last executing test programs:

1m29.933640675s ago: executing program 4 (id=4417):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000740)='kfree\x00', r0, 0x0, 0x40008003}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{}, [@TCA_NETEM_LOSS={0x4, 0x2}]}}}]}, 0x50}}, 0x0)

1m29.866054511s ago: executing program 4 (id=4420):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b81000085"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x50, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x17, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000711205000000000095"], 0x0, 0x5}, 0x94)
close(0x3)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
chmod(&(0x7f0000000180)='./file0\x00', 0x355)

1m29.865727142s ago: executing program 4 (id=4421):
syz_mount_image$ext4(&(0x7f0000000840)='ext4\x00', &(0x7f0000000880)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@min_batch_time={'min_batch_time', 0x3d, 0xf}}, {@nogrpid}, {@bh}]}, 0xff, 0x523, &(0x7f0000000c00)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AgiNfbGsrzrtbzrUptIuGeuSFTiBEf+AM49ceeC4MalHJD4YYFqJA5TzezY2di79qaJvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiIdyNipjyelFu81d3y8z7ZfbC4t/tgMYkse+dfSVGeH4uen8ldK19zKiJ+8J2InyRH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5427r9ceozVTx5a+1JwoU1/++I873/hZXq3p8khvO56mbtMrB3FylyPie6cRbAQule2ZGHVF+EzSiHg+Il4urv+ZuFT8NgGAiyzLZiKb6c0DABddWsyBJWm1nAuYjjStVrtzeC/E1bTRandu3W9tri1158quRyW9v9Ko3ynnCq9HJcnzc0X6Yb52KH83Ip6LiF9OXiny1cVWY2mUNz4AMMauHRr//zvZHf8BgAvu+I/NAAAXkfEfAMaP8R8Axo/xHwDGT3f8v/K4P5Zl2c9PozoAwBnw/A8A48f4DwBj5ftvv51v2V75/ddL721trrbeu71Ub69Wm5uL1cXWxnp1udVaLr6zp3nS6zVarfW512Lz/evfXG93Zttb2/earc21zr3ie73v1SvFWTtn0DIAYJDnXvroL0k+Ir95pdiiZy2HykhrBpy2dNQVAEbm0qgrAIyM1b5gfD18xn/sDwGYHoALos8SvY+Y6vcHQlmWZadXJeCU3fyC+X8YVz3z/z4FDGPmpPn/Ym1gbxLChWT+H8ZXliXDrvkfw54IAJxvx8zxXz/L+xBgdAa8//98uf9d+ebAj5YOn/HhadYKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzrf99X+r5TK/05Gm1WrEM8UCQJXk/kqjficino2IP09WJvP83IjrDAA8qfTvSbn+182ZV6cfKXrx2kFyIiJ++ut3fvX+Qqez8aeIieTfk/vHOx+Wx2snBps6jRYAAMfbH6eLfc+D/Ce7Dxb3t7Oszz++3b0ryOPu7U7E3kH8y3G52E9FJSKu/icp811Jz9zFk9j5ICI+36/9SUwXcyDdW5bD8fPYz5xp/PSR+Gm5QHNa/lt87inUBcbNR3n/81a/6y+NG8W+//U/VfRQT67s//KXWtwr+sCH8ff7v0sD+r8bw8Z47Q/f7aauHC37IOKLlyP2Y+/19D/78ZMB8V8dMv5fv/Tiy4PKst9E3Iz+8XtjzXaa67Ptre3bK82F5fpyfa1Wm5+bv/PG3ddrs8Uc9ezg0eCfb956dlBZ3v6rA+JPndD+rw7Z/t/+/90ffuWY+F9/pV/8NF44Jn4+Jn5tyPgLV38/8Lk7j790tP3JML//W0PG//hv20eWDQcARqe9tb260GjUNyTGNPHjOBfVGC6R/5c9B9Xom/jWWcWaiP5Fv3ile00fKsqyzxRrUI/xNGbdgPPg4KKPiP+NujIAAAAAAAAAAAAAAEBfZ/EXS6NuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfXpwEAAP//+E3TQw==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x1a2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0xa4c42, 0x108)
fallocate(r0, 0x0, 0xbf5, 0x2000402)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x0, 0xfffffffffe000001})

1m29.340088543s ago: executing program 4 (id=4426):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000007d0200009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r0, @ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000000040000cd00000001"], 0x48)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000080)={[{@nodioread_nolock}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x82000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0xfffffffffffffffe}, 0x18)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x105042, 0x102)
write$cgroup_subtree(r5, 0x0, 0x32600)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x30, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00')
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r7, 0x0, 0x2}, 0x18)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0)
write$cgroup_int(r8, &(0x7f0000000040)=0x922, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r6}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r8, <r10=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_tracing={0x1a, 0x6, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @map_val={0x18, 0x0, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000300)='GPL\x00', 0x10000, 0x1000, &(0x7f0000002080)=""/4096, 0x41100, 0xa, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x0, 0x1, 0xfffffffa}, 0x10, 0x1c6d3, r9, 0x5, &(0x7f0000000400)=[r3, r5, r10, 0x1], &(0x7f0000000540)=[{0x5, 0x2, 0xd, 0x7}, {0x3, 0x2, 0xa}, {0x2, 0x3, 0x8, 0x13}, {0x5, 0x2, 0xc, 0x1}, {0x2, 0x1, 0xa, 0xa}], 0x10, 0xfffffffd}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="20800091de001400030500008020ffdbdf250218", @ANYRES32=0x0, @ANYBLOB="080002"], 0x20}, 0x1, 0x0, 0x0, 0xc090}, 0x48006)
r11 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$RTC_WKALM_SET(r11, 0x4028700f, &(0x7f0000000080)={0x1, 0x0, {0x3, 0x0, 0x0, 0xa, 0x0, 0x64}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x18)
syz_clone(0x500, 0x0, 0x0, 0x0, 0x0, 0x0)

1m29.139691553s ago: executing program 4 (id=4428):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0, 0x40, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0x7f, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000ebfd7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000500b704000000000000850000000300000095", @ANYBLOB="1800000000000000000000000000000018110000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000c000000040000004f0c000001"], 0x48)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r6, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x6, 0x4, 0x0, 0x3c, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast, {[@end]}}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}, 0x3a)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r5}, 0x38)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

1m28.895439307s ago: executing program 4 (id=4439):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="0213f803030000002cbd7000fddb", @ANYRES64], 0x18}}, 0x2080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000003c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
sendmsg$tipc(r4, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588952653d414cb8ccdabc38767fee819ec5af0c5ee936880fe8549b4ed347779cab4ffd4e0b62c53a1c01db28f2b3f91c34211c9353bc1dece61511917c2245fd66cb8dffeacb4d46d627c97b498bf1ff6b313bfbc9765457c831771d5eec7997ec242e4505f01c1bb3e069b2e630f42a2be86598a61", 0x64}, {&(0x7f0000000300)='V', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e0b9821c0", 0x1000}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a86406f", 0xfffffec0}], 0x4, 0x0, 0x0, 0x8010}, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)

1m28.831471413s ago: executing program 32 (id=4439):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
readv(r3, &(0x7f0000000000)=[{&(0x7f0000000440)=""/244, 0xf4}], 0x1)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="0213f803030000002cbd7000fddb", @ANYRES64], 0x18}}, 0x2080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000003c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
sendmsg$tipc(r4, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588952653d414cb8ccdabc38767fee819ec5af0c5ee936880fe8549b4ed347779cab4ffd4e0b62c53a1c01db28f2b3f91c34211c9353bc1dece61511917c2245fd66cb8dffeacb4d46d627c97b498bf1ff6b313bfbc9765457c831771d5eec7997ec242e4505f01c1bb3e069b2e630f42a2be86598a61", 0x64}, {&(0x7f0000000300)='V', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e0b9821c0", 0x1000}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a86406f", 0xfffffec0}], 0x4, 0x0, 0x0, 0x8010}, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)

1.667747126s ago: executing program 3 (id=6244):
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_connect(0x1, 0x24, &(0x7f0000000680)=ANY=[], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
lsm_set_self_attr(0x64, 0x0, 0x0, 0x0)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r4, 0x0, 0x2}, 0x18)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002080)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x6}, {0x1000}, {0x1}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x20000}, {}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x7}, {0x0, 0x7}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0x1000000}, {}, {}, {}, {0xfffffffc}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {0x0, 0x0, 0x10000000}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {0x7}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x800000}, {}, {}, {}, {0x0, 0x0, 0x2, 0xfffffffe}, {0x4, 0xc000000}, {}, {0x2, 0x80000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x23}, {0x0, 0x0, 0x0, 0x404}, {0x0, 0x0, 0x0, 0x2, 0xfffffffd}, {0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x9f, 0x0, 0x0, 0x1}, {0x20000, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {0xfffffffd}, {}, {}, {}, {}, {0xfffffffd}, {}, {}, {0x0, 0x0, 0x1, 0x0, 0x747}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x6}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {0x0, 0x0, 0x0, 0x0, 0x401}, {}, {0x0, 0x78}, {0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x2}], [{0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {0x1}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
fchdir(r5)

1.547203038s ago: executing program 0 (id=6247):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0, 0x40, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0x7f, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000ebfd7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000500b704000000000000850000000300000095", @ANYBLOB="18000000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000c000000040000004f0c000001"], 0x48)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r6, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x6, 0x4, 0x0, 0x3c, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast, {[@end]}}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}, 0x3a)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r5}, 0x38)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

1.463111116s ago: executing program 0 (id=6252):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x20004000)
close(0xffffffffffffffff)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c23003f)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r2}, 0x18)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0xfffffed8)

1.351421387s ago: executing program 0 (id=6255):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x29, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x9a167000)
setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)
open(0x0, 0x145142, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000080)={@private0={0xfc, 0x0, '\x00', 0x1}, @empty, @local, 0x3, 0x9, 0x0, 0x400, 0x9, 0x4})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000200)='rxrpc_call\x00', r2, 0x0, 0x3fc}, 0x18)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000100100000100000014e200000000000010"], 0x28}, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)

975.466264ms ago: executing program 0 (id=6262):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')

