last executing test programs:

3.673982705s ago: executing program 0 (id=3941):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000340)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007bc}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@data_err_ignore}, {@bh}, {@errors_continue}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
ioctl$FS_IOC_RESVSP(r4, 0x4030582b, &(0x7f00000001c0)={0x1100, 0x2, 0x3, 0x9})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f0000002700)=ANY=[@ANYBLOB="0800080007000100000014000000460a0fc0006400000b7390780a0100feffffffff440451033297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6ab49885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f6314817cde2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b75a9ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b3d62e6853aeb0ce9a6f6d2eef10c94594588c00e0fe911bbf1c12eb6c37ce05690cb47effc4f56a0744474a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a521f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c9eaacb5793498be490de32baba49172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19411e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d002b614815915fb8fe9810d143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d2359d337c6f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b459e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d47853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb6393000000008f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb97800763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161dab92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca123456884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c17e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e760af5bc4bbf2f8bd6ee5605c4c5b6eebb96fca0a41897cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f600000000000000000008575123fc1a088c3ada18fccba2f811f156f16fdab59b9419a6eefacfd2bb974917db477fc77492ccce4b9973435d7fcf68cd69ed32bda444adc2590ad85593757e60643f2f50de5da277f0402c4f41786093b0cec331c4f6b347d2922ef87985fa3d111f223378a82b581e217b9531f089cf6c2cb179ea20b81e73ef39d60c2b1ae215af586913302817e66e75c98b042fc22f807e4f29017cdee1eb094468c18e07696b2df086deaa3096868c44d1b757887b9566ef8821f1f483134dc90ef48b8237aec7ddebbed8ca62193319a0323de36e3499337243d8a6dcb2a141f261a37b00000ce6c0f7225689e79f3b734baf8ddea57ae2ab8e03a74b5c132ec7faa35b7b3f45578e0eff71b0dc78c2ba010050f0b31f4104be2ebdbca5e7e7a183d2a8da7f6020291927a9ba9a8abba989f551d666d4be91f7b9df4f6beddba6cabe5f81897b50cb4e32a"], 0xfce)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)=@generic={&(0x7f00000000c0)='./file1\x00', r4}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000180)="094db6bafd227bc17d6e6691debf", &(0x7f0000000200)=@udp6=r1, 0x1}, 0x20)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4004881)
socket$inet6_sctp(0xa, 0x5, 0x84)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r8, &(0x7f0000000500)="1dba35de90072f2f1b335be2a0be724b5dc9d1f5107ed4137bf833d7ca98b587830e1ca09b83559295ff7300fe34f2c51bc9a06311daa317abf2317c4884ea241bde619338016eba88d54f6ff94d1c6f5c682fc6196f3c6ea58aac71b52f630ba2e47b6298d6a4a1bc1866740351687e1788985485efd54de301b7a36b6195007a1f92ca0b0a54a718c4103706b098b0702436f2e57fc7b376724a58eb13e2f4177e0c86c137678f3033b2866e1130", &(0x7f0000000300)=@udp6=r4, 0x4}, 0x20)
lseek(0xffffffffffffffff, 0xd7de, 0x1)
getdents64(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000900030000000000000f020000000000000000b60ba1a36e8cf2a8cc8065bd7c39ce33fcd815fa5bd6175bf0fe4664806e072677129d67b4207d7a66e0de5b57144d3a8d695ea59f1871ec63ca1fa2511b309e01075fd41d518e5c9be45ee7d0377e4bba8c68688f2395e6a422cfb33c81998fa9035c19c081eb1fb2101165c7aaf744d66f9dc9ad2ad08cbfb40b9796dd65fa9f078230dab419fe13c99704c71e2e51df57c1c5e3751e0fd164b5f2ca0a031dcf7c5cdaa624a28a96c138cc8d095f800000000000000000"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

3.629594386s ago: executing program 3 (id=3942):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
connect$inet(r3, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000340)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)

2.785675818s ago: executing program 3 (id=3954):
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x51ba82, 0x140)
ftruncate(r0, 0x2007ffb)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'veth0_macvtap\x00', 0x100})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xb, 0x0, &(0x7f00000013c0))
ioctl$TUNSETLINK(r1, 0x400454cd, 0x7)
close(r1)
sendfile(r0, r0, 0x0, 0x1000000201005)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r4], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00"/13], 0x2c)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r10=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r8, r10, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0)
syz_emit_ethernet(0x66, &(0x7f0000001a40)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0xa0, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x0, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c5002, 0x0)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r11, @ANYBLOB="0000000000000000b704000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r12}, 0x10)

2.721307429s ago: executing program 3 (id=3957):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000003001e00400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d0001007564703a73"], 0x54}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), r0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x101}, 0x18)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x24, 0x9, 0x6, 0x303, 0x0, 0x0, {0x5, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000014}, 0x44000)
r5 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x8}}, [@TCA_RATE={0x6, 0x5, {0x2, 0x9}}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x80)
munlockall()
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f00000000c0)={0x0, 0xfffffd0f, 0xfa00, {0x4, &(0x7f0000000000), 0x111}}, 0x20)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
r9 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40000100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x800, 0xfffffffc, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x20000000000002b8, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r10}, &(0x7f0000000180), &(0x7f00000001c0)=r9}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@newsa={0x164, 0x10, 0x1, 0x0, 0x0, {{@in=@rand_addr=0x64010102, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in, 0x0, 0x32}, @in6=@loopback, {0xfffffffffffffffe}, {0x0, 0xfffffffffffffffd, 0x0, 0x3}, {0x0, 0xffffffff}, 0x0, 0x0, 0xa, 0x1, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x2c, 0x17, {0x4, 0xffffffff, 0x0, 0x0, 0x70bd2d, 0x0, [0x80000000, 0x2, 0x9, 0xfffffffa]}}]}, 0x164}}, 0x0)

2.67864226s ago: executing program 0 (id=3958):
socket(0x2, 0x80805, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000006c8b, 0x37}, 0x7, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='setgroups\x00')
socket$kcm(0x10, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
socket$inet6(0xa, 0x800000000000002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f00000003c0), &(0x7f00000001c0)=r0}, 0x20)

2.571994071s ago: executing program 0 (id=3959):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x101142, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x6}, 0x18)
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x10, 0x701, 0xfffffffc, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x14\x00'}, @typed={0x8, 0xa, 0x0, 0x0, @fd=r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2.552919482s ago: executing program 0 (id=3960):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x40, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000400)={'syztnl2\x00', <r1=>0x0, 0x20, 0x80, 0x8, 0x8, {{0x10, 0x4, 0x2, 0x2, 0x40, 0x65, 0x0, 0x4, 0x2f, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@cipso={0x86, 0x18, 0x3, [{0x5, 0x12, "e699d245f337feba9ad6a4d1c512312e"}]}, @timestamp_prespec={0x44, 0x14, 0x11, 0x3, 0x8, [{@dev={0xac, 0x14, 0x14, 0x28}, 0x81}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xffff}]}]}}}}})
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="000400"/20, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="000000000400000004fff600"/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000b80)=ANY=[@ANYBLOB="980000000000000000000000000000001811000068674b93997739a7bb4e04ed72fdee2194ffc9dc8e065fc27e31a2030ffe38a2e96e5b4ef725cd230918386474ef3421f3ff0300002902b79666ef16814872e8225518c466544d027a118c08ca601064f7d967b01d5a31ea0da97126344ff8727791f89380b395ecc82bb5bbfb2cfa35f2d39aeeae3f2a903255a47fff958ba53e8265ce9c73702cc75a5ea348a2050bdcbadf939c63b9ea47d1dda8f08fb406a386ee1ca8d20338c852112d64f76fd4b7f70c3e4906e7348e62c6be83dac589158e5d622f9db572c1353440f219f7daa20f6521a2f85f32fbae928414dc1f496dbee07faafedc7335dc81cc8cc2a8c6650c99d2b6a5f0e4a0a1ae2b43a615838fc51851ec587705cd603df32b25090f57c3423430770e998cbf54e8052b969ac5eb03b64edc6351e72cf04072cd8bcf4049b70891bf00dbedf3467668428fb6f677dcdae6c3936b4ba74c9c552ebad15c866fcbe5de9c66c2b9d2fa5d58d7", @ANYRES32=r2, @ANYRES32=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_GET_FPEXC(0x45, 0x0)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r3}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f00000003c0)='kmem_cache_free\x00', r5}, 0x10)
syz_emit_ethernet(0x52, &(0x7f00000004c0)=ANY=[@ANYBLOB="cf599d594a0987000000000086dd60000000001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000008"], 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000020000000000000000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kfree\x00', r7, 0x0, 0x9}, 0x18)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000306010100000000000000000100000005000100fa"], 0x1c}}, 0x20000000)
openat$cgroup_int(r0, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[], 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x3048852, &(0x7f0000000f00)=ANY=[@ANYBLOB="7472616e733d66642c7266646e573d2f584219364ab8d5f5730d26fa4f79eda41a86510534b086467917d1f4d8fee89d7d383124b122a0dce96f00490c45b96cd25de6cf7752ff13ce2e83ff63c5", @ANYRES64=r4, @ANYRES16=r4, @ANYRESHEX=r2, @ANYBLOB="000000005800000000e3ae96229bb02683989b60660000000000fdc53a93dcfae5f5d8b2666b62fafb9ecb1d9c8b2b3cfc08f8c01a0537fe343153cb7a755eed24a6cad838a9d5cae6361e0ae2d12c9ec6787aba842ebd7c688a679b70108f3dec5ab93b5fb350645d91133177e09bdcfcda14882fef94d7b0e7e8d3f84d974e9035965965fb12d22f382e9c062cab48eb2a1f0893bf2ba77115e0a1650524ec62ef29b54181cb71f5f18d8e3c2f17cc7d45d4365ad5f2dbb4b747d19507ec67ea0464013c46c84c942c6324ab25fc70db9553"])
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f0000000600)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x521, &(0x7f0000000640)="$eJzs3d9rZFcdAPDvvcmkyW5qpiqyFmyLrewW3ZmksRpF2gqiTwW1vq8xmYSQSSZkJnUTiqb4BwgiKvgH+CL44KMg/RNEWNB3UVFEd/VR98qdudH8mEnGZJJZJ58PnMw598f5nnPJ3Lk/DvcGcG29EBFvRMRYRLwcETPF9LRIsd9J+XKPHr6zlKcksuytvyaRFNMO6srL4xFxs1htMiK++qWIbyQn4zZ399YX6/XadlGutja2qs3dvbtrG4urtdXa5vz83M8j4tWF2axwoX6WI+K1L/zxB9/9yRdf++Unvvm7e3++8628WZ/7UKfdEbF0oQA9dOoutbfFgXwbbV9GsCHJ+1MaG3YrAADoR36M//6I+Gj7+H8mxtpHcwAAAMAoyV6fjn8mERkAAAAwstKImI4krRRjAaYjTSuVzhjeD8aNtN5otj6+0tjZXM7nRZSjlK6s1WuzxVjhcpSSvDxXjLE9KL9yrDwfEc9ExPdnptrlylKjvjzsix8AAABwTdx8/uj5/z9m0nYeAAAAGDHlngUAAABgVDjlBwAAgNHn/B8AAABG2pfffDNP2cF7vJff3t1Zb7x9d7nWXK9s7CxVlhrbW5XVRmO1/cy+jbPqqzcaW5+MzZ371Vat2ao2d/fubTR2Nlv31o68AhsAAAC4Qs88/95vk4jY/+xUO0XxHECAI/4w7AYAgzQ27AYAQzM+7AYAQ1M6cwl7CBh1yRnzTw7e6VwrjF9dTnsAAIDBu/3hk/f/J4p5Z18bAP6fGesDANfP0bt7U0NrB3D1SucdAXhr0C0BhuV9nY+nes3v+fCOPu7/d64xZNm5GgYAAAzMdDslaaU4Tp+ONK1UIp6Ox1k5SsnKWr02W5wf/Gam9FRenmuvmZw5ZhgAAAAAAAAAAAAAAAAAAAAAAAAA6MiyJDIAAABgpEWkf0raT/OPuD3z0vTRqwPH3vr147d+eH+x1dqei5hI/jaTT5qIiNaPiumvZF4JAAAAAMM1lf/pnKcXn3PDbhIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo+bRw3eWDtJVxv3L5yOi3C3+eEy2PyejFBE3/p7E+KH1kogYG0D8/Xcj4la3+Ek8zrKsXLSiW/ypS45fbm+a7vHTiLg5gPhwnb2X73/e6Pb9S+OF9mf37994kS6q9/4v/c/+b6zH/ufpY+Venn3ws2rP+O9GPDveff9zED/pxD8SIi+82Gcfv/61vb2uMw5V2S3+4VjV1sZWtbm7d3dtY3G1tlrbnJ+f+9TCpxdeXZitrqzVa8XfrmG+95FfPD6t/zd6xC8f7f+J7f9SX73P4l8P7j/8QKdQ6hb/zovdf39v9YifFr99Hyvy+fzbB/n9Tv6w53766+dO6/9yj/5PntH/O331Pz7z8le+8/uuc05sDQDgKjR399YX6/Xa9imZyT6W+Z8yERet5/WBtudJyMTZy0w+IU29jEz27c7/48XqueDqJzLZRVYfjwE0Y+LE93QszlthErGf19XnPyQAADBi/nvQf9odJAAAAAAAAAAAAAAAAAAAAOAynfOxZJMR0ffCx2PuD6erAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn+ncAAAD//+8b0g8=")
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000001000/0x1000)=nil)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x0, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'pim6reg\x00', {0xff}, {}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@inet=@rpfilter={{0x28}, {0x6}}, @common=@unspec=@state={{0x28}, {0x6}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x1}}}, {{@ipv6={@local, @empty, [0xffffffff], [], 'veth1_to_hsr\x00', 'dummy0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00', {0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={<r9=>0xffffffffffffffff})
recvmsg(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/197, 0xc5}], 0x1}, 0x12000)

2.481575193s ago: executing program 3 (id=3961):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xfffe, 0x4)
bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
mkdir(0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r3}, 0x10)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x0, 0x7, @scatter={0x1, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/22, 0x16}]}, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000e40)=@delchain={0xe4, 0x65, 0x200, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xa}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x4, 0x28}}, @filter_kind_options=@f_flower={{0xb}, {0x78, 0x2, [@TCA_FLOWER_KEY_ETH_SRC={0xa}, @TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_VLAN_PRIO={0x5, 0x18, 0x5}, @TCA_FLOWER_KEY_MPLS_OPTS={0x8, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x4}}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0x1}, @TCA_FLOWER_ACT={0x40, 0x3, [@m_ife={0x3c, 0x12, 0x0, 0x0, {{0x8}, {0x4}, {0x11, 0x6, "7dea7fdc03dc266b4394d770e1"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_FLOWER_KEY_ENC_IP_TOS={0x5, 0x50, 0x2}]}}, @filter_kind_options=@f_matchall={{0xd}, {0x24, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffe0, 0xffe0}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0xd}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x81}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
bpf$ITER_CREATE(0x21, &(0x7f0000000800), 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
syz_clone(0x61801680, 0x0, 0x1f, 0x0, 0x0, 0x0)
unshare(0x40020000)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)

2.362242084s ago: executing program 3 (id=3962):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000740)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback, 0x8e9}, {0xa, 0x0, 0x0, @local}, r1}}, 0x48)

2.346109785s ago: executing program 3 (id=3963):
r0 = inotify_init1(0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1d, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000b7080000040000007b7441d649518af8ff00000000b70800000000640e0000f0ff00000000bfa10000041613a629b595bc4e010000f0ffffffb702000008000000f52200000000", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, @void, @value}, 0x94)
syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201410103ef9220570521201a740102030109022400010103300009048904028d80f70009050100"], 0x0)
r2 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2000081, &(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="8e29b5c6d59d9a8fa9f1222c", @ANYRESOCT, @ANYBLOB="d90f55b2fe87bccaae179697e871353358a10c2f9b664f24e6a9112c9e2e2e3003fa09469b1b", @ANYBLOB], 0x1, 0x23e, &(0x7f0000000bc0)="$eJzs3c9qE1EUB+AzSdqmukgWrkRwQBeuStsnSJEKYldKFupCi21BklCwEGgVQ1c+gU/ic7jxDXwAoTtdFEYmSZsWUm0wf0r9vk0uzP3NOTe5Iau5eX2n1dja3ds5/PA9yuUkCrWoJUcR1ShEbiEAgOvmV5bFUdYzWrJUmFRPAMBkXfL3f3GKLQEAE/bs+Ysnaxsb60/TtBzR+tSuJ9F77V1f24m30YztWI5KHEdkp3rjR4831qOU5qpxv9Vp1/Nk69XX/v3XfkR08ytRierw/Eracybfadfn4ka/fi3Pr0Ylbg3Prw7JR30+Htw70/9SVOLbm9iNZmxFnh3kP66k6cPs88/3L/OO83zSadcXuvMGsuLUPxwAAAAAAAAAAAAAAAAAAAAAAK6tpTRN0yz7kmVZ1jl3/k7xuHt9KT1RPX8+Ty9/0flAnTPn6yznJZLe/EG+FLdLUZrl2gEAAAAAAAAAAAAAAAAAAOCq2Ns/aGw2m9vvxjo4eax//Hf+10EU+601k4gr0E93sJj3M51ad2PEWrURS0Rh/6Bxsrsam0n8JVWe0CbJhmy/4oWp+TFVn7853lUkETF3+mb+aXIh5sb8TQEAAAAAAAAAAAAAAAAAAKZs8NDvkIuHM2gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGZg8P//Iww6/fAlUzNeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+B3wEAAP//bkR7Lg==")
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0xffffff7f, 0x0, 0x130, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r4}, 0x10)
listen(r1, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="e0", 0x1}], 0x1}, 0x0)
accept4(r1, 0x0, 0x0, 0x800)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r6, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
socket$phonet(0x23, 0x2, 0x1)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r6, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRESDEC=r2], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
socket(0x10, 0x803, 0x6)

