00', r4, 0x0, 0x7}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000011300000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000e41f0800034000000120140000001000010000000000000000000084000a"], 0xd0}}, 0x20050800)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000d80)={[{@mblk_io_submit}, {@dioread_nolock}, {@bh}, {@errors_continue}, {@nouid32}, {@quota}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
r8 = syz_open_dev$usbfs(0x0, 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x208e24b)
socket$inet6_sctp(0xa, 0x5, 0x84)

3.471071557s ago: executing program 3 (id=608):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3)
pause()
fcntl$setsig(r3, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r4}], 0x2c, 0xffffffffffbffff8)
dup2(r3, r4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
tkill(r2, 0x31)
fcntl$setown(r3, 0x8, r2)
tkill(r2, 0x13)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r5}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pause()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mm_page_free\x00', r6, 0x0, 0x5}, 0x18)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f00000002c0)={0x5, <r7=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000300)=r7, 0x4)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000008c0)={[{@bsdgroups}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@grpquota}]}, 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000002, 0xe, 0xfffffffffffffda9, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.58737232s ago: executing program 3 (id=615):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) (fail_nth: 3)

2.334763574s ago: executing program 3 (id=618):
syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00') (async)
syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00')
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e6400000008000740", @ANYRES8=r2], 0x104}, 0x1, 0x0, 0x0, 0x11}, 0x0)
close_range(r1, 0xffffffffffffffff, 0x400000000000000)

2.281585635s ago: executing program 1 (id=620):
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'wg0\x00', <r0=>0x0})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000500), 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000540)='workqueue_activate_work\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x4, 0x4, 0x4, 0x4}, 0x50)
close(r3)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x2100, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = openat$selinux_policy(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030006000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x0)
r7 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_icmp_ICMP_FILTER(r7, 0x1, 0x1, &(0x7f0000000340)={0xedc}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x40, r9, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}}, 0xc800)
sendmsg$SMC_PNETID_DEL(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r9, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r4, 0x0)

2.280578425s ago: executing program 2 (id=621):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0x2000007d, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="10b700c04a334a000000b708000072a497cb1c7a9b12000000007b8af8ff000b7f00"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
io_setup(0xb2, &(0x7f0000000200)=<r2=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_io_uring_setup(0x3edf, &(0x7f00000001c0)={0x0, 0x0, 0x100, 0x10, 0x0, 0x0, 0x0}, &(0x7f0000002000), &(0x7f0000ffd000))
io_uring_register$IORING_REGISTER_FILES_UPDATE(r3, 0x3, 0x0, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002)
io_submit(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES16=r2], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0xfffffe2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
fallocate(r5, 0x8, 0x4000, 0x4000)
ppoll(&(0x7f0000000180)=[{r1}], 0x1, 0x0, 0x0, 0x0)
io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
shutdown(r1, 0x0)

2.210663036s ago: executing program 3 (id=622):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
lsm_get_self_attr(0x64, 0x0, &(0x7f0000000400), 0x0)
pipe(0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pipe(0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
write(r0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r2 = openat(0xffffffffffffff9c, 0x0, 0x248002, 0x90)
pwrite64(r2, 0x0, 0x0, 0x9000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
write(r4, &(0x7f0000004200)='t', 0x1)
sendfile(r4, r3, 0x0, 0x3ffff)
sendfile(r4, r3, 0x0, 0x7ffff000)
sched_setaffinity(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x814)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0)
link(&(0x7f0000000280)='./file1\x00', 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat(0xffffffffffffffff, 0x0, 0x2040, 0x40)
fcntl$setlease(r5, 0x400, 0x0)

2.085214708s ago: executing program 1 (id=625):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = open(&(0x7f0000000480)='./bus\x00', 0x1050c1, 0x170)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
getrandom(0x0, 0x0, 0x2)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x8}]})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r5 = shmget$private(0x0, 0x2000, 0x1, &(0x7f0000ffe000/0x2000)=nil)
shmat(r5, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f00000002c0)={'veth0\x00', 0xe00})
r6 = socket$kcm(0x10, 0x2, 0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x4040)
splice(r7, &(0x7f0000000280)=0x10000, r8, &(0x7f00000003c0)=0x6, 0x7, 0x1)
sendmsg$inet(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703100000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4014)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r3, 0x8008f512, &(0x7f0000000500))
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000004c0)={'syztnl1\x00', &(0x7f0000000400)={'ip6_vti0\x00', 0x0, 0x2f, 0x80, 0xac, 0x9, 0x40, @remote, @rand_addr=' \x01\x00', 0x7, 0x80, 0x1, 0xbc}})
r9 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000040), 0x208000, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r9}})
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x201000, 0x0)

1.774063143s ago: executing program 1 (id=628):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r1}, 0x18)
pipe2(&(0x7f0000001cc0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@uname={'uname', 0x3d, '\xd0\xae\xde\xc1\xaa \xff\xd8\x1d\x1b\xf8\x93)!|\xb0X\xa3\x96\xed\xa2\xab@\xa2m\x93\xdd\b<\x00t\xdc\xabl\xab!\xae\x16\xc4\xcd\xf9{\xdc5_;A\xd2{eC\x014\\\xb3\xc4\xce\xc3yS2-\x01\xbe\xaarW\x96O\xd3\x0f\xe2\xd7/\x17\x1d\xa7.8\x9f8-\xea<\x8d\x91\x90j\xea\xd5\xd5\xae\xcc\xc0\x97\xef\x10\x92\xea\x98|+\x00\x00\x00\x00\x00\x00\x00\x00'}}]}})
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
pipe2$9p(&(0x7f0000001900)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r7}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r8}, 0x10)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r10, 0x0, 0x5}, 0x18)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000540)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r6}, &(0x7f00000001c0), &(0x7f00000003c0)=r7}, 0x20)
r11 = dup(r5)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[], [], 0x6b}})

1.552762046s ago: executing program 4 (id=630):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0xe23, @remote}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000340)='_', 0x1}, {0x0}, {0x0}], 0x3}, 0x44864)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000300), 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280), 0x4)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r4=>r2, {0x2}}, './file0\x00'})
openat$vsock(0xffffffffffffff9c, &(0x7f0000000480), 0x2b8d00, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x0, 0x0, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x2, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000030500000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1546010200100000240012800b00010067656e65766500001400028005000800010000000500090000000000"], 0x44}, 0x1, 0x0, 0x0, 0x8011}, 0x48000)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
getpeername$inet(r7, &(0x7f0000000000)={0x2, 0x0, @loopback}, &(0x7f0000000240)=0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r8}, 0x10)
sendmsg$key(r5, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @remote}})
ioctl$sock_inet_SIOCSIFADDR(r1, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @broadcast}})

1.459148288s ago: executing program 2 (id=631):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
open(&(0x7f0000000280)='.\x00', 0x0, 0x8)
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000080000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0x10)
socket$inet6(0xa, 0x80003, 0x6)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x12, 0x0, 0x0, 0x2, 0x0, 0x4000000}, 0x10}}, 0x0)

1.431793208s ago: executing program 0 (id=632):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000280)=0x80000001, 0x4)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000200000fe18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {}, {0x6, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x890}, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000200)=ANY=[@ANYBLOB="696f636861727365743d63703835352c757466382c757466382c646d6f64653d3078303030303030303030303030393063382c63727566742c6f76657272696465726f636b7065726d2c636865636b3d7374726963742c6d61703d6f66662c6d6f64653d3078303030303030303030303030303030312c6d61703d6f66662c6f76657272696465726f636b7065726d2c696f636861727365743d64656661756c742c00553459239cc27347a48417c0f93ac0ba095e7cffc5c4fddc72b0acbb858ade3fa8677c39e605a858f1fc03aa3bb441f12627176b75e5312fd7b76a313eafaed505a653df3f3e4755d83dbfae9108d0698e5c7dd588899b31e82cc76d03aa10466b2c8cf82a352e67b4942d149ea42a7612de672d0824c9e3534784c0dd0e80f86758ea33fe023501c9caf88b760bca5be74b221f9b42d23d812d3628e05751725edf05033ecf2aede9bc0000000000000000000000001932664a95e40c386b4e989f0e60bd9c00bc7d00"/375], 0x12, 0x9ef, &(0x7f0000000e40)="$eJzs3ctvXNd9B/Dv5UOiaUOSbdV1BdsayZVM2yxFUrVUwYtWIkcSXT4KkgIsdGG5FlUIYuvWbgHbKFAZKLqKkQAJskh2RlZZGfAm3gTeJbtklUWAwP+CkZWyYnDvDKkhOeSQMh+y/PkQM3Mfv3vO7859HM7MnTlhf914YrO5d9dNWTq8amxpqbo94Pi1n3+T1Pn2uzT+1aeffVLePr6bA+nOa8Uvkr4ktaQnybNJ79j47MxUh4LuJDeSfJkUSQ6m8bglN1J8Py2HwZcpflrWu6EDWy2ZTpb4Ttvv/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5Gxdj48PBIcSAT09ferDUktXXGxmdniiwtrZ+zvEzDF1Wv38UXHetNivKWvr7lrr6fPXp/9jNJaifzXGPsuapD8vTlo8efOfL60z1dy8tvlM03cnDrxb7/4Ud33l5cXHhvVxJ5+F2pT0/MzUxMXbxSr03MzdQunDs3fObq5bna5YnJ+tz1ufn6VG1stn5xfma2NjD2cm3kwoWztfrQ9Zlr01fGhybryxPP/83o8PC52htD/1S/ODs3M33mjaG5sasTk5MT01eqmHJ2GXO+3BH/cWK+Nl+/OFWr3bq9uHB2TU7dWbP/lkEjndakDBrtFDQ6PDo6MjI6OvJxs/fslQnnXrvw2vnh4Z7hNbIuYpd2Wh4uj228mXf+JA4PqKvR/ieTmch0ruXN1Nr+jWU8s5nJ1Abzm5bb/1Nn6pvW29r+N1v5npbZx8q7k3mhOdq3Qfu/QS579/d+PsxHuZO3s5jFLOS9fc9ob/+upJ7pTGQuM5nIVC5WU2rNKbVcyLmcy3DeytUcz1xquZyJTKaeuVzPXOZTr/aoscymnouZz0xmU8tAxvJyahnJhVzI2dRSz1CuZybXMp0rGc/FqpRbuV0972c3yXElaGQrQaObBK1rzLfd/tfX/nPCd87On8ThAS012/8DnUMHxvYiIQAAAGDH/dWvc+joU7/6Q1Lk+ep9+csTk/Xh/U4LAAAA2EHV5XrPlQ+95dDzKbz+BwAAgEdNUX3HrkjSn+ONoeVvQnkTAAAAAB4R1ef/L6Q4fn+C1/8AAADwiOn8G/sdI4rB5Z//rd1sPN5sRjTGiv7LE5P1obGZyddHcrr6lYHqmwbrSutOit7q6wev5EQj6kR/47H/follnX1l1MjQ6yN5JSebKzLwYvnw4kCbyNFG5EuNyJdaI7uzKvJsGQkAj7qTm7THW23/X8lgI2LwWNXk9xxr0wYPa1kB4GGx0sfOn5pdmrVp/5sRL2zU/v/tJq//y4incut445KCobyTd7OYmxlM84qD4+1KXe6NoHEZwmCHdwP6m5cs/PZ8VwbXvR/Qt7KurbELGc1g23cEWsotlnM424jr3p1tAAB77eSm7fDW2v/BDq//+11SCAAPlZUe7HdxYL/XEQBYTSsNAAAAAAAAAAAAAAAAAAAAAAAAAAAAO29LP+D/m9PJ4uJCsgedBawM9G0nw80HurJHOe/7QHeS/ar977Ptpcpt/LA8dQZWD+zziQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA9USTd7aZ3JQeTDCc5s/dZ7Z67+53ATqk92GLFvdzLBzm00+kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzXNX//vyuNx8cbk9LTlZxKciPJP+93jjvp3n4nsG/+rbpv+f3/rqQ3S0V6Gps9Re/Y+OzMVLn5i4Pl/K8+/eyT8ta57PW9KpQFlDWs6lyiWUPLlN7VSz1ZLdU/vvD+nf969z9q45eqHfPS/OXJ8akrs/9wP/CZ4vNGFwit3SAs5/s/p375g5bJB5qVf16uaXtr671c1Tu+vt6/bLf0BvVuwe3FhdGypvn6m/P//e+3P2iZ9VROJC8OJAOra/rX8rZBTSfWPp+rFV8X/18cyo9zo9r+5bNRLBXlJjpcrf9jt24vLgy98+7izZWc/ndVTkdyPMnNpG/rOR2vzidtVXtdV29Z63AVVN4d7VDeplpKHNngeX2y2mX6t7UOtY3XodLheW9mdLZtRj/8z6dzettb+nSHGtsqvi5+X1zN7/J/Lf1/dJXb/1TaHp1tiqgiW/aU1nmrDq+uRmS15qOtM95aW+aGRyW74Hv5l/zdyvbvajn/N7fV3pyPWmpsf1wk2z8ufnZ4XYtyX9UiHV3TIjXPPhst08zzaCNqgzz/Iq8mPce2dUZ5tcMZZbeO/58UA/lj7ur/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePgVSXe76V3JqSRHkhwux2vJ0tqYuw9QX1d/8SBp7pgHyfnbp9hwRYt7uZcPcmivMwIAAAAAAABgd1wa/+rTzz4pb9Xn8d35667mnFrSk+RI8aPesfHZmakOBfUmN5Y/0u/bXg43yrsn7o9/WY4922Gh/b18AAC+1f4cAAD//7IYb70=")
r7 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r7, &(0x7f0000002240)=""/237, 0xed, 0x619)
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000600)=@generic={&(0x7f00000005c0)='./file0\x00', 0x0, 0x8}, 0x18)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000340)=[@in6={0xa, 0x4e23, 0xecf9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, @in6={0xa, 0x4e23, 0x106, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8}], 0x38)
r9 = socket(0x1e, 0x4, 0x0)
io_setup(0x2, &(0x7f0000002400)=<r10=>0x0)
io_submit(r10, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x2}])
r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xcb8f}, [@map_idx={0x18, 0x2, 0x5, 0x0, 0xf}]}, &(0x7f0000000040)='syzkaller\x00', 0x964, 0x66, &(0x7f00000000c0)=""/102, 0x41000, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x4, 0x2, 0x0, 0x1}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000001c0)=[r8, r1], &(0x7f0000000200)=[{0x3, 0x2, 0x3, 0x4}, {0x3, 0x4, 0xe, 0x7}, {0x0, 0x5, 0x10, 0x2}], 0x10, 0x7f}, 0x94)
r12 = eventfd(0x48000000)
io_cancel(r10, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x3, r11, &(0x7f0000000480)="5c0e1b4ce285c0d840ce80d30c0370e9373605335c716a283392736a8aaca72e2ea6a225312f2b81f9222cab57c80e125a3ddbac2e259316c8bf7ef81ba631ac247569801bae6f6d7ab3fb6eb53b4fccd3132fb8da729f6e353bb8b2a1b19bf3adee00c713a5f95267c25f63372456d4f2f65dbba7f648b7789a08f9c7f8a250ca9bd06a6f3f8a04905dfcab5d8351fe57fb3d05f00b7538198acef9f965fc9c1d151a15915336805ad876e434f64b3cfb6f2422ad95def7eaf8add328a1b96729d95353ba138db362556f68c6afcc0571", 0xd1, 0xfffffffffffff800, 0x0, 0x2, r12}, &(0x7f0000000300))

1.430860818s ago: executing program 4 (id=633):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r4=>0x0})
sendmsg$can_bcm(r3, &(0x7f0000000180)={&(0x7f0000000240)={0x1d, r4}, 0x10, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="010000000f00"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="030000e001"], 0x48}, 0x1, 0x0, 0x0, 0x8004}, 0x4010)

1.380387209s ago: executing program 2 (id=634):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000740)=ANY=[@ANYRES64, @ANYRESOCT, @ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000340)={@cgroup, r0, 0x24, 0x0, r2}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r3}, 0x0, &(0x7f00000004c0)='%pI4   \x00'}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000100)={'wlan1\x00', 0x400})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_open_dev$evdev(0x0, 0x0, 0x0)
r6 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r6, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r6, 0x47f6, 0x0, 0x2, 0x0, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70200001400f400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x2d)
r11 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10}, &(0x7f0000000340)=<r12=>0x0, &(0x7f0000000580)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r11, 0x47f9, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x77359400}, 0x0)