961.811795ms ago: executing program 0 (id=6263):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], <r3=>0x0, 0x40, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0x7f, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000ebfd7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000500b704000000000000850000000300000095", @ANYBLOB="18000000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000c000000040000004f0c000001"], 0x48)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r6, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x6, 0x4, 0x0, 0x3c, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast, {[@end]}}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}, 0x3a)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r5}, 0x38)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

901.507171ms ago: executing program 3 (id=6264):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x3}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d80000001a0081044e81f782db4cb9041c1d0800fe007c05e8fe55a1280001000002020000000000080005007a010401a80016002000034004020000035c0461c900004f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee501534eedba07d6e239b7a1ca16854695d1f79064485e75106300fa125f3d4ece1a0fa80983a3f1fdb3fefe626503fd22d1cc58463d0346a61fde641561ee9c811dc0c1cd706ff2f41398d8e7369039e7ff837d3150d78569e4243b96f7e5080199891344de62a210156a7b0a", 0xd8}], 0x1}, 0x20014000)

900.773861ms ago: executing program 3 (id=6265):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x5e24, 0xd, @initdev={0xfe, 0x88, '\x00', 0x2, 0x0}, 0x105}, 0x1c)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r4=>0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
select(0x2, 0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0))
io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r3, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])

889.278582ms ago: executing program 0 (id=6267):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, <r2=>0x0}, &(0x7f0000000200)=0xc)
setfsuid(r2)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r3)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
lsm_list_modules(&(0x7f0000000440)=[0x0, 0x0], &(0x7f0000000480)=0x10, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="00000000b70800dd79ccd3007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70408203e1a000085000000030000009500000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xa3)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f00000023c0)}, 0x20001)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_SETSEL(r9, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x6, 0x101, 0x100}})

803.166001ms ago: executing program 3 (id=6270):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0xf1c38fa000000000}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000608000540000000020900020073797a310000000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000030004000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c6173740000000004000280140001800c000100636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)

777.776443ms ago: executing program 3 (id=6272):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c23003f)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r3}, 0x18)
write$cgroup_type(r0, &(0x7f0000000080), 0xfffffed8)

703.516261ms ago: executing program 3 (id=6274):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000080)=r0}, 0x20)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f00000002c0)={0x2, &(0x7f0000000340)=[{0x28, 0x47, 0x6, 0xfffef038}, {0x6, 0x27, 0x4, 0x200000}]}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r3}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)

446.234516ms ago: executing program 2 (id=6278):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="188000000000000061107d00000000049500000700"/32], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) (async)
bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) (async)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000001a00018e040000009c381f40e91404000000000000000000"], 0x55}, 0x1, 0x0, 0x0, 0x4800}, 0x0) (async)
recvmsg$can_j1939(r1, &(0x7f0000002740)={&(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000002640)=[{&(0x7f0000000200)=""/199, 0xc7}, {&(0x7f0000000300)=""/186, 0xba}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/53, 0x35}, {&(0x7f0000001400)=""/10, 0xa}, {&(0x7f0000001440)=""/229, 0xe5}, {&(0x7f0000001540)=""/234, 0xea}, {&(0x7f0000001640)=""/4096, 0x1000}], 0x8, &(0x7f00000026c0)=""/108, 0x6c}, 0x1)

404.46576ms ago: executing program 2 (id=6280):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800000000400000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00001000000000000000000000000000000000000000060000000000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0}, 0x18)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
r5 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="2c6b95410173ae13036f1d8a8238aae8eeff82d7c9490501ea358bc2af4503d589ecad59f35c894367959140b8d89361837bad2940d09d88fc2ce8"])
r6 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x2, {0x1, 0x0, 0x2}}, 0x18)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000300)={'gre0\x00', r7, 0x780b, 0x8, 0x7, 0x9, {{0xe, 0x4, 0x2, 0x6, 0x38, 0x68, 0x0, 0x1, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0xa}, @private=0xa010102, {[@noop, @cipso={0x86, 0x1c, 0x2, [{0x7, 0x4, "7ae6"}, {0x0, 0x6, "41c7cb4b"}, {0x7, 0x9, "a7e4e8caf76676"}, {0x0, 0x3, "86"}]}, @generic={0x89, 0x4, "902d"}]}}}}})

336.192286ms ago: executing program 5 (id=6286):
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00')
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendfile(r1, r0, 0x0, 0x7ffff088)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'xfrm0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000001a40)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x7, 0xfff1}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xb, 0xfff3}}]}}]}, 0x40}}, 0x0)

312.815579ms ago: executing program 5 (id=6288):
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f00000005c0)='./file3\x00', 0x1018ed5, &(0x7f0000000140)={[{@sysvgroups}, {@noload}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@norecovery}, {@errors_continue}, {@quota}], [{@seclabel}]}, 0x1, 0x655, &(0x7f0000000600)="$eJzs3c9rXFsdAPDvvZPJS9L40icivqAYcPEeyEuT+vCpG/ueC7soWLALERcNTVJDpz9IUrC10ARcKCiIuC3STf8B99K9OxHUnWuh/qBiQUtH7p07yWQyM5k2mZkk9/OByZx77pmc882dk3vuvXPmBlBac9mPNOLdiFdXk4iZlnXT0Vg5V5R7/q8H17JHEvX6d/+RRFLkNcsnxfOZYmEiIv7wScSnK/vr3bh3/8ZSrd7wMOLc5s075zbu3f9g7ebS9ZXrK7cWz3/tw48Wvr744WJLQ9/cmeL54qXvfP4XP/nhV1f/WPsgiQtxpfrj5WiL46jMxVy8KkJszR+LiI+yRIe/y0lzCkIotWz7JWMR1Yj4bMxEJX93NszE2s9H2jhgoOqViHpvyUEFgJNK94ayao4Dmsf2/R0HXxnwqGR4nn3cOCDfH/9YccphIj82mnqetBwZNc5tnD2C+rM6Xj6YePTyweyj2HMe4sXO1hk7gnq62dqOiM91ij/J23Y2jzSLP91zrJ9ExEJEjBft+9Yh2pDEk530IM7D9NJn/JUs/tbtkEbEheI5y//kDetvP6017PgBKKenHxc78q1saXf/l409muOf2B3/PGy+bvrwl2Ry/e3//nkENXXWffzX3N9P5OOetG0clo1/Lnf+ldX2jL/+7OKvutXfGP/NPmo+svqbY8FheLYdMdsW/0+zYIvxTxZ/0mH8mxW5eqG/Or79p79f7LZu1PHXH0e81/H4J9kpk6V6XJ88t7pWW1lo/OxYx+9+/4Mn3ervHP9bA4i0s2z7T+3GX4228W+x/dP212V/kzudf+V2e8ZvLz++2a3+6QO3f/q38aRxvDle5Pxoe3NzfTFiPLlUFCnylzY318/3jrdR5kU9f15sxP/+lzr3/z3v/7aoJpv/Mvtw53s3nndb9ybv/5aLya/qfbahmyz+5S7v/179P8v7ZZ91/Of7d7/QbV3n+JNDxQQAAAAAAABllebXYJN0fiedpvPzjfmyn4mptHZ7Y/PLq7fv3lqOeD//PGQ1jTTJPzIy01hOVtdqK4vF52Gby+fblr8SEe9ExK8rk/ny/LXbteVRBw8AAAAAAAAAAAAAAAAAAADHxJli/n/zPtX/rjTm/wMlcfAN5vbd/wE4JQZ5g0ngeMv7f69d/NvDawswXPb/UF76P5SX/g/lpf9Deen/UF76P5SX/g/lpf8DAAAAwKn0zhef/iWJiK1vTOaPzHixzqRfON2qr1W6MrB2AMOnR0N57Vz6N9iH0ulr/P/f4ssBB98cYASSTpn54KDeu/M/7fjKXduHbxsAAAAAAAAAAAAA0PDeu93n/7/e3GDgpDHtD8rrEPP/fXUAnHC++h/KyzE+cMAs/pjotuKg+f8AAAAAAAAAAAAAwJGZzh9JOl/MBZ6ONJ2fj/hURJyNarK6VltZiIi3I+LPlepb2fLiqBsNAAAAAAAAAAAAAAAAAAAAp8zGvfs3lmq1lfXWxP/25ZzuRPMuqAcXrvdRpmfim/Gar4pk+H+WyYgY+UYZWGKsJSeJ2Mq2/LFo2PpGHI9m5IkR/2MCAAAAAAAAAAAAAAAAAIASapl73Nnsb4bcIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYvt37/x+QWJ5qvKCvwnsTo44RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiZ/h8AAP//OUc8Pw==")
perf_event_open(0x0, 0x0, 0xffbfffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
syz_open_dev$sg(&(0x7f00000002c0), 0xe6, 0x2602)

286.690172ms ago: executing program 1 (id=6289):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x400100, 0x0)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f00000007c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r3 = memfd_secret(0x80000)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0)
sendfile(r3, r4, &(0x7f0000000000)=0x4, 0x2)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r3, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, r5, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, ["", "", "", "", "", ""]}, 0x1c}}, 0x20000000)

284.899782ms ago: executing program 5 (id=6290):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

235.704737ms ago: executing program 1 (id=6291):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000028000000280000000200000000000000000000030000000000000000000000000000000000000000000000010502"], 0x0, 0x42}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
socket$inet6_sctp(0xa, 0x4, 0x84)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="61032820050105228bfbccd68373095bbb440ac90d8866119ee1843edd9b59873632370e9c20071ef32202"], 0x2b)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$inet6_sctp(0xa, 0x0, 0x84)

235.134097ms ago: executing program 2 (id=6292):
semget$private(0x0, 0x1, 0x201)
r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x1, 0x92, 0x0, 0x9, 0x640b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={&(0x7f0000000380), 0x5}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
socket$unix(0x1, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r3}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20040040)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000002400)={&(0x7f00000007c0)=@isdn={0x22, 0x9, 0x8, 0x13, 0x8}, 0x80, 0x0, 0x0, &(0x7f0000002440)=ANY=[@ANYBLOB], 0x1468}, 0x800)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
symlinkat(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00')
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000a00)={{0x1, 0x1, 0x18}, './file0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)="1c000000210081044e81f782db44b9040200000000806c0100001500", 0x1c}], 0x1}, 0x0)
write$binfmt_format(r2, &(0x7f0000000800)='-1\x00', 0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="b90103606989068c3c270040f00000", 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