1.854330852s ago: executing program 2 (id=3965):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
readahead(0xffffffffffffffff, 0x6, 0x80000000)

1.813789452s ago: executing program 2 (id=3966):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r0, &(0x7f0000000080), 0x0}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
setgroups(0x0, 0x0)

1.813059932s ago: executing program 2 (id=3967):
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x51ba82, 0x140)
ftruncate(r0, 0x2007ffb)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'veth0_macvtap\x00', 0x100})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xb, 0x0, &(0x7f00000013c0))
ioctl$TUNSETLINK(r1, 0x400454cd, 0x7)
close(r1)
sendfile(r0, r0, 0x0, 0x1000000201005)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r4], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00"/13], 0x2c)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x1b, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7020000000000008500000017000000180100002020690000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r10=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r8, r10, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0)
syz_emit_ethernet(0x66, &(0x7f0000001a40)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0xa0, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x0, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c5002, 0x0)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r11, @ANYBLOB="0000000000000000b704000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r12}, 0x10)

1.811997452s ago: executing program 1 (id=3968):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000340)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007bc}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@data_err_ignore}, {@bh}, {@errors_continue}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a)
ioctl$FS_IOC_RESVSP(r3, 0x4030582b, &(0x7f00000001c0)={0x1100, 0x2, 0x3, 0x9})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0x3, 0x2)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
fsopen(&(0x7f0000000100)='configfs\x00', 0x0)

1.794725503s ago: executing program 2 (id=3969):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xfffe, 0x4)
bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
mkdir(0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r3}, 0x10)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x0, 0x7, @scatter={0x1, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/22, 0x16}]}, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000e40)=@delchain={0xe4, 0x65, 0x200, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xa}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x4, 0x28}}, @filter_kind_options=@f_flower={{0xb}, {0x78, 0x2, [@TCA_FLOWER_KEY_ETH_SRC={0xa}, @TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_VLAN_PRIO={0x5, 0x18, 0x5}, @TCA_FLOWER_KEY_MPLS_OPTS={0x8, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x4}}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0x1}, @TCA_FLOWER_ACT={0x40, 0x3, [@m_ife={0x3c, 0x12, 0x0, 0x0, {{0x8}, {0x4}, {0x11, 0x6, "7dea7fdc03dc266b4394d770e1"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_FLOWER_KEY_ENC_IP_TOS={0x5, 0x50, 0x2}]}}, @filter_kind_options=@f_matchall={{0xd}, {0x24, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffe0, 0xffe0}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0xd}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x81}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
bpf$ITER_CREATE(0x21, &(0x7f0000000800), 0x8)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
syz_clone(0x61801680, 0x0, 0x1f, 0x0, 0x0, 0x0)
unshare(0x40020000)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)

1.701442204s ago: executing program 0 (id=3970):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r3, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r3, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x40004, 0x0, 0x0)
sendto$inet(r3, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x0, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a001307000000000000001cac141400"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141417000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}}, 0x8040)

1.607300606s ago: executing program 2 (id=3971):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000340)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007bc}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@data_err_ignore}, {@bh}, {@errors_continue}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
ioctl$FS_IOC_RESVSP(r4, 0x4030582b, &(0x7f00000001c0)={0x1100, 0x2, 0x3, 0x9})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f0000002700)=ANY=[@ANYBLOB="0800080007000100000014000000460a0fc0006400000b7390780a0100feffffffff440451033297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6ab49885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f6314817cde2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b75a9ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b3d62e6853aeb0ce9a6f6d2eef10c94594588c00e0fe911bbf1c12eb6c37ce05690cb47effc4f56a0744474a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a521f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c9eaacb5793498be490de32baba49172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19411e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d002b614815915fb8fe9810d143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d2359d337c6f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b459e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d47853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb6393000000008f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb97800763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161dab92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca123456884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c17e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e760af5bc4bbf2f8bd6ee5605c4c5b6eebb96fca0a41897cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f600000000000000000008575123fc1a088c3ada18fccba2f811f156f16fdab59b9419a6eefacfd2bb974917db477fc77492ccce4b9973435d7fcf68cd69ed32bda444adc2590ad85593757e60643f2f50de5da277f0402c4f41786093b0cec331c4f6b347d2922ef87985fa3d111f223378a82b581e217b9531f089cf6c2cb179ea20b81e73ef39d60c2b1ae215af586913302817e66e75c98b042fc22f807e4f29017cdee1eb094468c18e07696b2df086deaa3096868c44d1b757887b9566ef8821f1f483134dc90ef48b8237aec7ddebbed8ca62193319a0323de36e3499337243d8a6dcb2a141f261a37b00000ce6c0f7225689e79f3b734baf8ddea57ae2ab8e03a74b5c132ec7faa35b7b3f45578e0eff71b0dc78c2ba010050f0b31f4104be2ebdbca5e7e7a183d2a8da7f6020291927a9ba9a8abba989f551d666d4be91f7b9df4f6beddba6cabe5f81897b50cb4e32a"], 0xfce)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)=@generic={&(0x7f00000000c0)='./file1\x00', r4}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000180)="094db6bafd227bc17d6e6691debf", &(0x7f0000000200)=@udp6=r1, 0x1}, 0x20)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4004881)
socket$inet6_sctp(0xa, 0x5, 0x84)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r9, 0xd7de, 0x1)
getdents64(r9, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000900030000000000000f020000000000000000b60ba1a36e8cf2a8cc8065bd7c39ce33fcd815fa5bd6175bf0fe4664806e072677129d67b4207d7a66e0de5b57144d3a8d695ea59f1871ec63ca1fa2511b309e01075fd41d518e5c9be45ee7d0377e4bba8c68688f2395e6a422cfb33c81998fa9035c19c081eb1fb2101165c7aaf744d66f9dc9ad2ad08cbfb40b9796dd65fa9f078230dab419fe13c99704c71e2e51df57c1c5e3751e0fd164b5f2ca0a031dcf7c5cdaa624a28a96c138cc8d095f800000000000000000"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

1.514774917s ago: executing program 1 (id=3972):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
msgrcv(0x0, 0x0, 0xfffffffffffffe7b, 0x1, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x5}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)=ANY=[])
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000000000008537256b832120028c00000000000000950000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000003"], 0x24d8}], 0x1}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20)

1.389663549s ago: executing program 1 (id=3973):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000740)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback, 0x8e9}, {0xa, 0x0, 0x0, @local}, r1}}, 0x48) (fail_nth: 2)

1.180015082s ago: executing program 1 (id=3974):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d00000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x3}, 0x0, 0x0, 0x0)
request_key(&(0x7f00000000c0)='pkcs7_test\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)='\xb5-,&]#\x00', r1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
pipe2(&(0x7f0000000300), 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='mpol=pref'])
socket$netlink(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18)
syz_emit_ethernet(0xe, &(0x7f0000001980)={@remote, @empty, @void, {@generic={0x8884}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x8040, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
syz_open_pts(r4, 0x141601)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$unix(r6, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000dc0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x420, 0x248, 0x180, 0x180, 0x180, 0x3d0, 0x3d0, 0x3d0, 0x3d0, 0x3d0, 0x3d0, 0x6, 0x0, {[{{@ip={@local, @rand_addr=0x64010100, 0x0, 0x0, 'veth1_to_bridge\x00', 'ipvlan0\x00', {}, {0xff}, 0x67, 0x2, 0x6d}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xec}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0xffffff00, 0xffffffff, 'vlan0\x00', 'veth1_to_hsr\x00', {0xff}, {0xff}, 0x1, 0x1, 0x2}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x9, 0xe, @private=0xa010102, 0x4e21}}}, {{@ip={@remote, @empty, 0xffffffff, 0xffffff00, 'nr0\x00', 'veth1_to_batadv\x00', {0xff}, {0xff}, 0x0, 0x0, 0x34}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0x8], 0x1}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x34}, @multicast2, 0x0, 0xffffff00, 'ipvlan0\x00', 'ip_vti0\x00', {0xff}, {}, 0x84, 0x0, 0x30}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@addrtype={{0x30}, {0xa02, 0x80, 0x1, 0x1}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x480)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9, 0x0, 0x3}, 0x18)
recvmmsg(r7, &(0x7f0000001140), 0x700, 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)

850.106977ms ago: executing program 0 (id=3976):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x300, 0x0, 0xc000}, 0x10)
recvfrom(r4, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f00000029c0)=[{{&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000900)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000480)="7459f65067b382c90f07e0c3abc7d3eb3887a8866c00ac2310534e2032a84e532a7b2b735f0f9abe263c599f1cfd386bf075a06585efac6451ea0159ff509a09f3e99806", 0x44}, {&(0x7f00000001c0)="68691a05b5f13252c8de4e955a03441384de9fcc", 0x14}, {&(0x7f0000000780)="f7501438d6fa3a1c61e02eb243b0885ca146eb67fc588c2e45e766906ca4da91cb9e1643ba019faa5f2ad729bde9b8634ab6768b50695565aea905980af047f7230ee8ce0f5614bc5323cd36afe01cd182c774b0302384a4c64dbbb1337ee75a8062c7516f95cc4ccaa4c8a87df156bff0916e3bcf25cc", 0x77}, {&(0x7f0000000800)="faaa5fd5d49bfb794ece3d5e9e5196282a9f6f97d9d54848a508caabcc4348e93202b9160d23cab56a7f01bef808136c8b95d77ee9aebed5fdc001069e91f6aff0826041ac11505bce38b9533c429512b4fbadd56deba8dbe9a0ae057c679823c52e2fc8f6c086f248a5fe987488c025853aa03ce4844ce4d1d33beb5c7270be15dcc33b544b4006404b78cf1bb2e80fc8927d10c7d1d39c90b9", 0x9a}], 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1c0000000000581f9247cf7d3d95635a0c13a4ecd0633a26b9cfc8a0493cd634d17719acaccae89ec5cafa2c204dd5a23cf6dfd1191bd42d9fa091e38ce273ea35a130bb7c8cef33c2ff5e5699d56635eafe4a0dae99c281a2a118e5c1ba7f3152901f71db22a11f4a12c95f7ee58928c2c3d23909b19cc3c4bf2e07", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32, @ANYRES32=r4, @ANYRES32=r2, @ANYRES32, @ANYRES32=r3, @ANYRES32], 0x48, 0x40}}, {{0x0, 0x0, &(0x7f0000000c00), 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="100000000000000001000000010000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRESOCT, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000100"/20, @ANYRES32=r5, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYBLOB="1c0100001d0000000100000002000000563f8f7bb09134d219d806f53d1ba8adcf696a767b3763c4617dbe0636e3c19bd4bd79d1659be255d80481dc92f9ff7f42a7b0e96159450c25072a664a6225a000000000a22a57658ebd96481dc8677460087ce4bbc2040481b57c7deaca960ea4f7505c19c7c6afea7c6a891984448e816ad32738e6de0d3b510aacb7fd", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x90, 0x40001}}, {{&(0x7f0000001180)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000002400)=[{&(0x7f0000001200)="870906be7be5edbb", 0x8}, {&(0x7f0000001240)="9fce5cb1885072d05dc162f075dd174f98fc95b4550fd657ca3f4d40986e485c0b24f9d1ee82f140d51dbac7b321747cb6c2853db87a52d4709522916e703aa90737492e08459dd3d4dbafaeb158ed160e43a36f4a9ec193c6c5f3e7175f1d14970f17c89cf16d9f06ae9a7435885b31d70e763f0df0aa59eae689a18a58bdd60459d38823212ce56b70fd407f2b8d339b113bd2e59bb92d84aa0844a68fd4ac7b5255fd234411243bc14645a5341f2add931675b348b2748bcbd953c74fd49296e88a5266e463c9db8b0d9b3f63f3300e2969cb22d2bdf2643a5c3010b4c53fded5511e210acc6b36c6710fed048034a8c28a2126db4ad802167f83b4ad", 0xfe}, {&(0x7f0000002340)}, {&(0x7f00000023c0)}], 0x4, 0x0, 0x0, 0x1}}, {{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000003c0)="d6435fc75231ac991094826b3ce5071d002126bfaa169213a30f4e99b7db5885bb6e7a0bc8dae3e7cde02c3a8a6dec800517", 0x32}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x4044}}], 0x4, 0xc004)

696.164859ms ago: executing program 2 (id=3977):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=@gettaction={0x58, 0x32, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x44, 0x1, [{0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8080}, 0xc894)
listen(r1, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x5)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)

329.172955ms ago: executing program 1 (id=3978):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
readahead(0xffffffffffffffff, 0x6, 0x80000000)

297.953825ms ago: executing program 4 (id=3979):
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x51ba82, 0x140)
ftruncate(r0, 0x2007ffb)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'veth0_macvtap\x00', 0x100})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xb, 0x0, &(0x7f00000013c0))
ioctl$TUNSETLINK(r1, 0x400454cd, 0x7)
close(r1)
sendfile(r0, r0, 0x0, 0x1000000201005)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r4], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x2c)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r9=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r7, r9, 0x25, 0x0, @val=@perf_event}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0)
syz_emit_ethernet(0x66, &(0x7f0000001a40)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0xa0, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x0, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c5002, 0x0)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r10, @ANYBLOB="0000000000000000b704000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r11}, 0x10)

297.292685ms ago: executing program 1 (id=3980):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000280))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x3f, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x33}, @void}}}, 0x1c}}, 0x4000054)

176.861897ms ago: executing program 4 (id=3981):
r0 = getpid()
syz_pidfd_open(r0, 0x0)

160.965677ms ago: executing program 4 (id=3982):
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f00000003c0)='./file0\x00', 0x36)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
rt_sigprocmask(0x2, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
unshare(0x400)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x1, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

81.901788ms ago: executing program 4 (id=3983):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
msgrcv(0x0, 0x0, 0xfffffffffffffe7b, 0x1, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x5}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)=ANY=[])
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000000000008537256b832120028c00000000000000950000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000003"], 0x24d8}], 0x1}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20)

812.63µs ago: executing program 4 (id=3984):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)

0s ago: executing program 4 (id=3985):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
close(r0) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010000000000", @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'})
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x109200, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r5 = gettid()
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000)
read(r6, &(0x7f0000000200)=""/209, 0x128)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r6, 0x4040534e, &(0x7f0000000080)={0x2bd, @tick=0x5}) (async)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r6, 0x404c534a, &(0x7f0000000400)={0x0, 0x1f000000}) (async)
tkill(r5, 0x7)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) (async)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000002140)=""/4088, 0xff8}], 0x4, 0x4, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x2a, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000009000000000000000d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000003d2930000000000018000000f9ffffff000000004b04000095000000000000001800000009000000000000000200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff0008000000b70400000100000085000000820000001831000001002000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800006d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000d476060010000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680)) (async)
ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f0000000140)={'bond0\x00'})
mkdir(&(0x7f0000000540)='./control\x00', 0x15a)
open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x80040, 0x0) (async)
r8 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
mkdirat(r8, &(0x7f0000000100)='./control\x00', 0x0)
openat(r8, &(0x7f0000000280)='./control\x00', 0x0, 0x0)
unlinkat(r8, &(0x7f0000000140)='./control\x00', 0x200)

kernel console output (not intermixed with test programs):