1.375673689s ago: executing program 4 (id=635):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r4=>0x0})
sendmsg$can_bcm(r3, &(0x7f0000000180)={&(0x7f0000000240)={0x1d, r4}, 0x10, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="010000000f00"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="030000e001"], 0x48}, 0x1, 0x0, 0x0, 0x8004}, 0x4010)

1.372329239s ago: executing program 3 (id=636):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='mm_page_free\x00', r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x2)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000003060101000000007e625f4609ca6fd90500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000)

1.29309241s ago: executing program 4 (id=637):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
unlinkat(0xffffffffffffffff, 0x0, 0x200)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r3, 0xffffffffffffffff, 0x0)

1.273927011s ago: executing program 4 (id=638):
unshare(0x40040600)
syz_read_part_table(0x618, &(0x7f0000002200)="$eJzs3D+IFGcUAPC3dzc7dwqehUWwiWctBMXSK6LsbQwGZE0IHBb5iwhXXeBgQxY3eEVyheIWYplGApviXKvoFVY5FFIHsTAIW9gETBNiipsws3O3GzgOEjaE4O9XfN/bnTfvzQfTvgn+1yYiKaMsLbY3PtozP5sdxu14r1tbOJtlWfZuRCUuRhJzyYFeRExF9G6NVI2jEbF/pM7tb/ZtfP3rW0n3yYVktH470jiY51YjL1ma2e1R0r99WMZufX5z9urqcv1a/qPe6m+9H3HnRa1x79xapzeZnPkk//9KxMMyf6pYZya27/9wKv5yZQ9fDsPKaP/tl+Py43qrf6v77PjW4frk95dOvTyycf3BiYiVvPL5KF72oeo/P/Oo9fnNrFT0X5m7sdhpnT5299DNk837jxrPJ38vLw9aToynLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/5L1fFmtxrXm/OXH9Vb/q59+fOfOi1rj3rm1Tu/t6pmnlUHewzJ/qtw/i2Z8HklELMVSfBrLu5d/bSc6sBMtVkb7z2/OXl1drg/6/7Ev4tnxrcP17sylUy8XNq4/OFFkVWI63ybGevRd+rf6K3M3Fjut08fuHrp5snn/UeP55CBvKY2Pi+NGRDr+xwAAAAAAAAAAAAAAAAAAAOAVV1s4e+T8m42DeXxxOiJ++aKYss/Sme+imLwfOFruT9PBKP/t6cG3ALpPLvxW/eCHtZ/Lofh2pNGOiP3fJhHx+k6fK8W6/fWASIaV+S/9GQAA///p7o1q")
r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0x5, &(0x7f0000000440)=ANY=[@ANYRES64=r1], &(0x7f0000000740)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000940)={r0, 0x0, 0x30, 0x0, &(0x7f00000007c0)="e0b9547e0087dbeb00009b22562e0e1feb256c068c2fdeed42d538cdaaeed6512fe85aebd04f7667c068412a2487b27c", 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000002c0)={'ip6_vti0\x00', 0x800})
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0104008000000000000002000000300004802c0001800900010068617368000000001c000280080001400000000a080003400000008f08000240000000110900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a0b6eb7a0cecc565e3f2b81d3a600da08a18e"], 0x84}}, 0x0)
ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00', 0x2})
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000010000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000002c0)='tlb_flush\x00', r5}, 0x18)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xa, 0x2)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0xa0601, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000005000000000000876e107c24accde4ed9911ff987200000000950000003b7200000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r7}, 0x18)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r8, 0x29, 0x39, &(0x7f0000000280)=ANY=[], 0x18)
ioctl$TUNSETIFF(r6, 0x400454da, &(0x7f0000000140)={'bond0\x00', 0x100})
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r9}, 0x10)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432})
preadv2(r1, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

1.234893531s ago: executing program 0 (id=639):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/38, 0x26}], 0x1, 0xffff, 0xddd073cf)

1.180098402s ago: executing program 0 (id=640):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x18)
remap_file_pages(&(0x7f0000c0e000/0x2000)=nil, 0x2000, 0x1000001, 0x2, 0x40000)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000080)={<r2=>0x0, @in6={{0xa, 0x4e23, 0x400, @empty, 0xfffffffc}}, 0x9b, 0x8}, &(0x7f0000000300)=0x90)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000340)={r2, 0x3279}, &(0x7f0000000380)=0xc)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000400), 0x48000, 0x0)
accept4$phonet_pipe(r3, &(0x7f0000000440), &(0x7f0000000480)=0x10, 0x80000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000010000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000380)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xffff}, {0x6, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xfff}, @TCA_FQ_PIE_ALPHA={0x8, 0x5, 0xe}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000000}, 0x2000400c)

1.068644344s ago: executing program 1 (id=641):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_TYPE={0x6}]}}}]}, 0x3c}}, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x300c0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='gre\x00')

958.453245ms ago: executing program 1 (id=642):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x8000000000004}, 0x18)
r2 = io_uring_setup(0x4d3f, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue0\x00', 0x200000})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r2, 0xb, &(0x7f0000000480), 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0x36, 0x1, 0x0, 0x3, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x4, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x1, 0xfffffff9, 0x0, 0x10, 0x3, 0x800b, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4c000)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x1f, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r8, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x1000000)

847.734517ms ago: executing program 0 (id=643):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="176413010000404b3234b26d6dfb64871f518e76bac1f49df954b7cbb7526cc871585a22c0e4de89dcb1571b7518a45816dac96ff4f3283a6b3bf95d12e2528c5ab34c1e46", @ANYRES32=0x1, @ANYBLOB="00509f2cdd0000000000db2704d910413388000056fc4f072592da8b8161383d43eea61dc08a7d7219b4393ae71e61767a24fdce7aa88aa085584b17be39fd79947078aa5bb7710477e7e00beed47c8d051b744fa45ec0cbd3aeebef2fbc6006e90000000000002f1b9c1e089f82e8831c576e222365217688c0d1618338fe6130929cb7934e404b8990162035668bcef2467d530c6b5694d6ed5bc7636cf43ce2db3f42c4ab4c73d4221736e3266241bcffcc3897f96c2ce002e18f440281eb419f61a356e6817613", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000feffffff00"/28], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x470c}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_read_part_table(0x61f, &(0x7f0000000cc0)="$eJzs0z2IHVUbB/D/mfu58L5skNhoMAvamsI0sViSRaME0V38KmzERhCsAhYWcm9ICittbI0IKcTCNGoV0UJ2BfFjtQkWIiHYWCmiCIGR+bjZC4rNLory+3GZOXOe554zw/Oc8C83Sl2XlaSUZJ5k9Y53kmFd17NkPuyTxvn22mTa5/fWkifefvT+xx7a2mhy+8kj/2vzy1JuyYmn28Fgb9d69Z7dNz+976f5/LM7v9oZdGlJrlTJ0eRkcnOqe61pBq9f+q7sTUJyeX179XxVTzJaf27cN9y9Zd7G6saslHZyuvSn4x/2TbV/g0VDlpKrD750/a7dE812VdP8O7u/7fVqM/o+izdZSXLrI+30IqU7QvP21Az+sM+4uTSn8VQzeK85rJMD+QD2pe2/C2fHHw3bylx94/C1Uqo2VKVqivprXZ/r63+jniZH15pQU2EFBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADtLl9e3V8dLz8WfvPn37q9WpVCX5spvKShc7l2SQ5PPSJ7/28IHsf/7C2ZVM+kVHScabP178/7EvdkbZvJhMk0NJE67aX2v6ZHsb7/sF+Ed19R/llRfXfxl1U9Mf+tgt33w8WxT45/F0dviFthHnbUt03l1aqpzcGy4Gkz/bU9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH/b6QfOrG1tVI8nVRlOk1SHLm23kXl7revktg+eeuv5Tza+HiTZnLyf5EbOlDxTL62zNenuV6pMciQ5Nmyexrn+8iJjcDO3NMvWs7/rE/kLvwcAAP//Qq9sdQ==")
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000180)=[0x0, 0x0], &(0x7f0000000200), 0x0, 0x4c, 0x0, 0x0, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x18, 0x8, 0x8, &(0x7f0000000300)}}, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, &(0x7f0000000540))
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50)
perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000700)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x42, &(0x7f0000000040), 0x3b)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000007c0)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x2, 0xc}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0xce23, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, r4, 0xb}}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='kfree\x00', r6}, 0x18)
write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0, r4}}, 0x18)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, &(0x7f0000000000), 0x10)

797.560468ms ago: executing program 1 (id=644):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0x2000007d, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="10b700c04a334a000000b708000072a497cb1c7a9b12000000007b8af8ff000b7f00bfa200000000000007028a1996a615307f"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
io_setup(0xb2, &(0x7f0000000200)=<r2=>0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_io_uring_setup(0x3edf, &(0x7f00000001c0)={0x0, 0x0, 0x100, 0x10, 0x0, 0x0, 0x0}, &(0x7f0000002000), &(0x7f0000ffd000))
io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x3, 0x0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002)
io_submit(0x0, 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r7, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES16=r2], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0xfffffe2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fallocate(r6, 0x8, 0x4000, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x4}, 0x18)
ppoll(&(0x7f0000000180)=[{r1}], 0x1, 0x0, 0x0, 0x0)
io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
shutdown(r1, 0x0)

422.239674ms ago: executing program 2 (id=645):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
open(&(0x7f0000000280)='.\x00', 0x0, 0x8)
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000080000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0x10)
socket$inet6(0xa, 0x80003, 0x6)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x12, 0x0, 0x0, 0x2, 0x0, 0x4000000}, 0x10}}, 0x0)

415.142884ms ago: executing program 0 (id=646):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x1f0, 0x0)
mq_notify(r1, 0x0)

367.183504ms ago: executing program 2 (id=647):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
lsm_get_self_attr(0x64, 0x0, &(0x7f0000000400), 0x0)
pipe(0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
pipe(0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
write(r0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r2 = openat(0xffffffffffffff9c, 0x0, 0x248002, 0x90)
pwrite64(r2, 0x0, 0x0, 0x9000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
write(r4, &(0x7f0000004200)='t', 0x1)
sendfile(r4, r3, 0x0, 0x3ffff)
sendfile(r4, r3, 0x0, 0x7ffff000)
sched_setaffinity(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x814)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0)
link(&(0x7f0000000280)='./file1\x00', 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x2040, 0x40)

294.084315ms ago: executing program 0 (id=648):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f00000100000012"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a40)={r2, 0x0, 0x0}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r1}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010140001800c0001"], 0x118}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), r6)
sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090322bd700005dcdf2501000000180001801400020076657468300000000000000000000000200002801c"], 0x4c}}, 0x24040804)
r8 = socket$packet(0x11, 0x2, 0x300)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r11=>0x0})
sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r11, 0x1, 0x0, 0x6, @local}, 0x14)
sendmsg$TIPC_NL_MON_SET(r6, &(0x7f0000000600)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)={0xc4, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0x84, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x101}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2e}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000004}, 0x200400c1)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000700)=<r12=>0x0)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r13)
sendmsg$NFC_CMD_DEV_UP(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r14, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r12, @ANYBLOB="9dd92c81101610bc53038a4c6722e5639bc58ae73a3af29078688374530ca3ea7f281380a07e039007f6340f4da609cd932ef348cde495af89de4b35dfd1be5f221b344ec7cb1a9a60c7257de33545a9b63ba12822ac51fcbd81b12f54617c4c8e6f7ec73c"], 0x1c}}, 0x800)
write$nci(r3, &(0x7f0000000000)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x0, 0x3, 0x6, 0x7, {0x3, 0xea}}, 0x5)
r15 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYRESHEX=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r15, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
r16 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r16}, 0x10)

0s ago: executing program 4 (id=649):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x8}, 0x18)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000340)='keyring\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, r1)

kernel console output (not intermixed with test programs):