234.715797ms ago: executing program 5 (id=6293):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0}, 0x18)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
r5 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) (fail_nth: 9)

156.242205ms ago: executing program 2 (id=6294):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=r3, @ANYBLOB="01c2"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)

139.882216ms ago: executing program 1 (id=6295):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
capget(&(0x7f0000000080)={0x20071026}, &(0x7f0000000200)={0x401, 0x5, 0x0, 0xffff, 0x7, 0x3})

124.347668ms ago: executing program 2 (id=6296):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
mincore(&(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r2 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$selinux_validatetrans(r2, &(0x7f0000001cc0)=ANY=[@ANYBLOB='system_u:object_r:semanage_t system_u:object_r:fixed_disk_device_t:s0 00000000000w'], 0x79)

123.750378ms ago: executing program 1 (id=6297):
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder-control\x00', 0x804, 0x0)
fdatasync(r0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f00000002c0)=""/4096, &(0x7f0000000180)=0x1000)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000200001000000000000000000020000000000000000000000080004"], 0x2c}}, 0x0)
r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={0xffffffffffffffff, 0x7, 0x8}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x7, &(0x7f0000000200)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r3}, @exit, @cb_func={0x18, 0xf, 0x4, 0x0, 0xfffffff9}, @map_val={0x18, 0x6, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x1}], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
sendmsg$key(r1, &(0x7f0000000000)={0x500, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020200090f"], 0x78}}, 0x0)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz1\x00', 0x200002, 0x0)
cachestat(r4, &(0x7f00000012c0)={0x8001, 0x2}, &(0x7f0000001300), 0x0)

102.60106ms ago: executing program 5 (id=6298):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000004c0)='./file1\x00', 0x3000046, &(0x7f00000005c0), 0x5, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010000081000418e00000c04fcff", 0x58}], 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181642, 0x148)

101.81416ms ago: executing program 2 (id=6299):
mkdir(&(0x7f0000000580)='./file0\x00', 0x92)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@policy_type={0xa, 0x10, {0x1}}]}, 0x1c}}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x18050, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x1216, 0x10000, 0x5, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x183, 0x6}, 0x6025, 0x4005, 0xb, 0x0, 0x1, 0x1, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
syz_emit_ethernet(0x151, &(0x7f0000000640)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x11b, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x0, 0x0, 0x4, 0x0, 0x20}], "4ed1034230795bf6b7047a966a1d294157323cab7fb85ede8a8d92d5298bf606349441277e0588eca9ce6efc60a0e12fccfabf07f1f33184393e055b66c8cee01498ae2fae35e7f25723163ff0da8478c0ebc537010b57d0c128434154c2d20f9e8a91f4e70a8ac85b30a142e5b88fa99ce7d82fe0b84f622cab94e3a3577635146e06ccc15226217bcc6c3e289a0114b839471981cf24407d15c831a95b2a61e4291a74c9c180407b6fad3222df8960db212a45dff2d41d41355668d314791c36fdb412a5030280d9cd65b7c90aad0829fbe9340fe900"/227}}}}}}}, 0x0)
kexec_load(0x4, 0xa, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000055c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f0000005800)={0x0, 0x0, &(0x7f00000057c0)={&(0x7f0000005740)={0x1c, r4, 0x209, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80c5}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f00000005c0)={[{@jqfmt_vfsold}, {@orlov}, {@user_xattr}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@nodiscard}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=")
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0x2}, 0x18)

65.012324ms ago: executing program 1 (id=6300):
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00')
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendfile(r1, r0, 0x0, 0x7ffff088)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000002c0)={'xfrm0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000001a40)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x7, 0xfff1}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xb, 0xfff3}}]}}]}, 0x40}}, 0x0)

64.525534ms ago: executing program 1 (id=6301):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r4 = accept4(r2, 0x0, 0x0, 0x0)
sendto(r4, &(0x7f0000000000)="00c881d760", 0x5, 0x0, 0x0, 0x0)
recvfrom(r3, &(0x7f00000001c0)=""/62, 0x3e, 0x10120, 0x0, 0x0)

0s ago: executing program 5 (id=6302):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0xffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='./file0\x00')
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

kernel console output (not intermixed with test programs):