3068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  251.473543][T13068] RSP: 002b:00007fc72f2f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  251.473562][T13068] RAX: ffffffffffffffda RBX: 00007fc730eb5fa0 RCX: 00007fc730c8e929
[  251.473577][T13068] RDX: 0000000000000800 RSI: 0000200000000a80 RDI: 0000000000000003
[  251.473589][T13068] RBP: 00007fc72f2f7090 R08: 0000000000000000 R09: 0000000000000000
[  251.473603][T13068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  251.473614][T13068] R13: 0000000000000000 R14: 00007fc730eb5fa0 R15: 00007fff5e6dc9d8
[  251.473638][T13068]  </TASK>
[  251.690740][T13072] 9pnet_fd: Insufficient options for proto=fd
[  251.846749][T13093] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  251.875585][T13100] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3245'.
[  251.970388][T13107] netlink: 'syz.4.3246': attribute type 27 has an invalid length.
[  251.981516][T13108] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3239'.
[  252.132478][T13114] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  252.203225][T13123] netlink: 'syz.4.3252': attribute type 27 has an invalid length.
[  252.249627][T13127] loop4: detected capacity change from 0 to 512
[  252.256814][T13127] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  252.268839][T13127] EXT4-fs (loop4): 1 truncate cleaned up
[  252.336128][T13138] loop1: detected capacity change from 0 to 512
[  252.343064][T13138] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  252.355541][T13138] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  252.392225][T13142] loop4: detected capacity change from 0 to 2048
[  252.406210][   T29] kauditd_printk_skb: 107 callbacks suppressed
[  252.406228][   T29] audit: type=1400 audit(1749869341.942:10332): avc:  denied  { mounton } for  pid=13141 comm="syz.4.3260" path="/22/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  252.449923][   T29] audit: type=1400 audit(1749869341.982:10333): avc:  denied  { rmdir } for  pid=12818 comm="syz-executor" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  252.474482][T12818] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[  252.489519][T12818] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  252.500821][   T29] audit: type=1400 audit(1749869342.042:10334): avc:  denied  { unlink } for  pid=12818 comm="syz-executor" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  252.527817][   T29] audit: type=1400 audit(1749869342.062:10335): avc:  denied  { unlink } for  pid=12818 comm="syz-executor" name="file1" dev="loop4" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  252.550990][   T29] audit: type=1400 audit(1749869342.062:10336): avc:  denied  { unmount } for  pid=12818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  252.571346][   T29] audit: type=1400 audit(1749869342.062:10337): avc:  denied  { unlink } for  pid=12818 comm="syz-executor" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  252.606305][T13149] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3261'.
[  252.615593][   T29] audit: type=1400 audit(1749869342.142:10338): avc:  denied  { connect } for  pid=13146 comm="syz.1.3262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  252.707488][T13153] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.716576][T13153] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.725530][T13153] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.734505][T13153] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  252.795872][T13162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.812965][T13162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.842434][T13162] loop2: detected capacity change from 0 to 256
[  252.861464][T13162] FAT-fs (loop2): bogus number of FAT sectors
[  252.867644][T13162] FAT-fs (loop2): Can't find a valid FAT filesystem
[  252.901024][T13151] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  252.914388][T13172] loop3: detected capacity change from 0 to 512
[  252.921621][T13172] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  252.931076][T13174] loop1: detected capacity change from 0 to 512
[  252.943272][T13174] EXT4-fs: Ignoring removed i_version option
[  252.958442][T13172] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  252.966428][T13174] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  253.029308][T13174] EXT4-fs (loop1): 1 truncate cleaned up
[  253.041875][T13174] EXT4-fs mount: 51 callbacks suppressed
[  253.041896][T13174] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.065713][T13187] FAULT_INJECTION: forcing a failure.
[  253.065713][T13187] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.078887][T13187] CPU: 1 UID: 0 PID: 13187 Comm: syz.4.3275 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  253.078923][T13187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  253.078940][T13187] Call Trace:
[  253.078949][T13187]  <TASK>
[  253.078958][T13187]  __dump_stack+0x1d/0x30
[  253.079052][T13187]  dump_stack_lvl+0xe8/0x140
[  253.079073][T13187]  dump_stack+0x15/0x1b
[  253.079155][T13187]  should_fail_ex+0x265/0x280
[  253.079223][T13187]  should_fail+0xb/0x20
[  253.079253][T13187]  should_fail_usercopy+0x1a/0x20
[  253.079349][T13187]  _copy_from_user+0x1c/0xb0
[  253.079374][T13187]  __sys_bpf+0x178/0x790
[  253.079422][T13187]  __x64_sys_bpf+0x41/0x50
[  253.079454][T13187]  x64_sys_call+0x2478/0x2fb0
[  253.079535][T13187]  do_syscall_64+0xd2/0x200
[  253.079563][T13187]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  253.079595][T13187]  ? clear_bhb_loop+0x40/0x90
[  253.079616][T13187]  ? clear_bhb_loop+0x40/0x90
[  253.079707][T13187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.079766][T13187] RIP: 0033:0x7fc730c8e929
[  253.079783][T13187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.079806][T13187] RSP: 002b:00007fc72f2f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  253.079829][T13187] RAX: ffffffffffffffda RBX: 00007fc730eb5fa0 RCX: 00007fc730c8e929
[  253.079846][T13187] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  253.079861][T13187] RBP: 00007fc72f2f7090 R08: 0000000000000000 R09: 0000000000000000
[  253.079877][T13187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.079940][T13187] R13: 0000000000000000 R14: 00007fc730eb5fa0 R15: 00007fff5e6dc9d8
[  253.079959][T13187]  </TASK>
[  253.310300][T11287] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.377301][   T29] audit: type=1400 audit(1749869342.912:10339): avc:  denied  { ioctl } for  pid=13173 comm="syz.1.3273" path="/30/file1/file1" dev="loop1" ino=15 ioctlcmd=0x9418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  253.419110][T13200] loop4: detected capacity change from 0 to 1024
[  253.431434][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.441501][T13200] EXT4-fs: Ignoring removed nobh option
[  253.447333][T13200] EXT4-fs: Ignoring removed bh option
[  253.472160][T13200] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  253.488354][ T2961] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0
[  253.495886][ T2961] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0
[  253.503466][ T2961] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0
[  253.505414][T13200] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  253.525911][ T2961] hid-generic 0003:0004:0000.0033: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  253.591167][T13213] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  253.606286][T13200] syzkaller1: entered promiscuous mode
[  253.611805][T13200] syzkaller1: entered allmulticast mode
[  253.732416][T13224] FAULT_INJECTION: forcing a failure.
[  253.732416][T13224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.745621][T13224] CPU: 0 UID: 0 PID: 13224 Comm: syz.0.3288 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  253.745720][T13224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  253.745735][T13224] Call Trace:
[  253.745742][T13224]  <TASK>
[  253.745749][T13224]  __dump_stack+0x1d/0x30
[  253.745769][T13224]  dump_stack_lvl+0xe8/0x140
[  253.745789][T13224]  dump_stack+0x15/0x1b
[  253.745810][T13224]  should_fail_ex+0x265/0x280
[  253.745881][T13224]  should_fail+0xb/0x20
[  253.745920][T13224]  should_fail_usercopy+0x1a/0x20
[  253.745943][T13224]  _copy_from_user+0x1c/0xb0
[  253.745966][T13224]  __sys_bpf+0x178/0x790
[  253.746045][T13224]  __x64_sys_bpf+0x41/0x50
[  253.746078][T13224]  x64_sys_call+0x2478/0x2fb0
[  253.746105][T13224]  do_syscall_64+0xd2/0x200
[  253.746131][T13224]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  253.746163][T13224]  ? clear_bhb_loop+0x40/0x90
[  253.746184][T13224]  ? clear_bhb_loop+0x40/0x90
[  253.746318][T13224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.746345][T13224] RIP: 0033:0x7f17f726e929
[  253.746365][T13224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.746458][T13224] RSP: 002b:00007f17f58d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  253.746476][T13224] RAX: ffffffffffffffda RBX: 00007f17f7495fa0 RCX: 00007f17f726e929
[  253.746488][T13224] RDX: 0000000000000028 RSI: 0000200000000000 RDI: 0000000000000012
[  253.746500][T13224] RBP: 00007f17f58d7090 R08: 0000000000000000 R09: 0000000000000000
[  253.746528][T13224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.746543][T13224] R13: 0000000000000001 R14: 00007f17f7495fa0 R15: 00007ffc59dd0d28
[  253.746635][T13224]  </TASK>
[  254.097945][ T3388] hid-generic 0003:0004:0000.0034: unknown main item tag 0x0
[  254.105701][ T3388] hid-generic 0003:0004:0000.0034: unknown main item tag 0x0
[  254.113224][ T3388] hid-generic 0003:0004:0000.0034: unknown main item tag 0x0
[  254.121288][ T3388] hid-generic 0003:0004:0000.0034: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  254.137506][T13238] tipc: Started in network mode
[  254.142587][T13238] tipc: Node identity ac14140f, cluster identity 4711
[  254.159095][T13238] tipc: New replicast peer: 0.0.255.255
[  254.164919][T13238] tipc: Enabled bearer <udp:s>, priority 10
[  254.234221][T13243] loop3: detected capacity change from 0 to 512
[  254.249263][T13245] loop1: detected capacity change from 0 to 512
[  254.256951][T13245] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  254.293966][T13245] EXT4-fs (loop1): 1 truncate cleaned up
[  254.300328][T13245] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.313060][T13243] EXT4-fs (loop3): 1 orphan inode deleted
[  254.319521][T13243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.332667][ T3450] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  254.342442][ T3450] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 1
[  254.381386][T13243] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  254.404552][T13243] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.417760][T13243] xt_CT: You must specify a L4 protocol and not use inversions on it
[  254.452333][T13251] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  254.474566][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.548277][T13257] validate_nla: 3 callbacks suppressed
[  254.548292][T13257] netlink: 'syz.1.3302': attribute type 27 has an invalid length.
[  254.562311][T13257] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  254.571347][T13257] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  254.571380][T13257] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  254.571412][T13257] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  254.907770][T13274] loop1: detected capacity change from 0 to 256
[  254.921253][T13274] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[  254.929930][T13274] FAT-fs (loop1): Filesystem has been set read-only
[  255.184365][   T29] audit: type=1400 audit(1749869344.722:10340): avc:  denied  { bind } for  pid=13277 comm="syz.3.3310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  255.261705][ T2961] tipc: Node number set to 2886997007
[  255.357951][T13286] loop3: detected capacity change from 0 to 512
[  255.365024][T13286] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  255.376762][T13286] EXT4-fs (loop3): 1 truncate cleaned up
[  255.382998][T13286] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.493229][T11287] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.511337][T13289] netlink: 'syz.3.3315': attribute type 27 has an invalid length.
[  255.700808][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.799591][T13313] netlink: 'syz.4.3327': attribute type 27 has an invalid length.
[  255.857330][T13319] netlink: 'syz.4.3330': attribute type 27 has an invalid length.
[  255.943783][T13325] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  255.975545][T13307] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  256.004563][T13329] 9pnet: Could not find request transport: fd0x0000000000000004
[  256.078155][T13337] FAULT_INJECTION: forcing a failure.
[  256.078155][T13337] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  256.091356][T13337] CPU: 1 UID: 0 PID: 13337 Comm: syz.0.3335 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  256.091390][T13337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  256.091404][T13337] Call Trace:
[  256.091413][T13337]  <TASK>
[  256.091422][T13337]  __dump_stack+0x1d/0x30
[  256.091448][T13337]  dump_stack_lvl+0xe8/0x140
[  256.091471][T13337]  dump_stack+0x15/0x1b
[  256.091495][T13337]  should_fail_ex+0x265/0x280
[  256.091536][T13337]  should_fail+0xb/0x20
[  256.091641][T13337]  should_fail_usercopy+0x1a/0x20
[  256.091679][T13337]  _copy_to_user+0x20/0xa0
[  256.091709][T13337]  simple_read_from_buffer+0xb5/0x130
[  256.091753][T13337]  proc_fail_nth_read+0x100/0x140
[  256.091862][T13337]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  256.091887][T13337]  vfs_read+0x19d/0x6f0
[  256.091908][T13337]  ? __rcu_read_unlock+0x4f/0x70
[  256.091933][T13337]  ? __fget_files+0x184/0x1c0
[  256.091961][T13337]  ksys_read+0xda/0x1a0
[  256.092014][T13337]  __x64_sys_read+0x40/0x50
[  256.092031][T13337]  x64_sys_call+0x2d77/0x2fb0
[  256.092052][T13337]  do_syscall_64+0xd2/0x200
[  256.092077][T13337]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  256.092170][T13337]  ? clear_bhb_loop+0x40/0x90
[  256.092191][T13337]  ? clear_bhb_loop+0x40/0x90
[  256.092214][T13337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.092239][T13337] RIP: 0033:0x7f17f726d33c
[  256.092268][T13337] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  256.092290][T13337] RSP: 002b:00007f17f58d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  256.092314][T13337] RAX: ffffffffffffffda RBX: 00007f17f7495fa0 RCX: 00007f17f726d33c
[  256.092330][T13337] RDX: 000000000000000f RSI: 00007f17f58d70a0 RDI: 0000000000000004
[  256.092345][T13337] RBP: 00007f17f58d7090 R08: 0000000000000000 R09: 0000000000000000
[  256.092360][T13337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.092375][T13337] R13: 0000000000000000 R14: 00007f17f7495fa0 R15: 00007ffc59dd0d28
[  256.092469][T13337]  </TASK>
[  256.510303][T13346] Invalid logical block size (19)
[  256.662499][T13351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  256.671361][T13351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  256.680927][T13351] loop3: detected capacity change from 0 to 256
[  256.687822][T13351] FAT-fs (loop3): bogus number of FAT sectors
[  256.693992][T13351] FAT-fs (loop3): Can't find a valid FAT filesystem
[  256.823264][T13358] loop2: detected capacity change from 0 to 128
[  256.853019][T13358] syz.2.3343: attempt to access beyond end of device
[  256.853019][T13358] loop2: rw=0, sector=121, nr_sectors = 920 limit=128
[  256.984143][T13366] netlink: 'syz.1.3347': attribute type 10 has an invalid length.
[  256.992048][T13366] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3347'.
[  257.223777][T13372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3348'.
[  257.891479][T13381] netlink: 'syz.1.3352': attribute type 27 has an invalid length.
[  257.971918][T13389] loop2: detected capacity change from 0 to 128
[  257.972191][T13390] FAULT_INJECTION: forcing a failure.
[  257.972191][T13390] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.991485][T13390] CPU: 0 UID: 0 PID: 13390 Comm: syz.1.3353 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  257.991514][T13390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  257.991526][T13390] Call Trace:
[  257.991533][T13390]  <TASK>
[  257.991543][T13390]  __dump_stack+0x1d/0x30
[  257.991606][T13390]  dump_stack_lvl+0xe8/0x140
[  257.991627][T13390]  dump_stack+0x15/0x1b
[  257.991643][T13390]  should_fail_ex+0x265/0x280
[  257.991755][T13390]  should_fail+0xb/0x20
[  257.991851][T13390]  should_fail_usercopy+0x1a/0x20
[  257.991886][T13390]  _copy_to_user+0x20/0xa0
[  257.991911][T13390]  simple_read_from_buffer+0xb5/0x130
[  257.992009][T13390]  proc_fail_nth_read+0x100/0x140
[  257.992032][T13390]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.992088][T13390]  vfs_read+0x19d/0x6f0
[  257.992106][T13390]  ? __rcu_read_unlock+0x4f/0x70
[  257.992128][T13390]  ? __fget_files+0x184/0x1c0
[  257.992153][T13390]  ksys_read+0xda/0x1a0
[  257.992173][T13390]  __x64_sys_read+0x40/0x50
[  257.992233][T13390]  x64_sys_call+0x2d77/0x2fb0
[  257.992254][T13390]  do_syscall_64+0xd2/0x200
[  257.992276][T13390]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  257.992302][T13390]  ? clear_bhb_loop+0x40/0x90
[  257.992361][T13390]  ? clear_bhb_loop+0x40/0x90
[  257.992383][T13390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.992450][T13390] RIP: 0033:0x7f42c299d33c
[  257.992467][T13390] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  257.992525][T13390] RSP: 002b:00007f42c0fe6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  257.992547][T13390] RAX: ffffffffffffffda RBX: 00007f42c2bc6080 RCX: 00007f42c299d33c
[  257.992561][T13390] RDX: 000000000000000f RSI: 00007f42c0fe60a0 RDI: 0000000000000004
[  257.992573][T13390] RBP: 00007f42c0fe6090 R08: 0000000000000000 R09: fffffffffffffe93
[  257.992585][T13390] R10: 0000000000040040 R11: 0000000000000246 R12: 0000000000000001
[  257.992597][T13390] R13: 0000000000000000 R14: 00007f42c2bc6080 R15: 00007ffe323d2e08
[  257.992618][T13390]  </TASK>
[  258.264266][T13389] syz.2.3356: attempt to access beyond end of device
[  258.264266][T13389] loop2: rw=0, sector=121, nr_sectors = 920 limit=128
[  258.289434][T13396] loop4: detected capacity change from 0 to 128
[  258.325873][T13396] syz.4.3359: attempt to access beyond end of device
[  258.325873][T13396] loop4: rw=0, sector=121, nr_sectors = 920 limit=128
[  258.343710][T13398] 9pnet_fd: Insufficient options for proto=fd