][ T3828] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   41.607239][ T3828]    program syz.4.96 not setting count and/or reply_len properly
[   41.607588][ T3827] team_slave_1: entered promiscuous mode
[   41.629807][ T3827] team0: entered allmulticast mode
[   41.635593][ T3827] team_slave_0: entered allmulticast mode
[   41.641419][ T3827] team_slave_1: entered allmulticast mode
[   41.648161][ T3827] bridge0: port 3(team0) entered blocking state
[   41.654554][ T3827] bridge0: port 3(team0) entered disabled state
[   41.662211][ T3827] bridge0: port 3(team0) entered blocking state
[   41.668489][ T3827] bridge0: port 3(team0) entered forwarding state
[   41.683261][ T3827] 9pnet_fd: Insufficient options for proto=fd
[   41.694226][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.740167][ T3819] EXT4-fs (loop1): pa ffff888106e6f4d0: logic 448, phys. 385, len 8
[   41.748272][ T3819] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   41.770877][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.846548][ T3838] loop3: detected capacity change from 0 to 2048
[   41.933143][ T3692]  loop3: p1 < > p2 < > p3 p4 < >
[   41.938245][ T3692] loop3: partition table partially beyond EOD, truncated
[   41.958879][ T3692] loop3: p1 start 2305 is beyond EOD, truncated
[   41.965215][ T3692] loop3: p2 start 4294902784 is beyond EOD, truncated
[   41.972094][ T3692] loop3: p3 start 3724543488 is beyond EOD, truncated
[   42.304236][ T3847] sock: sock_set_timeout: `syz.3.101' (pid 3847) tries to set negative timeout
[   42.604409][ T3849] loop4: detected capacity change from 0 to 1024
[   42.693551][ T3849] EXT4-fs: Ignoring removed nobh option
[   42.699228][ T3849] EXT4-fs: Ignoring removed bh option
[   42.823923][ T3849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.933611][ T3856] loop2: detected capacity change from 0 to 1024
[   42.986080][ T3856] EXT4-fs: Ignoring removed nobh option
[   42.991706][ T3856] EXT4-fs: Ignoring removed bh option
[   43.000182][ T3850] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.103: Allocating blocks 497-513 which overlap fs metadata
[   43.017156][ T3856] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.208982][ T3848] EXT4-fs (loop4): pa ffff888106e9f380: logic 4, phys. 129, len 24
[   43.217000][ T3848] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 22, pa_free 23
[   43.233170][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.326239][ T3838]  loop3: p1 < > p2 < > p3 p4 < >
[   43.331393][ T3838] loop3: partition table partially beyond EOD, truncated
[   43.380694][ T3838] loop3: p1 start 2305 is beyond EOD, truncated
[   43.387091][ T3838] loop3: p2 start 4294902784 is beyond EOD, truncated
[   43.394011][ T3838] loop3: p3 start 3724543488 is beyond EOD, truncated
[   43.429327][ T3864] loop4: detected capacity change from 0 to 1764
[   43.433094][ T3866] netlink: 'syz.0.107': attribute type 1 has an invalid length.
[   43.464313][ T3862] smc: net device bond0 applied user defined pnetid SYZ2
[   43.476717][ T3692] udevd[3692]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   43.477949][ T3868] loop3: detected capacity change from 0 to 164
[   43.493980][ T3862] smc: net device bond0 erased user defined pnetid SYZ2
[   43.504772][ T3868] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   43.512092][ T3692] udevd[3692]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   43.526311][ T3854] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.104: Allocating blocks 497-513 which overlap fs metadata
[   43.624074][ T3874] netlink: 'syz.1.111': attribute type 10 has an invalid length.
[   43.631966][ T3874] netlink: 40 bytes leftover after parsing attributes in process `syz.1.111'.
[   43.660042][ T3854] EXT4-fs (loop2): pa ffff888106e9f3f0: logic 400, phys. 353, len 10
[   43.668277][ T3854] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   43.681367][ T3874] 9pnet_fd: Insufficient options for proto=fd
[   43.706296][ T3877] loop4: detected capacity change from 0 to 1024
[   43.715583][ T3877] EXT4-fs: Ignoring removed nobh option
[   43.721244][ T3877] EXT4-fs: Ignoring removed bh option
[   43.753534][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.803469][ T3878] loop3: detected capacity change from 0 to 512
[   43.810391][ T3878] EXT4-fs: Ignoring removed mblk_io_submit option
[   43.816932][ T3878] EXT4-fs: Ignoring removed bh option
[   43.883279][ T3878] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   43.910700][ T3878] EXT4-fs (loop3): 1 truncate cleaned up
[   43.917112][ T3878] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.968564][ T3877] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.156712][ T3888] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   44.156712][ T3888]    program syz.1.113 not setting count and/or reply_len properly
[   44.225959][ T3875] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.110: Allocating blocks 497-513 which overlap fs metadata
[   44.336668][ T3872] EXT4-fs (loop4): pa ffff888106e9f3f0: logic 432, phys. 177, len 21
[   44.344821][ T3872] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   44.379539][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.426846][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.438900][   T29] kauditd_printk_skb: 295 callbacks suppressed
[   44.438975][   T29] audit: type=1326 audit(1750847140.196:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.518276][ T3896] loop4: detected capacity change from 0 to 1024
[   44.621180][   T29] audit: type=1326 audit(1750847140.196:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.644586][   T29] audit: type=1326 audit(1750847140.196:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.667971][   T29] audit: type=1326 audit(1750847140.196:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.691324][   T29] audit: type=1326 audit(1750847140.196:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.714645][   T29] audit: type=1326 audit(1750847140.196:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.738047][   T29] audit: type=1326 audit(1750847140.196:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.761422][   T29] audit: type=1326 audit(1750847140.196:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.784762][   T29] audit: type=1326 audit(1750847140.196:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.808071][   T29] audit: type=1326 audit(1750847140.196:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3892 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   44.851916][ T3896] EXT4-fs: Ignoring removed nobh option
[   44.858178][ T3896] EXT4-fs: Ignoring removed bh option
[   44.942828][ T3896] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.964705][ T3904] netlink: 12 bytes leftover after parsing attributes in process `syz.2.118'.
[   44.998041][ T3909] loop1: detected capacity change from 0 to 2048
[   45.053901][ T3692]  loop1: p1 < > p2 < > p3 p4 < >
[   45.058973][ T3692] loop1: partition table partially beyond EOD, truncated
[   45.066326][ T3692] loop1: p1 start 2305 is beyond EOD, truncated
[   45.072707][ T3692] loop1: p2 start 4294902784 is beyond EOD, truncated
[   45.079616][ T3692] loop1: p3 start 3724543488 is beyond EOD, truncated
[   45.138568][ T3909] loop_reread_partitions: partition scan of loop1 () failed (rc=-16)
[   45.229264][ T3893] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.115: Allocating blocks 497-513 which overlap fs metadata
[   45.284318][ T2996]  loop1: p1 < > p2 < > p3 p4 < >
[   45.289390][ T2996] loop1: partition table partially beyond EOD, truncated
[   45.297950][ T2996] loop1: p1 start 2305 is beyond EOD, truncated
[   45.304342][ T2996] loop1: p2 start 4294902784 is beyond EOD, truncated
[   45.311147][ T2996] loop1: p3 start 3724543488 is beyond EOD, truncated
[   45.320897][ T3909] sock: sock_set_timeout: `syz.1.119' (pid 3909) tries to set negative timeout
[   45.375137][ T3892] EXT4-fs (loop4): pa ffff888106e9f3f0: logic 456, phys. 209, len 19
[   45.383319][ T3892] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   45.423778][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.528506][ T3918] smc: net device bond0 applied user defined pnetid SYZ2
[   45.536098][ T3918] smc: net device bond0 erased user defined pnetid SYZ2
[   45.597961][ T3921] netlink: 'syz.0.123': attribute type 10 has an invalid length.
[   45.606434][ T3921] netlink: 40 bytes leftover after parsing attributes in process `syz.0.123'.
[   45.621790][ T3922] loop1: detected capacity change from 0 to 1024
[   45.628813][ T3922] EXT4-fs: Ignoring removed nobh option
[   45.634435][ T3922] EXT4-fs: Ignoring removed bh option
[   45.664250][ T3922] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.694220][ T3926] loop4: detected capacity change from 0 to 1764
[   45.732038][ T3921] 9pnet_fd: Insufficient options for proto=fd
[   45.867000][ T3931] netlink: 'syz.4.125': attribute type 1 has an invalid length.
[   45.973644][ T3919] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.122: Allocating blocks 497-513 which overlap fs metadata
[   46.096584][ T3935] loop0: detected capacity change from 0 to 1024
[   46.112150][ T3919] EXT4-fs (loop1): pa ffff888106e6f5b0: logic 448, phys. 385, len 8
[   46.120193][ T3919] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   46.140351][ T3935] EXT4-fs: Ignoring removed nobh option
[   46.146127][ T3935] EXT4-fs: Ignoring removed bh option
[   46.192731][ T3935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.387472][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.560925][ T3934] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.126: Allocating blocks 497-513 which overlap fs metadata
[   46.592071][ T3944] loop1: detected capacity change from 0 to 512
[   46.598623][ T3944] EXT4-fs: Ignoring removed mblk_io_submit option
[   46.599449][ T3947] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   46.599449][ T3947]    program syz.2.129 not setting count and/or reply_len properly
[   46.605085][ T3944] EXT4-fs: Ignoring removed bh option
[   46.627754][ T3944] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   46.639203][ T3944] EXT4-fs (loop1): 1 truncate cleaned up
[   46.645391][ T3944] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.723190][ T3934] EXT4-fs (loop0): pa ffff888106e6f5b0: logic 640, phys. 401, len 7
[   46.731359][ T3934] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 1, pa_free 2
[   46.753026][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.846775][ T3956] loop0: detected capacity change from 0 to 1024
[   46.853613][ T3956] EXT4-fs: Ignoring removed nobh option
[   46.859283][ T3956] EXT4-fs: Ignoring removed bh option
[   46.873346][ T3956] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.279591][ T3954] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.132: Allocating blocks 497-513 which overlap fs metadata
[   47.314624][ T3962] loop3: detected capacity change from 0 to 2048
[   47.332700][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.374334][ T3962]  loop3: p1 < > p2 < > p3 p4 < >
[   47.379465][ T3962] loop3: partition table partially beyond EOD, truncated
[   47.413233][ T3968] netlink: 'syz.2.136': attribute type 10 has an invalid length.
[   47.421123][ T3968] netlink: 40 bytes leftover after parsing attributes in process `syz.2.136'.
[   47.428476][ T3953] EXT4-fs (loop0): pa ffff888106e6f540: logic 512, phys. 257, len 16
[   47.430061][ T3968] team0: entered promiscuous mode
[   47.438080][ T3953] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 1, pa_free 2
[   47.453559][ T3962] loop3: p1 start 2305 is beyond EOD, truncated
[   47.459849][ T3962] loop3: p2 start 4294902784 is beyond EOD, truncated
[   47.466516][ T3968] team_slave_0: entered promiscuous mode
[   47.466747][ T3962] loop3: p3 start 3724543488 is beyond EOD, truncated
[   47.472460][ T3968] team_slave_1: entered promiscuous mode
[   47.484891][ T3968] team0: entered allmulticast mode
[   47.490056][ T3968] team_slave_0: entered allmulticast mode
[   47.495941][ T3968] team_slave_1: entered allmulticast mode
[   47.502814][ T3968] bridge0: port 3(team0) entered blocking state
[   47.509236][ T3968] bridge0: port 3(team0) entered disabled state
[   47.516669][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.516857][ T3968] bridge0: port 3(team0) entered blocking state
[   47.531929][ T3968] bridge0: port 3(team0) entered forwarding state
[   47.540302][ T3971] sock: sock_set_timeout: `syz.3.133' (pid 3971) tries to set negative timeout
[   47.553677][ T3966] smc: net device bond0 applied user defined pnetid SYZ2
[   47.561248][ T3972] 9pnet_fd: Insufficient options for proto=fd
[   47.578445][ T3970] smc: net device bond0 erased user defined pnetid SYZ2
[   47.596127][ T3974] loop0: detected capacity change from 0 to 1764
[   47.675136][ T3692] udevd[3692]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   47.748493][ T3985] netlink: 'syz.0.141': attribute type 1 has an invalid length.
[   47.757081][ T3982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.140'.
[   47.771169][ T3987] loop3: detected capacity change from 0 to 1024
[   47.779585][ T3987] EXT4-fs: Ignoring removed nobh option
[   47.785237][ T3987] EXT4-fs: Ignoring removed bh option
[   47.913164][ T3987] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.018321][ T3996] loop2: detected capacity change from 0 to 1024
[   48.071150][ T3996] EXT4-fs: Ignoring removed nobh option
[   48.076788][ T3996] EXT4-fs: Ignoring removed bh option
[   48.181495][ T3996] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.318538][ T3979] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.139: Allocating blocks 497-513 which overlap fs metadata
[   48.388670][ T3993] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.142: Allocating blocks 497-513 which overlap fs metadata
[   48.435130][ T3979] EXT4-fs (loop3): pa ffff888106e6f620: logic 480, phys. 401, len 7
[   48.443275][ T3979] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   48.490068][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.554479][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.623123][ T4014] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   48.623123][ T4014]    program syz.4.146 not setting count and/or reply_len properly
[   48.673378][ T4011] loop3: detected capacity change from 0 to 512
[   48.680049][ T4011] EXT4-fs: Ignoring removed mblk_io_submit option
[   48.686718][ T4011] EXT4-fs: Ignoring removed bh option
[   48.693839][ T4011] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   48.706074][ T4011] EXT4-fs (loop3): 1 truncate cleaned up
[   48.712121][ T4011] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.731680][ T4020] loop0: detected capacity change from 0 to 1024
[   48.740878][ T4020] EXT4-fs: Ignoring removed nobh option
[   48.746482][ T4020] EXT4-fs: Ignoring removed bh option
[   48.763494][ T4020] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.035510][ T4016] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.148: Allocating blocks 497-513 which overlap fs metadata
[   49.073270][ T4027] loop1: detected capacity change from 0 to 2048
[   49.142329][ T4027]  loop1: p1 < > p2 < > p3 p4 < >
[   49.147429][ T4027] loop1: partition table partially beyond EOD, truncated
[   49.155642][ T4027] loop1: p1 start 2305 is beyond EOD, truncated
[   49.161956][ T4027] loop1: p2 start 4294902784 is beyond EOD, truncated
[   49.168734][ T4027] loop1: p3 start 3724543488 is beyond EOD, truncated
[   49.191868][ T2996]  loop1: p1 < > p2 < > p3 p4 < >
[   49.196960][ T2996] loop1: partition table partially beyond EOD, truncated
[   49.206820][ T4024] EXT4-fs (loop0): pa ffff888106e6f620: logic 472, phys. 241, len 17
[   49.214981][ T4024] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   49.226548][ T2996] loop1: p1 start 2305 is beyond EOD, truncated
[   49.232841][ T2996] loop1: p2 start 4294902784 is beyond EOD, truncated
[   49.239687][ T2996] loop1: p3 start 3724543488 is beyond EOD, truncated
[   49.264033][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.279565][ T4027] sock: sock_set_timeout: `syz.1.150' (pid 4027) tries to set negative timeout
[   49.349171][ T3692] udevd[3692]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   49.373402][ T4029] smc: net device bond0 applied user defined pnetid SYZ2
[   49.380897][ T4029] smc: net device bond0 erased user defined pnetid SYZ2
[   49.396522][ T4031] loop1: detected capacity change from 0 to 1764
[   49.413336][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.447544][ T4033] netlink: 'syz.4.154': attribute type 10 has an invalid length.
[   49.455368][ T4033] netlink: 40 bytes leftover after parsing attributes in process `syz.4.154'.
[   49.466511][   T29] kauditd_printk_skb: 352 callbacks suppressed
[   49.466525][   T29] audit: type=1326 audit(1750847145.216:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.496177][   T29] audit: type=1326 audit(1750847145.216:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.519802][   T29] audit: type=1326 audit(1750847145.216:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.543284][   T29] audit: type=1326 audit(1750847145.216:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.547653][ T4038] loop0: detected capacity change from 0 to 1024
[   49.566633][   T29] audit: type=1326 audit(1750847145.216:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.596761][   T29] audit: type=1326 audit(1750847145.216:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.620313][   T29] audit: type=1326 audit(1750847145.216:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.643777][   T29] audit: type=1326 audit(1750847145.216:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.652637][ T4038] EXT4-fs: Ignoring removed nobh option
[   49.667869][   T29] audit: type=1326 audit(1750847145.216:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.667899][   T29] audit: type=1326 audit(1750847145.216:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4036 comm="syz.0.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   49.673514][ T4038] EXT4-fs: Ignoring removed bh option