sing attributes in process `syz.5.5680'.
[  361.194663][T19093] loop3: detected capacity change from 0 to 512
[  361.221143][T19093] EXT4-fs: Ignoring removed nobh option
[  361.240180][T19093] EXT4-fs (loop3): #clusters per group too big: 360448
[  361.530635][T19097] lo speed is unknown, defaulting to 1000
[  361.539021][T19097] lo speed is unknown, defaulting to 1000
[  361.613377][T19101] loop3: detected capacity change from 0 to 256
[  361.781294][T19101] FAT-fs (loop3): codepage cp949 not found
[  362.126357][T19097] lo speed is unknown, defaulting to 1000
[  362.243270][T19097] lo speed is unknown, defaulting to 1000
[  363.163854][T19116] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5688'.
[  363.260135][T19120] loop3: detected capacity change from 0 to 128
[  363.295720][T19120] EXT4-fs: Ignoring removed nobh option
[  363.321970][T19118] lo speed is unknown, defaulting to 1000
[  363.329410][T19120] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  363.351976][T19118] lo speed is unknown, defaulting to 1000
[  363.388493][   T29] kauditd_printk_skb: 151 callbacks suppressed
[  363.388510][   T29] audit: type=1400 audit(879.530:20480): avc:  denied  { mounton } for  pid=19119 comm="syz.3.5690" path="/545/mnt/file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  363.567755][T11173] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  363.634244][T19126] dummy0: entered allmulticast mode
[  363.662050][   T29] audit: type=1326 audit(879.823:20481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.694539][T19126] dummy0: left allmulticast mode
[  363.710081][T19125] lo speed is unknown, defaulting to 1000
[  363.719193][   T29] audit: type=1326 audit(879.823:20482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.732046][T19125] lo speed is unknown, defaulting to 1000
[  363.742382][   T29] audit: type=1326 audit(879.855:20483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.742413][   T29] audit: type=1326 audit(879.855:20484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.794091][   T29] audit: type=1326 audit(879.855:20485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.817087][   T29] audit: type=1326 audit(879.855:20486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.840042][   T29] audit: type=1326 audit(879.855:20487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.863200][   T29] audit: type=1326 audit(879.855:20488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  363.886206][   T29] audit: type=1326 audit(879.855:20489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19127 comm="syz.1.5689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faf1374efc9 code=0x7ffc0000
[  364.021583][T19134] loop3: detected capacity change from 0 to 512
[  364.068259][T19135] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5692'.
[  364.243789][T19139] loop0: detected capacity change from 0 to 512
[  364.255755][T19141] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5696'.
[  364.277445][T19139] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.5695: error while reading EA inode 32 err=-116
[  364.282620][T19141] blktrace: Concurrent blktraces are not allowed on loop6
[  364.290041][T19139] EXT4-fs (loop0): Remounting filesystem read-only
[  364.323697][T19139] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  364.352766][T19139] EXT4-fs (loop0): 1 orphan inode deleted
[  364.358941][T19139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  364.387841][T19139] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.619422][T19151] loop3: detected capacity change from 0 to 512
[  364.671350][T19151] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.5699: couldn't read orphan inode 26 (err -116)
[  364.724878][T19151] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  364.794213][T19160] xt_hashlimit: max too large, truncated to 1048576
[  364.812660][T19151] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  364.819215][T19151] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  364.826829][T19151] vhci_hcd vhci_hcd.0: Device attached
[  364.924539][T19161] vhci_hcd: connection closed
[  364.924792][ T7524] vhci_hcd: stop threads
[  364.933926][ T7524] vhci_hcd: release socket
[  364.938383][ T7524] vhci_hcd: disconnect device
[  365.158658][T19182] loop0: detected capacity change from 0 to 2048
[  365.184808][T19182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  365.502825][T11173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.720677][T19192] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5711'.
[  365.837957][T19201] loop3: detected capacity change from 0 to 2048
[  365.849342][T19201] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  365.883340][T19207] netlink: 'syz.2.5715': attribute type 1 has an invalid length.
[  365.937201][T12255] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.961889][T19215] netlink: 'syz.2.5720': attribute type 10 has an invalid length.
[  365.990423][T19215] netlink: 'syz.2.5720': attribute type 10 has an invalid length.
[  365.998398][T19215] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5720'.
[  366.078316][T19227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5724'.
[  366.089193][T19227] blktrace: Concurrent blktraces are not allowed on loop0
[  366.096772][T11173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.292741][T19254] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5735'.
[  366.328533][T19252] lo speed is unknown, defaulting to 1000
[  366.335134][T19252] lo speed is unknown, defaulting to 1000
[  366.438875][T19271] FAULT_INJECTION: forcing a failure.
[  366.438875][T19271] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  366.452029][T19271] CPU: 1 UID: 0 PID: 19271 Comm: syz.5.5742 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  366.452068][T19271] Tainted: [W]=WARN
[  366.452076][T19271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  366.452123][T19271] Call Trace:
[  366.452131][T19271]  <TASK>
[  366.452140][T19271]  __dump_stack+0x1d/0x30
[  366.452167][T19271]  dump_stack_lvl+0xe8/0x140
[  366.452239][T19271]  dump_stack+0x15/0x1b
[  366.452260][T19271]  should_fail_ex+0x265/0x280
[  366.452285][T19271]  should_fail+0xb/0x20
[  366.452305][T19271]  should_fail_usercopy+0x1a/0x20
[  366.452332][T19271]  _copy_from_user+0x1c/0xb0
[  366.452438][T19271]  ___sys_sendmsg+0xc1/0x1d0
[  366.452494][T19271]  __x64_sys_sendmsg+0xd4/0x160
[  366.452540][T19271]  x64_sys_call+0x191e/0x3000
[  366.452626][T19271]  do_syscall_64+0xd2/0x200
[  366.452648][T19271]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  366.452675][T19271]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  366.452733][T19271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.452807][T19271] RIP: 0033:0x7f9d8b49efc9
[  366.452822][T19271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.452839][T19271] RSP: 002b:00007f9d89f07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  366.452913][T19271] RAX: ffffffffffffffda RBX: 00007f9d8b6f5fa0 RCX: 00007f9d8b49efc9
[  366.452929][T19271] RDX: 0000000000000000 RSI: 0000200000001540 RDI: 0000000000000006
[  366.452945][T19271] RBP: 00007f9d89f07090 R08: 0000000000000000 R09: 0000000000000000
[  366.452960][T19271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  366.452974][T19271] R13: 00007f9d8b6f6038 R14: 00007f9d8b6f5fa0 R15: 00007ffe765361b8
[  366.452993][T19271]  </TASK>
[  366.636967][T19252] FAULT_INJECTION: forcing a failure.
[  366.636967][T19252] name failslab, interval 1, probability 0, space 0, times 0
[  366.649666][T19252] CPU: 1 UID: 0 PID: 19252 Comm: syz.1.5734 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  366.649709][T19252] Tainted: [W]=WARN
[  366.649718][T19252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  366.649818][T19252] Call Trace:
[  366.649825][T19252]  <TASK>
[  366.649833][T19252]  __dump_stack+0x1d/0x30
[  366.649857][T19252]  dump_stack_lvl+0xe8/0x140
[  366.649948][T19252]  dump_stack+0x15/0x1b
[  366.649965][T19252]  should_fail_ex+0x265/0x280
[  366.649984][T19252]  should_failslab+0x8c/0xb0
[  366.650015][T19252]  __kvmalloc_node_noprof+0x12e/0x670
[  366.650100][T19252]  ? xt_alloc_table_info+0x40/0x80
[  366.650136][T19252]  xt_alloc_table_info+0x40/0x80
[  366.650205][T19252]  do_arpt_set_ctl+0x5ae/0x9a0
[  366.650232][T19252]  ? lock_sock_nested+0x112/0x140
[  366.650258][T19252]  ? _raw_spin_unlock_bh+0x36/0x40
[  366.650288][T19252]  nf_setsockopt+0x199/0x1b0
[  366.650441][T19252]  ip_setsockopt+0x102/0x110
[  366.650472][T19252]  udp_setsockopt+0x99/0xb0
[  366.650504][T19252]  sock_common_setsockopt+0x69/0x80
[  366.650606][T19252]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  366.650633][T19252]  __sys_setsockopt+0x184/0x200
[  366.650667][T19252]  __x64_sys_setsockopt+0x64/0x80
[  366.650700][T19252]  x64_sys_call+0x20ec/0x3000
[  366.650798][T19252]  do_syscall_64+0xd2/0x200
[  366.650863][T19252]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  366.650892][T19252]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  366.650924][T19252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.651015][T19252] RIP: 0033:0x7faf1374efc9
[  366.651030][T19252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  366.651049][T19252] RSP: 002b:00007faf121b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  366.651068][T19252] RAX: ffffffffffffffda RBX: 00007faf139a5fa0 RCX: 00007faf1374efc9
[  366.651081][T19252] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000006
[  366.651111][T19252] RBP: 00007faf121b7090 R08: 0000000000000418 R09: 0000000000000000
[  366.651124][T19252] R10: 0000200000000800 R11: 0000000000000246 R12: 0000000000000001
[  366.651216][T19252] R13: 00007faf139a6038 R14: 00007faf139a5fa0 R15: 00007ffeac61d4a8
[  366.651237][T19252]  </TASK>
[  366.894921][T19278] loop0: detected capacity change from 0 to 1024
[  366.915030][T19278] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  366.926076][T19278] EXT4-fs (loop0): group descriptors corrupted!
[  366.937328][T19278] batman_adv: batadv0: Adding interface: dummy0
[  366.943695][T19278] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  366.968989][T19278] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  366.988971][T19281] loop1: detected capacity change from 0 to 512
[  366.996327][T19281] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  367.006275][T19278] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  367.017284][T19281] EXT4-fs (loop1): orphan cleanup on readonly fs
[  367.028354][T19281] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.5746: inode has both inline data and extents flags
[  367.045722][T19281] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.5746: couldn't read orphan inode 15 (err -117)
[  367.062814][T19281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  367.106190][T19290] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  367.118019][T19290] syzkaller0: entered promiscuous mode
[  367.121991][T19281] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #2: block 13: comm syz.1.5746: lblock 0 mapped to illegal pblock 13 (length 1)
[  367.123561][T19290] syzkaller0: entered allmulticast mode
[  367.161711][T19290] tipc: Resetting bearer <eth:syzkaller0>
[  367.174961][T19290] tipc: Disabling bearer <eth:syzkaller0>
[  367.213968][T10666] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.246141][T19294] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5751'.
[  367.515275][T19322] FAULT_INJECTION: forcing a failure.
[  367.515275][T19322] name failslab, interval 1, probability 0, space 0, times 0
[  367.528033][T19322] CPU: 0 UID: 0 PID: 19322 Comm: syz.5.5761 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  367.528065][T19322] Tainted: [W]=WARN