[  258.387770][T13392] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  258.430908][ T3381] hid-generic 0003:0004:0000.0035: unknown main item tag 0x0
[  258.438436][ T3381] hid-generic 0003:0004:0000.0035: unknown main item tag 0x0
[  258.445858][ T3381] hid-generic 0003:0004:0000.0035: unknown main item tag 0x0
[  258.454811][ T3381] hid-generic 0003:0004:0000.0035: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  258.475035][T13405] netlink: 'syz.0.3363': attribute type 27 has an invalid length.
[  258.496944][T13407] loop1: detected capacity change from 0 to 512
[  258.534316][ T3381] hid-generic 0003:0004:0000.0036: unknown main item tag 0x0
[  258.535428][T13407] EXT4-fs (loop1): 1 orphan inode deleted
[  258.541820][ T3381] hid-generic 0003:0004:0000.0036: unknown main item tag 0x0
[  258.555191][ T3381] hid-generic 0003:0004:0000.0036: unknown main item tag 0x0
[  258.556371][ T1700] __quota_error: 111 callbacks suppressed
[  258.556389][ T1700] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  258.578171][ T1700] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 1
[  258.589991][ T3381] hid-generic 0003:0004:0000.0036: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  258.596833][T13417] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  258.613026][T13407] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.640643][T13419] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  258.652476][T13407] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.663940][T13407] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.682081][T13407] xt_CT: You must specify a L4 protocol and not use inversions on it
[  258.690338][T13410] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  258.706824][T13425] netlink: 'syz.2.3370': attribute type 10 has an invalid length.
[  258.714793][T13425] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3370'.
[  258.725016][   T29] audit: type=1326 audit(1749869348.262:10452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13424 comm="syz.2.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.758436][   T29] audit: type=1326 audit(1749869348.292:10453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13424 comm="syz.2.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.782040][   T29] audit: type=1326 audit(1749869348.292:10454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13424 comm="syz.2.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.805692][   T29] audit: type=1326 audit(1749869348.292:10455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13424 comm="syz.2.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.829368][   T29] audit: type=1326 audit(1749869348.292:10456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13424 comm="syz.2.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.853057][   T29] audit: type=1326 audit(1749869348.292:10457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13424 comm="syz.2.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.876684][   T29] audit: type=1326 audit(1749869348.292:10458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13424 comm="syz.2.3370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.901674][T13429] netlink: 'syz.2.3372': attribute type 10 has an invalid length.
[  258.909648][T13429] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3372'.
[  258.912802][T13431] netlink: 'syz.4.3373': attribute type 27 has an invalid length.
[  258.934290][   T29] audit: type=1326 audit(1749869348.472:10459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13428 comm="syz.2.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  258.971281][   T29] audit: type=1326 audit(1749869348.492:10460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13428 comm="syz.2.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  259.004339][T13437] loop2: detected capacity change from 0 to 512
[  259.025424][T13437] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.038585][T13437] ext4 filesystem being mounted at /53/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  259.092295][T13435] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  259.120991][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.236871][T13460] loop4: detected capacity change from 0 to 512
[  259.245168][T13460] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  259.258440][T13460] EXT4-fs (loop4): 1 truncate cleaned up
[  259.265846][T13460] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.388042][T13455] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  259.399068][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.441944][T13469] 9pnet_fd: Insufficient options for proto=fd
[  259.574396][T13480] validate_nla: 1 callbacks suppressed
[  259.574464][T13480] netlink: 'syz.1.3393': attribute type 27 has an invalid length.
[  259.639145][T13486] loop4: detected capacity change from 0 to 512
[  259.659361][T13486] EXT4-fs (loop4): 1 orphan inode deleted
[  259.673790][ T3450] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 1
[  259.691807][T13486] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.707265][T13486] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  259.722935][T13486] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.742477][T13490] loop1: detected capacity change from 0 to 512
[  259.751010][T13486] xt_CT: You must specify a L4 protocol and not use inversions on it
[  259.760909][T13493] netlink: 'syz.3.3398': attribute type 27 has an invalid length.
[  259.771221][T13490] EXT4-fs (loop1): 1 orphan inode deleted
[  259.787147][ T5773] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 1
[  259.789032][T13490] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.813276][T13490] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  259.847033][T13490] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.870702][T13490] xt_CT: You must specify a L4 protocol and not use inversions on it
[  259.942251][T13497] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  260.064248][T13516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.073091][T13516] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.084056][T13516] loop2: detected capacity change from 0 to 256
[  260.091456][T13516] FAT-fs (loop2): bogus number of FAT sectors
[  260.097739][T13516] FAT-fs (loop2): Can't find a valid FAT filesystem
[  260.165730][T13524] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3410'.
[  260.175010][T13524] netlink: 'syz.3.3410': attribute type 9 has an invalid length.
[  260.182879][T13524] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3410'.
[  260.191955][T13524] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3410'.
[  260.296349][T13527] loop3: detected capacity change from 0 to 2048
[  260.314169][T13527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  260.326830][T13527] ext4 filesystem being mounted at /135/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.507000][T13534] 9pnet_fd: Insufficient options for proto=fd
[  260.568239][T13538] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  260.693602][T13552] loop4: detected capacity change from 0 to 512
[  260.696838][T13554] netlink: 'syz.1.3423': attribute type 27 has an invalid length.
[  260.701845][T13552] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.3422: bad orphan inode 15
[  260.719115][T13552] ext4_test_bit(bit=14, block=5) = 0
[  260.725145][T13552] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  260.743449][T13552] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.767469][T13557] loop1: detected capacity change from 0 to 512
[  260.774334][T13557] /dev/loop1: Can't open blockdev
[  260.778588][ T3450] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:7: bg 0: block 345: padding at end of block bitmap is not set
[  260.780457][T13557] xt_CT: You must specify a L4 protocol and not use inversions on it
[  260.794856][ T3450] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[  260.814865][ T3450] EXT4-fs (loop3): This should not happen!! Data will be lost
[  260.814865][ T3450] 
[  260.840828][ T3450] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2040 with error 28
[  260.840863][ T3450] EXT4-fs (loop3): This should not happen!! Data will be lost
[  260.840863][ T3450] 
[  260.840879][ T3450] EXT4-fs (loop3): Total free blocks count 0
[  260.840927][ T3450] EXT4-fs (loop3): Free/Dirty block details
[  260.840941][ T3450] EXT4-fs (loop3): free_blocks=0
[  260.840956][ T3450] EXT4-fs (loop3): dirty_blocks=2048
[  260.840970][ T3450] EXT4-fs (loop3): Block reservation details
[  260.910670][T13560] FAULT_INJECTION: forcing a failure.
[  260.910670][T13560] name failslab, interval 1, probability 0, space 0, times 0
[  260.910772][T13560] CPU: 0 UID: 0 PID: 13560 Comm: syz.3.3424 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  260.910807][T13560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  260.910823][T13560] Call Trace:
[  260.910830][T13560]  <TASK>
[  260.910839][T13560]  __dump_stack+0x1d/0x30
[  260.910905][T13560]  dump_stack_lvl+0xe8/0x140
[  260.910926][T13560]  dump_stack+0x15/0x1b
[  260.910953][T13560]  should_fail_ex+0x265/0x280
[  260.910997][T13560]  should_failslab+0x8c/0xb0
[  260.911038][T13560]  kmem_cache_alloc_noprof+0x50/0x310
[  260.911138][T13560]  ? getname_flags+0x80/0x3b0
[  260.911170][T13560]  getname_flags+0x80/0x3b0
[  260.911201][T13560]  user_path_at+0x28/0x130
[  260.911235][T13560]  __se_sys_pivot_root+0xbc/0x720
[  260.911268][T13560]  ? fput+0x8f/0xc0
[  260.911319][T13560]  __x64_sys_pivot_root+0x31/0x40
[  260.911346][T13560]  x64_sys_call+0x2aac/0x2fb0
[  260.911379][T13560]  do_syscall_64+0xd2/0x200
[  260.911426][T13560]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  260.911534][T13560]  ? clear_bhb_loop+0x40/0x90
[  260.911561][T13560]  ? clear_bhb_loop+0x40/0x90
[  260.911588][T13560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.911632][T13560] RIP: 0033:0x7f78cb9be929
[  260.911650][T13560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.911683][T13560] RSP: 002b:00007f78ca027038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[  260.911710][T13560] RAX: ffffffffffffffda RBX: 00007f78cbbe5fa0 RCX: 00007f78cb9be929
[  260.911730][T13560] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0
[  260.911748][T13560] RBP: 00007f78ca027090 R08: 0000000000000000 R09: 0000000000000000
[  260.911765][T13560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.911782][T13560] R13: 0000000000000000 R14: 00007f78cbbe5fa0 R15: 00007ffe5a6fb6b8
[  260.911811][T13560]  </TASK>
[  261.292692][T13572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3429'.
[  261.664368][T13586] loop4: detected capacity change from 0 to 128
[  261.691820][T13587] loop1: detected capacity change from 0 to 1024
[  261.692270][T13586] syz.4.3436: attempt to access beyond end of device
[  261.692270][T13586] loop4: rw=0, sector=121, nr_sectors = 920 limit=128
[  261.706448][T13587] EXT4-fs: Ignoring removed nobh option
[  261.723959][T13587] EXT4-fs: Ignoring removed bh option
[  261.734533][T13587] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.766981][T13587] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  261.792626][T13587] syzkaller1: entered promiscuous mode
[  261.798141][T13587] syzkaller1: entered allmulticast mode
[  261.831905][T13592] loop3: detected capacity change from 0 to 128
[  261.887583][T13592] syz.3.3437: attempt to access beyond end of device
[  261.887583][T13592] loop3: rw=0, sector=121, nr_sectors = 920 limit=128
[  262.032993][T13599] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  262.083949][T13605] 9pnet_fd: Insufficient options for proto=fd
[  262.223482][T13608] loop3: detected capacity change from 0 to 1024
[  262.248294][T13608] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  262.281030][T13608] tmpfs: Bad value for 'mpol'
[  262.634463][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.051835][T11287] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.071706][T13630] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  263.081477][T13630] SELinux: failed to load policy
[  263.092233][T13630] can0: slcan on ttyS3.
[  263.101107][T13628] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3450'.
[  263.122900][T13630] can0 (unregistered): slcan off ttyS3.
[  263.156948][ T3388] hid-generic 0003:0004:0000.0037: unknown main item tag 0x0
[  263.164695][ T3388] hid-generic 0003:0004:0000.0037: unknown main item tag 0x0
[  263.172108][ T3388] hid-generic 0003:0004:0000.0037: unknown main item tag 0x0
[  263.180068][ T3388] hid-generic 0003:0004:0000.0037: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  263.245076][ T3381] hid-generic 0003:0004:0000.0038: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  263.364680][T13661] loop3: detected capacity change from 0 to 1024
[  263.384760][T13660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3465'.
[  263.567933][T13684] FAULT_INJECTION: forcing a failure.
[  263.567933][T13684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.581440][T13684] CPU: 1 UID: 0 PID: 13684 Comm: syz.3.3472 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  263.581475][T13684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  263.581490][T13684] Call Trace:
[  263.581498][T13684]  <TASK>
[  263.581507][T13684]  __dump_stack+0x1d/0x30
[  263.581533][T13684]  dump_stack_lvl+0xe8/0x140
[  263.581612][T13684]  dump_stack+0x15/0x1b
[  263.581653][T13684]  should_fail_ex+0x265/0x280
[  263.581695][T13684]  should_fail+0xb/0x20
[  263.581725][T13684]  should_fail_usercopy+0x1a/0x20
[  263.581750][T13684]  _copy_from_user+0x1c/0xb0
[  263.581783][T13684]  __sys_bpf+0x178/0x790
[  263.581832][T13684]  __x64_sys_bpf+0x41/0x50
[  263.581915][T13684]  x64_sys_call+0x2478/0x2fb0
[  263.582004][T13684]  do_syscall_64+0xd2/0x200
[  263.582031][T13684]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  263.582065][T13684]  ? clear_bhb_loop+0x40/0x90
[  263.582088][T13684]  ? clear_bhb_loop+0x40/0x90
[  263.582187][T13684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.582209][T13684] RIP: 0033:0x7f78cb9be929
[  263.582226][T13684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.582258][T13684] RSP: 002b:00007f78ca027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  263.582281][T13684] RAX: ffffffffffffffda RBX: 00007f78cbbe5fa0 RCX: 00007f78cb9be929
[  263.582371][T13684] RDX: 0000000000000048 RSI: 0000200000000840 RDI: 0000000000000000
[  263.582384][T13684] RBP: 00007f78ca027090 R08: 0000000000000000 R09: 0000000000000000
[  263.582453][T13684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.582468][T13684] R13: 0000000000000000 R14: 00007f78cbbe5fa0 R15: 00007ffe5a6fb6b8
[  263.582517][T13684]  </TASK>
[  263.901563][T13695] loop3: detected capacity change from 0 to 128
[  264.026290][T13708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3474'.
[  264.033269][   T29] kauditd_printk_skb: 127 callbacks suppressed
[  264.033292][   T29] audit: type=1400 audit(1749869353.562:10586): avc:  denied  { execute_no_trans } for  pid=13687 comm="syz.1.3474" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F520C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="tmpfs" ino=1406 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  264.052901][T13703] syz.3.3477: attempt to access beyond end of device
[  264.052901][T13703] loop3: rw=2049, sector=833, nr_sectors = 208 limit=128
[  264.106475][T13708] vlan2: entered allmulticast mode
[  264.169169][T13715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3479'.
[  264.294422][T13729] netlink: 332 bytes leftover after parsing attributes in process `syz.1.3486'.
[  264.304550][T13729] netlink: 'syz.1.3486': attribute type 9 has an invalid length.
[  264.312325][T13729] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3486'.
[  264.321622][T13729] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3486'.
[  264.360410][   T29] audit: type=1326 audit(1749869353.892:10587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13731 comm="syz.3.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  264.386147][   T29] audit: type=1326 audit(1749869353.892:10588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13731 comm="syz.3.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  264.409872][   T29] audit: type=1326 audit(1749869353.892:10589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13731 comm="syz.3.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  264.433596][   T29] audit: type=1326 audit(1749869353.892:10590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13731 comm="syz.3.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  264.457249][   T29] audit: type=1326 audit(1749869353.892:10591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13731 comm="syz.3.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  264.480844][   T29] audit: type=1326 audit(1749869353.892:10592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13731 comm="syz.3.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  264.504509][   T29] audit: type=1326 audit(1749869353.892:10593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13731 comm="syz.3.3489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  264.549595][ T3388] hid-generic 0003:0004:0000.0039: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  264.692590][T13743] loop1: detected capacity change from 0 to 1024
[  264.699755][T13743] EXT4-fs: Ignoring removed nobh option
[  264.705380][T13743] EXT4-fs: Ignoring removed bh option
[  264.724281][T13743] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  264.745444][T13743] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  264.764936][T13743] syzkaller1: entered promiscuous mode
[  264.770483][T13743] syzkaller1: entered allmulticast mode
[  264.829783][T13747] netlink: 'syz.0.3494': attribute type 27 has an invalid length.
[  264.897947][T13751] loop4: detected capacity change from 0 to 128
[  264.915066][T13753] FAULT_INJECTION: forcing a failure.
[  264.915066][T13753] name failslab, interval 1, probability 0, space 0, times 0
[  264.927782][T13753] CPU: 1 UID: 0 PID: 13753 Comm: syz.0.3497 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  264.927818][T13753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  264.927833][T13753] Call Trace:
[  264.927842][T13753]  <TASK>
[  264.927852][T13753]  __dump_stack+0x1d/0x30
[  264.927948][T13753]  dump_stack_lvl+0xe8/0x140
[  264.927967][T13753]  dump_stack+0x15/0x1b
[  264.927988][T13753]  should_fail_ex+0x265/0x280
[  264.928032][T13753]  should_failslab+0x8c/0xb0
[  264.928117][T13753]  __kmalloc_noprof+0xa5/0x3e0
[  264.928150][T13753]  ? iter_file_splice_write+0xfe/0x970