[   49.734274][ T4039] netlink: 12 bytes leftover after parsing attributes in process `syz.3.153'.
[   49.749649][ T4040] 9pnet_fd: Insufficient options for proto=fd
[   49.844883][ T4038] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.028124][ T4054] loop2: detected capacity change from 0 to 1024
[   50.233474][ T4054] EXT4-fs: Ignoring removed nobh option
[   50.239192][ T4054] EXT4-fs: Ignoring removed bh option
[   50.272708][ T4060] netlink: 'syz.4.159': attribute type 1 has an invalid length.
[   50.284090][ T4054] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.384200][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.639895][ T4053] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.158: Allocating blocks 497-513 which overlap fs metadata
[   50.780245][ T4052] EXT4-fs (loop2): pa ffff888106e9f540: logic 496, phys. 401, len 7
[   50.788328][ T4052] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   50.829521][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.291169][ T4069] loop1: detected capacity change from 0 to 2048
[   51.297833][ T4070] loop4: detected capacity change from 0 to 1024
[   51.405251][ T3287]  loop1: p1 < > p2 < > p3 p4 < >
[   51.408178][ T4070] EXT4-fs: Ignoring removed nobh option
[   51.410292][ T3287] loop1: partition table partially beyond EOD, truncated
[   51.410349][ T3287] loop1: p1 start 2305 is beyond EOD, 
[   51.415942][ T4070] EXT4-fs: Ignoring removed bh option
[   51.422907][ T3287] truncated
[   51.422915][ T3287] loop1: p2 start 4294902784 is beyond EOD, truncated
[   51.422931][ T3287] loop1: p3 start 3724543488 is beyond EOD, truncated
[   51.459984][ T4069]  loop1: p1 < > p2 < > p3 p4 < >
[   51.465160][ T4069] loop1: partition table partially beyond EOD, truncated
[   51.474936][ T4074] loop3: detected capacity change from 0 to 512
[   51.481683][ T4074] EXT4-fs: Ignoring removed mblk_io_submit option
[   51.485679][ T4069] loop1: p1 start 2305 is beyond EOD, truncated
[   51.488211][ T4074] EXT4-fs: Ignoring removed bh option
[   51.499884][ T4069] loop1: p2 start 4294902784 is beyond EOD, truncated
[   51.506686][ T4069] loop1: p3 start 3724543488 is beyond EOD, truncated
[   51.506812][ T4074] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   51.514296][ T4070] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.527971][ T4074] EXT4-fs (loop3): 1 truncate cleaned up
[   51.542133][ T4074] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.562278][ T4084] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   51.562278][ T4084]    program syz.0.165 not setting count and/or reply_len properly
[   51.700278][ T3692] udevd[3692]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   51.733306][ T4088] loop1: detected capacity change from 0 to 1764
[   51.872419][ T4090] lo speed is unknown, defaulting to 1000
[   51.878498][ T4090] lo speed is unknown, defaulting to 1000
[   51.884763][ T4090] lo speed is unknown, defaulting to 1000
[   51.891101][ T4090] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   51.898649][ T4090] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   51.908586][ T4065] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.162: Allocating blocks 497-513 which overlap fs metadata
[   51.908615][ T4090] lo speed is unknown, defaulting to 1000
[   51.908913][ T4090] lo speed is unknown, defaulting to 1000
[   51.934594][ T4090] lo speed is unknown, defaulting to 1000
[   51.940699][ T4090] lo speed is unknown, defaulting to 1000
[   51.946751][ T4090] lo speed is unknown, defaulting to 1000
[   52.038154][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.075733][ T4099] netlink: 'syz.4.169': attribute type 10 has an invalid length.
[   52.083672][ T4099] netlink: 40 bytes leftover after parsing attributes in process `syz.4.169'.
[   52.094800][ T4099] 9pnet_fd: Insufficient options for proto=fd
[   52.189152][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.327186][ T4107] loop4: detected capacity change from 0 to 1024
[   52.431868][ T4107] EXT4-fs: Ignoring removed nobh option
[   52.437597][ T4107] EXT4-fs: Ignoring removed bh option
[   52.443266][ T4108] loop3: detected capacity change from 0 to 1024
[   52.450098][ T4108] EXT4-fs: Ignoring removed nobh option
[   52.455780][ T4108] EXT4-fs: Ignoring removed bh option
[   52.642058][ T4107] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.657046][ T4108] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.806243][   T12] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 305:freeing already freed block (bit 19); block bitmap corrupt.
[   52.968603][ T4124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.175'.
[   53.016940][   T10] lo speed is unknown, defaulting to 1000
[   53.019179][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.080298][ T4128] loop3: detected capacity change from 0 to 2048
[   53.094123][ T4105] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.171: Allocating blocks 497-513 which overlap fs metadata
[   53.152276][ T3692]  loop3: p1 < > p2 < > p3 p4 < >
[   53.157515][ T3692] loop3: partition table partially beyond EOD, truncated
[   53.166073][ T3692] loop3: p1 start 2305 is beyond EOD, truncated
[   53.172454][ T3692] loop3: p2 start 4294902784 is beyond EOD, truncated
[   53.179248][ T3692] loop3: p3 start 3724543488 is beyond EOD, truncated
[   53.189067][ T4128]  loop3: p1 < > p2 < > p3 p4 < >
[   53.194256][ T4128] loop3: partition table partially beyond EOD, truncated
[   53.203786][ T4128] loop3: p1 start 2305 is beyond EOD, truncated
[   53.210076][ T4128] loop3: p2 start 4294902784 is beyond EOD, truncated
[   53.216908][ T4128] loop3: p3 start 3724543488 is beyond EOD, truncated
[   53.232675][ T2996]  loop3: p1 < > p2 < > p3 p4 < >
[   53.237837][ T2996] loop3: partition table partially beyond EOD, truncated
[   53.246163][ T2996] loop3: p1 start 2305 is beyond EOD, truncated
[   53.252467][ T2996] loop3: p2 start 4294902784 is beyond EOD, truncated
[   53.259276][ T2996] loop3: p3 start 3724543488 is beyond EOD, truncated
[   53.288093][ T4122] EXT4-fs (loop4): pa ffff888106e6f690: logic 432, phys. 369, len 9
[   53.296166][ T4122] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   53.362844][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.407001][ T4131] loop4: detected capacity change from 0 to 1764
[   53.575232][ T4140] netlink: 'syz.4.181': attribute type 10 has an invalid length.
[   53.583093][ T4140] netlink: 40 bytes leftover after parsing attributes in process `syz.4.181'.
[   53.618238][ T4140] 9pnet_fd: Insufficient options for proto=fd
[   53.629289][ T4137] siw: device registration error -23
[   53.644917][ T4145] loop0: detected capacity change from 0 to 1024
[   53.653431][ T4145] EXT4-fs: Ignoring removed nobh option
[   53.659006][ T4145] EXT4-fs: Ignoring removed bh option
[   53.783528][ T4145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.022238][ T4152] loop3: detected capacity change from 0 to 512
[   54.051915][ T4152] EXT4-fs: Ignoring removed mblk_io_submit option
[   54.058432][ T4152] EXT4-fs: Ignoring removed bh option
[   54.075260][ T4152] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   54.087862][ T4152] EXT4-fs (loop3): 1 truncate cleaned up
[   54.094746][ T4152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.422832][ T4165] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   54.422832][ T4165]    program syz.2.185 not setting count and/or reply_len properly
[   54.461924][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.474519][ T4166] loop1: detected capacity change from 0 to 1024
[   54.481526][ T4166] EXT4-fs: Ignoring removed nobh option
[   54.487186][ T4166] EXT4-fs: Ignoring removed bh option
[   54.513019][ T4166] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.762119][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.013781][ T4175] loop3: detected capacity change from 0 to 2048
[   55.023127][ T4164] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.186: Allocating blocks 497-513 which overlap fs metadata
[   55.037584][   T29] kauditd_printk_skb: 363 callbacks suppressed
[   55.037595][   T29] audit: type=1326 audit(1750847150.796:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4163 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   55.044474][ T3692]  loop3: p1 < > p2 < > p3 p4 < >
[   55.067134][   T29] audit: type=1326 audit(1750847150.796:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4163 comm="syz.1.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   55.072159][ T3692] loop3: partition table partially beyond EOD, truncated
[   55.104142][ T3692] loop3: p1 start 2305 is beyond EOD, truncated
[   55.110523][ T3692] loop3: p2 start 4294902784 is beyond EOD, truncated
[   55.117323][ T3692] loop3: p3 start 3724543488 is beyond EOD, truncated
[   55.126177][ T4175]  loop3: p1 < > p2 < > p3 p4 < >
[   55.131335][ T4175] loop3: partition table partially beyond EOD, truncated
[   55.140552][   T29] audit: type=1326 audit(1750847150.886:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.140712][ T4175] loop3: p1 start 2305 is beyond EOD, 
[   55.164091][   T29] audit: type=1326 audit(1750847150.886:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.169542][ T4175] truncated
[   55.169549][ T4175] loop3: p2 start 4294902784 is beyond EOD, 
[   55.192824][   T29] audit: type=1326 audit(1750847150.886:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.195939][ T4175] truncated
[   55.195946][ T4175] loop3: p3 start 3724543488 is beyond EOD, 
[   55.202060][   T29] audit: type=1326 audit(1750847150.886:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.225316][ T4175] truncated
[   55.260975][   T29] audit: type=1326 audit(1750847150.886:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.284522][   T29] audit: type=1326 audit(1750847150.886:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.308034][   T29] audit: type=1326 audit(1750847150.886:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.331500][   T29] audit: type=1326 audit(1750847150.886:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4176 comm="syz.4.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   55.359463][ T4180] loop4: detected capacity change from 0 to 1024
[   55.379918][ T4163] EXT4-fs (loop1): pa ffff888106e9f5b0: logic 624, phys. 465, len 3
[   55.387978][ T4163] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   55.401204][ T4180] EXT4-fs: Ignoring removed nobh option
[   55.406960][ T4180] EXT4-fs: Ignoring removed bh option
[   55.436163][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.524183][ T4193] loop1: detected capacity change from 0 to 1764
[   55.532544][ T4177] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.189: Allocating blocks 497-513 which overlap fs metadata
[   55.551746][ T4191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.561350][ T4187] netlink: 'syz.0.193': attribute type 10 has an invalid length.
[   55.564463][ T4191] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   55.569168][ T4187] netlink: 40 bytes leftover after parsing attributes in process `syz.0.193'.
[   55.593356][ T4177] EXT4-fs (loop4): pa ffff888106e9f620: logic 0, phys. 113, len 25
[   55.601432][ T4177] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 22, pa_free 23
[   55.614750][ T4191] 9pnet_fd: Insufficient options for proto=fd
[   55.616223][ T4187] 9pnet_fd: Insufficient options for proto=fd
[   55.628266][   T31] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt.
[   55.688764][ T4197] netlink: 12 bytes leftover after parsing attributes in process `syz.1.196'.
[   55.892299][ T4177] syz.4.189 (4177) used greatest stack depth: 10312 bytes left
[   56.070601][ T4205] loop4: detected capacity change from 0 to 512
[   56.077240][ T4205] EXT4-fs: Ignoring removed mblk_io_submit option
[   56.083731][ T4205] EXT4-fs: Ignoring removed bh option
[   56.093505][ T4205] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   56.130038][ T4205] EXT4-fs (loop4): 1 truncate cleaned up
[   56.308870][ T4212] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   56.308870][ T4212]    program syz.3.200 not setting count and/or reply_len properly
[   56.914518][ T4217] loop4: detected capacity change from 0 to 1024
[   56.928424][ T4217] EXT4-fs: Ignoring removed nobh option
[   56.934047][ T4217] EXT4-fs: Ignoring removed bh option
[   57.367847][ T4232] loop1: detected capacity change from 0 to 1764
[   57.393303][ T4236] lo speed is unknown, defaulting to 1000
[   57.419874][ T4238] loop3: detected capacity change from 0 to 2048
[   57.488693][ T4216] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.202: Allocating blocks 497-513 which overlap fs metadata
[   57.622746][ T3692]  loop3: p1 < > p4
[   57.627162][ T3692] loop3: p4 size 8388608 extends beyond EOD, truncated
[   57.678267][ T4216] EXT4-fs (loop4): pa ffff888106e9fb60: logic 400, phys. 161, len 22
[   57.686536][ T4216] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   57.709446][ T4244] lo speed is unknown, defaulting to 1000
[   57.761228][ T4238]  loop3: p1 < > p4
[   57.768575][ T4238] loop3: p4 size 8388608 extends beyond EOD, truncated
[   57.777628][ T4246] loop1: detected capacity change from 0 to 2048
[   57.801154][ T3287]  loop1: p1 < > p4
[   57.805877][ T3287] loop1: p4 size 8388608 extends beyond EOD, truncated
[   57.819274][ T4246]  loop1: p1 < > p4
[   57.831050][ T4246] loop1: p4 size 8388608 extends beyond EOD, truncated
[   57.924489][ T2996]  loop3: p1 < > p4
[   57.936969][ T2996] loop3: p4 size 8388608 extends beyond EOD, truncated
[   57.964031][ T2996]  loop1: p1 < > p4
[   57.968812][ T2996] loop1: p4 size 8388608 extends beyond EOD, truncated
[   57.982643][ T3692] udevd[3692]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   57.997059][ T4080] udevd[4080]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   58.013857][ T4260] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   58.013857][ T4260]    program syz.3.216 not setting count and/or reply_len properly
[   58.016726][ T4080] udevd[4080]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   58.038416][ T3287] udevd[3287]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   58.215303][ T4273] netlink: 'syz.1.222': attribute type 10 has an invalid length.
[   58.223165][ T4273] netlink: 40 bytes leftover after parsing attributes in process `syz.1.222'.
[   58.236543][ T4273] 9pnet_fd: Insufficient options for proto=fd
[   58.523362][ T4279] rdma_op ffff888136931180 conn xmit_rdma 0000000000000000
[   58.666035][ T4281] loop0: detected capacity change from 0 to 8192
[   58.677420][ T4281] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   58.691052][ T4281] raw_sendmsg: syz.0.225 forgot to set AF_INET. Fix it!
[   58.877729][ T4293] loop3: detected capacity change from 0 to 1024
[   58.894037][ T4293] EXT4-fs: Ignoring removed nobh option
[   58.899704][ T4293] EXT4-fs: Ignoring removed bh option
[   59.001376][ T4298] loop0: detected capacity change from 0 to 512
[   59.007980][ T4298] EXT4-fs: Ignoring removed mblk_io_submit option
[   59.014486][ T4298] EXT4-fs: Ignoring removed bh option
[   59.030792][ T4298] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   59.088618][ T4298] EXT4-fs (loop0): 1 truncate cleaned up
[   59.125871][ T4301] loop2: detected capacity change from 0 to 1764
[   59.451696][ T4314] loop2: detected capacity change from 0 to 1024
[   59.705880][ T4324] netlink: 'syz.2.236': attribute type 10 has an invalid length.
[   59.713669][ T4324] netlink: 40 bytes leftover after parsing attributes in process `syz.2.236'.
[   59.726128][ T4324] 9pnet_fd: Insufficient options for proto=fd
[   59.784101][ T4332] loop4: detected capacity change from 0 to 1024
[   59.807518][ T4328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.816791][ T4328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.880773][ T4340] siw: device registration error -23
[   59.920379][ T4346] loop3: detected capacity change from 0 to 1024
[   59.927323][ T4346] EXT4-fs: Ignoring removed nobh option
[   59.932935][ T4346] EXT4-fs: Ignoring removed bh option
[   60.040022][ T4350] lo speed is unknown, defaulting to 1000
[   60.069072][ T4350] loop2: detected capacity change from 0 to 512
[   60.075811][ T4350] EXT4-fs: Ignoring removed mblk_io_submit option
[   60.082493][ T4350] EXT4-fs: Ignoring removed bh option
[   60.088780][ T4350] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   60.100411][ T4350] EXT4-fs (loop2): 1 truncate cleaned up
[   60.101694][ T4358] lo speed is unknown, defaulting to 1000
[   60.166808][ T4358] loop4: detected capacity change from 0 to 2048
[   60.210893][ T4358]  loop4: p1 < > p4
[   60.215210][ T4358] loop4: p4 size 8388608 extends beyond EOD, truncated
[   60.274259][ T4338] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.241: Allocating blocks 497-513 which overlap fs metadata
[   60.288311][   T29] kauditd_printk_skb: 1141 callbacks suppressed
[   60.288324][   T29] audit: type=1326 audit(1750847156.046:3208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4337 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1847a2e929 code=0x7ffc0000
[   60.318185][   T29] audit: type=1326 audit(1750847156.046:3209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4337 comm="syz.3.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1847a2e929 code=0x7ffc0000
[   60.420248][   T29] audit: type=1326 audit(1750847156.176:3210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   60.443765][   T29] audit: type=1326 audit(1750847156.176:3211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   60.469699][   T29] audit: type=1326 audit(1750847156.186:3212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   60.493438][   T29] audit: type=1326 audit(1750847156.186:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   60.517472][   T29] audit: type=1326 audit(1750847156.186:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   60.540815][   T29] audit: type=1326 audit(1750847156.186:3215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe154d2d290 code=0x7ffc0000