[  367.528072][T19322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  367.528087][T19322] Call Trace:
[  367.528111][T19322]  <TASK>
[  367.528119][T19322]  __dump_stack+0x1d/0x30
[  367.528146][T19322]  dump_stack_lvl+0xe8/0x140
[  367.528170][T19322]  dump_stack+0x15/0x1b
[  367.528190][T19322]  should_fail_ex+0x265/0x280
[  367.528227][T19322]  should_failslab+0x8c/0xb0
[  367.528255][T19322]  kmem_cache_alloc_noprof+0x50/0x480
[  367.528298][T19322]  ? audit_log_start+0x342/0x720
[  367.528327][T19322]  audit_log_start+0x342/0x720
[  367.528353][T19322]  ? kstrtouint+0x76/0xc0
[  367.528420][T19322]  audit_seccomp+0x48/0x100
[  367.528454][T19322]  ? __seccomp_filter+0x82d/0x1250
[  367.528482][T19322]  __seccomp_filter+0x83e/0x1250
[  367.528518][T19322]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  367.528644][T19322]  ? vfs_write+0x7e8/0x960
[  367.528675][T19322]  ? _raw_spin_unlock_irq+0x26/0x50
[  367.528704][T19322]  ? __rcu_read_unlock+0x4f/0x70
[  367.528766][T19322]  ? __fget_files+0x184/0x1c0
[  367.528799][T19322]  __secure_computing+0x82/0x150
[  367.528854][T19322]  syscall_trace_enter+0xcf/0x1e0
[  367.528953][T19322]  do_syscall_64+0xac/0x200
[  367.528970][T19322]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  367.529002][T19322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.529027][T19322] RIP: 0033:0x7f9d8b49efc9
[  367.529046][T19322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.529146][T19322] RSP: 002b:00007f9d89ee6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  367.529165][T19322] RAX: ffffffffffffffda RBX: 00007f9d8b6f6090 RCX: 00007f9d8b49efc9
[  367.529181][T19322] RDX: 0000000000000002 RSI: 0000000000ff5000 RDI: 0000200000000000
[  367.529330][T19322] RBP: 00007f9d89ee6090 R08: ffffffffffffffff R09: 00000000fffff000
[  367.529343][T19322] R10: 000000000004c831 R11: 0000000000000246 R12: 0000000000000001
[  367.529355][T19322] R13: 00007f9d8b6f6128 R14: 00007f9d8b6f6090 R15: 00007ffe765361b8
[  367.529376][T19322]  </TASK>
[  367.799726][T19330] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5764'.
[  367.913829][T19340] loop3: detected capacity change from 0 to 8192
[  367.943784][T19340]  loop3: p1 < > p2 p4 < p5 >
[  367.948521][T19340] loop3: partition table partially beyond EOD, truncated
[  367.957075][T19340] loop3: p1 start 134217728 is beyond EOD, truncated
[  367.963921][T19340] loop3: p2 size 591360 extends beyond EOD, truncated
[  367.986577][T19340] loop3: p5 size 591360 extends beyond EOD, truncated
[  368.103715][T19369] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5776'.
[  368.144984][T19373] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5778'.
[  368.222490][T19386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5782'.
[  368.235431][T19385] loop1: detected capacity change from 0 to 512
[  368.241867][T19386] hsr_slave_0: left promiscuous mode
[  368.245804][T19385] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.5785: error while reading EA inode 32 err=-116
[  368.260632][T19386] hsr_slave_1: left promiscuous mode
[  368.266476][T19385] EXT4-fs (loop1): Remounting filesystem read-only
[  368.282431][T19394] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5784'.
[  368.284634][T19385] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  368.308821][T19385] EXT4-fs (loop1): 1 orphan inode deleted
[  368.315201][T19385] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.327420][T19387] netlink: 'syz.0.5784': attribute type 30 has an invalid length.
[  368.327561][T19394] loop0: detected capacity change from 0 to 512
[  368.339301][T19385] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.343002][T19394] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  368.377333][T19394] EXT4-fs (loop0): 1 truncate cleaned up
[  368.383719][T19394] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.437166][T19402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5790'.
[  368.453462][T19404] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  368.516945][T12255] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.536282][T19413] loop0: detected capacity change from 0 to 128
[  368.566419][T19415] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5794'.
[  368.577249][   T29] kauditd_printk_skb: 558 callbacks suppressed
[  368.577267][   T29] audit: type=1400 audit(884.988:21040): avc:  denied  { read } for  pid=19416 comm="syz.1.5795" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  368.594916][T19413] lo speed is unknown, defaulting to 1000
[  368.620531][T19413] lo speed is unknown, defaulting to 1000
[  368.637439][T19419] netlink: 'syz.1.5795': attribute type 9 has an invalid length.
[  368.653901][T19422] loop3: detected capacity change from 0 to 512
[  368.660613][T19422] EXT4-fs: Ignoring removed orlov option
[  368.666793][T19422] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  368.676292][T19422] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.5797: corrupted in-inode xattr: e_value size too large
[  368.690788][T19422] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.5797: couldn't read orphan inode 15 (err -117)
[  368.692952][   T29] audit: type=1400 audit(885.093:21041): avc:  denied  { accept } for  pid=19418 comm="syz.2.5796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  368.703621][T19422] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.826900][T11173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.848574][T19432] loop3: detected capacity change from 0 to 512
[  368.856871][T19432] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.5800: error while reading EA inode 32 err=-116
[  368.872760][T19432] EXT4-fs (loop3): Remounting filesystem read-only
[  368.881331][T19432] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[  368.891945][T19432] EXT4-fs (loop3): 1 orphan inode deleted
[  368.898244][T19432] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.898744][T19435] netlink: 'syz.0.5801': attribute type 1 has an invalid length.
[  368.911252][T19432] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.140848][T19444] loop0: detected capacity change from 0 to 2048
[  369.156212][T19444] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  369.191854][T12255] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.230210][   T29] audit: type=1400 audit(885.671:21042): avc:  denied  { write } for  pid=19449 comm="syz.3.5806" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  369.249526][   T29] audit: type=1400 audit(885.671:21043): avc:  denied  { read } for  pid=19449 comm="syz.3.5806" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  369.323737][T19457] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5808'.
[  369.381343][T19459] loop1: detected capacity change from 0 to 1024
[  369.388723][T19459] ext4: Unknown parameter 'obj_type'
[  369.394487][T19460] netlink: 27 bytes leftover after parsing attributes in process `syz.5.5803'.
[  369.444901][T19464] loop1: detected capacity change from 0 to 512
[  369.452329][T19464] EXT4-fs: Ignoring removed orlov option
[  369.458692][T19464] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  369.474676][T19464] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.5810: corrupted in-inode xattr: e_value size too large
[  369.501191][T19464] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.5810: couldn't read orphan inode 15 (err -117)
[  369.519166][T19464] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  369.603179][T10666] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.615765][T19476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5815'.
[  369.697528][T19482] FAULT_INJECTION: forcing a failure.
[  369.697528][T19482] name failslab, interval 1, probability 0, space 0, times 0
[  369.710230][T19482] CPU: 0 UID: 0 PID: 19482 Comm: syz.1.5818 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  369.710475][T19482] Tainted: [W]=WARN
[  369.710482][T19482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  369.710495][T19482] Call Trace:
[  369.710502][T19482]  <TASK>
[  369.710510][T19482]  __dump_stack+0x1d/0x30
[  369.710603][T19482]  dump_stack_lvl+0xe8/0x140
[  369.710628][T19482]  dump_stack+0x15/0x1b
[  369.710649][T19482]  should_fail_ex+0x265/0x280
[  369.710695][T19482]  should_failslab+0x8c/0xb0
[  369.710791][T19482]  kmem_cache_alloc_noprof+0x50/0x480
[  369.710861][T19482]  ? key_alloc+0x27d/0x9a0
[  369.710887][T19482]  key_alloc+0x27d/0x9a0
[  369.710921][T19482]  keyring_alloc+0x45/0xb0
[  369.710962][T19482]  join_session_keyring+0xe8/0x2a0
[  369.711000][T19482]  lookup_user_key+0x399/0xd10
[  369.711048][T19482]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  369.711083][T19482]  __se_sys_add_key+0x268/0x350
[  369.711163][T19482]  __x64_sys_add_key+0x67/0x80
[  369.711194][T19482]  x64_sys_call+0x28c8/0x3000
[  369.711233][T19482]  do_syscall_64+0xd2/0x200
[  369.711251][T19482]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  369.711283][T19482]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  369.711393][T19482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.711479][T19482] RIP: 0033:0x7faf1374efc9
[  369.711498][T19482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.711520][T19482] RSP: 002b:00007faf121b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  369.711611][T19482] RAX: ffffffffffffffda RBX: 00007faf139a5fa0 RCX: 00007faf1374efc9
[  369.711626][T19482] RDX: 00002000000000c0 RSI: 0000000000000000 RDI: 0000200000000040
[  369.711640][T19482] RBP: 00007faf121b7090 R08: fffffffffffffffd R09: 0000000000000000
[  369.711712][T19482] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[  369.711727][T19482] R13: 00007faf139a6038 R14: 00007faf139a5fa0 R15: 00007ffeac61d4a8
[  369.711783][T19482]  </TASK>
[  370.116167][T19493] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5823'.
[  370.341055][T19500] loop1: detected capacity change from 0 to 512
[  370.357580][T19500] EXT4-fs: Ignoring removed orlov option
[  370.364230][T19500] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  370.375433][T19500] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.5826: corrupted in-inode xattr: e_value size too large
[  370.403113][T19500] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.5826: couldn't read orphan inode 15 (err -117)
[  370.430437][T19500] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  370.631908][T10666] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.784444][T19515] FAULT_INJECTION: forcing a failure.
[  370.784444][T19515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  370.797847][T19515] CPU: 1 UID: 0 PID: 19515 Comm: syz.1.5832 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  370.797887][T19515] Tainted: [W]=WARN
[  370.797896][T19515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  370.797978][T19515] Call Trace:
[  370.797985][T19515]  <TASK>
[  370.797993][T19515]  __dump_stack+0x1d/0x30
[  370.798016][T19515]  dump_stack_lvl+0xe8/0x140
[  370.798043][T19515]  dump_stack+0x15/0x1b
[  370.798064][T19515]  should_fail_ex+0x265/0x280
[  370.798096][T19515]  should_fail+0xb/0x20
[  370.798116][T19515]  should_fail_usercopy+0x1a/0x20
[  370.798139][T19515]  _copy_from_user+0x1c/0xb0
[  370.798163][T19515]  ___sys_sendmsg+0xc1/0x1d0
[  370.798248][T19515]  __x64_sys_sendmsg+0xd4/0x160
[  370.798291][T19515]  x64_sys_call+0x191e/0x3000
[  370.798352][T19515]  do_syscall_64+0xd2/0x200
[  370.798370][T19515]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  370.798405][T19515]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  370.798443][T19515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.798506][T19515] RIP: 0033:0x7faf1374efc9