[  264.928189][T13753]  ? terminate_walk+0x27f/0x2a0
[  264.928269][T13753]  iter_file_splice_write+0xfe/0x970
[  264.928301][T13753]  ? _parse_integer_limit+0x170/0x190
[  264.928341][T13753]  ? _parse_integer+0x27/0x40
[  264.928378][T13753]  ? avc_policy_seqno+0x15/0x30
[  264.928416][T13753]  ? selinux_file_permission+0x1e4/0x320
[  264.928452][T13753]  ? __pfx_iter_file_splice_write+0x10/0x10
[  264.928509][T13753]  do_splice+0x977/0x10b0
[  264.928549][T13753]  ? __rcu_read_unlock+0x4f/0x70
[  264.928577][T13753]  ? __fget_files+0x184/0x1c0
[  264.928605][T13753]  __se_sys_splice+0x26c/0x3a0
[  264.928756][T13753]  __x64_sys_splice+0x78/0x90
[  264.928795][T13753]  x64_sys_call+0xb0a/0x2fb0
[  264.928895][T13753]  do_syscall_64+0xd2/0x200
[  264.928923][T13753]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  264.928949][T13753]  ? clear_bhb_loop+0x40/0x90
[  264.928986][T13753]  ? clear_bhb_loop+0x40/0x90
[  264.929014][T13753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.929039][T13753] RIP: 0033:0x7f17f726e929
[  264.929054][T13753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.929075][T13753] RSP: 002b:00007f17f58d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  264.929170][T13753] RAX: ffffffffffffffda RBX: 00007f17f7495fa0 RCX: 00007f17f726e929
[  264.929187][T13753] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000005
[  264.929202][T13753] RBP: 00007f17f58d7090 R08: 00000000088000cc R09: 0000000000000000
[  264.929236][T13753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.929247][T13753] R13: 0000000000000000 R14: 00007f17f7495fa0 R15: 00007ffc59dd0d28
[  264.929266][T13753]  </TASK>
[  265.176221][T13754] syz.4.3496: attempt to access beyond end of device
[  265.176221][T13754] loop4: rw=2049, sector=537, nr_sectors = 504 limit=128
[  265.300180][T13761] loop4: detected capacity change from 0 to 512
[  265.315631][T13761] EXT4-fs (loop4): 1 orphan inode deleted
[  265.321964][T13761] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.334822][ T3450] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  265.344667][ T3450] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 1
[  265.356524][T13761] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  265.368212][T13761] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.402015][T13761] xt_CT: You must specify a L4 protocol and not use inversions on it
[  265.412203][ T3381] hid-generic 0003:0004:0000.003A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  265.520419][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.765679][T13798] sit0: entered allmulticast mode
[  265.916942][T13800] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3516'.
[  266.280805][T13817] 9pnet_fd: Insufficient options for proto=fd
[  266.311943][T13820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3524'.
[  266.321618][T13820] bridge_slave_1: left allmulticast mode
[  266.327377][T13820] bridge_slave_1: left promiscuous mode
[  266.333152][T13820] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.379416][T13820] bridge_slave_0: left allmulticast mode
[  266.385185][T13820] bridge_slave_0: left promiscuous mode
[  266.390985][T13820] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.401084][T13822] loop4: detected capacity change from 0 to 512
[  266.414277][T13822] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  266.463716][T13824] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3525'.
[  266.529411][T13822] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:169: inode #17: comm syz.4.3524: inline data xattr refers to an external xattr inode
[  266.601170][T13822] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.3524: couldn't read orphan inode 17 (err -117)
[  266.651249][T13833] loop2: detected capacity change from 0 to 512
[  266.662556][T13822] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.696858][T13833] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.733852][T13833] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  266.766386][T13814] syzkaller1: entered promiscuous mode
[  266.771991][T13814] syzkaller1: entered allmulticast mode
[  266.809811][T13835] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  266.818152][   T29] audit: type=1400 audit(1749869356.262:10594): avc:  denied  { mount } for  pid=13819 comm="syz.4.3524" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  266.891893][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.921823][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.271792][T13856] loop4: detected capacity change from 0 to 512
[  267.308340][T13856] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.340593][T13856] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  267.511181][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.575850][ T3388] hid-generic 0003:0004:0000.003B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  267.634654][T13874] loop4: detected capacity change from 0 to 1024
[  267.653116][T13874] EXT4-fs: Ignoring removed nobh option
[  267.661383][T13874] EXT4-fs: Ignoring removed bh option
[  267.682388][T13874] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.682467][T13876] loop2: detected capacity change from 0 to 128
[  267.698453][T13878] syzkaller1: entered promiscuous mode
[  267.707143][T13878] syzkaller1: entered allmulticast mode
[  267.719986][T13878] xt_connbytes: Forcing CT accounting to be enabled
[  267.737773][T13874] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  267.777011][T13876] syz.2.3541: attempt to access beyond end of device
[  267.777011][T13876] loop2: rw=0, sector=121, nr_sectors = 920 limit=128
[  267.778899][T13874] syzkaller1: entered promiscuous mode
[  267.796045][T13874] syzkaller1: entered allmulticast mode
[  267.906476][T13890] loop3: detected capacity change from 0 to 512
[  267.920424][T13890] EXT4-fs: Ignoring removed nomblk_io_submit option
[  268.064383][T13890] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.087367][T13890] ext4 filesystem being mounted at /178/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  268.143661][T13901] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3547'.
[  268.233133][T13912] 9pnet_fd: Insufficient options for proto=fd
[  268.241936][T13912] 9pnet_fd: Insufficient options for proto=fd
[  268.323362][T11287] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.352368][T13918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3554'.
[  268.361355][T13918] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3554'.
[  268.385958][T13919] loop1: detected capacity change from 0 to 1024
[  268.403567][T13919] EXT4-fs: Ignoring removed nobh option
[  268.422653][T13918] wireguard0: entered promiscuous mode
[  268.428219][T13918] wireguard0: entered allmulticast mode
[  268.432643][T13919] EXT4-fs: Ignoring removed bh option
[  268.467078][T13923] netlink: 'syz.3.3555': attribute type 27 has an invalid length.
[  268.488315][T13919] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.506576][T13923] sit0: left allmulticast mode
[  268.528249][T13919] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  268.561106][T13923] wireguard0: left promiscuous mode
[  268.566428][T13923] wireguard0: left allmulticast mode
[  268.591800][T13919] syzkaller1: entered promiscuous mode
[  268.597464][T13919] syzkaller1: entered allmulticast mode
[  268.707675][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.815444][T13942] loop4: detected capacity change from 0 to 512
[  268.834326][T13942] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.862622][T13942] ext4 filesystem being mounted at /74/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  268.887640][T13949] 9pnet_fd: Insufficient options for proto=fd
[  268.894673][T13949] 9pnet_fd: Insufficient options for proto=fd
[  268.952419][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.977954][T13955] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3565'.
[  269.002868][T13955] netlink: 'syz.2.3565': attribute type 9 has an invalid length.
[  269.006135][T13956] vhci_hcd: invalid port number 96
[  269.010646][T13955] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3565'.
[  269.015783][T13956] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[  269.031937][T13955] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3565'.
[  269.070278][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3569'.
[  269.081570][T13960] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3568'.
[  269.090951][T13960] netlink: 'syz.4.3568': attribute type 9 has an invalid length.
[  269.098795][T13960] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3568'.
[  269.098816][T13960] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3568'.
[  269.139967][   T29] kauditd_printk_skb: 207 callbacks suppressed
[  269.139981][   T29] audit: type=1400 audit(1749869358.672:10802): avc:  denied  { mount } for  pid=13965 comm="syz.3.3571" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  269.179029][ T1035] hid-generic 0003:0004:0000.003C: unknown main item tag 0x0
[  269.186678][ T1035] hid-generic 0003:0004:0000.003C: unknown main item tag 0x0
[  269.186932][   T29] audit: type=1400 audit(1749869358.702:10803): avc:  denied  { write } for  pid=13965 comm="syz.3.3571" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  269.194163][ T1035] hid-generic 0003:0004:0000.003C: unknown main item tag 0x0
[  269.222493][   T29] audit: type=1400 audit(1749869358.702:10804): avc:  denied  { open } for  pid=13965 comm="syz.3.3571" path="/187/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  269.244923][   T29] audit: type=1400 audit(1749869358.712:10805): avc:  denied  { create } for  pid=13967 comm="syz.0.3572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  269.246539][ T1035] hid-generic 0003:0004:0000.003C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  269.264588][   T29] audit: type=1400 audit(1749869358.712:10806): avc:  denied  { getopt } for  pid=13967 comm="syz.0.3572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  269.293371][   T29] audit: type=1400 audit(1749869358.712:10807): avc:  denied  { mounton } for  pid=13965 comm="syz.3.3571" path="/187/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  269.350269][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.369845][   T29] audit: type=1400 audit(1749869358.902:10808): avc:  denied  { setopt } for  pid=13976 comm="syz.4.3576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  269.394535][T13975] loop2: detected capacity change from 0 to 1024
[  269.404741][T13981] netlink: 'syz.4.3577': attribute type 27 has an invalid length.
[  269.426379][   T29] audit: type=1400 audit(1749869358.962:10809): avc:  denied  { unmount } for  pid=11287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  269.458547][T13975] EXT4-fs: Ignoring removed nobh option
[  269.464691][T13975] EXT4-fs: Ignoring removed bh option
[  269.483037][   T29] audit: type=1326 audit(1749869359.012:10810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13986 comm="syz.4.3581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc730c8e929 code=0x7ffc0000
[  269.506700][   T29] audit: type=1326 audit(1749869359.012:10811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13986 comm="syz.4.3581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc730c8e929 code=0x7ffc0000
[  269.566724][T13975] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.606083][T13975] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  269.678032][T14006] xt_CT: You must specify a L4 protocol and not use inversions on it
[  269.700538][T14007] loop3: detected capacity change from 0 to 1024
[  269.709047][T14007] EXT4-fs: Ignoring removed nobh option
[  269.717265][T14007] EXT4-fs: Ignoring removed bh option
[  269.757443][T14007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.790558][T14014] netlink: 'syz.4.3589': attribute type 27 has an invalid length.
[  269.830854][T14007] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  269.870780][T14007] syzkaller1: entered promiscuous mode
[  269.876332][T14007] syzkaller1: entered allmulticast mode
[  270.168922][ T1035] hid-generic 0003:0004:0000.003D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  270.273802][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.317666][T14037] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  270.366415][T14044] netlink: 'syz.2.3600': attribute type 27 has an invalid length.
[  270.413091][T14048] loop2: detected capacity change from 0 to 512
[  270.435597][T14048] EXT4-fs (loop2): 1 orphan inode deleted
[  270.442021][T14048] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.455363][   T12] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1
[  270.469100][T14048] ext4 filesystem being mounted at /92/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  270.498627][T14048] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.518584][T14048] xt_CT: You must specify a L4 protocol and not use inversions on it
[  270.552947][T11287] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.607734][T14062] FAULT_INJECTION: forcing a failure.
[  270.607734][T14062] name failslab, interval 1, probability 0, space 0, times 0
[  270.620449][T14062] CPU: 1 UID: 0 PID: 14062 Comm: syz.3.3607 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  270.620554][T14062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  270.620570][T14062] Call Trace:
[  270.620577][T14062]  <TASK>
[  270.620586][T14062]  __dump_stack+0x1d/0x30
[  270.620609][T14062]  dump_stack_lvl+0xe8/0x140
[  270.620645][T14062]  dump_stack+0x15/0x1b
[  270.620663][T14062]  should_fail_ex+0x265/0x280
[  270.620702][T14062]  should_failslab+0x8c/0xb0
[  270.620728][T14062]  kmem_cache_alloc_node_noprof+0x57/0x320
[  270.620814][T14062]  ? __alloc_skb+0x101/0x320
[  270.620849][T14062]  __alloc_skb+0x101/0x320
[  270.620943][T14062]  netlink_alloc_large_skb+0xba/0xf0
[  270.620979][T14062]  netlink_sendmsg+0x3cf/0x6b0
[  270.621084][T14062]  ? __pfx_netlink_sendmsg+0x10/0x10
[  270.621107][T14062]  __sock_sendmsg+0x145/0x180
[  270.621202][T14062]  ____sys_sendmsg+0x31e/0x4e0
[  270.621227][T14062]  ___sys_sendmsg+0x17b/0x1d0
[  270.621286][T14062]  __x64_sys_sendmsg+0xd4/0x160
[  270.621312][T14062]  x64_sys_call+0x2999/0x2fb0
[  270.621334][T14062]  do_syscall_64+0xd2/0x200
[  270.621356][T14062]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  270.621383][T14062]  ? clear_bhb_loop+0x40/0x90
[  270.621469][T14062]  ? clear_bhb_loop+0x40/0x90
[  270.621533][T14062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.621602][T14062] RIP: 0033:0x7f78cb9be929
[  270.621617][T14062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.621636][T14062] RSP: 002b:00007f78ca027038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  270.621655][T14062] RAX: ffffffffffffffda RBX: 00007f78cbbe5fa0 RCX: 00007f78cb9be929
[  270.621705][T14062] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  270.621728][T14062] RBP: 00007f78ca027090 R08: 0000000000000000 R09: 0000000000000000
[  270.621740][T14062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.621752][T14062] R13: 0000000000000000 R14: 00007f78cbbe5fa0 R15: 00007ffe5a6fb6b8
[  270.621778][T14062]  </TASK>
[  270.888747][T14066] loop3: detected capacity change from 0 to 2048
[  270.895587][T14066] EXT4-fs: Ignoring removed bh option
[  270.916290][T14066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.930925][T14066] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  270.947382][T14066] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  270.959654][T14066] EXT4-fs (loop3): This should not happen!! Data will be lost
[  270.959654][T14066] 
[  270.969422][T14066] EXT4-fs (loop3): Total free blocks count 0
[  270.975482][T14066] EXT4-fs (loop3): Free/Dirty block details
[  270.981454][T14066] EXT4-fs (loop3): free_blocks=2415919104
[  270.987244][T14066] EXT4-fs (loop3): dirty_blocks=16
[  270.992385][T14066] EXT4-fs (loop3): Block reservation details
[  270.998425][T14066] EXT4-fs (loop3): i_reserved_data_blocks=1
[  271.005702][T14070] netlink: 'syz.3.3609': attribute type 10 has an invalid length.
[  271.320640][T14090] netlink: 'syz.2.3618': attribute type 27 has an invalid length.
[  271.343094][T14091] netlink: 'syz.4.3616': attribute type 9 has an invalid length.
[  271.380510][T14097] netlink: 'syz.1.3619': attribute type 27 has an invalid length.
[  271.389314][T14097] vlan2: left allmulticast mode
[  271.483872][T14106] loop1: detected capacity change from 0 to 1024
[  271.490633][T14106] EXT4-fs: Ignoring removed nobh option
[  271.496369][T14106] EXT4-fs: Ignoring removed bh option
[  271.504229][T14106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.532410][T14106] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  271.678745][T14112] loop4: detected capacity change from 0 to 512
[  271.694639][T14112] EXT4-fs (loop4): 1 orphan inode deleted
[  271.700985][T14112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.722778][ T1673] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 1
[  271.738816][T14112] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  271.750305][T11287] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.764411][T14112] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  272.165986][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.290189][T14132] loop2: detected capacity change from 0 to 512
[  272.305701][T14132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.318659][T14132] ext4 filesystem being mounted at /98/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  272.375599][T14139] loop1: detected capacity change from 0 to 512
[  272.395917][T14139] EXT4-fs (loop1): 1 orphan inode deleted
[  272.402573][T14139] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.416166][ T5773] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 1
[  272.416196][T14139] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  272.439408][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.439822][T14139] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.475257][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.485505][T14139] xt_CT: You must specify a L4 protocol and not use inversions on it
[  272.626375][T14168] loop4: detected capacity change from 0 to 512
[  272.646023][T14168] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.658994][T14168] ext4 filesystem being mounted at /102/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  272.685962][ T3388] hid-generic 0003:0004:0000.003E: unknown main item tag 0x0
[  272.693541][ T3388] hid-generic 0003:0004:0000.003E: unknown main item tag 0x0