[   60.564494][   T29] audit: type=1326 audit(1750847156.186:3216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fe154d30157 code=0x7ffc0000
[   60.587892][   T29] audit: type=1326 audit(1750847156.186:3217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4365 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   60.660586][ T4370] netlink: 'syz.1.253': attribute type 10 has an invalid length.
[   60.668359][ T4370] netlink: 40 bytes leftover after parsing attributes in process `syz.1.253'.
[   60.702030][ T4376] lo speed is unknown, defaulting to 1000
[   60.716137][ T4370] 9pnet_fd: Insufficient options for proto=fd
[   60.741647][ T4376] loop4: detected capacity change from 0 to 2048
[   60.801984][ T4376]  loop4: p1 < > p4
[   60.808203][ T4376] loop4: p4 size 8388608 extends beyond EOD, truncated
[   60.892929][ T4388] siw: device registration error -23
[   61.045904][ T4403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.265'.
[   61.078171][ T4407] loop1: detected capacity change from 0 to 512
[   61.092126][ T4407] EXT4-fs: Ignoring removed oldalloc option
[   61.155041][ T4407] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.267: Parent and EA inode have the same ino 15
[   61.169659][ T4407] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   61.182896][ T4407] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.267: Parent and EA inode have the same ino 15
[   61.197114][ T4407] EXT4-fs (loop1): 1 orphan inode deleted
[   61.276008][ T4420] lo speed is unknown, defaulting to 1000
[   61.294253][ T4415] netlink: 'syz.0.270': attribute type 10 has an invalid length.
[   61.302061][ T4415] netlink: 40 bytes leftover after parsing attributes in process `syz.0.270'.
[   61.317470][ T4397] netlink: 24 bytes leftover after parsing attributes in process `syz.2.258'.
[   61.331069][ T4415] 9pnet_fd: Insufficient options for proto=fd
[   61.337601][ T4423] loop1: detected capacity change from 0 to 2048
[   61.381033][ T4423]  loop1: p1 < > p4
[   61.386536][ T4423] loop1: p4 size 8388608 extends beyond EOD, truncated
[   61.625562][ T4445] lo speed is unknown, defaulting to 1000
[   61.645605][ T4446] loop3: detected capacity change from 0 to 1024
[   61.653258][ T4447] loop0: detected capacity change from 0 to 1024
[   61.670998][ T4446] EXT4-fs: Ignoring removed nobh option
[   61.673746][ T4447] EXT4-fs: Ignoring removed nobh option
[   61.676639][ T4446] EXT4-fs: Ignoring removed bh option
[   61.682269][ T4447] EXT4-fs: Ignoring removed bh option
[   61.699247][ T4445] loop1: detected capacity change from 0 to 2048
[   61.740826][ T4445]  loop1: p1 < > p4
[   61.744309][ T4441] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.280: Allocating blocks 497-513 which overlap fs metadata
[   61.762822][ T4445] loop1: p4 size 8388608 extends beyond EOD, truncated
[   61.785678][ T4441] EXT4-fs (loop0): pa ffff888106e6f770: logic 0, phys. 113, len 25
[   61.793775][ T4441] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 22, pa_free 23
[   61.825061][ T4453] netlink: 'syz.2.283': attribute type 10 has an invalid length.
[   61.832942][ T4453] netlink: 40 bytes leftover after parsing attributes in process `syz.2.283'.
[   61.844236][ T1899] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt.
[   61.874863][ T4453] 9pnet_fd: Insufficient options for proto=fd
[   61.980230][ T4439] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.279: Allocating blocks 497-513 which overlap fs metadata
[   62.079498][ T4469] loop4: detected capacity change from 0 to 1764
[   62.097814][ T4439] EXT4-fs (loop3): pa ffff888106e9fc40: logic 576, phys. 449, len 4
[   62.105956][ T4439] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   62.271882][ T4484] lo speed is unknown, defaulting to 1000
[   62.408282][ T4489] loop2: detected capacity change from 0 to 512
[   62.414960][ T4489] EXT4-fs: Ignoring removed mblk_io_submit option
[   62.421551][ T4489] EXT4-fs: Ignoring removed bh option
[   62.427959][ T4489] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   62.441680][ T4489] EXT4-fs (loop2): 1 truncate cleaned up
[   62.471371][ T4493] loop3: detected capacity change from 0 to 2048
[   62.547476][ T4498] loop0: detected capacity change from 0 to 1024
[   62.621474][ T4493]  loop3: p1 < > p4
[   62.626161][ T4493] loop3: p4 size 8388608 extends beyond EOD, truncated
[   62.889018][ T4514] loop3: detected capacity change from 0 to 1024
[   62.896317][ T4514] EXT4-fs: Ignoring removed nobh option
[   62.902007][ T4514] EXT4-fs: Ignoring removed bh option
[   62.994447][ T4520] loop0: detected capacity change from 0 to 1764
[   63.053079][ T4525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   63.061882][ T4525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   63.141555][ T4530] lo speed is unknown, defaulting to 1000
[   63.156876][ T4509] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.305: Allocating blocks 497-513 which overlap fs metadata
[   63.188453][ T4530] loop0: detected capacity change from 0 to 2048
[   63.230937][ T4530]  loop0: p1 < > p4
[   63.235200][ T4530] loop0: p4 size 8388608 extends beyond EOD, truncated
[   63.275319][ T4509] EXT4-fs (loop3): pa ffff888106e6f850: logic 544, phys. 433, len 5
[   63.283381][ T4509] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   63.339076][ T4532] siw: device registration error -23
[   63.339501][ T4534] netlink: 'syz.0.315': attribute type 10 has an invalid length.
[   63.352370][ T4534] netlink: 40 bytes leftover after parsing attributes in process `syz.0.315'.
[   63.366958][ T4534] 9pnet_fd: Insufficient options for proto=fd
[   63.514493][ T4550] loop0: detected capacity change from 0 to 1024
[   63.553994][ T4555] capability: warning: `syz.0.322' uses deprecated v2 capabilities in a way that may be insecure
[   63.594323][ T4557] loop4: detected capacity change from 0 to 512
[   63.606918][ T4557] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   63.671880][ T4557] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.698245][ T4567] loop0: detected capacity change from 0 to 1024
[   63.714620][ T4567] EXT4-fs: Ignoring removed nobh option
[   63.720276][ T4567] EXT4-fs: Ignoring removed bh option
[   64.103471][ T4583] lo speed is unknown, defaulting to 1000
[   64.125477][ T4585] netlink: 'syz.2.332': attribute type 10 has an invalid length.
[   64.133346][ T4585] netlink: 40 bytes leftover after parsing attributes in process `syz.2.332'.
[   64.166395][ T4586] netlink: 'syz.4.330': attribute type 13 has an invalid length.
[   64.193578][ T4585] 9pnet_fd: Insufficient options for proto=fd
[   64.206078][ T4589] loop1: detected capacity change from 0 to 1024
[   64.214392][ T4589] EXT4-fs: Ignoring removed nobh option
[   64.220256][ T4589] EXT4-fs: Ignoring removed bh option
[   64.305081][ T4562] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.324: Allocating blocks 497-513 which overlap fs metadata
[   64.363865][ T4586] bridge0: port 3(team0) entered disabled state
[   64.370341][ T4586] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.377704][ T4586] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.412658][ T4562] EXT4-fs (loop0): pa ffff888106e9fcb0: logic 880, phys. 401, len 7
[   64.420840][ T4562] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   64.426880][ T4586] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.440898][ T4586] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.491707][ T4586] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.500731][ T4586] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.509720][ T4586] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.519100][ T4586] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.621908][ T4601] smc: net device bond0 applied user defined pnetid SYZ2
[   64.629284][ T4601] smc: net device bond0 erased user defined pnetid SYZ2
[   64.636474][ T4605] loop3: detected capacity change from 0 to 1024
[   64.645207][ T4605] EXT4-fs: Ignoring removed nobh option
[   64.650908][ T4605] EXT4-fs: Ignoring removed bh option
[   64.693348][ T4609] netlink: 'syz.4.337': attribute type 2 has an invalid length.
[   64.718634][ T4613] loop0: detected capacity change from 0 to 512
[   64.833633][ T4582] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.331: Allocating blocks 497-513 which overlap fs metadata
[   64.862033][ T4628] netlink: 'syz.0.343': attribute type 10 has an invalid length.
[   64.869854][ T4628] netlink: 40 bytes leftover after parsing attributes in process `syz.0.343'.
[   64.897294][ T4628] 9pnet_fd: Insufficient options for proto=fd
[   64.923633][ T4604] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.335: Allocating blocks 497-513 which overlap fs metadata
[   64.997477][ T4582] EXT4-fs (loop1): pa ffff888106e6f930: logic 496, phys. 401, len 7
[   65.005625][ T4582] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   65.024464][ T4633] loop0: detected capacity change from 0 to 1024
[   65.055048][ T4604] EXT4-fs (loop3): pa ffff888106e6fa10: logic 576, phys. 449, len 4
[   65.063411][ T4604] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   65.107066][ T4641] loop3: detected capacity change from 0 to 512
[   65.143510][ T4641] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.176667][ T4641] syz.3.348 (4641) used greatest stack depth: 10096 bytes left
[   65.217921][ T4644] loop0: detected capacity change from 0 to 512
[   65.224715][ T4644] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.231609][ T4644] EXT4-fs: Ignoring removed bh option
[   65.237269][ T4644] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   65.257609][ T4644] EXT4-fs (loop0): 1 truncate cleaned up
[   65.299388][    C1] hrtimer: interrupt took 37848 ns
[   65.323325][   T29] kauditd_printk_skb: 556 callbacks suppressed
[   65.323384][   T29] audit: type=1326 audit(1750847161.086:3774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.356792][   T29] audit: type=1326 audit(1750847161.116:3775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.380267][   T29] audit: type=1326 audit(1750847161.116:3776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.403718][   T29] audit: type=1326 audit(1750847161.116:3777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.427291][   T29] audit: type=1326 audit(1750847161.116:3778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.450732][   T29] audit: type=1326 audit(1750847161.116:3779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.474171][   T29] audit: type=1326 audit(1750847161.116:3780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.481353][ T4666] loop0: detected capacity change from 0 to 1024
[   65.497618][   T29] audit: type=1326 audit(1750847161.116:3781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.505531][ T4666] EXT4-fs: Ignoring removed nobh option
[   65.527305][   T29] audit: type=1326 audit(1750847161.116:3782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.527398][   T29] audit: type=1326 audit(1750847161.116:3783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4662 comm="syz.0.356" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4c403e929 code=0x7ffc0000
[   65.532912][ T4666] EXT4-fs: Ignoring removed bh option
[   65.573277][ T4668] lo speed is unknown, defaulting to 1000
[   65.739565][ T4684] syz.3.363 uses obsolete (PF_INET,SOCK_PACKET)
[   65.909981][ T4699] loop2: detected capacity change from 0 to 512
[   65.916518][ T4699] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.923029][ T4699] EXT4-fs: Ignoring removed bh option
[   65.930254][ T4699] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   65.951545][ T4699] EXT4-fs (loop2): 1 truncate cleaned up
[   66.009345][ T4704] loop1: detected capacity change from 0 to 1024
[   66.017968][ T4704] EXT4-fs: Ignoring removed nobh option
[   66.023665][ T4704] EXT4-fs: Ignoring removed bh option
[   66.088929][ T4663] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.356: Allocating blocks 497-513 which overlap fs metadata
[   66.115918][ T4714] loop3: detected capacity change from 0 to 1764
[   66.204579][ T4666] EXT4-fs (loop0): pa ffff888106e9fee0: logic 416, phys. 369, len 9
[   66.212660][ T4666] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   66.237021][ T4701] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.370: Allocating blocks 497-513 which overlap fs metadata
[   66.245180][ T3304] EXT4-fs unmount: 49 callbacks suppressed
[   66.245197][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.284066][ T4721] loop0: detected capacity change from 0 to 1024
[   66.302973][ T4721] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   66.327945][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.341713][ T4724] netlink: 8 bytes leftover after parsing attributes in process `syz.3.376'.
[   66.357635][ T4701] EXT4-fs (loop1): pa ffff888106e9ff50: logic 544, phys. 433, len 5
[   66.365693][ T4701] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   66.400236][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.444574][ T4735] netlink: 24 bytes leftover after parsing attributes in process `syz.1.380'.
[   66.569353][ T4743] FAULT_INJECTION: forcing a failure.
[   66.569353][ T4743] name failslab, interval 1, probability 0, space 0, times 1
[   66.582093][ T4743] CPU: 1 UID: 0 PID: 4743 Comm: syz.1.382 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   66.582119][ T4743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   66.582207][ T4743] Call Trace:
[   66.582213][ T4743]  <TASK>
[   66.582254][ T4743]  __dump_stack+0x1d/0x30
[   66.582276][ T4743]  dump_stack_lvl+0xe8/0x140
[   66.582297][ T4743]  dump_stack+0x15/0x1b
[   66.582345][ T4743]  should_fail_ex+0x265/0x280
[   66.582489][ T4743]  should_failslab+0x8c/0xb0
[   66.582509][ T4743]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   66.582537][ T4743]  ? cond_bools_copy+0x30/0x80
[   66.582563][ T4743]  ? __pfx_cond_bools_destroy+0x10/0x10
[   66.582659][ T4743]  kmemdup_noprof+0x2b/0x70
[   66.582683][ T4743]  ? __pfx_cond_bools_destroy+0x10/0x10
[   66.582710][ T4743]  cond_bools_copy+0x30/0x80
[   66.582788][ T4743]  ? __pfx_cond_bools_destroy+0x10/0x10
[   66.582815][ T4743]  hashtab_duplicate+0x11b/0x360
[   66.582837][ T4743]  ? __pfx_cond_bools_copy+0x10/0x10
[   66.582872][ T4743]  cond_policydb_dup+0xd2/0x4e0
[   66.582952][ T4743]  security_set_bools+0xa0/0x340
[   66.582978][ T4743]  sel_commit_bools_write+0x1ea/0x270
[   66.583056][ T4743]  vfs_writev+0x406/0x8b0
[   66.583138][ T4743]  ? __pfx_sel_commit_bools_write+0x10/0x10
[   66.583230][ T4743]  ? mutex_lock+0xd/0x30
[   66.583253][ T4743]  do_writev+0xe7/0x210
[   66.583277][ T4743]  __x64_sys_writev+0x45/0x50
[   66.583299][ T4743]  x64_sys_call+0x2006/0x2fb0
[   66.583347][ T4743]  do_syscall_64+0xd2/0x200
[   66.583362][ T4743]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   66.583386][ T4743]  ? clear_bhb_loop+0x40/0x90
[   66.583478][ T4743]  ? clear_bhb_loop+0x40/0x90
[   66.583498][ T4743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.583587][ T4743] RIP: 0033:0x7fe154d2e929
[   66.583604][ T4743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.583623][ T4743] RSP: 002b:00007fe153397038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   66.583643][ T4743] RAX: ffffffffffffffda RBX: 00007fe154f55fa0 RCX: 00007fe154d2e929
[   66.583657][ T4743] RDX: 0000000000000001 RSI: 00002000000025c0 RDI: 0000000000000007
[   66.583670][ T4743] RBP: 00007fe153397090 R08: 0000000000000000 R09: 0000000000000000
[   66.583686][ T4743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.583696][ T4743] R13: 0000000000000000 R14: 00007fe154f55fa0 R15: 00007ffc23c0f248
[   66.583715][ T4743]  </TASK>
[   66.878687][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.900448][ T4746] loop3: detected capacity change from 0 to 1764
[   66.927071][ T4750] FAULT_INJECTION: forcing a failure.
[   66.927071][ T4750] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   66.940240][ T4750] CPU: 1 UID: 0 PID: 4750 Comm: syz.2.383 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   66.940267][ T4750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   66.940352][ T4750] Call Trace:
[   66.940359][ T4750]  <TASK>
[   66.940367][ T4750]  __dump_stack+0x1d/0x30
[   66.940395][ T4750]  dump_stack_lvl+0xe8/0x140
[   66.940414][ T4750]  dump_stack+0x15/0x1b
[   66.940431][ T4750]  should_fail_ex+0x265/0x280
[   66.940536][ T4750]  should_fail+0xb/0x20
[   66.940630][ T4750]  should_fail_usercopy+0x1a/0x20
[   66.940726][ T4750]  _copy_from_iter+0xcf/0xe40
[   66.940758][ T4750]  ? __build_skb_around+0x1a0/0x200
[   66.940849][ T4750]  ? __alloc_skb+0x223/0x320
[   66.940874][ T4750]  netlink_sendmsg+0x471/0x6b0
[   66.940922][ T4750]  ? __pfx_netlink_sendmsg+0x10/0x10
[   66.940942][ T4750]  __sock_sendmsg+0x142/0x180
[   66.940967][ T4750]  ____sys_sendmsg+0x31e/0x4e0
[   66.941040][ T4750]  ___sys_sendmsg+0x17b/0x1d0
[   66.941152][ T4750]  __x64_sys_sendmsg+0xd4/0x160
[   66.941188][ T4750]  x64_sys_call+0x2999/0x2fb0
[   66.941210][ T4750]  do_syscall_64+0xd2/0x200
[   66.941234][ T4750]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   66.941259][ T4750]  ? clear_bhb_loop+0x40/0x90
[   66.941350][ T4750]  ? clear_bhb_loop+0x40/0x90
[   66.941369][ T4750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.941454][ T4750] RIP: 0033:0x7f938b8fe929
[   66.941470][ T4750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.941486][ T4750] RSP: 002b:00007f9389f67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   66.941513][ T4750] RAX: ffffffffffffffda RBX: 00007f938bb25fa0 RCX: 00007f938b8fe929
[   66.941526][ T4750] RDX: 0000000010000000 RSI: 0000200000000080 RDI: 0000000000000006
[   66.941554][ T4750] RBP: 00007f9389f67090 R08: 0000000000000000 R09: 0000000000000000