[  370.798522][T19515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.798540][T19515] RSP: 002b:00007faf121b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  370.798560][T19515] RAX: ffffffffffffffda RBX: 00007faf139a5fa0 RCX: 00007faf1374efc9
[  370.798577][T19515] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 000000000000000a
[  370.798593][T19515] RBP: 00007faf121b7090 R08: 0000000000000000 R09: 0000000000000000
[  370.798605][T19515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.798665][T19515] R13: 00007faf139a6038 R14: 00007faf139a5fa0 R15: 00007ffeac61d4a8
[  370.798688][T19515]  </TASK>
[  371.037931][T19517] blktrace: Concurrent blktraces are not allowed on loop6
[  371.355373][T19537] loop1: detected capacity change from 0 to 512
[  371.362034][T19537] EXT4-fs: Ignoring removed nobh option
[  371.368307][T19537] EXT4-fs (loop1): #clusters per group too big: 360448
[  371.849110][   T29] audit: type=1326 audit(888.421:21044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19565 comm="syz.3.5852" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0ca8b1efc9 code=0x0
[  371.871699][T19564] loop1: detected capacity change from 0 to 8192
[  371.902034][T19567] Invalid logical block size (2052)
[  371.958489][T19573] loop1: detected capacity change from 0 to 512
[  371.965137][T19573] EXT4-fs: Ignoring removed nobh option
[  371.971230][T19573] EXT4-fs (loop1): #clusters per group too big: 360448
[  372.006369][T17249] kernel write not supported for file bpf-prog (pid: 17249 comm: kworker/1:10)
[  372.106613][T19584] veth2: entered promiscuous mode
[  372.111795][T19584] veth2: entered allmulticast mode
[  372.170826][T19587] 9pnet_fd: Insufficient options for proto=fd
[  372.198417][T19593] netlink: 'syz.1.5862': attribute type 1 has an invalid length.
[  372.237729][   T29] audit: type=1400 audit(888.820:21045): avc:  denied  { setopt } for  pid=19594 comm="syz.1.5863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  372.246339][T19599] netlink: 'syz.2.5866': attribute type 13 has an invalid length.
[  372.276610][T19597] loop1: detected capacity change from 0 to 2048
[  372.295356][T19597] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  372.340424][T10666] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.356124][   T29] audit: type=1326 audit(888.957:21046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19609 comm="syz.0.5868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  372.379453][   T29] audit: type=1326 audit(888.957:21047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19609 comm="syz.0.5868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  372.402508][   T29] audit: type=1326 audit(888.957:21048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19609 comm="syz.0.5868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  372.415870][T19610] blktrace: Concurrent blktraces are not allowed on loop0
[  372.425726][   T29] audit: type=1326 audit(888.957:21049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19609 comm="syz.0.5868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  372.513719][T19599] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.521011][T19599] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.682517][T19624] 9pnet_fd: Insufficient options for proto=fd
[  372.774689][T17232] lo speed is unknown, defaulting to 1000
[  372.780522][T17232] s
z1: Port: 1 Link DOWN
[  372.793742][ T5715] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  372.820616][T17237] lo speed is unknown, defaulting to 1000
[  372.833602][T19636] netlink: 'syz.0.5874': attribute type 1 has an invalid length.
[  372.842733][ T5715] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  372.861149][T19640] FAULT_INJECTION: forcing a failure.
[  372.861149][T19640] name failslab, interval 1, probability 0, space 0, times 0
[  372.874023][T19640] CPU: 0 UID: 0 PID: 19640 Comm: syz.3.5876 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  372.874083][T19640] Tainted: [W]=WARN
[  372.874092][T19640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  372.874107][T19640] Call Trace:
[  372.874115][T19640]  <TASK>
[  372.874123][T19640]  __dump_stack+0x1d/0x30
[  372.874151][T19640]  dump_stack_lvl+0xe8/0x140
[  372.874215][T19640]  dump_stack+0x15/0x1b
[  372.874307][T19640]  should_fail_ex+0x265/0x280
[  372.874331][T19640]  should_failslab+0x8c/0xb0
[  372.874366][T19640]  __kmalloc_noprof+0xa5/0x570
[  372.874401][T19640]  ? p9_client_prepare_req+0x27c/0x820
[  372.874495][T19640]  p9_client_prepare_req+0x27c/0x820
[  372.874526][T19640]  ? __traceiter_kfree+0x2e/0x50
[  372.874570][T19640]  ? kfree+0xdb/0x400
[  372.874678][T19640]  ? __list_add_valid_or_report+0x38/0xe0
[  372.874714][T19640]  p9_client_rpc+0xdf/0x6b0
[  372.874811][T19640]  ? p9_pollwait+0xb1/0xe0
[  372.874840][T19640]  ? pipe_poll+0x222/0x250
[  372.874876][T19640]  ? p9_conn_create+0x2eb/0x320
[  372.874943][T19640]  ? p9_fd_create+0x26a/0x280
[  372.874976][T19640]  p9_client_create+0x743/0xbc0
[  372.875075][T19640]  v9fs_session_init+0xf7/0xde0
[  372.875113][T19640]  ? avc_has_perm_noaudit+0x1b1/0x200
[  372.875138][T19640]  ? should_fail_ex+0xdb/0x280
[  372.875160][T19640]  ? v9fs_mount+0x51/0x5c0
[  372.875255][T19640]  ? should_failslab+0x8c/0xb0
[  372.875291][T19640]  ? __kmalloc_cache_noprof+0x249/0x4a0
[  372.875401][T19640]  v9fs_mount+0x67/0x5c0
[  372.875427][T19640]  ? selinux_capable+0x31/0x40
[  372.875455][T19640]  ? __pfx_v9fs_mount+0x10/0x10
[  372.875482][T19640]  legacy_get_tree+0x78/0xd0
[  372.875546][T19640]  vfs_get_tree+0x57/0x1d0
[  372.875578][T19640]  do_new_mount+0x24d/0x660
[  372.875607][T19640]  ? security_capable+0x83/0x90
[  372.875648][T19640]  path_mount+0x4a5/0xb70
[  372.875751][T19640]  ? user_path_at+0x109/0x130
[  372.875774][T19640]  __se_sys_mount+0x28c/0x2e0
[  372.875830][T19640]  ? fput+0x8f/0xc0
[  372.875854][T19640]  __x64_sys_mount+0x67/0x80
[  372.875884][T19640]  x64_sys_call+0x2b51/0x3000
[  372.875918][T19640]  do_syscall_64+0xd2/0x200
[  372.875936][T19640]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  372.875969][T19640]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  372.876006][T19640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.876038][T19640] RIP: 0033:0x7f0ca8b1efc9
[  372.876056][T19640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.876131][T19640] RSP: 002b:00007f0ca7587038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  372.876207][T19640] RAX: ffffffffffffffda RBX: 00007f0ca8d75fa0 RCX: 00007f0ca8b1efc9
[  372.876223][T19640] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[  372.876239][T19640] RBP: 00007f0ca7587090 R08: 0000200000000240 R09: 0000000000000000
[  372.876255][T19640] R10: 0000000000208000 R11: 0000000000000246 R12: 0000000000000002
[  372.876268][T19640] R13: 00007f0ca8d76038 R14: 00007f0ca8d75fa0 R15: 00007ffe383c9238
[  372.876305][T19640]  </TASK>
[  372.876733][ T5715] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  373.024651][T19646] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19646 comm=syz.3.5879
[  373.057123][ T5715] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  373.249578][T19658] __nla_validate_parse: 11 callbacks suppressed
[  373.249596][T19658] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5884'.
[  373.265509][T19658] FAULT_INJECTION: forcing a failure.
[  373.265509][T19658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.278674][T19658] CPU: 0 UID: 0 PID: 19658 Comm: syz.3.5884 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  373.278713][T19658] Tainted: [W]=WARN
[  373.278722][T19658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  373.278737][T19658] Call Trace:
[  373.278742][T19658]  <TASK>
[  373.278758][T19658]  __dump_stack+0x1d/0x30
[  373.278780][T19658]  dump_stack_lvl+0xe8/0x140
[  373.278800][T19658]  dump_stack+0x15/0x1b
[  373.278825][T19658]  should_fail_ex+0x265/0x280
[  373.278850][T19658]  should_fail+0xb/0x20
[  373.278870][T19658]  should_fail_usercopy+0x1a/0x20
[  373.278896][T19658]  _copy_from_user+0x1c/0xb0
[  373.278963][T19658]  kstrtouint_from_user+0x69/0xf0
[  373.278988][T19658]  ? 0xffffffff81000000
[  373.279005][T19658]  ? selinux_file_permission+0x1e4/0x320
[  373.279045][T19658]  proc_fail_nth_write+0x50/0x160
[  373.279097][T19658]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  373.279126][T19658]  vfs_write+0x269/0x960
[  373.279152][T19658]  ? vfs_read+0x4e6/0x770
[  373.279197][T19658]  ? __rcu_read_unlock+0x4f/0x70
[  373.279230][T19658]  ? __fget_files+0x184/0x1c0
[  373.279260][T19658]  ? finish_task_switch+0xad/0x2b0
[  373.279286][T19658]  ksys_write+0xda/0x1a0
[  373.279345][T19658]  __x64_sys_write+0x40/0x50
[  373.279376][T19658]  x64_sys_call+0x2802/0x3000
[  373.279411][T19658]  do_syscall_64+0xd2/0x200
[  373.279458][T19658]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  373.279513][T19658]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  373.279552][T19658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.279575][T19658] RIP: 0033:0x7f0ca8b1da7f
[  373.279591][T19658] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  373.279612][T19658] RSP: 002b:00007f0ca7587030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  373.279709][T19658] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0ca8b1da7f
[  373.279724][T19658] RDX: 0000000000000001 RSI: 00007f0ca75870a0 RDI: 0000000000000004
[  373.279739][T19658] RBP: 00007f0ca7587090 R08: 0000000000000000 R09: 0000000000000000
[  373.279810][T19658] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  373.279826][T19658] R13: 00007f0ca8d76038 R14: 00007f0ca8d75fa0 R15: 00007ffe383c9238
[  373.279848][T19658]  </TASK>
[  373.515774][T19663] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5885'.
[  373.525492][T19663] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19663 comm=syz.2.5885
[  373.570332][T19666] loop3: detected capacity change from 0 to 1024
[  373.585360][T19666] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  373.608199][T19666] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  373.618304][T19666] EXT4-fs (loop3): orphan cleanup on readonly fs
[  373.625061][T19666] EXT4-fs error (device loop3): ext4_free_blocks:6706: comm syz.3.5887: Freeing blocks not in datazone - block = 0, count = 4096
[  373.654084][T19666] EXT4-fs (loop3): 1 orphan inode deleted
[  373.660459][T19666] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  373.666459][T19669] FAULT_INJECTION: forcing a failure.
[  373.666459][T19669] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.685943][T19669] CPU: 0 UID: 0 PID: 19669 Comm: syz.1.5889 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  373.685981][T19669] Tainted: [W]=WARN
[  373.685990][T19669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  373.686005][T19669] Call Trace:
[  373.686014][T19669]  <TASK>
[  373.686024][T19669]  __dump_stack+0x1d/0x30
[  373.686073][T19669]  dump_stack_lvl+0xe8/0x140
[  373.686162][T19669]  dump_stack+0x15/0x1b
[  373.686215][T19669]  should_fail_ex+0x265/0x280
[  373.686235][T19669]  should_fail+0xb/0x20
[  373.686251][T19669]  should_fail_usercopy+0x1a/0x20
[  373.686320][T19669]  _copy_from_user+0x1c/0xb0
[  373.686351][T19669]  restore_altstack+0x4b/0x2d0
[  373.686392][T19669]  ? __set_task_blocked+0x23a/0x2a0
[  373.686424][T19669]  __ia32_sys_rt_sigreturn+0xdc/0x350
[  373.686479][T19669]  ? __rcu_read_unlock+0x4f/0x70
[  373.686518][T19669]  ? bpf_trace_run2+0x124/0x1c0
[  373.686573][T19669]  ? fpu__clear_user_states+0x63/0x1e0
[  373.686612][T19669]  ? __bpf_trace_sys_enter+0x10/0x30