[  272.700967][ T3388] hid-generic 0003:0004:0000.003E: unknown main item tag 0x0
[  272.709238][ T3388] hid-generic 0003:0004:0000.003E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  272.778245][T14187] tipc: Started in network mode
[  272.783333][T14187] tipc: Node identity ac14140f, cluster identity 4711
[  272.790631][T14187] tipc: New replicast peer: 0.0.255.255
[  272.796406][T14187] tipc: Enabled bearer <udp:s>, priority 10
[  272.831563][T14188] loop4: detected capacity change from 0 to 1024
[  272.839294][T14188] EXT4-fs: Ignoring removed nobh option
[  272.845459][T14188] EXT4-fs: Ignoring removed bh option
[  272.895705][T14188] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  272.983455][T14188] syzkaller1: entered promiscuous mode
[  272.989001][T14188] syzkaller1: entered allmulticast mode
[  273.041223][T14210] loop3: detected capacity change from 0 to 512
[  273.055467][T14210] ext4 filesystem being mounted at /205/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  273.069519][T14215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.078080][T14215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.167432][T14222] FAULT_INJECTION: forcing a failure.
[  273.167432][T14222] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  273.180628][T14222] CPU: 1 UID: 0 PID: 14222 Comm: syz.4.3664 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  273.180653][T14222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  273.180664][T14222] Call Trace:
[  273.180670][T14222]  <TASK>
[  273.180677][T14222]  __dump_stack+0x1d/0x30
[  273.180704][T14222]  dump_stack_lvl+0xe8/0x140
[  273.180721][T14222]  dump_stack+0x15/0x1b
[  273.180734][T14222]  should_fail_ex+0x265/0x280
[  273.180795][T14222]  should_fail+0xb/0x20
[  273.180821][T14222]  should_fail_usercopy+0x1a/0x20
[  273.180909][T14222]  _copy_from_user+0x1c/0xb0
[  273.180930][T14222]  kstrtouint_from_user+0x69/0xf0
[  273.181035][T14222]  ? 0xffffffff81000000
[  273.181046][T14222]  ? selinux_file_permission+0x1e4/0x320
[  273.181071][T14222]  proc_fail_nth_write+0x50/0x160
[  273.181090][T14222]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  273.181108][T14222]  vfs_write+0x269/0x8e0
[  273.181173][T14222]  ? vfs_read+0x47f/0x6f0
[  273.181187][T14222]  ? __rcu_read_unlock+0x4f/0x70
[  273.181230][T14222]  ? __fget_files+0x184/0x1c0
[  273.181251][T14222]  ksys_write+0xda/0x1a0
[  273.181269][T14222]  __x64_sys_write+0x40/0x50
[  273.181285][T14222]  x64_sys_call+0x2cdd/0x2fb0
[  273.181349][T14222]  do_syscall_64+0xd2/0x200
[  273.181368][T14222]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  273.181442][T14222]  ? clear_bhb_loop+0x40/0x90
[  273.181461][T14222]  ? clear_bhb_loop+0x40/0x90
[  273.181480][T14222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.181579][T14222] RIP: 0033:0x7fc730c8d3df
[  273.181599][T14222] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  273.181622][T14222] RSP: 002b:00007fc72f2f7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  273.181646][T14222] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc730c8d3df
[  273.181657][T14222] RDX: 0000000000000001 RSI: 00007fc72f2f70a0 RDI: 0000000000000004
[  273.181684][T14222] RBP: 00007fc72f2f7090 R08: 0000000000000000 R09: 0000000000000000
[  273.181695][T14222] R10: 0000000000000141 R11: 0000000000000293 R12: 0000000000000001
[  273.181706][T14222] R13: 0000000000000000 R14: 00007fc730eb5fa0 R15: 00007fff5e6dc9d8
[  273.181724][T14222]  </TASK>
[  273.452349][T14230] SELinux: syz.1.3668 (14230) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  273.478395][T14224] loop3: detected capacity change from 0 to 512
[  273.509513][T14224] ext4 filesystem being mounted at /208/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  273.527583][T14241] loop4: detected capacity change from 0 to 512
[  273.569351][T14241] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  273.585679][T14254] loop1: detected capacity change from 0 to 512
[  273.670566][T14266] __nla_validate_parse: 14 callbacks suppressed
[  273.670587][T14266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3681'.
[  273.731713][T14280] loop1: detected capacity change from 0 to 1024
[  273.745395][T14280] tmpfs: Bad value for 'mpol'
[  273.750793][T14283] FAULT_INJECTION: forcing a failure.
[  273.750793][T14283] name fail_futex, interval 1, probability 0, space 0, times 1
[  273.764042][T14283] CPU: 0 UID: 0 PID: 14283 Comm: syz.3.3679 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  273.764092][T14283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  273.764108][T14283] Call Trace:
[  273.764117][T14283]  <TASK>
[  273.764127][T14283]  __dump_stack+0x1d/0x30
[  273.764153][T14283]  dump_stack_lvl+0xe8/0x140
[  273.764177][T14283]  dump_stack+0x15/0x1b
[  273.764196][T14283]  should_fail_ex+0x265/0x280
[  273.764283][T14283]  should_fail+0xb/0x20
[  273.764395][T14283]  get_futex_key+0x546/0xc30
[  273.764427][T14283]  futex_requeue+0x162/0x13c0
[  273.764467][T14283]  ? kstrtouint_from_user+0x9f/0xf0
[  273.764555][T14283]  do_futex+0x2ec/0x380
[  273.764594][T14283]  __se_sys_futex+0x2ed/0x360
[  273.764625][T14283]  __x64_sys_futex+0x78/0x90
[  273.764706][T14283]  x64_sys_call+0x1331/0x2fb0
[  273.764735][T14283]  do_syscall_64+0xd2/0x200
[  273.764794][T14283]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  273.764829][T14283]  ? clear_bhb_loop+0x40/0x90
[  273.764921][T14283]  ? clear_bhb_loop+0x40/0x90
[  273.764949][T14283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.764975][T14283] RIP: 0033:0x7f78cb9be929
[  273.765073][T14283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.765095][T14283] RSP: 002b:00007f78c9fe5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  273.765132][T14283] RAX: ffffffffffffffda RBX: 00007f78cbbe6160 RCX: 00007f78cb9be929
[  273.765148][T14283] RDX: 0000000000000001 RSI: 000000000000000c RDI: 000020000000cffc
[  273.765164][T14283] RBP: 00007f78c9fe5090 R08: 0000200000048000 R09: 0000000000000000
[  273.765179][T14283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  273.765269][T14283] R13: 0000000000000001 R14: 00007f78cbbe6160 R15: 00007ffe5a6fb6b8
[  273.765294][T14283]  </TASK>
[  273.957301][ T3388] tipc: Node number set to 2886997007
[  274.515850][ T3381] hid-generic 0003:0004:0000.003F: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  274.591890][   T29] kauditd_printk_skb: 209 callbacks suppressed
[  274.591905][   T29] audit: type=1326 audit(1749869364.122:11018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.624385][   T29] audit: type=1326 audit(1749869364.162:11019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.648049][   T29] audit: type=1326 audit(1749869364.162:11020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.671757][   T29] audit: type=1326 audit(1749869364.162:11021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.695532][   T29] audit: type=1326 audit(1749869364.162:11022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.719177][   T29] audit: type=1326 audit(1749869364.192:11023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.742848][   T29] audit: type=1326 audit(1749869364.192:11024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.766571][   T29] audit: type=1326 audit(1749869364.192:11025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.790275][   T29] audit: type=1326 audit(1749869364.192:11026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.813955][   T29] audit: type=1326 audit(1749869364.212:11027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14303 comm="syz.3.3691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78cb9be929 code=0x7ffc0000
[  274.888152][T14314] nfs4: Bad value for 'source'
[  274.897585][T14314] loop3: detected capacity change from 0 to 512
[  274.937867][T14310] FAULT_INJECTION: forcing a failure.
[  274.937867][T14310] name failslab, interval 1, probability 0, space 0, times 0
[  274.950685][T14310] CPU: 0 UID: 0 PID: 14310 Comm: syz.0.3692 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  274.950774][T14310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.950790][T14310] Call Trace:
[  274.950798][T14310]  <TASK>
[  274.950807][T14310]  __dump_stack+0x1d/0x30
[  274.950834][T14310]  dump_stack_lvl+0xe8/0x140
[  274.950859][T14310]  dump_stack+0x15/0x1b
[  274.950880][T14310]  should_fail_ex+0x265/0x280
[  274.951010][T14310]  should_failslab+0x8c/0xb0
[  274.951037][T14310]  kmem_cache_alloc_noprof+0x50/0x310
[  274.951068][T14310]  ? alloc_empty_file+0x76/0x200
[  274.951179][T14310]  ? mntput+0x4b/0x80
[  274.951216][T14310]  alloc_empty_file+0x76/0x200
[  274.951249][T14310]  path_openat+0x68/0x2170
[  274.951291][T14310]  ? _parse_integer_limit+0x170/0x190
[  274.951405][T14310]  ? kstrtoull+0x111/0x140
[  274.951480][T14310]  ? kstrtouint+0x76/0xc0
[  274.951520][T14310]  do_filp_open+0x109/0x230
[  274.951643][T14310]  do_sys_openat2+0xa6/0x110
[  274.951690][T14310]  __x64_sys_openat+0xf2/0x120
[  274.951728][T14310]  x64_sys_call+0x1af/0x2fb0
[  274.951755][T14310]  do_syscall_64+0xd2/0x200
[  274.951782][T14310]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  274.951836][T14310]  ? clear_bhb_loop+0x40/0x90
[  274.951863][T14310]  ? clear_bhb_loop+0x40/0x90
[  274.951891][T14310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.951918][T14310] RIP: 0033:0x7f17f726e929
[  274.951937][T14310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.951987][T14310] RSP: 002b:00007f17f58d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  274.952012][T14310] RAX: ffffffffffffffda RBX: 00007f17f7495fa0 RCX: 00007f17f726e929
[  274.952029][T14310] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  274.952046][T14310] RBP: 00007f17f58d7090 R08: 0000000000000000 R09: 0000000000000000
[  274.952062][T14310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.952079][T14310] R13: 0000000000000000 R14: 00007f17f7495fa0 R15: 00007ffc59dd0d28
[  274.952105][T14310]  </TASK>
[  275.167368][T14319] loop1: detected capacity change from 0 to 512
[  275.177812][T14319] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  275.213051][T14322] netlink: 'syz.2.3697': attribute type 10 has an invalid length.
[  275.220931][T14322] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3697'.
[  275.283976][ T3388] hid-generic 0003:0004:0000.0040: unknown main item tag 0x0
[  275.291987][ T3388] hid-generic 0003:0004:0000.0040: unknown main item tag 0x0
[  275.299642][ T3388] hid-generic 0003:0004:0000.0040: unknown main item tag 0x0
[  275.308193][T14337] ref_ctr_offset mismatch. inode: 0x26c offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x1000000
[  275.318834][ T3388] hid-generic 0003:0004:0000.0040: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  275.432236][T14345] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3704'.
[  275.450326][ T3388] hid-generic 0003:0004:0000.0041: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  275.495160][T14351] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3705'.
[  275.536166][T14353] vhci_hcd: invalid port number 96
[  275.541366][T14353] vhci_hcd: default hub control req: 0013 vfffc i0060 l0
[  275.613596][T14362] loop4: detected capacity change from 0 to 1024
[  275.620502][T14362] EXT4-fs: Ignoring removed nobh option
[  275.626483][T14362] EXT4-fs: Ignoring removed bh option
[  275.651166][T14365] loop1: detected capacity change from 0 to 1024
[  275.655450][T14362] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  275.658327][T14365] EXT4-fs: Ignoring removed nobh option
[  275.677945][T14365] EXT4-fs: Ignoring removed bh option
[  275.688947][T14362] syzkaller1: entered promiscuous mode
[  275.694514][T14362] syzkaller1: entered allmulticast mode
[  275.730028][T14365] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  275.765349][T14365] syzkaller1: entered promiscuous mode
[  275.770889][T14365] syzkaller1: entered allmulticast mode
[  276.322308][T14379] netlink: 'syz.2.3716': attribute type 27 has an invalid length.
[  276.474331][T14391] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3719'.
[  276.504283][T14391] netlink: 'syz.3.3719': attribute type 9 has an invalid length.
[  276.512108][T14391] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3719'.
[  276.521365][T14391] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3719'.
[  276.652043][T14404] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3723'.
[  276.678136][T14406] loop1: detected capacity change from 0 to 128
[  276.707279][T14406] syz.1.3727: attempt to access beyond end of device
[  276.707279][T14406] loop1: rw=0, sector=121, nr_sectors = 920 limit=128
[  276.860293][T14410] netlink: 'syz.1.3729': attribute type 27 has an invalid length.
[  277.007834][T14429] netlink: 332 bytes leftover after parsing attributes in process `syz.1.3734'.
[  277.017391][T14429] netlink: 'syz.1.3734': attribute type 9 has an invalid length.
[  277.025237][T14429] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3734'.
[  277.047946][T14430] netlink: 'syz.3.3737': attribute type 9 has an invalid length.
[  277.192629][T14440] netlink: 'syz.3.3741': attribute type 27 has an invalid length.
[  277.251724][T14447] FAULT_INJECTION: forcing a failure.
[  277.251724][T14447] name failslab, interval 1, probability 0, space 0, times 0
[  277.264542][T14447] CPU: 1 UID: 0 PID: 14447 Comm: syz.1.3744 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  277.264660][T14447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  277.264673][T14447] Call Trace:
[  277.264680][T14447]  <TASK>
[  277.264689][T14447]  __dump_stack+0x1d/0x30
[  277.264715][T14447]  dump_stack_lvl+0xe8/0x140
[  277.264808][T14447]  dump_stack+0x15/0x1b
[  277.264910][T14447]  should_fail_ex+0x265/0x280
[  277.265032][T14447]  should_failslab+0x8c/0xb0
[  277.265067][T14447]  kmem_cache_alloc_node_noprof+0x57/0x320
[  277.265151][T14447]  ? __alloc_skb+0x101/0x320
[  277.265247][T14447]  __alloc_skb+0x101/0x320
[  277.265293][T14447]  netlink_alloc_large_skb+0xba/0xf0
[  277.265351][T14447]  netlink_sendmsg+0x3cf/0x6b0
[  277.265386][T14447]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.265473][T14447]  __sock_sendmsg+0x145/0x180
[  277.265519][T14447]  ____sys_sendmsg+0x31e/0x4e0
[  277.265553][T14447]  ___sys_sendmsg+0x17b/0x1d0
[  277.265683][T14447]  __x64_sys_sendmsg+0xd4/0x160
[  277.265720][T14447]  x64_sys_call+0x2999/0x2fb0
[  277.265750][T14447]  do_syscall_64+0xd2/0x200
[  277.265817][T14447]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  277.265854][T14447]  ? clear_bhb_loop+0x40/0x90
[  277.265926][T14447]  ? clear_bhb_loop+0x40/0x90
[  277.265956][T14447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.265987][T14447] RIP: 0033:0x7f42c299e929
[  277.266009][T14447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.266112][T14447] RSP: 002b:00007f42c1007038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.266140][T14447] RAX: ffffffffffffffda RBX: 00007f42c2bc5fa0 RCX: 00007f42c299e929
[  277.266158][T14447] RDX: 0000000000000000 RSI: 0000200000002540 RDI: 0000000000000003
[  277.266175][T14447] RBP: 00007f42c1007090 R08: 0000000000000000 R09: 0000000000000000
[  277.266192][T14447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.266216][T14447] R13: 0000000000000000 R14: 00007f42c2bc5fa0 R15: 00007ffe323d2e08
[  277.266244][T14447]  </TASK>
[  277.362608][ T3388] hid-generic 0003:0004:0000.0042: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  277.509179][T14466] netlink: 'syz.1.3753': attribute type 27 has an invalid length.
[  277.557124][T14468] loop4: detected capacity change from 0 to 1024
[  277.600192][T14468] EXT4-fs: Ignoring removed nobh option
[  277.605987][T14468] EXT4-fs: Ignoring removed bh option
[  277.640700][T14468] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  277.663989][T14468] syzkaller1: entered promiscuous mode
[  277.669533][T14468] syzkaller1: entered allmulticast mode
[  277.704785][T14493] loop3: detected capacity change from 0 to 128
[  277.757736][T14493] syz.3.3763: attempt to access beyond end of device
[  277.757736][T14493] loop3: rw=0, sector=121, nr_sectors = 920 limit=128
[  277.958205][T14499] loop3: detected capacity change from 0 to 1024
[  277.965229][T14499] EXT4-fs: Ignoring removed nobh option
[  277.970841][T14499] EXT4-fs: Ignoring removed bh option
[  278.021410][T14499] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  278.079927][T14499] syzkaller1: entered promiscuous mode
[  278.085507][T14499] syzkaller1: entered allmulticast mode
[  278.400382][T14503] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  278.522448][T14513] loop4: detected capacity change from 0 to 512
[  278.549589][T14513] ext4 filesystem being mounted at /122/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  278.577515][T14525] 9pnet_fd: Insufficient options for proto=fd
[  278.584275][T14525] 9pnet_fd: Insufficient options for proto=fd
[  278.641017][T14531] loop2: detected capacity change from 0 to 1024
[  278.651667][T14531] EXT4-fs: Ignoring removed nobh option
[  278.657462][T14531] EXT4-fs: Ignoring removed bh option
[  278.689443][T14538] loop1: detected capacity change from 0 to 512
[  278.691838][T14540] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.3779' sets config #9
[  278.702186][T14531] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  278.795547][T14538] EXT4-fs (loop1): 1 orphan inode deleted
[  278.805136][T14538] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  278.815550][T14548] syzkaller1: entered promiscuous mode
[  278.821110][T14548] syzkaller1: entered allmulticast mode
[  278.828818][   T12] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1
[  278.841030][T14538] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.3780: iget: bad i_size value: 360287970189639690
[  278.867653][T14538] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.3780: iget: bad i_size value: 360287970189639690
[  278.911312][T14557] __nla_validate_parse: 6 callbacks suppressed
[  278.911331][T14557] netlink: 340 bytes leftover after parsing attributes in process `syz.3.3786'.
[  278.929016][T14557] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3786'.
[  278.973593][T14538] EXT4-fs error (device loop1): ext4_lookup:1787: inode #15: comm syz.1.3780: iget: bad i_size value: 360287970189639690
[  278.997102][T14559] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3785'.
[  279.026328][T14561] 9pnet_fd: Insufficient options for proto=fd
[  279.043139][T14561] 9pnet_fd: Insufficient options for proto=fd
[  279.105051][ T3414] hid-generic 0003:0004:0000.0043: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  279.140616][T14565] loop3: detected capacity change from 0 to 164