[   66.941566][ T4750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.941626][ T4750] R13: 0000000000000000 R14: 00007f938bb25fa0 R15: 00007ffed5175cb8
[   66.941792][ T4750]  </TASK>
[   67.174387][ T4759] 9pnet_fd: Insufficient options for proto=fd
[   67.185845][ T4759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   67.203883][ T4759] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   67.222971][ T4765] netlink: 24 bytes leftover after parsing attributes in process `syz.1.392'.
[   67.260193][ T4767] loop0: detected capacity change from 0 to 2048
[   67.266698][ T4770] loop2: detected capacity change from 0 to 1024
[   67.289574][ T4770] EXT4-fs: Ignoring removed nobh option
[   67.295293][ T4770] EXT4-fs: Ignoring removed bh option
[   67.325843][ T4770] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.331126][ T4767]  loop0: p1 < > p2 < > p3 p4 < >
[   67.343418][ T4767] loop0: partition table partially beyond EOD, truncated
[   67.375106][ T4767] loop0: p1 start 2305 is beyond EOD, truncated
[   67.381442][ T4767] loop0: p2 start 4294902784 is beyond EOD, truncated
[   67.388241][ T4767] loop0: p3 start 3724543488 is beyond EOD, truncated
[   67.395202][ T4777] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.394'.
[   67.441588][ T4776] SELinux:  Context system_u:object_r:hald_dccm_exec_t:s0 is not valid (left unmapped).
[   67.473758][ T4776] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   67.578335][ T4785] netlink: 'syz.1.399': attribute type 10 has an invalid length.
[   67.586218][ T4785] netlink: 40 bytes leftover after parsing attributes in process `syz.1.399'.
[   67.595721][ T4777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.394'.
[   67.612682][ T4785] 9pnet_fd: Insufficient options for proto=fd
[   67.705667][ T4757] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.388: Allocating blocks 497-513 which overlap fs metadata
[   67.759879][ T4790] loop0: detected capacity change from 0 to 1764
[   67.774612][ T4792] FAULT_INJECTION: forcing a failure.
[   67.774612][ T4792] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   67.787768][ T4792] CPU: 0 UID: 0 PID: 4792 Comm: syz.4.402 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   67.787795][ T4792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   67.787807][ T4792] Call Trace:
[   67.787813][ T4792]  <TASK>
[   67.787883][ T4792]  __dump_stack+0x1d/0x30
[   67.787897][ T4792]  dump_stack_lvl+0xe8/0x140
[   67.787908][ T4792]  dump_stack+0x15/0x1b
[   67.787917][ T4792]  should_fail_ex+0x265/0x280
[   67.787972][ T4792]  should_fail+0xb/0x20
[   67.787986][ T4792]  should_fail_usercopy+0x1a/0x20
[   67.788063][ T4792]  _copy_from_user+0x1c/0xb0
[   67.788075][ T4792]  kstrtouint_from_user+0x69/0xf0
[   67.788091][ T4792]  ? 0xffffffff81000000
[   67.788099][ T4792]  ? selinux_file_permission+0x1e4/0x320
[   67.788146][ T4792]  proc_fail_nth_write+0x50/0x160
[   67.788165][ T4792]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   67.788183][ T4792]  vfs_write+0x266/0x8e0
[   67.788277][ T4792]  ? __rcu_read_unlock+0x4f/0x70
[   67.788289][ T4792]  ? __fget_files+0x184/0x1c0
[   67.788302][ T4792]  ksys_write+0xda/0x1a0
[   67.788319][ T4792]  __x64_sys_write+0x40/0x50
[   67.788396][ T4792]  x64_sys_call+0x2cdd/0x2fb0
[   67.788408][ T4792]  do_syscall_64+0xd2/0x200
[   67.788418][ T4792]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   67.788458][ T4792]  ? clear_bhb_loop+0x40/0x90
[   67.788470][ T4792]  ? clear_bhb_loop+0x40/0x90
[   67.788482][ T4792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.788493][ T4792] RIP: 0033:0x7f190af4d3df
[   67.788517][ T4792] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   67.788527][ T4792] RSP: 002b:00007f19095b7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   67.788538][ T4792] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f190af4d3df
[   67.788546][ T4792] RDX: 0000000000000001 RSI: 00007f19095b70a0 RDI: 0000000000000004
[   67.788552][ T4792] RBP: 00007f19095b7090 R08: 0000000000000000 R09: 0000000000000000
[   67.788559][ T4792] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   67.788565][ T4792] R13: 0000000000000000 R14: 00007f190b175fa0 R15: 00007ffdd2d792b8
[   67.788629][ T4792]  </TASK>
[   68.019748][ T4794] loop1: detected capacity change from 0 to 512
[   68.028452][ T4794] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   68.029699][ T4770] EXT4-fs (loop2): pa ffff888106e6fa10: logic 576, phys. 449, len 4
[   68.046339][ T4770] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   68.057744][ T4794] EXT4-fs (loop1): 1 truncate cleaned up
[   68.066655][ T4794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.088728][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.100171][ T4799] mmap: syz.4.406 (4799) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   68.124123][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.180540][ T4805] netlink: 24 bytes leftover after parsing attributes in process `syz.2.405'.
[   68.196404][ T4803] loop1: detected capacity change from 0 to 2048
[   68.255206][ T4814] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   68.255206][ T4814]    program syz.3.409 not setting count and/or reply_len properly
[   68.278056][ T4803]  loop1: p1 < > p2 < > p3 p4 < >
[   68.283151][ T4803] loop1: partition table partially beyond EOD, truncated
[   68.290474][ T4803] loop1: p1 start 2305 is beyond EOD, truncated
[   68.292375][ T4812] smc: net device bond0 applied user defined pnetid SYZ2
[   68.296788][ T4803] loop1: p2 start 4294902784 is beyond EOD, truncated
[   68.310825][ T4803] loop1: p3 start 3724543488 is beyond EOD, truncated
[   68.312333][ T4812] smc: net device bond0 erased user defined pnetid SYZ2
[   68.394463][ T4818] 9pnet_fd: Insufficient options for proto=fd
[   68.404587][ T4818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.413221][ T4818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.631034][ T4827] loop1: detected capacity change from 0 to 1024
[   68.637952][ T4827] EXT4-fs: Ignoring removed nobh option
[   68.643620][ T4827] EXT4-fs: Ignoring removed bh option
[   68.662262][ T4827] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.692904][ T4826] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.416: Allocating blocks 497-513 which overlap fs metadata
[   68.721669][ T4826] EXT4-fs (loop1): pa ffff888106e9fe00: logic 0, phys. 113, len 25
[   68.729711][ T4826] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 22, pa_free 23
[   68.740567][   T12] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt.
[   68.909555][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.994560][ T4837] loop4: detected capacity change from 0 to 1024
[   69.014623][ T4838] loop1: detected capacity change from 0 to 1024
[   69.017928][ T4837] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.022735][ T4838] EXT4-fs: Ignoring removed nobh option
[   69.039370][ T4838] EXT4-fs: Ignoring removed bh option
[   69.064799][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.099003][ T4838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.101250][ T4849] loop3: detected capacity change from 0 to 2048
[   69.138179][ T4850] loop0: detected capacity change from 0 to 2048
[   69.171375][ T4849]  loop3: p1 < > p2 < > p3 p4 < >
[   69.176477][ T4849] loop3: partition table partially beyond EOD, truncated
[   69.184862][ T4849] loop3: p1 start 2305 is beyond EOD, truncated
[   69.191989][ T4849] loop3: p2 start 4294902784 is beyond EOD, truncated
[   69.193870][ T4847] smc: net device bond0 applied user defined pnetid SYZ2
[   69.198870][ T4849] loop3: p3 start 3724543488 is beyond EOD, truncated
[   69.207700][ T4847] smc: net device bond0 erased user defined pnetid SYZ2
[   69.218462][ T4850]  loop0: p1 < > p2 < > p3 p4 < >
[   69.224849][ T4850] loop0: partition table partially beyond EOD, truncated
[   69.234554][ T4850] loop0: p1 start 2305 is beyond EOD, truncated
[   69.240959][ T4850] loop0: p2 start 4294902784 is beyond EOD, truncated
[   69.247753][ T4850] loop0: p3 start 3724543488 is beyond EOD, truncated
[   69.297188][ T4853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.425'.
[   69.413822][ T4870] loop4: detected capacity change from 0 to 1024
[   69.444655][ T4870] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.462877][ T4877] loop0: detected capacity change from 0 to 1024
[   69.469628][ T4877] EXT4-fs: Ignoring removed nobh option
[   69.475928][ T4877] EXT4-fs: Ignoring removed bh option
[   69.481770][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.483301][ T4879] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   69.483301][ T4879]    program syz.3.433 not setting count and/or reply_len properly
[   69.498325][ T4835] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.419: Allocating blocks 497-513 which overlap fs metadata
[   69.516754][ T4877] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.555004][ T4884] lo speed is unknown, defaulting to 1000
[   69.593806][ T4884] loop4: detected capacity change from 0 to 2048
[   69.624670][ T4835] EXT4-fs (loop1): pa ffff888106e6fa80: logic 560, phys. 305, len 13
[   69.632851][ T4835] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   69.648267][ T4884]  loop4: p1 < > p4
[   69.654103][ T4884] loop4: p4 size 8388608 extends beyond EOD, truncated
[   69.673731][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.736474][ T4890] loop1: detected capacity change from 0 to 2048
[   69.766464][ T4888] smc: net device bond0 applied user defined pnetid SYZ2
[   69.774736][ T4888] smc: net device bond0 erased user defined pnetid SYZ2
[   69.781940][ T4890]  loop1: p1 < > p2 < > p3 p4 < >
[   69.787091][ T4890] loop1: partition table partially beyond EOD, truncated
[   69.798758][ T4892] netlink: 4 bytes leftover after parsing attributes in process `syz.4.439'.
[   69.808494][ T4890] loop1: p1 start 2305 is beyond EOD, truncated
[   69.815438][ T4890] loop1: p2 start 4294902784 is beyond EOD, truncated
[   69.815749][ T4892] bridge0: port 3(team0) entered disabled state
[   69.822550][ T4890] loop1: p3 start 3724543488 is beyond EOD, truncated
[   69.840022][ T4892] bridge_slave_1: left allmulticast mode
[   69.845762][ T4892] bridge_slave_1: left promiscuous mode
[   69.851479][ T4892] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.861141][ T4892] bridge_slave_0: left allmulticast mode
[   69.863487][ T4862] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.428: Allocating blocks 497-513 which overlap fs metadata
[   69.866804][ T4892] bridge_slave_0: left promiscuous mode
[   69.866886][ T4892] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.986531][ T4903] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=4903 comm=syz.1.443
[   70.029103][ T4862] EXT4-fs (loop0): pa ffff888106e6fa80: logic 624, phys. 465, len 3
[   70.037222][ T4862] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   70.068633][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.135223][ T4908] loop1: detected capacity change from 0 to 1024
[   70.163023][ T4910] lo speed is unknown, defaulting to 1000
[   70.218033][ T4910] loop4: detected capacity change from 0 to 2048
[   70.227067][ T4908] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.254792][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.271430][ T4910]  loop4: p1 < > p4
[   70.279769][ T4910] loop4: p4 size 8388608 extends beyond EOD, truncated
[   70.310197][ T4915] lo speed is unknown, defaulting to 1000
[   70.358078][   T29] kauditd_printk_skb: 582 callbacks suppressed
[   70.358092][   T29] audit: type=1326 audit(1750847166.106:4366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.388179][   T29] audit: type=1326 audit(1750847166.106:4367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.412453][   T29] audit: type=1326 audit(1750847166.106:4368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.419155][ T4917] loop3: detected capacity change from 0 to 2048
[   70.436513][   T29] audit: type=1326 audit(1750847166.106:4369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.466356][   T29] audit: type=1326 audit(1750847166.106:4370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.490360][   T29] audit: type=1326 audit(1750847166.106:4371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.492819][ T4925] loop1: detected capacity change from 0 to 1024
[   70.514333][   T29] audit: type=1326 audit(1750847166.106:4372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.521722][ T4925] EXT4-fs: Ignoring removed nobh option
[   70.544139][   T29] audit: type=1326 audit(1750847166.106:4373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.549055][ T4925] EXT4-fs: Ignoring removed bh option
[   70.572921][   T29] audit: type=1326 audit(1750847166.106:4374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.601765][   T29] audit: type=1326 audit(1750847166.106:4375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4918 comm="syz.1.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   70.613111][ T4925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.650777][ T4919] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.448: Allocating blocks 497-513 which overlap fs metadata
[   70.672758][ T4915]  loop3: p1 < > p4
[   70.698093][ T4915] loop3: p4 size 8388608 extends beyond EOD, truncated
[   70.731287][ T4919] EXT4-fs (loop1): pa ffff888106e6fa80: logic 0, phys. 113, len 25
[   70.739217][ T4919] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 22, pa_free 23
[   70.801072][ T4917]  loop3: p1 < > p4
[   70.807128][ T4932] lo speed is unknown, defaulting to 1000
[   70.813357][ T4917] loop3: p4 size 8388608 extends beyond EOD, truncated
[   70.834815][ T4934] loop4: detected capacity change from 0 to 2048
[   70.881051][ T4934]  loop4: p1 < > p4
[   70.887232][ T4934] loop4: p4 size 8388608 extends beyond EOD, truncated
[   70.953412][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.978496][ T4945] loop2: detected capacity change from 0 to 1024
[   70.987591][ T4945] EXT4-fs: Ignoring removed nobh option
[   70.993341][ T4945] EXT4-fs: Ignoring removed bh option
[   71.014945][ T4949] loop3: detected capacity change from 0 to 1024
[   71.034431][ T4949] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.052309][ T4945] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.066741][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.069817][ T4958] Zero length message leads to an empty skb
[   71.090290][ T4958] loop4: detected capacity change from 0 to 128
[   71.094234][ T4959] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in;
[   71.094234][ T4959]    program syz.1.459 not setting count and/or reply_len properly
[   71.394916][ T4944] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.456: Allocating blocks 497-513 which overlap fs metadata
[   71.466213][ T4967] smc: net device bond0 applied user defined pnetid SYZ2
[   71.473588][ T4967] smc: net device bond0 erased user defined pnetid SYZ2
[   71.656914][ T4978] netlink: 16 bytes leftover after parsing attributes in process `syz.3.467'.
[   71.665920][ T4978] netlink: 16 bytes leftover after parsing attributes in process `syz.3.467'.
[   71.674832][ T4978] netlink: 16 bytes leftover after parsing attributes in process `syz.3.467'.
[   71.685305][ T4944] EXT4-fs (loop2): pa ffff888106e9fe00: logic 544, phys. 305, len 13
[   71.693618][ T4944] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 1, pa_free 2
[   71.705629][ T4974] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.466'.
[   71.732205][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.747393][ T4974] netlink: 'syz.0.466': attribute type 1 has an invalid length.
[   71.757032][ T4974] netlink: 3 bytes leftover after parsing attributes in process `syz.0.466'.
[   71.770322][ T4974] batadv1: entered promiscuous mode
[   71.775704][ T4974] batadv1: entered allmulticast mode
[   71.789333][ T4982] loop3: detected capacity change from 0 to 1024
[   71.796159][ T4983] lo speed is unknown, defaulting to 1000
[   71.808262][ T4984] netlink: 3 bytes leftover after parsing attributes in process `syz.0.466'.
[   71.818492][ T4982] EXT4-fs: Ignoring removed nobh option
[   71.824735][ T4982] EXT4-fs: Ignoring removed bh option
[   71.835202][ T4984] batadv1: entered promiscuous mode
[   71.840454][ T4984] batadv1: entered allmulticast mode
[   71.864574][ T4982] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.926259][ T4983] loop2: detected capacity change from 0 to 2048
[   71.971963][ T4983]  loop2: p1 < > p4
[   71.981792][ T4983] loop2: p4 size 8388608 extends beyond EOD, truncated
[   72.002416][ T4992] lo speed is unknown, defaulting to 1000
[   72.058285][ T4995] loop0: detected capacity change from 0 to 2048
[   72.073046][ T4996] loop1: detected capacity change from 0 to 1024
[   72.088100][ T4996] EXT4-fs: Ignoring removed nobh option
[   72.093816][ T4996] EXT4-fs: Ignoring removed bh option
[   72.118626][ T4996] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.141934][ T4995]  loop0: p1 < > p4
[   72.146252][ T4995] loop0: p4 size 8388608 extends beyond EOD, truncated
[   72.185936][ T5003] loop2: detected capacity change from 0 to 1024
[   72.196311][ T5002] smc: net device bond0 applied user defined pnetid SYZ2
[   72.203904][ T5002] smc: net device bond0 erased user defined pnetid SYZ2
[   72.212560][ T5003] EXT4-fs: Ignoring removed nobh option
[   72.218257][ T5003] EXT4-fs: Ignoring removed bh option
[   72.254707][ T5003] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.435439][ T5018] loop0: detected capacity change from 0 to 512
[   72.453864][ T5018] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.466667][ T5018] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   72.495251][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.576396][ T4980] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.468: Allocating blocks 497-513 which overlap fs metadata
[   72.709615][ T4998] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.473: Allocating blocks 497-513 which overlap fs metadata