[  373.686643][T19669]  ? trace_sys_enter+0xd0/0xf0
[  373.686747][T19669]  x64_sys_call+0x2d4b/0x3000
[  373.686794][T19669]  do_syscall_64+0xd2/0x200
[  373.686835][T19669]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  373.686863][T19669]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  373.686900][T19669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.686958][T19669] RIP: 0033:0x7faf136eb099
[  373.686977][T19669] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  373.686999][T19669] RSP: 002b:00007faf121b6a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  373.687022][T19669] RAX: ffffffffffffffda RBX: 00007faf139a5fa0 RCX: 00007faf136eb099
[  373.687067][T19669] RDX: 00007faf121b6a80 RSI: 00007faf121b6bb0 RDI: 0000000000000021
[  373.687160][T19669] RBP: 00007faf121b7090 R08: 0000000000000000 R09: 0000000000000000
[  373.687175][T19669] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
[  373.687190][T19669] R13: 00007faf139a6038 R14: 00007faf139a5fa0 R15: 00007ffeac61d4a8
[  373.687214][T19669]  </TASK>
[  373.897549][   T29] kauditd_printk_skb: 35 callbacks suppressed
[  373.897568][   T29] audit: type=1400 audit(890.563:21085): avc:  denied  { ioctl } for  pid=19671 comm="syz.2.5888" path="socket:[69191]" dev="sockfs" ino=69191 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  373.950931][   T29] audit: type=1400 audit(890.626:21086): avc:  denied  { write } for  pid=19665 comm="syz.3.5887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  373.971006][T11173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.003138][T19687] loop3: detected capacity change from 0 to 1024
[  374.020295][T19687] EXT4-fs: Ignoring removed bh option
[  374.026092][T19687] EXT4-fs: inline encryption not supported
[  374.056925][T19691] loop0: detected capacity change from 0 to 512
[  374.066356][T19687] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  374.078094][T19691] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  374.101208][T19687] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  374.118669][T19687] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.5891: lblock 2 mapped to illegal pblock 2 (length 1)
[  374.140974][T19687] Quota error (device loop3): qtree_write_dquot: dquota write failed
[  374.160431][   T29] audit: type=1326 audit(890.836:21087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19701 comm="syz.5.5895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  374.183490][   T29] audit: type=1326 audit(890.836:21088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19701 comm="syz.5.5895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  374.207941][T19687] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.5891: lblock 0 mapped to illegal pblock 48 (length 1)
[  374.222571][T19704] FAULT_INJECTION: forcing a failure.
[  374.222571][T19704] name failslab, interval 1, probability 0, space 0, times 0
[  374.235242][T19704] CPU: 0 UID: 0 PID: 19704 Comm: syz.5.5895 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  374.235309][T19704] Tainted: [W]=WARN
[  374.235333][T19704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  374.235345][T19704] Call Trace:
[  374.235354][T19704]  <TASK>
[  374.235362][T19704]  __dump_stack+0x1d/0x30
[  374.235386][T19704]  dump_stack_lvl+0xe8/0x140
[  374.235411][T19704]  dump_stack+0x15/0x1b
[  374.235428][T19704]  should_fail_ex+0x265/0x280
[  374.235447][T19704]  ? audit_log_d_path+0x8d/0x150
[  374.235540][T19704]  should_failslab+0x8c/0xb0
[  374.235576][T19704]  __kmalloc_cache_noprof+0x4c/0x4a0
[  374.235618][T19704]  audit_log_d_path+0x8d/0x150
[  374.235645][T19704]  audit_log_d_path_exe+0x42/0x70
[  374.235700][T19704]  audit_log_task+0x1e9/0x250
[  374.235742][T19704]  ? kstrtouint+0x76/0xc0
[  374.235777][T19704]  audit_seccomp+0x61/0x100
[  374.235997][T19704]  ? __seccomp_filter+0x82d/0x1250
[  374.236024][T19704]  __seccomp_filter+0x83e/0x1250
[  374.236052][T19704]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  374.236142][T19704]  ? vfs_write+0x7e8/0x960
[  374.236173][T19704]  ? __rcu_read_unlock+0x4f/0x70
[  374.236228][T19704]  ? __fget_files+0x184/0x1c0
[  374.236307][T19704]  __secure_computing+0x82/0x150
[  374.236336][T19704]  syscall_trace_enter+0xcf/0x1e0
[  374.236369][T19704]  do_syscall_64+0xac/0x200
[  374.236393][T19704]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  374.236461][T19704]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  374.236590][T19704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  374.236617][T19704] RIP: 0033:0x7f9d8b49efc9
[  374.236635][T19704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  374.236657][T19704] RSP: 002b:00007f9d89f07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000025
[  374.236680][T19704] RAX: ffffffffffffffda RBX: 00007f9d8b6f5fa0 RCX: 00007f9d8b49efc9
[  374.236734][T19704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
[  374.236745][T19704] RBP: 00007f9d89f07090 R08: 0000000000000000 R09: 0000000000000000
[  374.236758][T19704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  374.236773][T19704] R13: 00007f9d8b6f6038 R14: 00007f9d8b6f5fa0 R15: 00007ffe765361b8
[  374.236798][T19704]  </TASK>
[  374.287729][T19687] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  374.291144][   T29] audit: type=1326 audit(890.899:21089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19701 comm="syz.5.5895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  374.294085][T19687] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.5891: Failed to acquire dquot type 0
[  374.298691][   T29] audit: type=1326 audit(890.899:21090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19701 comm="syz.5.5895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  374.298722][   T29] audit: type=1326 audit(890.909:21091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19701 comm="syz.5.5895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9d8b49d810 code=0x7ffc0000
[  374.308822][   T29] audit: type=1326 audit(890.909:21092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19701 comm="syz.5.5895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9d8b49da7f code=0x7ffc0000
[  374.314506][T19687] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  374.611805][T19687] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.5891: mark_inode_dirty error
[  374.630939][T19687] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  374.657419][T19687] EXT4-fs (loop3): 1 orphan inode deleted
[  374.669268][T19687] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  374.682048][ T7523] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  374.701008][T19724] loop1: detected capacity change from 0 to 512
[  374.703337][ T7523] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:10: Failed to release dquot type 0
[  374.722699][T19724] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  374.759407][T19687] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check.
[  374.790899][T19731] loop1: detected capacity change from 0 to 128
[  374.808496][T19731] syz.1.5905: attempt to access beyond end of device
[  374.808496][T19731] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128
[  374.836123][T19731] syz.1.5905: attempt to access beyond end of device
[  374.836123][T19731] loop1: rw=2049, sector=158, nr_sectors = 2 limit=128
[  374.849770][T19731] Buffer I/O error on dev loop1, logical block 79, lost async page write
[  374.868904][T19736] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5906'.
[  374.887908][T19731] syz.1.5905: attempt to access beyond end of device
[  374.887908][T19731] loop1: rw=2049, sector=160, nr_sectors = 2 limit=128
[  374.901461][T19731] Buffer I/O error on dev loop1, logical block 80, lost async page write
[  374.936340][T19731] syz.1.5905: attempt to access beyond end of device
[  374.936340][T19731] loop1: rw=2049, sector=162, nr_sectors = 56 limit=128
[  374.974530][T19731] syz.1.5905: attempt to access beyond end of device
[  374.974530][T19731] loop1: rw=2049, sector=234, nr_sectors = 6 limit=128
[  375.000618][T19731] syz.1.5905: attempt to access beyond end of device
[  375.000618][T19731] loop1: rw=2049, sector=238, nr_sectors = 2 limit=128
[  375.014165][T19731] Buffer I/O error on dev loop1, logical block 119, lost async page write
[  375.023146][T19731] syz.1.5905: attempt to access beyond end of device
[  375.023146][T19731] loop1: rw=2049, sector=240, nr_sectors = 2 limit=128
[  375.036654][T19731] Buffer I/O error on dev loop1, logical block 120, lost async page write
[  375.045965][T19731] syz.1.5905: attempt to access beyond end of device
[  375.045965][T19731] loop1: rw=2049, sector=242, nr_sectors = 6 limit=128
[  375.061254][T19731] syz.1.5905: attempt to access beyond end of device
[  375.061254][T19731] loop1: rw=2049, sector=246, nr_sectors = 2 limit=128
[  375.074763][T19731] Buffer I/O error on dev loop1, logical block 123, lost async page write
[  375.085187][T11173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.094796][T19731] syz.1.5905: attempt to access beyond end of device
[  375.094796][T19731] loop1: rw=2049, sector=248, nr_sectors = 2 limit=128
[  375.108284][T19731] Buffer I/O error on dev loop1, logical block 124, lost async page write
[  375.118664][T19731] Buffer I/O error on dev loop1, logical block 71, lost async page write
[  375.127427][T19731] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  375.140611][T11173] EXT4-fs error (device loop3): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[  375.154285][T19731] Buffer I/O error on dev loop1, logical block 75, lost async page write
[  375.162982][T11173] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6313: Corrupt filesystem
[  375.172700][T19731] Buffer I/O error on dev loop1, logical block 76, lost async page write
[  375.181630][T11173] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[  375.719031][T19778] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5920'.
[  375.728094][T19778] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5920'.
[  375.737069][T19778] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5920'.
[  375.746192][T19778] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5920'.
[  375.830419][T19792] netlink: 'syz.2.5927': attribute type 1 has an invalid length.
[  375.859727][T19795] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  375.919392][T19801] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19801 comm=syz.0.5931
[  375.972458][T19805] loop0: detected capacity change from 0 to 512
[  375.981876][T19805] EXT4-fs: Ignoring removed orlov option
[  375.988541][T19805] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  376.000359][T19805] EXT4-fs error (device loop0): ext4_iget_extra_inode:5075: inode #15: comm syz.0.5933: corrupted in-inode xattr: e_value size too large
[  376.024266][T19810] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5934'.
[  376.033659][T19805] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.5933: couldn't read orphan inode 15 (err -117)
[  376.038044][T19813] FAULT_INJECTION: forcing a failure.
[  376.038044][T19813] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.048901][T19810] blktrace: Concurrent blktraces are not allowed on loop2
[  376.058624][T19813] CPU: 1 UID: 0 PID: 19813 Comm: syz.5.5935 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  376.058665][T19813] Tainted: [W]=WARN
[  376.058675][T19813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  376.058757][T19813] Call Trace:
[  376.058767][T19813]  <TASK>
[  376.058792][T19813]  __dump_stack+0x1d/0x30
[  376.058840][T19813]  dump_stack_lvl+0xe8/0x140
[  376.058884][T19813]  dump_stack+0x15/0x1b