[  279.307294][T14572] loop1: detected capacity change from 0 to 512
[  279.325493][T14572] ext4 filesystem being mounted at /141/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  279.420133][T14577] program syz.1.3791 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  279.430760][T14577] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  279.536628][T14583] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  279.585519][T14587] SELinux: syz.1.3797 (14587) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  279.627637][   T29] kauditd_printk_skb: 211 callbacks suppressed
[  279.627652][   T29] audit: type=1400 audit(1749869369.162:11238): avc:  denied  { read } for  pid=14591 comm="syz.1.3798" dev="nsfs" ino=4026532387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  279.658519][T14588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3793'.
[  279.683470][   T29] audit: type=1400 audit(1749869369.162:11239): avc:  denied  { open } for  pid=14591 comm="syz.1.3798" path="net:[4026532387]" dev="nsfs" ino=4026532387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  279.707031][   T29] audit: type=1400 audit(1749869369.192:11240): avc:  denied  { create } for  pid=14580 comm="syz.0.3793" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  279.727462][   T29] audit: type=1400 audit(1749869369.202:11241): avc:  denied  { firmware_load } for  pid=14580 comm="syz.0.3793" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  279.752609][   T29] audit: type=1400 audit(1749869369.202:11242): avc:  denied  { create } for  pid=14591 comm="syz.1.3798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  279.772215][   T29] audit: type=1400 audit(1749869369.202:11243): avc:  denied  { bind } for  pid=14591 comm="syz.1.3798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  279.791671][   T29] audit: type=1400 audit(1749869369.202:11244): avc:  denied  { write } for  pid=14591 comm="syz.1.3798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  279.814048][   T29] audit: type=1400 audit(1749869369.232:11245): avc:  denied  { execute } for  pid=14591 comm="syz.1.3798" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=44828 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  279.840650][   T29] audit: type=1400 audit(1749869369.232:11246): avc:  denied  { append } for  pid=14591 comm="syz.1.3798" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  279.874716][   T29] audit: type=1400 audit(1749869369.412:11247): avc:  denied  { create } for  pid=14597 comm="syz.3.3799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  279.925815][T14602] pim6reg1: entered promiscuous mode
[  279.931328][T14602] pim6reg1: entered allmulticast mode
[  280.050462][T14617] loop3: detected capacity change from 0 to 128
[  280.070443][T14617] syz.3.3808: attempt to access beyond end of device
[  280.070443][T14617] loop3: rw=2049, sector=145, nr_sectors = 16 limit=128
[  280.098044][T14617] syz.3.3808: attempt to access beyond end of device
[  280.098044][T14617] loop3: rw=2049, sector=169, nr_sectors = 16 limit=128
[  280.113013][T14617] syz.3.3808: attempt to access beyond end of device
[  280.113013][T14617] loop3: rw=2049, sector=193, nr_sectors = 8 limit=128
[  280.119861][T14623] loop4: detected capacity change from 0 to 128
[  280.132936][T14617] syz.3.3808: attempt to access beyond end of device
[  280.132936][T14617] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128
[  280.132987][T14617] syz.3.3808: attempt to access beyond end of device
[  280.132987][T14617] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128
[  280.161084][T14617] syz.3.3808: attempt to access beyond end of device
[  280.161084][T14617] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128
[  280.174764][T14617] syz.3.3808: attempt to access beyond end of device
[  280.174764][T14617] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128
[  280.189798][T14617] syz.3.3808: attempt to access beyond end of device
[  280.189798][T14617] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128
[  280.204884][T14624] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[  280.204976][ T3388] hid-generic 0003:0004:0000.0044: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  280.211515][T14624] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  280.211558][T14624] vhci_hcd vhci_hcd.0: Device attached
[  280.236863][T14623] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  280.243533][T14623] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  280.251268][T14623] vhci_hcd vhci_hcd.0: Device attached
[  280.282015][T14635] FAULT_INJECTION: forcing a failure.
[  280.282015][T14635] name failslab, interval 1, probability 0, space 0, times 0
[  280.294752][T14635] CPU: 0 UID: 0 PID: 14635 Comm: syz.1.3813 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  280.294784][T14635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  280.294797][T14635] Call Trace:
[  280.294804][T14635]  <TASK>
[  280.294821][T14635]  __dump_stack+0x1d/0x30
[  280.294843][T14635]  dump_stack_lvl+0xe8/0x140
[  280.294862][T14635]  dump_stack+0x15/0x1b
[  280.294942][T14635]  should_fail_ex+0x265/0x280
[  280.295032][T14635]  should_failslab+0x8c/0xb0
[  280.295056][T14635]  kmem_cache_alloc_node_noprof+0x57/0x320
[  280.295086][T14635]  ? __alloc_skb+0x101/0x320
[  280.295165][T14635]  __alloc_skb+0x101/0x320
[  280.295208][T14635]  netlink_alloc_large_skb+0xba/0xf0
[  280.295244][T14635]  netlink_sendmsg+0x3cf/0x6b0
[  280.295268][T14635]  ? __pfx_netlink_sendmsg+0x10/0x10
[  280.295331][T14635]  __sock_sendmsg+0x145/0x180
[  280.295361][T14635]  ____sys_sendmsg+0x31e/0x4e0
[  280.295399][T14635]  ___sys_sendmsg+0x17b/0x1d0
[  280.295447][T14635]  __x64_sys_sendmsg+0xd4/0x160
[  280.295474][T14635]  x64_sys_call+0x2999/0x2fb0
[  280.295496][T14635]  do_syscall_64+0xd2/0x200
[  280.295518][T14635]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  280.295564][T14635]  ? clear_bhb_loop+0x40/0x90
[  280.295587][T14635]  ? clear_bhb_loop+0x40/0x90
[  280.295682][T14635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.295704][T14635] RIP: 0033:0x7f42c299e929
[  280.295720][T14635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.295739][T14635] RSP: 002b:00007f42c1007038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  280.295758][T14635] RAX: ffffffffffffffda RBX: 00007f42c2bc5fa0 RCX: 00007f42c299e929
[  280.295772][T14635] RDX: 0000000000000000 RSI: 0000200000001540 RDI: 0000000000000003
[  280.295847][T14635] RBP: 00007f42c1007090 R08: 0000000000000000 R09: 0000000000000000
[  280.295860][T14635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.295873][T14635] R13: 0000000000000000 R14: 00007f42c2bc5fa0 R15: 00007ffe323d2e08
[  280.295892][T14635]  </TASK>
[  280.515509][T14625] vhci_hcd: connection closed
[  280.515747][ T1673] vhci_hcd: stop threads
[  280.524931][ T1673] vhci_hcd: release socket
[  280.524945][ T1673] vhci_hcd: disconnect device
[  280.574320][ T2961] vhci_hcd: vhci_device speed not set
[  280.582561][ T3388] vhci_hcd: vhci_device speed not set
[  280.609681][T14648] netlink: 'syz.1.3820': attribute type 1 has an invalid length.
[  280.626241][T14627] vhci_hcd: connection closed
[  280.626524][ T3450] vhci_hcd: stop threads
[  280.635546][ T3450] vhci_hcd: release socket
[  280.639992][ T3450] vhci_hcd: disconnect device
[  280.645802][ T3388] usb 9-1: new full-speed USB device number 2 using vhci_hcd
[  280.653278][ T3388] usb 9-1: enqueue for inactive port 0
[  280.658998][ T3388] usb 9-1: enqueue for inactive port 0
[  280.664715][ T3388] usb 9-1: enqueue for inactive port 0
[  280.689851][ T3381] hid-generic 0003:0004:0000.0045: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  280.732601][ T3388] vhci_hcd: vhci_device speed not set
[  280.803663][T14665] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3822'.
[  281.027005][ T1673] Buffer I/O error on dev loop3, logical block 305, lost async page write
[  281.134785][   T31] Buffer I/O error on dev loop4, logical block 305, lost async page write
[  281.153940][T14671] loop4: detected capacity change from 0 to 512
[  281.164920][T14671] ext4 filesystem being mounted at /133/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  281.281793][ T1035] hid-generic 0000:0000:0000.0046: unknown main item tag 0x0
[  281.289830][ T1035] hid-generic 0000:0000:0000.0046: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  281.423092][T14689] loop2: detected capacity change from 0 to 1024
[  281.430171][T14689] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  281.439992][T14689] EXT4-fs (loop2): group descriptors corrupted!
[  281.525675][ T1035] hid-generic 0003:0004:0000.0047: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  281.596737][T14698] loop1: detected capacity change from 0 to 512
[  281.601923][T14699] netlink: 332 bytes leftover after parsing attributes in process `syz.4.3835'.
[  281.612410][T14699] netlink: 'syz.4.3835': attribute type 9 has an invalid length.
[  281.620255][T14699] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3835'.
[  281.629404][T14699] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3835'.
[  281.656416][T14698] EXT4-fs (loop1): 1 orphan inode deleted
[  281.672672][ T3450] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 1
[  281.688311][T14698] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  281.734743][T14698] xt_CT: You must specify a L4 protocol and not use inversions on it
[  281.777478][T14709] loop2: detected capacity change from 0 to 1024
[  281.794523][T14709] EXT4-fs: Ignoring removed nobh option
[  281.810382][T14709] EXT4-fs: Ignoring removed bh option
[  281.827316][T14712] loop4: detected capacity change from 0 to 1024
[  281.862669][ T3414] hid-generic 0003:0004:0000.0048: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  281.862990][T14712] EXT4-fs: Ignoring removed nobh option
[  281.893340][T14712] EXT4-fs: Ignoring removed bh option
[  281.907952][T14709] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  281.941518][T14718] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3842'.
[  281.967033][T14709] syzkaller1: entered promiscuous mode
[  281.972621][T14709] syzkaller1: entered allmulticast mode
[  281.978788][T14723] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3844'.
[  281.995710][T14723] bridge0: port 3(macvlan2) entered blocking state
[  282.002574][T14723] bridge0: port 3(macvlan2) entered disabled state
[  282.004053][T14727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.029426][T14727] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.044290][T14723] macvlan2: entered allmulticast mode
[  282.045466][T14712] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, 
[  282.049692][T14723] bridge0: entered allmulticast mode
[  282.062656][T14712] inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  282.077409][T14728] loop1: detected capacity change from 0 to 1024
[  282.092948][T14723] macvlan2: left allmulticast mode
[  282.098119][T14723] bridge0: left allmulticast mode
[  282.114711][T14712] syzkaller1: entered promiscuous mode
[  282.120295][T14712] syzkaller1: entered allmulticast mode
[  282.245478][ T3414] hid-generic 0003:0004:0000.0049: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  282.803784][T14751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.812476][T14751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.843615][T14751] loop4: detected capacity change from 0 to 256
[  282.852280][T14754] loop3: detected capacity change from 0 to 128
[  282.860428][T14751] FAT-fs (loop4): bogus number of FAT sectors
[  282.866604][T14751] FAT-fs (loop4): Can't find a valid FAT filesystem
[  282.902164][T14754] bio_check_eod: 12 callbacks suppressed
[  282.902185][T14754] syz.3.3853: attempt to access beyond end of device
[  282.902185][T14754] loop3: rw=0, sector=121, nr_sectors = 920 limit=128
[  283.285849][T14771] FAULT_INJECTION: forcing a failure.
[  283.285849][T14771] name failslab, interval 1, probability 0, space 0, times 0
[  283.298613][T14771] CPU: 0 UID: 0 PID: 14771 Comm: syz.1.3859 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  283.298642][T14771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  283.298713][T14771] Call Trace:
[  283.298721][T14771]  <TASK>
[  283.298744][T14771]  __dump_stack+0x1d/0x30
[  283.298816][T14771]  dump_stack_lvl+0xe8/0x140
[  283.298839][T14771]  dump_stack+0x15/0x1b
[  283.298859][T14771]  should_fail_ex+0x265/0x280
[  283.298902][T14771]  should_failslab+0x8c/0xb0
[  283.299005][T14771]  kmem_cache_alloc_node_noprof+0x57/0x320
[  283.299057][T14771]  ? __alloc_skb+0x101/0x320
[  283.299102][T14771]  __alloc_skb+0x101/0x320
[  283.299139][T14771]  ? audit_log_start+0x365/0x6c0
[  283.299178][T14771]  audit_log_start+0x380/0x6c0
[  283.299235][T14771]  audit_seccomp+0x48/0x100
[  283.299374][T14771]  ? __seccomp_filter+0x68c/0x10d0
[  283.299404][T14771]  __seccomp_filter+0x69d/0x10d0
[  283.299428][T14771]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  283.299453][T14771]  ? vfs_write+0x75e/0x8e0
[  283.299516][T14771]  ? __rcu_read_unlock+0x4f/0x70
[  283.299542][T14771]  ? __fget_files+0x184/0x1c0
[  283.299574][T14771]  __secure_computing+0x82/0x150
[  283.299606][T14771]  syscall_trace_enter+0xcf/0x1e0
[  283.299660][T14771]  do_syscall_64+0xac/0x200
[  283.299747][T14771]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  283.299776][T14771]  ? clear_bhb_loop+0x40/0x90
[  283.299802][T14771]  ? clear_bhb_loop+0x40/0x90
[  283.299883][T14771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.299909][T14771] RIP: 0033:0x7f42c299e929
[  283.299928][T14771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.299953][T14771] RSP: 002b:00007f42c1007038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  283.299976][T14771] RAX: ffffffffffffffda RBX: 00007f42c2bc5fa0 RCX: 00007f42c299e929
[  283.299987][T14771] RDX: 00002000000006c0 RSI: 000000000000003a RDI: 00007f42c36fe000
[  283.300010][T14771] RBP: 00007f42c1007090 R08: 0000000000000000 R09: 0000000000000000
[  283.300021][T14771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.300032][T14771] R13: 0000000000000000 R14: 00007f42c2bc5fa0 R15: 00007ffe323d2e08
[  283.300050][T14771]  </TASK>
[  283.729587][T14783] syzkaller1: entered promiscuous mode
[  283.735156][T14783] syzkaller1: entered allmulticast mode
[  283.748926][T14784] loop2: detected capacity change from 0 to 1024
[  283.758123][T14784] EXT4-fs: Ignoring removed nobh option
[  283.771624][T14784] EXT4-fs: Ignoring removed bh option
[  283.794252][T14784] EXT4-fs mount: 37 callbacks suppressed
[  283.794272][T14784] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  283.851864][T14784] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  283.887672][T14784] syzkaller1: entered promiscuous mode
[  283.893249][T14784] syzkaller1: entered allmulticast mode
[  284.042598][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.068397][T14792] SELinux: syz.2.3864 (14792) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  284.145715][T14797] loop2: detected capacity change from 0 to 128
[  284.183028][T14797] syz.2.3866: attempt to access beyond end of device
[  284.183028][T14797] loop2: rw=0, sector=121, nr_sectors = 920 limit=128
[  284.269492][T14802] __nla_validate_parse: 3 callbacks suppressed
[  284.269513][T14802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3868'.
[  284.316333][T14806] FAULT_INJECTION: forcing a failure.
[  284.316333][T14806] name failslab, interval 1, probability 0, space 0, times 0
[  284.329310][T14806] CPU: 0 UID: 0 PID: 14806 Comm: syz.2.3870 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  284.329349][T14806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  284.329409][T14806] Call Trace:
[  284.329416][T14806]  <TASK>
[  284.329427][T14806]  __dump_stack+0x1d/0x30
[  284.329455][T14806]  dump_stack_lvl+0xe8/0x140
[  284.329480][T14806]  dump_stack+0x15/0x1b
[  284.329501][T14806]  should_fail_ex+0x265/0x280
[  284.329625][T14806]  should_failslab+0x8c/0xb0
[  284.329657][T14806]  kmem_cache_alloc_node_noprof+0x57/0x320
[  284.329764][T14806]  ? __alloc_skb+0x101/0x320
[  284.329811][T14806]  __alloc_skb+0x101/0x320
[  284.329865][T14806]  netlink_alloc_large_skb+0xba/0xf0
[  284.329965][T14806]  netlink_sendmsg+0x3cf/0x6b0
[  284.329999][T14806]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.330029][T14806]  __sock_sendmsg+0x145/0x180
[  284.330092][T14806]  ____sys_sendmsg+0x31e/0x4e0
[  284.330125][T14806]  ___sys_sendmsg+0x17b/0x1d0
[  284.330166][T14806]  __x64_sys_sendmsg+0xd4/0x160
[  284.330192][T14806]  x64_sys_call+0x2999/0x2fb0
[  284.330219][T14806]  do_syscall_64+0xd2/0x200
[  284.330319][T14806]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  284.330354][T14806]  ? clear_bhb_loop+0x40/0x90
[  284.330448][T14806]  ? clear_bhb_loop+0x40/0x90
[  284.330573][T14806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.330601][T14806] RIP: 0033:0x7f893268e929
[  284.330622][T14806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.330647][T14806] RSP: 002b:00007f8930cf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  284.330672][T14806] RAX: ffffffffffffffda RBX: 00007f89328b5fa0 RCX: 00007f893268e929
[  284.330750][T14806] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000006
[  284.330845][T14806] RBP: 00007f8930cf7090 R08: 0000000000000000 R09: 0000000000000000
[  284.330863][T14806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.330880][T14806] R13: 0000000000000000 R14: 00007f89328b5fa0 R15: 00007ffd252d4598
[  284.330907][T14806]  </TASK>
[  284.732787][T14817] loop1: detected capacity change from 0 to 1024
[  284.757032][T14817] EXT4-fs: Ignoring removed nobh option
[  284.764171][T14817] EXT4-fs: Ignoring removed bh option
[  284.771381][   T29] kauditd_printk_skb: 265 callbacks suppressed
[  284.771399][   T29] audit: type=1400 audit(1749869374.302:11510): avc:  denied  { getopt } for  pid=14812 comm="syz.2.3874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  284.803738][T14817] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.857641][T14817] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  284.882882][T14817] syzkaller1: entered promiscuous mode
[  284.888545][T14817] syzkaller1: entered allmulticast mode