[   72.745036][ T4990] EXT4-fs (loop3): pa ffff888106e6faf0: logic 496, phys. 401, len 7
[   72.753156][ T4990] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   72.768117][ T4994] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.472: Allocating blocks 497-513 which overlap fs metadata
[   72.831603][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.935924][ T4998] EXT4-fs (loop2): pa ffff888106e6fa80: logic 400, phys. 353, len 10
[   72.944068][ T4998] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   72.975013][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.997449][ T5026] lo speed is unknown, defaulting to 1000
[   73.005419][ T5024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   73.015956][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.020746][ T5024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   73.053520][ T5029] loop0: detected capacity change from 0 to 2048
[   73.078531][ T5033] netlink: 216 bytes leftover after parsing attributes in process `syz.1.485'.
[   73.087645][ T5033] netlink: 24 bytes leftover after parsing attributes in process `syz.1.485'.
[   73.153198][ T5029]  loop0: p1 < > p4
[   73.174708][ T5029] loop0: p4 size 8388608 extends beyond EOD, truncated
[   73.215746][ T5040] FAULT_INJECTION: forcing a failure.
[   73.215746][ T5040] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.228864][ T5040] CPU: 0 UID: 0 PID: 5040 Comm: syz.1.488 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   73.228945][ T5040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   73.228954][ T5040] Call Trace:
[   73.228960][ T5040]  <TASK>
[   73.228966][ T5040]  __dump_stack+0x1d/0x30
[   73.228985][ T5040]  dump_stack_lvl+0xe8/0x140
[   73.229001][ T5040]  dump_stack+0x15/0x1b
[   73.229014][ T5040]  should_fail_ex+0x265/0x280
[   73.229121][ T5040]  should_fail+0xb/0x20
[   73.229143][ T5040]  should_fail_usercopy+0x1a/0x20
[   73.229167][ T5040]  _copy_from_iter+0xcf/0xe40
[   73.229263][ T5040]  ? __build_skb_around+0x1a0/0x200
[   73.229289][ T5040]  ? __alloc_skb+0x223/0x320
[   73.229312][ T5040]  netlink_sendmsg+0x471/0x6b0
[   73.229390][ T5040]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.229405][ T5040]  __sock_sendmsg+0x142/0x180
[   73.229475][ T5040]  ____sys_sendmsg+0x31e/0x4e0
[   73.229502][ T5040]  ___sys_sendmsg+0x17b/0x1d0
[   73.229543][ T5040]  __x64_sys_sendmsg+0xd4/0x160
[   73.229570][ T5040]  x64_sys_call+0x2999/0x2fb0
[   73.229587][ T5040]  do_syscall_64+0xd2/0x200
[   73.229602][ T5040]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.229677][ T5040]  ? clear_bhb_loop+0x40/0x90
[   73.229693][ T5040]  ? clear_bhb_loop+0x40/0x90
[   73.229710][ T5040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.229790][ T5040] RIP: 0033:0x7fe154d2e929
[   73.229802][ T5040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.229816][ T5040] RSP: 002b:00007fe153397038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.229878][ T5040] RAX: ffffffffffffffda RBX: 00007fe154f55fa0 RCX: 00007fe154d2e929
[   73.229888][ T5040] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000005
[   73.229897][ T5040] RBP: 00007fe153397090 R08: 0000000000000000 R09: 0000000000000000
[   73.229906][ T5040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.229952][ T5040] R13: 0000000000000000 R14: 00007fe154f55fa0 R15: 00007ffc23c0f248
[   73.229966][ T5040]  </TASK>
[   73.439891][ T5037] loop4: detected capacity change from 0 to 1764
[   73.496282][ T5042] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[   73.685360][ T5048] loop1: detected capacity change from 0 to 1024
[   73.844302][ T5048] EXT4-fs: Ignoring removed nobh option
[   73.849938][ T5048] EXT4-fs: Ignoring removed bh option
[   73.993156][ T5048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.081832][ T5063] loop0: detected capacity change from 0 to 128
[   74.177751][ T5063] lo speed is unknown, defaulting to 1000
[   74.304417][ T5072] smc: net device bond0 applied user defined pnetid SYZ2
[   74.385928][ T5069] smc: net device bond0 erased user defined pnetid SYZ2
[   74.442334][ T5076] netlink: 'syz.0.500': attribute type 27 has an invalid length.
[   74.453033][ T5082] Driver unsupported XDP return value 0 on prog  (id 346) dev N/A, expect packet loss!
[   74.600896][ T5076] bridge0: port 3(team0) entered disabled state
[   74.607426][ T5076] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.614676][ T5076] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.820382][ T5076] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.865584][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.883792][ T5076] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.996200][ T5076] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.005193][ T5076] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.014114][ T5076] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.023064][ T5076] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.328410][ T5095] lo speed is unknown, defaulting to 1000
[   75.389403][ T5098] loop2: detected capacity change from 0 to 2048
[   75.413631][ T5099] loop4: detected capacity change from 0 to 1024
[   75.430786][ T5099] EXT4-fs: Ignoring removed nobh option
[   75.436368][ T5099] EXT4-fs: Ignoring removed bh option
[   75.451099][ T5098]  loop2: p1 < > p4
[   75.471723][ T5098] loop2: p4 size 8388608 extends beyond EOD, truncated
[   75.523657][ T5099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.781939][ T5097] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.509: Allocating blocks 497-513 which overlap fs metadata
[   75.812290][   T29] kauditd_printk_skb: 436 callbacks suppressed
[   75.812305][   T29] audit: type=1326 audit(1750847171.576:4812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5096 comm="syz.4.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   75.869600][   T29] audit: type=1326 audit(1750847171.606:4813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5096 comm="syz.4.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   75.905545][   T29] audit: type=1326 audit(1750847171.666:4814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5096 comm="syz.4.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   75.928931][   T29] audit: type=1326 audit(1750847171.666:4815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5096 comm="syz.4.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   75.952438][   T29] audit: type=1326 audit(1750847171.666:4816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5096 comm="syz.4.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   75.975830][   T29] audit: type=1326 audit(1750847171.666:4817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5096 comm="syz.4.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   75.999273][   T29] audit: type=1326 audit(1750847171.666:4818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5096 comm="syz.4.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190af4e929 code=0x7ffc0000
[   76.076876][ T5107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   76.097114][   T29] audit: type=1400 audit(1750847171.836:4819): avc:  denied  { ioctl } for  pid=5106 comm="syz.1.505" path="socket:[8942]" dev="sockfs" ino=8942 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   76.123898][ T5107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   76.128259][   T29] audit: type=1326 audit(1750847171.886:4820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5109 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1847a2e929 code=0x7ffc0000
[   76.155610][   T29] audit: type=1326 audit(1750847171.886:4821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5109 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1847a2e929 code=0x7ffc0000
[   76.212554][ T5096] EXT4-fs (loop4): pa ffff888106e6fa80: logic 784, phys. 401, len 7
[   76.220661][ T5096] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   76.249476][ T5118] loop0: detected capacity change from 0 to 1024
[   76.253394][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.257722][ T5118] EXT4-fs: Ignoring removed nobh option
[   76.271439][ T5118] EXT4-fs: Ignoring removed bh option
[   76.287231][ T5117] __nla_validate_parse: 1 callbacks suppressed
[   76.287285][ T5117] netlink: 80 bytes leftover after parsing attributes in process `syz.3.514'.
[   76.306282][ T5118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.434986][ T5128] loop4: detected capacity change from 0 to 1024
[   76.441753][ T5128] EXT4-fs: Ignoring removed nobh option
[   76.447370][ T5128] EXT4-fs: Ignoring removed bh option
[   76.457797][ T5131] loop2: detected capacity change from 0 to 1024
[   76.464657][ T5131] EXT4-fs: Ignoring removed nobh option
[   76.470701][ T5131] EXT4-fs: Ignoring removed bh option
[   76.497410][ T5131] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.529125][ T5130] netlink: 'syz.3.518': attribute type 10 has an invalid length.
[   76.537717][ T5130] netlink: 40 bytes leftover after parsing attributes in process `syz.3.518'.
[   76.541938][ T5128] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.583029][ T5130] 9pnet_fd: Insufficient options for proto=fd
[   76.809533][ T5147] loop3: detected capacity change from 0 to 1024
[   76.817934][ T5147] EXT4-fs: Ignoring removed nobh option
[   76.823666][ T5147] EXT4-fs: Ignoring removed bh option
[   76.843317][ T5147] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.876021][ T5112] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.512: Allocating blocks 497-513 which overlap fs metadata
[   77.043768][ T5123] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.516: Allocating blocks 497-513 which overlap fs metadata
[   77.078661][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.131394][ T5125] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.515: Allocating blocks 497-513 which overlap fs metadata
[   77.190387][ T5161] loop1: detected capacity change from 0 to 2048
[   77.220876][ T5161]  loop1: p1 < > p2 < > p3 p4 < >
[   77.226022][ T5161] loop1: partition table partially beyond EOD, truncated
[   77.237088][ T5161] loop1: p1 start 2305 is beyond EOD, truncated
[   77.243497][ T5161] loop1: p2 start 4294902784 is beyond EOD, truncated
[   77.244249][ T5125] EXT4-fs (loop4): pa ffff888106e6fbd0: logic 416, phys. 177, len 21
[   77.250247][ T5161] loop1: p3 start 3724543488 is beyond EOD, truncated
[   77.265834][ T5125] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   77.287145][ T5144] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.521: Allocating blocks 497-513 which overlap fs metadata
[   77.327627][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.327679][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.349634][ T5167] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5167 comm=syz.4.530
[   77.362656][ T5167] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5167 comm=syz.4.530
[   77.389368][ T5165] netlink: 'syz.0.531': attribute type 10 has an invalid length.
[   77.397252][ T5165] netlink: 40 bytes leftover after parsing attributes in process `syz.0.531'.
[   77.408602][ T5165] 8021q: adding VLAN 0 to HW filter on device team0
[   77.419017][ T5165] 9pnet_fd: Insufficient options for proto=fd
[   77.437919][ T5147] EXT4-fs (loop3): pa ffff888106e6fb60: logic 560, phys. 433, len 5
[   77.446686][ T5147] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   77.492507][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.528295][ T5185] loop2: detected capacity change from 0 to 1024
[   77.535446][ T5185] EXT4-fs: Ignoring removed nobh option
[   77.541798][ T5185] EXT4-fs: Ignoring removed bh option
[   77.595562][ T5185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.624385][ T5189] loop0: detected capacity change from 0 to 1764
[   77.647499][ T5196] loop4: detected capacity change from 0 to 2048
[   77.682490][ T5175] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.534: Allocating blocks 497-513 which overlap fs metadata
[   77.697611][ T5196]  loop4: p1 < > p2 < > p3 p4 < >
[   77.702672][ T5196] loop4: partition table partially beyond EOD, truncated
[   77.711007][ T5196] loop4: p1 start 2305 is beyond EOD, truncated
[   77.717306][ T5196] loop4: p2 start 4294902784 is beyond EOD, truncated
[   77.724203][ T5196] loop4: p3 start 3724543488 is beyond EOD, truncated
[   77.762722][ T5198] siw: device registration error -23
[   77.786300][ T5175] EXT4-fs (loop2): pa ffff888106e6fa80: logic 0, phys. 113, len 25
[   77.794369][ T5175] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 23, pa_free 24
[   77.847817][ T5206] siw: device registration error -23
[   77.913120][ T5218] tmpfs: Bad value for 'mpol'
[   77.930252][ T5222] loop4: detected capacity change from 0 to 1024
[   77.943739][ T5222] EXT4-fs: Ignoring removed nobh option
[   77.949366][ T5222] EXT4-fs: Ignoring removed bh option
[   77.973147][ T5222] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.010330][ T5219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   78.019784][ T5219] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   78.136950][ T5232] netlink: 216 bytes leftover after parsing attributes in process `syz.1.553'.
[   78.145994][ T5232] netlink: 24 bytes leftover after parsing attributes in process `syz.1.553'.
[   78.154921][ T5232] netlink: 16 bytes leftover after parsing attributes in process `syz.1.553'.
[   78.156591][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.175998][ T5234] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[   78.260424][ T5240] loop0: detected capacity change from 0 to 512
[   78.274653][ T5240] EXT4-fs: inline encryption not supported
[   78.303808][ T5243] loop1: detected capacity change from 0 to 2048
[   78.310720][ T5240] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   78.326207][ T5211] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.547: Allocating blocks 497-513 which overlap fs metadata
[   78.331463][ T5243]  loop1: p1 < > p2 < > p3 p4 < >
[   78.340838][ T5240] EXT4-fs (loop0): 1 truncate cleaned up
[   78.345712][ T5243] loop1: partition table partially beyond EOD, truncated
[   78.357982][ T5243] loop1: p1 start 2305 is beyond EOD, truncated
[   78.358676][ T5240] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.364885][ T5243] loop1: p2 start 4294902784 is beyond EOD, truncated
[   78.384010][ T5243] loop1: p3 start 3724543488 is beyond EOD, truncated
[   78.387924][ T5244] siw: device registration error -23
[   78.422198][ T5250] lo speed is unknown, defaulting to 1000
[   78.448731][ T5250] FAULT_INJECTION: forcing a failure.
[   78.448731][ T5250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.461848][ T5250] CPU: 1 UID: 0 PID: 5250 Comm: syz.2.558 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   78.461873][ T5250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   78.461884][ T5250] Call Trace:
[   78.461890][ T5250]  <TASK>
[   78.461898][ T5250]  __dump_stack+0x1d/0x30
[   78.461993][ T5250]  dump_stack_lvl+0xe8/0x140
[   78.462013][ T5250]  dump_stack+0x15/0x1b
[   78.462076][ T5250]  should_fail_ex+0x265/0x280
[   78.462107][ T5250]  should_fail+0xb/0x20
[   78.462134][ T5250]  should_fail_usercopy+0x1a/0x20
[   78.462203][ T5250]  _copy_to_user+0x20/0xa0
[   78.462225][ T5250]  simple_read_from_buffer+0xb5/0x130
[   78.462256][ T5250]  proc_fail_nth_read+0x100/0x140
[   78.462403][ T5250]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   78.462435][ T5250]  vfs_read+0x19d/0x6f0
[   78.462462][ T5250]  ? __pfx_pppol2tp_connect+0x10/0x10
[   78.462520][ T5250]  ? __sys_connect+0x20b/0x2b0
[   78.462546][ T5250]  ksys_read+0xda/0x1a0
[   78.462572][ T5250]  __x64_sys_read+0x40/0x50
[   78.462602][ T5250]  x64_sys_call+0x2d77/0x2fb0
[   78.462716][ T5250]  do_syscall_64+0xd2/0x200
[   78.462850][ T5250]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   78.462875][ T5250]  ? clear_bhb_loop+0x40/0x90
[   78.462896][ T5250]  ? clear_bhb_loop+0x40/0x90
[   78.462953][ T5250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.462971][ T5250] RIP: 0033:0x7f938b8fd33c
[   78.462984][ T5250] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   78.462999][ T5250] RSP: 002b:00007f9389f67030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   78.463015][ T5250] RAX: ffffffffffffffda RBX: 00007f938bb25fa0 RCX: 00007f938b8fd33c
[   78.463093][ T5250] RDX: 000000000000000f RSI: 00007f9389f670a0 RDI: 0000000000000007
[   78.463106][ T5250] RBP: 00007f9389f67090 R08: 0000000000000000 R09: 0000000000000000
[   78.463118][ T5250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.463168][ T5250] R13: 0000000000000000 R14: 00007f938bb25fa0 R15: 00007ffed5175cb8
[   78.463184][ T5250]  </TASK>
[   78.466813][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.469372][ T5252] loop1: detected capacity change from 0 to 1024
[   78.704516][ T5254] smc: net device bond0 applied user defined pnetid SYZ2
[   78.712195][ T5254] smc: net device bond0 erased user defined pnetid SYZ2
[   78.777127][ T5252] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.803812][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.843145][ T5265] siw: device registration error -23
[   78.856292][ T5272] loop4: detected capacity change from 0 to 512
[   78.898424][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.931534][ T5274] netlink: 32 bytes leftover after parsing attributes in process `syz.4.567'.
[   78.956676][ T5276] loop2: detected capacity change from 0 to 256
[   79.320620][ T5285] loop1: detected capacity change from 0 to 1764
[   79.394291][ T5282] netlink: 24 bytes leftover after parsing attributes in process `syz.2.570'.
[   79.609989][ T5290] smc: net device bond0 applied user defined pnetid SYZ2
[   79.617328][ T5290] smc: net device bond0 erased user defined pnetid SYZ2
[   79.665112][ T5292] loop3: detected capacity change from 0 to 512
[   79.671792][ T5292] EXT4-fs: Ignoring removed i_version option
[   79.679191][ T5292] EXT4-fs (loop3): 1 truncate cleaned up