[  285.004620][   T29] audit: type=1400 audit(1749869374.542:11511): avc:  denied  { create } for  pid=14832 comm="syz.3.3880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  285.006473][ T3388] hid-generic 0003:0004:0000.004A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  285.037784][   T29] audit: type=1400 audit(1749869374.572:11512): avc:  denied  { ioctl } for  pid=14832 comm="syz.3.3880" path="socket:[46319]" dev="sockfs" ino=46319 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  285.062800][   T29] audit: type=1400 audit(1749869374.572:11513): avc:  denied  { write } for  pid=14832 comm="syz.3.3880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  285.108485][T14836] loop2: detected capacity change from 0 to 512
[  285.134267][T14836] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  285.148412][T14836] ext4 filesystem being mounted at /152/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  285.161628][   T29] audit: type=1326 audit(1749869374.692:11514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14835 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  285.184977][   T29] audit: type=1326 audit(1749869374.692:11515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14835 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  285.208034][   T29] audit: type=1326 audit(1749869374.692:11516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14835 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  285.231167][   T29] audit: type=1326 audit(1749869374.692:11517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14835 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  285.254200][   T29] audit: type=1326 audit(1749869374.692:11518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14835 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  285.277320][   T29] audit: type=1326 audit(1749869374.692:11519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14835 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f893268e929 code=0x7ffc0000
[  285.314865][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.592769][T14852] loop2: detected capacity change from 0 to 1024
[  285.599974][T14852] EXT4-fs: dax option not supported
[  285.628680][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.641562][T14852] loop2: detected capacity change from 0 to 1024
[  285.665423][T14852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  285.679006][T14852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.696111][T14865] loop1: detected capacity change from 0 to 128
[  285.725805][T14865] syz.1.3889: attempt to access beyond end of device
[  285.725805][T14865] loop1: rw=0, sector=121, nr_sectors = 920 limit=128
[  285.821923][T14878] netlink: 332 bytes leftover after parsing attributes in process `syz.2.3891'.
[  285.831321][T14876] loop4: detected capacity change from 0 to 1024
[  285.835796][T14878] netlink: 'syz.2.3891': attribute type 9 has an invalid length.
[  285.845648][T14878] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3891'.
[  285.854769][T14878] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3891'.
[  285.881095][T14876] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  285.893739][T14876] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  285.933809][T14884] vhci_hcd: invalid port number 96
[  285.939003][T14884] vhci_hcd: default hub control req: 0013 vfffc i0060 l0
[  285.949523][T14888] netlink: 340 bytes leftover after parsing attributes in process `syz.1.3898'.
[  285.959473][T14888] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3898'.
[  285.983099][T14891] FAULT_INJECTION: forcing a failure.
[  285.983099][T14891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.996288][T14891] CPU: 1 UID: 0 PID: 14891 Comm: syz.4.3894 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  285.996321][T14891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  285.996338][T14891] Call Trace:
[  285.996346][T14891]  <TASK>
[  285.996356][T14891]  __dump_stack+0x1d/0x30
[  285.996382][T14891]  dump_stack_lvl+0xe8/0x140
[  285.996489][T14891]  dump_stack+0x15/0x1b
[  285.996581][T14891]  should_fail_ex+0x265/0x280
[  285.996626][T14891]  should_fail+0xb/0x20
[  285.996666][T14891]  should_fail_usercopy+0x1a/0x20
[  285.996692][T14891]  _copy_to_user+0x20/0xa0
[  285.996792][T14891]  simple_read_from_buffer+0xb5/0x130
[  285.996922][T14891]  proc_fail_nth_read+0x100/0x140
[  285.997044][T14891]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  285.997070][T14891]  vfs_read+0x19d/0x6f0
[  285.997148][T14891]  ? __rcu_read_unlock+0x4f/0x70
[  285.997177][T14891]  ? __fget_files+0x184/0x1c0
[  285.997281][T14891]  ksys_read+0xda/0x1a0
[  285.997307][T14891]  __x64_sys_read+0x40/0x50
[  285.997330][T14891]  x64_sys_call+0x2d77/0x2fb0
[  285.997358][T14891]  do_syscall_64+0xd2/0x200
[  285.997449][T14891]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  285.997485][T14891]  ? clear_bhb_loop+0x40/0x90
[  285.997580][T14891]  ? clear_bhb_loop+0x40/0x90
[  285.997608][T14891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.997636][T14891] RIP: 0033:0x7fc730c8d33c
[  285.997655][T14891] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  285.997677][T14891] RSP: 002b:00007fc72f2d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  285.997750][T14891] RAX: ffffffffffffffda RBX: 00007fc730eb6080 RCX: 00007fc730c8d33c
[  285.997766][T14891] RDX: 000000000000000f RSI: 00007fc72f2d60a0 RDI: 0000000000000008
[  285.997781][T14891] RBP: 00007fc72f2d6090 R08: 0000000000000000 R09: 0000000000000000
[  285.997797][T14891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.997813][T14891] R13: 0000000000000000 R14: 00007fc730eb6080 R15: 00007fff5e6dc9d8
[  285.997837][T14891]  </TASK>
[  286.037914][T14897] vhci_hcd: invalid port number 23
[  286.214850][T14897] vhci_hcd: default hub control req: 8600 v0000 i0017 l0
[  286.224816][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.243907][T14904] vhci_hcd: invalid port number 23
[  286.255861][T14905] loop3: detected capacity change from 0 to 512
[  286.264138][T14905] EXT4-fs: quotafile must be on filesystem root
[  286.270269][T14907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.278919][T14907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.288244][T14907] loop4: detected capacity change from 0 to 256
[  286.295357][T14907] FAT-fs (loop4): bogus number of FAT sectors
[  286.301482][T14907] FAT-fs (loop4): Can't find a valid FAT filesystem
[  286.324105][T14903] netlink: 36 bytes leftover after parsing attributes in process `kfree'.
[  286.329849][T14905] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3904'.
[  286.452697][T14918] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3909'.
[  286.461840][T14918] netlink: 'syz.3.3909': attribute type 9 has an invalid length.
[  286.469654][T14918] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3909'.
[  286.572034][T14920] SELinux: syz.3.3910 (14920) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  286.822835][T14929] netlink: 'syz.2.3914': attribute type 27 has an invalid length.
[  286.983560][T14945] loop1: detected capacity change from 0 to 512
[  286.994810][T14945] EXT4-fs (loop1): 1 orphan inode deleted
[  287.001142][T14945] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.014112][T14945] ext4 filesystem being mounted at /182/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  287.023139][   T12] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1
[  287.037144][T14945] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.052271][T14945] xt_CT: You must specify a L4 protocol and not use inversions on it
[  287.079424][T14949] loop1: detected capacity change from 0 to 512
[  287.094424][T14949] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.107159][T14949] ext4 filesystem being mounted at /183/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  287.185930][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.204227][T14954] FAULT_INJECTION: forcing a failure.
[  287.204227][T14954] name failslab, interval 1, probability 0, space 0, times 0
[  287.216999][T14954] CPU: 0 UID: 0 PID: 14954 Comm: ’ Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  287.217035][T14954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  287.217051][T14954] Call Trace:
[  287.217059][T14954]  <TASK>
[  287.217068][T14954]  __dump_stack+0x1d/0x30
[  287.217095][T14954]  dump_stack_lvl+0xe8/0x140
[  287.217149][T14954]  dump_stack+0x15/0x1b
[  287.217171][T14954]  should_fail_ex+0x265/0x280
[  287.217267][T14954]  should_failslab+0x8c/0xb0
[  287.217297][T14954]  kmem_cache_alloc_node_noprof+0x57/0x320
[  287.217333][T14954]  ? __alloc_skb+0x101/0x320
[  287.217373][T14954]  __alloc_skb+0x101/0x320
[  287.217431][T14954]  ? audit_log_start+0x365/0x6c0
[  287.217466][T14954]  audit_log_start+0x380/0x6c0
[  287.217503][T14954]  audit_seccomp+0x48/0x100
[  287.217540][T14954]  ? __seccomp_filter+0x68c/0x10d0
[  287.217564][T14954]  __seccomp_filter+0x69d/0x10d0
[  287.217640][T14954]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  287.217666][T14954]  ? vfs_write+0x75e/0x8e0
[  287.217684][T14954]  ? __rcu_read_unlock+0x4f/0x70
[  287.217790][T14954]  ? __fget_files+0x184/0x1c0
[  287.217823][T14954]  __secure_computing+0x82/0x150
[  287.217853][T14954]  syscall_trace_enter+0xcf/0x1e0
[  287.217973][T14954]  do_syscall_64+0xac/0x200
[  287.218000][T14954]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  287.218033][T14954]  ? clear_bhb_loop+0x40/0x90
[  287.218060][T14954]  ? clear_bhb_loop+0x40/0x90
[  287.218087][T14954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.218191][T14954] RIP: 0033:0x7f42c299e929
[  287.218210][T14954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.218232][T14954] RSP: 002b:00007f42c1007038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  287.218257][T14954] RAX: ffffffffffffffda RBX: 00007f42c2bc5fa0 RCX: 00007f42c299e929
[  287.218332][T14954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  287.218347][T14954] RBP: 00007f42c1007090 R08: 0000000000000000 R09: 0000000000000000
[  287.218372][T14954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.218388][T14954] R13: 0000000000000000 R14: 00007f42c2bc5fa0 R15: 00007ffe323d2e08
[  287.218413][T14954]  </TASK>
[  287.516636][T14964] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  287.527516][T14965] netlink: 'syz.3.3927': attribute type 3 has an invalid length.
[  287.566558][ T3381] hid-generic 0003:0004:0000.004B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  287.875044][T14986] loop2: detected capacity change from 0 to 512
[  287.895561][T14986] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.922731][T14986] ext4 filesystem being mounted at /164/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  288.024272][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.235674][T14995] netlink: 'syz.0.3935': attribute type 9 has an invalid length.
[  288.777297][T15016] syzkaller1: entered promiscuous mode
[  288.782890][T15016] syzkaller1: entered allmulticast mode
[  288.825319][T15020] netlink: 'syz.1.3945': attribute type 10 has an invalid length.
[  288.842666][T15020] hsr_slave_0: left promiscuous mode
[  288.848484][T15020] hsr_slave_1: left promiscuous mode
[  288.979968][T15028] netlink: 'syz.2.3947': attribute type 9 has an invalid length.
[  289.350134][T15043] loop4: detected capacity change from 0 to 1024
[  289.357075][T15043] EXT4-fs: Ignoring removed nobh option
[  289.364021][T15043] EXT4-fs: Ignoring removed bh option
[  289.381071][T15043] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.411691][T15043] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  289.438750][T15043] syzkaller1: entered promiscuous mode
[  289.444327][T15043] syzkaller1: entered allmulticast mode
[  289.564414][T15054] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  289.590324][T15054] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1545 sclass=netlink_route_socket pid=15054 comm=syz.3.3957
[  289.731293][T15062] xt_CT: You must specify a L4 protocol and not use inversions on it
[  289.927925][T15070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.936864][T15070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.953281][T15070] loop3: detected capacity change from 0 to 256
[  289.960462][T15070] FAT-fs (loop3): bogus number of FAT sectors
[  289.966624][T15070] FAT-fs (loop3): Can't find a valid FAT filesystem
[  290.213168][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.452891][   T29] kauditd_printk_skb: 251 callbacks suppressed
[  290.452907][   T29] audit: type=1400 audit(1749869379.982:11768): avc:  denied  { unmount } for  pid=12613 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  290.555804][T15086] loop1: detected capacity change from 0 to 1024
[  290.570943][T15086] EXT4-fs: Ignoring removed nobh option
[  290.578366][T15086] EXT4-fs: Ignoring removed bh option
[  290.594844][T15086] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.616309][T15086] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  290.723711][T15096] loop2: detected capacity change from 0 to 1024
[  290.730704][T15096] EXT4-fs: Ignoring removed nobh option
[  290.736937][T15096] EXT4-fs: Ignoring removed bh option
[  290.744109][T15097] __nla_validate_parse: 12 callbacks suppressed
[  290.744129][T15097] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3970'.
[  290.754561][T15096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.775790][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.784680][T15096] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  290.807616][T15096] syzkaller1: entered promiscuous mode
[  290.813224][T15096] syzkaller1: entered allmulticast mode
[  290.839907][T15103] FAULT_INJECTION: forcing a failure.
[  290.839907][T15103] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.853245][T15103] CPU: 1 UID: 0 PID: 15103 Comm: syz.1.3973 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  290.853347][T15103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  290.853364][T15103] Call Trace:
[  290.853372][T15103]  <TASK>
[  290.853382][T15103]  __dump_stack+0x1d/0x30
[  290.853409][T15103]  dump_stack_lvl+0xe8/0x140
[  290.853434][T15103]  dump_stack+0x15/0x1b
[  290.853454][T15103]  should_fail_ex+0x265/0x280
[  290.853564][T15103]  should_fail+0xb/0x20
[  290.853670][T15103]  should_fail_usercopy+0x1a/0x20
[  290.853694][T15103]  _copy_from_user+0x1c/0xb0
[  290.853725][T15103]  ucma_resolve_ip+0x4c/0x2e0
[  290.853832][T15103]  ucma_write+0x1b3/0x250
[  290.853853][T15103]  ? __pfx_ucma_write+0x10/0x10
[  290.853875][T15103]  vfs_write+0x269/0x8e0
[  290.853929][T15103]  ? __rcu_read_unlock+0x4f/0x70
[  290.853956][T15103]  ? __fget_files+0x184/0x1c0
[  290.853987][T15103]  ksys_write+0xda/0x1a0
[  290.854050][T15103]  __x64_sys_write+0x40/0x50
[  290.854099][T15103]  x64_sys_call+0x2cdd/0x2fb0
[  290.854127][T15103]  do_syscall_64+0xd2/0x200
[  290.854154][T15103]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  290.854187][T15103]  ? clear_bhb_loop+0x40/0x90
[  290.854266][T15103]  ? clear_bhb_loop+0x40/0x90
[  290.854368][T15103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.854395][T15103] RIP: 0033:0x7f42c299e929
[  290.854415][T15103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.854441][T15103] RSP: 002b:00007f42c1007038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  290.854462][T15103] RAX: ffffffffffffffda RBX: 00007f42c2bc5fa0 RCX: 00007f42c299e929
[  290.854536][T15103] RDX: 0000000000000048 RSI: 0000200000000380 RDI: 0000000000000003
[  290.854552][T15103] RBP: 00007f42c1007090 R08: 0000000000000000 R09: 0000000000000000
[  290.854568][T15103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.854585][T15103] R13: 0000000000000000 R14: 00007f42c2bc5fa0 R15: 00007ffe323d2e08
[  290.854609][T15103]  </TASK>
[  291.110019][T15106] loop1: detected capacity change from 0 to 1024
[  291.125697][T15106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  291.144678][T15106] tmpfs: Bad value for 'mpol'
[  291.145712][   T29] audit: type=1400 audit(1749869380.682:11769): avc:  denied  { mounton } for  pid=15105 comm="syz.1.3974" path="/195/file1/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  291.179249][T15111] loop4: detected capacity change from 0 to 1024
[  291.186609][T15111] EXT4-fs: Ignoring removed nobh option
[  291.192388][T15111] EXT4-fs: Ignoring removed bh option
[  291.206110][T15111] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.236155][T15111] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  291.270304][T15111] syzkaller1: entered promiscuous mode
[  291.275939][T15111] syzkaller1: entered allmulticast mode
[  291.586748][T12365] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.937544][T12613] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.982379][T12818] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.146329][T15126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3980'.
[  292.272880][T15141] ==================================================================
[  292.281017][T15141] BUG: KCSAN: data-race in call_rcu / mas_state_walk
[  292.287726][T15141] 
[  292.290058][T15141] write to 0xffff888109611f08 of 8 bytes by task 15138 on cpu 1:
[  292.297784][T15141]  call_rcu+0x48/0x3e0
[  292.301881][T15141]  mas_wmb_replace+0xf7a/0x14a0
[  292.306766][T15141]  mas_wr_store_entry+0x1773/0x2b50
[  292.311996][T15141]  mas_store_prealloc+0x74d/0x9e0
[  292.317047][T15141]  vma_iter_store_new+0x1c5/0x200
[  292.322094][T15141]  vma_complete+0x125/0x580
[  292.326611][T15141]  __split_vma+0x591/0x650
[  292.331058][T15141]  vma_modify+0x21e/0xca0
[  292.335400][T15141]  vma_modify_flags+0x101/0x130
[  292.340269][T15141]  mprotect_fixup+0x2cc/0x570
[  292.344961][T15141]  do_mprotect_pkey+0x6d6/0x980
[  292.349827][T15141]  __x64_sys_mprotect+0x48/0x60
[  292.354697][T15141]  x64_sys_call+0x2794/0x2fb0
[  292.359399][T15141]  do_syscall_64+0xd2/0x200
[  292.363927][T15141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.369844][T15141] 
[  292.372186][T15141] read to 0xffff888109611f08 of 8 bytes by task 15141 on cpu 0:
[  292.379826][T15141]  mas_state_walk+0x28f/0x650
[  292.384530][T15141]  mas_walk+0x30/0x120
[  292.388632][T15141]  lock_vma_under_rcu+0xa2/0x2f0
[  292.393598][T15141]  do_user_addr_fault+0x233/0x1090
[  292.398753][T15141]  exc_page_fault+0x62/0xa0
[  292.403284][T15141]  asm_exc_page_fault+0x26/0x30
[  292.408153][T15141] 
[  292.410508][T15141] value changed: 0x000000110c22ffff -> 0xffff888109611208
[  292.417635][T15141] 
[  292.419964][T15141] Reported by Kernel Concurrency Sanitizer on:
[  292.426120][T15141] CPU: 0 UID: 0 PID: 15141 Comm: syz.4.3985 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
[  292.438635][T15141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  292.448702][T15141] ==================================================================