[   79.687337][ T5292] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.716072][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.738098][ T5301] loop3: detected capacity change from 0 to 512
[   79.746601][ T5301] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[   79.806648][ T5302] loop4: detected capacity change from 0 to 1024
[   79.814658][ T5302] EXT4-fs: Ignoring removed nobh option
[   79.820429][ T5302] EXT4-fs: Ignoring removed bh option
[   79.875965][ T5302] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.898644][ T5307] netlink: 28 bytes leftover after parsing attributes in process `syz.2.579'.
[   80.418074][ T5317] loop1: detected capacity change from 0 to 128
[   80.703433][ T5321] siw: device registration error -23
[   80.823977][ T5326] siw: device registration error -23
[   80.826447][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.839648][   T29] kauditd_printk_skb: 578 callbacks suppressed
[   80.839661][   T29] audit: type=1400 audit(1750847176.596:5400): avc:  denied  { bind } for  pid=5334 comm="syz.2.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   80.866730][   T29] audit: type=1400 audit(1750847176.596:5401): avc:  denied  { write } for  pid=5334 comm="syz.2.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   80.909268][   T29] audit: type=1326 audit(1750847176.666:5402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   80.942643][   T29] audit: type=1326 audit(1750847176.696:5403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   80.966758][   T29] audit: type=1326 audit(1750847176.696:5404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   80.990715][   T29] audit: type=1326 audit(1750847176.696:5405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   81.014840][   T29] audit: type=1326 audit(1750847176.696:5406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   81.038847][   T29] audit: type=1326 audit(1750847176.696:5407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   81.062849][   T29] audit: type=1326 audit(1750847176.696:5408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   81.086782][   T29] audit: type=1326 audit(1750847176.696:5409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5342 comm="syz.2.591" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938b8fe929 code=0x7ffc0000
[   81.135271][ T5350] loop2: detected capacity change from 0 to 1024
[   81.151603][ T5350] EXT4-fs: Ignoring removed nobh option
[   81.157357][ T5350] EXT4-fs: Ignoring removed bh option
[   81.168710][ T5338] netlink: 24 bytes leftover after parsing attributes in process `syz.3.590'.
[   81.205355][ T5350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.521558][ T5343] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.591: Allocating blocks 497-513 which overlap fs metadata
[   81.654566][ T5359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.663716][ T5359] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.690287][ T5343] EXT4-fs (loop2): pa ffff888106e6fcb0: logic 876, phys. 433, len 5
[   81.699021][ T5343] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   81.715048][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.737568][ T5363] loop2: detected capacity change from 0 to 512
[   81.744372][ T5363] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[   81.883750][ T5371] loop4: detected capacity change from 0 to 1024
[   81.893041][ T5371] EXT4-fs: Ignoring removed nobh option
[   81.898658][ T5371] EXT4-fs: Ignoring removed bh option
[   81.964551][ T5371] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.339914][ T5380] loop3: detected capacity change from 0 to 512
[   82.359941][ T5380] EXT4-fs: Ignoring removed mblk_io_submit option
[   82.366513][ T5380] EXT4-fs: Ignoring removed bh option
[   82.378843][ T5380] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   82.390075][ T5380] EXT4-fs (loop3): 1 truncate cleaned up
[   82.396809][ T5380] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.410671][ T5385] loop0: detected capacity change from 0 to 1024
[   82.418590][ T5385] EXT4-fs: Ignoring removed nobh option
[   82.424208][ T5385] EXT4-fs: Ignoring removed bh option
[   82.443573][ T5385] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.615503][ T5367] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.597: Allocating blocks 497-513 which overlap fs metadata
[   82.690457][ T5394] loop2: detected capacity change from 0 to 2048
[   82.746174][ T5367] EXT4-fs (loop4): pa ffff888106e9f460: logic 576, phys. 449, len 4
[   82.754231][ T5367] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   82.822343][ T5400] loop4: detected capacity change from 0 to 128
[   82.851633][ T5399] loop2: detected capacity change from 0 to 1764
[   82.897431][ T5379] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.598: Allocating blocks 497-513 which overlap fs metadata
[   83.065359][ T5379] EXT4-fs (loop0): pa ffff888106e6fd90: logic 448, phys. 385, len 8
[   83.074064][ T5379] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   83.273875][ T5411] FAULT_INJECTION: forcing a failure.
[   83.273875][ T5411] name failslab, interval 1, probability 0, space 0, times 0
[   83.286678][ T5411] CPU: 0 UID: 0 PID: 5411 Comm: syz.0.605 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   83.286706][ T5411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   83.286717][ T5411] Call Trace:
[   83.286723][ T5411]  <TASK>
[   83.286729][ T5411]  __dump_stack+0x1d/0x30
[   83.286748][ T5411]  dump_stack_lvl+0xe8/0x140
[   83.286849][ T5411]  dump_stack+0x15/0x1b
[   83.286866][ T5411]  should_fail_ex+0x265/0x280
[   83.286898][ T5411]  should_failslab+0x8c/0xb0
[   83.286920][ T5411]  kmem_cache_alloc_noprof+0x50/0x310
[   83.286997][ T5411]  ? security_inode_alloc+0x37/0x100
[   83.287071][ T5411]  security_inode_alloc+0x37/0x100
[   83.287116][ T5411]  inode_init_always_gfp+0x4b7/0x500
[   83.287137][ T5411]  ? __pfx_hugetlbfs_alloc_inode+0x10/0x10
[   83.287156][ T5411]  alloc_inode+0x58/0x170
[   83.287172][ T5411]  new_inode+0x1d/0xe0
[   83.287188][ T5411]  hugetlbfs_get_inode+0x7b/0x370
[   83.287205][ T5411]  hugetlb_file_setup+0x192/0x3d0
[   83.287221][ T5411]  ksys_mmap_pgoff+0x157/0x310
[   83.287323][ T5411]  x64_sys_call+0x1602/0x2fb0
[   83.287468][ T5411]  do_syscall_64+0xd2/0x200
[   83.287478][ T5411]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   83.287544][ T5411]  ? clear_bhb_loop+0x40/0x90
[   83.287562][ T5411]  ? clear_bhb_loop+0x40/0x90
[   83.287574][ T5411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.287586][ T5411] RIP: 0033:0x7fc4c403e929
[   83.287621][ T5411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.287632][ T5411] RSP: 002b:00007fc4c26a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   83.287643][ T5411] RAX: ffffffffffffffda RBX: 00007fc4c4265fa0 RCX: 00007fc4c403e929
[   83.287650][ T5411] RDX: 0000000000000000 RSI: 0000000000ff5000 RDI: 0000200000000000
[   83.287657][ T5411] RBP: 00007fc4c26a7090 R08: ffffffffffffffff R09: 0000000000000000
[   83.287664][ T5411] R10: 000200000005c831 R11: 0000000000000246 R12: 0000000000000001
[   83.287671][ T5411] R13: 0000000000000000 R14: 00007fc4c4265fa0 R15: 00007ffc1721a208
[   83.287713][ T5411]  </TASK>
[   83.515749][ T5417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   83.526136][ T5417] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   83.540277][ T5416] loop2: detected capacity change from 0 to 512
[   83.564181][ T5416] EXT4-fs: Ignoring removed mblk_io_submit option
[   83.571396][ T5416] EXT4-fs: Ignoring removed bh option
[   83.581876][ T5416] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   83.618979][ T5416] EXT4-fs (loop2): 1 truncate cleaned up
[   83.785900][ T5429] netlink: 'syz.4.613': attribute type 10 has an invalid length.
[   83.793697][ T5429] __nla_validate_parse: 1 callbacks suppressed
[   83.793710][ T5429] netlink: 40 bytes leftover after parsing attributes in process `syz.4.613'.
[   83.809608][ T5429] 8021q: adding VLAN 0 to HW filter on device team0
[   83.818030][ T5429] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   83.839931][ T5429] 9pnet_fd: Insufficient options for proto=fd
[   84.038635][ T5433] FAULT_INJECTION: forcing a failure.
[   84.038635][ T5433] name failslab, interval 1, probability 0, space 0, times 0
[   84.051949][ T5433] CPU: 0 UID: 0 PID: 5433 Comm: syz.3.615 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   84.051977][ T5433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   84.052044][ T5433] Call Trace:
[   84.052048][ T5433]  <TASK>
[   84.052052][ T5433]  __dump_stack+0x1d/0x30
[   84.052085][ T5433]  dump_stack_lvl+0xe8/0x140
[   84.052096][ T5433]  dump_stack+0x15/0x1b
[   84.052105][ T5433]  should_fail_ex+0x265/0x280
[   84.052123][ T5433]  should_failslab+0x8c/0xb0
[   84.052137][ T5433]  kmem_cache_alloc_lru_noprof+0x55/0x310
[   84.052242][ T5433]  ? hugetlbfs_alloc_inode+0xbc/0x100
[   84.052262][ T5433]  hugetlbfs_alloc_inode+0xbc/0x100
[   84.052279][ T5433]  ? __pfx_hugetlbfs_alloc_inode+0x10/0x10
[   84.052311][ T5433]  alloc_inode+0x3d/0x170
[   84.052328][ T5433]  new_inode+0x1d/0xe0
[   84.052350][ T5433]  hugetlbfs_get_inode+0x7b/0x370
[   84.052367][ T5433]  hugetlb_file_setup+0x192/0x3d0
[   84.052394][ T5433]  ksys_mmap_pgoff+0x157/0x310
[   84.052412][ T5433]  x64_sys_call+0x1602/0x2fb0
[   84.052480][ T5433]  do_syscall_64+0xd2/0x200
[   84.052490][ T5433]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   84.052505][ T5433]  ? clear_bhb_loop+0x40/0x90
[   84.052571][ T5433]  ? clear_bhb_loop+0x40/0x90
[   84.052583][ T5433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.052595][ T5433] RIP: 0033:0x7f1847a2e929
[   84.052604][ T5433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.052614][ T5433] RSP: 002b:00007f1846097038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   84.052629][ T5433] RAX: ffffffffffffffda RBX: 00007f1847c55fa0 RCX: 00007f1847a2e929
[   84.052637][ T5433] RDX: 0000000000000002 RSI: 0000000000ff5000 RDI: 0000200000000000
[   84.052644][ T5433] RBP: 00007f1846097090 R08: ffffffffffffffff R09: 0000000000000000
[   84.052651][ T5433] R10: 000000000004c831 R11: 0000000000000246 R12: 0000000000000001
[   84.052658][ T5433] R13: 0000000000000000 R14: 00007f1847c55fa0 R15: 00007ffe135dd468
[   84.052668][ T5433]  </TASK>
[   84.275506][ T5436] loop4: detected capacity change from 0 to 1024
[   84.283373][ T5436] EXT4-fs: Ignoring removed nobh option
[   84.288977][ T5436] EXT4-fs: Ignoring removed bh option
[   84.398862][ T5449] loop3: detected capacity change from 0 to 128
[   84.458749][ T5454] smc: net device bond0 applied user defined pnetid SYZ2
[   84.470093][ T5454] smc: net device bond0 erased user defined pnetid SYZ2
[   84.502979][ T5457] loop2: detected capacity change from 0 to 1024
[   84.509852][ T5457] EXT4-fs: Ignoring removed nobh option
[   84.515543][ T5457] EXT4-fs: Ignoring removed bh option
[   84.580211][ T5456] smc: net device bond0 applied user defined pnetid SYZ2
[   84.588449][ T5456] smc: net device bond0 erased user defined pnetid SYZ2
[   84.600266][ T5461] netlink: 'syz.1.625': attribute type 10 has an invalid length.
[   84.608797][ T5461] netlink: 40 bytes leftover after parsing attributes in process `syz.1.625'.
[   84.638846][ T5461] 9pnet_fd: Insufficient options for proto=fd
[   84.829022][ T5435] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.616: Allocating blocks 497-513 which overlap fs metadata
[   84.875713][ T5472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.897404][ T5472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   85.029044][ T5451] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.621: Allocating blocks 497-513 which overlap fs metadata
[   85.048982][ T5435] EXT4-fs (loop4): pa ffff888106e6fe70: logic 488, phys. 241, len 17
[   85.057261][ T5435] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   85.068932][ T5475] loop0: detected capacity change from 0 to 2048
[   85.101909][ T5475]  loop0: p1 < > p2 < > p3 p4 < >
[   85.106982][ T5475] loop0: partition table partially beyond EOD, truncated
[   85.114263][ T5475] loop0: p1 start 2305 is beyond EOD, truncated
[   85.121178][ T5475] loop0: p2 start 4294902784 is beyond EOD, truncated
[   85.128065][ T5475] loop0: p3 start 3724543488 is beyond EOD, truncated
[   85.134849][ T5457] EXT4-fs (loop2): pa ffff888106e6ff50: logic 560, phys. 433, len 5
[   85.142991][ T5457] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[   85.239700][ T5481] loop0: detected capacity change from 0 to 1764
[   85.372715][ T5494] lo speed is unknown, defaulting to 1000
[   85.423465][ T5495] loop4: detected capacity change from 0 to 2048
[   85.461622][ T5495]  loop4: p1 < > p4
[   85.466020][ T5495] loop4: p4 size 8388608 extends beyond EOD, truncated
[   85.579072][ T5501] gre1: entered promiscuous mode
[   85.644308][ T5503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.642'.
[   85.664573][ T5503] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.672388][ T5503] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.699267][ T5503] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.707327][ T5503] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.799114][ T5506] loop0: detected capacity change from 0 to 2048
[   85.841457][ T5506]  loop0: p1 < > p2 < > p3 p4 < >
[   85.846618][ T5506] loop0: partition table partially beyond EOD, truncated
[   85.859916][   T29] kauditd_printk_skb: 335 callbacks suppressed
[   85.859938][   T29] audit: type=1326 audit(1750847181.616:5745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   85.892547][   T29] audit: type=1326 audit(1750847181.616:5746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   85.916771][   T29] audit: type=1326 audit(1750847181.616:5747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   85.940841][   T29] audit: type=1326 audit(1750847181.616:5748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   85.964979][   T29] audit: type=1326 audit(1750847181.616:5749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   85.988949][   T29] audit: type=1326 audit(1750847181.616:5750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   86.012910][   T29] audit: type=1326 audit(1750847181.616:5751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   86.036844][   T29] audit: type=1326 audit(1750847181.616:5752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   86.060794][   T29] audit: type=1326 audit(1750847181.616:5753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   86.084960][   T29] audit: type=1326 audit(1750847181.616:5754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5507 comm="syz.1.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe154d2e929 code=0x7ffc0000
[   86.112291][ T5506] loop0: p1 start 2305 is beyond EOD, truncated
[   86.118567][ T5506] loop0: p2 start 4294902784 is beyond EOD, truncated
[   86.126026][ T5506] loop0: p3 start 3724543488 is beyond EOD, truncated
[   86.236064][ T5512] loop1: detected capacity change from 0 to 1024
[   86.267379][ T5512] EXT4-fs: Ignoring removed nobh option
[   86.272986][ T5512] EXT4-fs: Ignoring removed bh option
[   86.285862][ T5516] loop2: detected capacity change from 0 to 128
[   86.301515][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   86.310466][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   86.384393][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   86.481861][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   86.490736][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   86.539883][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   86.598619][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   86.673212][ T5522] ==================================================================
[   86.681314][ T5522] BUG: KCSAN: data-race in __mark_inode_dirty / __mark_inode_dirty
[   86.689225][ T5522] 
[   86.691551][ T5522] write to 0xffff888100621628 of 4 bytes by task 5516 on cpu 0:
[   86.699184][ T5522]  __mark_inode_dirty+0x240/0x760
[   86.704205][ T5522]  mark_buffer_dirty+0x133/0x210
[   86.709139][ T5522]  block_write_end+0x12e/0x210
[   86.713890][ T5522]  generic_write_end+0x57/0x150
[   86.718730][ T5522]  fat_write_end+0x4f/0x160
[   86.723322][ T5522]  generic_perform_write+0x30f/0x490
[   86.728597][ T5522]  __generic_file_write_iter+0x9e/0x120
[   86.734136][ T5522]  generic_file_write_iter+0x8d/0x2f0
[   86.739499][ T5522]  iter_file_splice_write+0x5ef/0x970
[   86.744872][ T5522]  direct_splice_actor+0x153/0x2a0
[   86.750069][ T5522]  splice_direct_to_actor+0x30f/0x680
[   86.755440][ T5522]  do_splice_direct+0xda/0x150
[   86.760207][ T5522]  do_sendfile+0x380/0x650
[   86.764616][ T5522]  __x64_sys_sendfile64+0x105/0x150
[   86.769809][ T5522]  x64_sys_call+0xb39/0x2fb0
[   86.774390][ T5522]  do_syscall_64+0xd2/0x200
[   86.778882][ T5522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.784767][ T5522] 
[   86.787081][ T5522] read to 0xffff888100621628 of 4 bytes by task 5522 on cpu 1:
[   86.794610][ T5522]  __mark_inode_dirty+0x52/0x760
[   86.799540][ T5522]  fat_update_time+0x1ec/0x200
[   86.804303][ T5522]  touch_atime+0x148/0x340
[   86.808731][ T5522]  filemap_splice_read+0x629/0x6b0
[   86.813857][ T5522]  splice_direct_to_actor+0x26f/0x680
[   86.819241][ T5522]  do_splice_direct+0xda/0x150
[   86.824105][ T5522]  do_sendfile+0x380/0x650
[   86.828525][ T5522]  __x64_sys_sendfile64+0x105/0x150
[   86.833752][ T5522]  x64_sys_call+0xb39/0x2fb0
[   86.838341][ T5522]  do_syscall_64+0xd2/0x200
[   86.842832][ T5522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.848795][ T5522] 
[   86.851207][ T5522] value changed: 0x00000008 -> 0x00000038
[   86.856917][ T5522] 
[   86.859242][ T5522] Reported by Kernel Concurrency Sanitizer on:
[   86.865386][ T5522] CPU: 1 UID: 0 PID: 5522 Comm: syz.2.647 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(voluntary) 
[   86.877707][ T5522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   86.887756][ T5522] ==================================================================