[  376.058916][T19813]  should_fail_ex+0x265/0x280
[  376.058943][T19813]  should_fail+0xb/0x20
[  376.058965][T19813]  should_fail_usercopy+0x1a/0x20
[  376.059007][T19813]  _copy_to_user+0x20/0xa0
[  376.059040][T19813]  simple_read_from_buffer+0xb5/0x130
[  376.059158][T19813]  proc_fail_nth_read+0x10e/0x150
[  376.059201][T19813]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  376.059246][T19813]  vfs_read+0x1a8/0x770
[  376.059334][T19813]  ? __rcu_read_unlock+0x4f/0x70
[  376.059370][T19813]  ? __fget_files+0x184/0x1c0
[  376.059410][T19813]  ksys_read+0xda/0x1a0
[  376.059445][T19813]  __x64_sys_read+0x40/0x50
[  376.059549][T19813]  x64_sys_call+0x27c0/0x3000
[  376.059580][T19813]  do_syscall_64+0xd2/0x200
[  376.059605][T19813]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  376.059712][T19813]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  376.059754][T19813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.059783][T19813] RIP: 0033:0x7f9d8b49d9dc
[  376.059805][T19813] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  376.059829][T19813] RSP: 002b:00007f9d89f07030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  376.059855][T19813] RAX: ffffffffffffffda RBX: 00007f9d8b6f5fa0 RCX: 00007f9d8b49d9dc
[  376.059987][T19813] RDX: 000000000000000f RSI: 00007f9d89f070a0 RDI: 0000000000000006
[  376.060005][T19813] RBP: 00007f9d89f07090 R08: 0000000000000000 R09: 0000000000000000
[  376.060067][T19813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.060102][T19813] R13: 00007f9d8b6f6038 R14: 00007f9d8b6f5fa0 R15: 00007ffe765361b8
[  376.060141][T19813]  </TASK>
[  376.106669][T19815] FAULT_INJECTION: forcing a failure.
[  376.106669][T19815] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.139849][T19805] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  376.145302][T19815] CPU: 1 UID: 0 PID: 19815 Comm: syz.5.5936 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  376.145348][T19815] Tainted: [W]=WARN
[  376.145358][T19815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  376.145376][T19815] Call Trace:
[  376.145386][T19815]  <TASK>
[  376.145398][T19815]  __dump_stack+0x1d/0x30
[  376.145428][T19815]  dump_stack_lvl+0xe8/0x140
[  376.145500][T19815]  dump_stack+0x15/0x1b
[  376.145526][T19815]  should_fail_ex+0x265/0x280
[  376.145553][T19815]  should_fail+0xb/0x20
[  376.145577][T19815]  should_fail_usercopy+0x1a/0x20
[  376.145648][T19815]  copy_folio_from_iter_atomic+0x278/0x11b0
[  376.145690][T19815]  ? shmem_write_begin+0xa8/0x190
[  376.145717][T19815]  ? shmem_write_begin+0xe1/0x190
[  376.145748][T19815]  generic_perform_write+0x2c2/0x490
[  376.145847][T19815]  shmem_file_write_iter+0xc5/0xf0
[  376.145883][T19815]  do_iter_readv_writev+0x4a1/0x540
[  376.145935][T19815]  vfs_writev+0x2df/0x8b0
[  376.146105][T19815]  __se_sys_pwritev2+0xfc/0x1c0
[  376.146146][T19815]  __x64_sys_pwritev2+0x67/0x80
[  376.146221][T19815]  x64_sys_call+0x2c59/0x3000
[  376.146251][T19815]  do_syscall_64+0xd2/0x200
[  376.146427][T19815]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  376.146503][T19815]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  376.146547][T19815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.146577][T19815] RIP: 0033:0x7f9d8b49efc9
[  376.146598][T19815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.146626][T19815] RSP: 002b:00007f9d89f07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  376.146664][T19815] RAX: ffffffffffffffda RBX: 00007f9d8b6f5fa0 RCX: 00007f9d8b49efc9
[  376.146682][T19815] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  376.146700][T19815] RBP: 00007f9d89f07090 R08: 0000000000000000 R09: 0000000000000003
[  376.146719][T19815] R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002
[  376.146737][T19815] R13: 00007f9d8b6f6038 R14: 00007f9d8b6f5fa0 R15: 00007ffe765361b8
[  376.146762][T19815]  </TASK>
[  376.504754][T19827] netlink: 'syz.3.5940': attribute type 1 has an invalid length.
[  376.552097][T19831] FAULT_INJECTION: forcing a failure.
[  376.552097][T19831] name failslab, interval 1, probability 0, space 0, times 0
[  376.564903][T19831] CPU: 1 UID: 0 PID: 19831 Comm: syz.5.5942 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  376.564943][T19831] Tainted: [W]=WARN
[  376.565012][T19831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  376.565025][T19831] Call Trace:
[  376.565030][T19831]  <TASK>
[  376.565037][T19831]  __dump_stack+0x1d/0x30
[  376.565058][T19831]  dump_stack_lvl+0xe8/0x140
[  376.565077][T19831]  dump_stack+0x15/0x1b
[  376.565132][T19831]  should_fail_ex+0x265/0x280
[  376.565149][T19831]  should_failslab+0x8c/0xb0
[  376.565181][T19831]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  376.565209][T19831]  ? __alloc_skb+0x101/0x320
[  376.565313][T19831]  __alloc_skb+0x101/0x320
[  376.565343][T19831]  netlink_alloc_large_skb+0xbf/0xf0
[  376.565373][T19831]  netlink_sendmsg+0x3cf/0x6b0
[  376.565392][T19831]  ? __pfx_netlink_sendmsg+0x10/0x10
[  376.565482][T19831]  __sock_sendmsg+0x145/0x180
[  376.565539][T19831]  ____sys_sendmsg+0x31e/0x4e0
[  376.565572][T19831]  ___sys_sendmsg+0x17b/0x1d0
[  376.565616][T19831]  __x64_sys_sendmsg+0xd4/0x160
[  376.565688][T19831]  x64_sys_call+0x191e/0x3000
[  376.565709][T19831]  do_syscall_64+0xd2/0x200
[  376.565784][T19831]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  376.565875][T19831]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  376.565904][T19831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.565996][T19831] RIP: 0033:0x7f9d8b49efc9
[  376.566010][T19831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.566026][T19831] RSP: 002b:00007f9d89f07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  376.566043][T19831] RAX: ffffffffffffffda RBX: 00007f9d8b6f5fa0 RCX: 00007f9d8b49efc9
[  376.566054][T19831] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007
[  376.566066][T19831] RBP: 00007f9d89f07090 R08: 0000000000000000 R09: 0000000000000000
[  376.566077][T19831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.566087][T19831] R13: 00007f9d8b6f6038 R14: 00007f9d8b6f5fa0 R15: 00007ffe765361b8
[  376.566150][T19831]  </TASK>
[  376.780316][T12255] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.804348][T19836] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59926 sclass=netlink_route_socket pid=19836 comm=syz.0.5943
[  376.974715][T19839] loop3: detected capacity change from 0 to 128
[  377.094741][T19853] netlink: 'syz.3.5952': attribute type 1 has an invalid length.
[  377.161606][T19860] loop3: detected capacity change from 0 to 2048
[  377.169373][T19855] lo speed is unknown, defaulting to 1000
[  377.175798][T19855] lo speed is unknown, defaulting to 1000
[  377.178089][T19860] EXT4-fs: Ignoring removed bh option
[  377.195518][T19860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  377.296083][T11173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.308629][T19856] lo speed is unknown, defaulting to 1000
[  377.314896][T19856] lo speed is unknown, defaulting to 1000
[  377.339384][T19875] FAULT_INJECTION: forcing a failure.
[  377.339384][T19875] name failslab, interval 1, probability 0, space 0, times 0
[  377.352193][T19875] CPU: 1 UID: 0 PID: 19875 Comm: syz.3.5956 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  377.352232][T19875] Tainted: [W]=WARN
[  377.352240][T19875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  377.352256][T19875] Call Trace:
[  377.352263][T19875]  <TASK>
[  377.352273][T19875]  __dump_stack+0x1d/0x30
[  377.352296][T19875]  dump_stack_lvl+0xe8/0x140
[  377.352315][T19875]  dump_stack+0x15/0x1b
[  377.352331][T19875]  should_fail_ex+0x265/0x280
[  377.352351][T19875]  ? hugetlb_reserve_pages+0x393/0xc00
[  377.352381][T19875]  should_failslab+0x8c/0xb0
[  377.352416][T19875]  __kmalloc_cache_noprof+0x4c/0x4a0
[  377.352447][T19875]  hugetlb_reserve_pages+0x393/0xc00
[  377.352476][T19875]  hugetlbfs_file_mmap+0x27e/0x340
[  377.352514][T19875]  mmap_region+0xfa7/0x1620
[  377.352567][T19875]  do_mmap+0x9b3/0xbe0
[  377.352594][T19875]  __se_sys_remap_file_pages+0x537/0x5e0
[  377.352628][T19875]  ? fput+0x8f/0xc0
[  377.352652][T19875]  __x64_sys_remap_file_pages+0x67/0x80
[  377.352680][T19875]  x64_sys_call+0x23b3/0x3000
[  377.352704][T19875]  do_syscall_64+0xd2/0x200
[  377.352724][T19875]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  377.352776][T19875]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  377.352808][T19875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.352828][T19875] RIP: 0033:0x7f0ca8b1efc9
[  377.352847][T19875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.352877][T19875] RSP: 002b:00007f0ca7587038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[  377.352913][T19875] RAX: ffffffffffffffda RBX: 00007f0ca8d75fa0 RCX: 00007f0ca8b1efc9
[  377.352928][T19875] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000800000
[  377.352940][T19875] RBP: 00007f0ca7587090 R08: 0000000000000000 R09: 0000000000000000
[  377.352952][T19875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.352964][T19875] R13: 00007f0ca8d76038 R14: 00007f0ca8d75fa0 R15: 00007ffe383c9238
[  377.352983][T19875]  </TASK>
[  377.352990][T19875] HugeTLB: unable to allocate vma specific lock
[  377.586101][T19856] chnl_net:caif_netlink_parms(): no params data found
[  377.662031][T19856] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.669157][T19856] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.684165][T19856] bridge_slave_0: entered allmulticast mode
[  377.691109][T19856] bridge_slave_0: entered promiscuous mode
[  377.701292][T19856] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.708520][T19856] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.720977][T19856] bridge_slave_1: entered allmulticast mode
[  377.735927][T19856] bridge_slave_1: entered promiscuous mode
[  377.743243][T19883] lo speed is unknown, defaulting to 1000
[  377.761415][T19883] lo speed is unknown, defaulting to 1000
[  377.771346][ T5715] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.801245][T19856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  377.813058][T19856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  377.865469][T19856] team0: Port device team_slave_0 added
[  377.894747][ T5715] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.922965][T19856] team0: Port device team_slave_1 added
[  377.941245][T19903] netlink: 'syz.3.5963': attribute type 1 has an invalid length.
[  377.950357][ T5715] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.985691][T19856] batman_adv: batadv0: Adding interface: batadv_slave_0
[  377.992847][T19856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  378.011402][T19908] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5964'.
[  378.019008][T19856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  378.020364][T19856] batman_adv: batadv0: Adding interface: batadv_slave_1
[  378.045652][T19856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  378.071573][T19856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  378.101088][T19911] IPVS: sync thread started: state = MASTER, mcast_ifn = ipvlan1, syncid = 4, id = 0
[  378.113062][ T5715] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  378.163150][T19856] hsr_slave_0: entered promiscuous mode
[  378.170314][T19856] hsr_slave_1: entered promiscuous mode
[  378.217438][ T5715] bridge_slave_1: left allmulticast mode
[  378.217460][ T5715] bridge_slave_1: left promiscuous mode
[  378.217629][ T5715] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.218273][ T5715] bridge_slave_0: left allmulticast mode
[  378.218288][ T5715] bridge_slave_0: left promiscuous mode
[  378.218446][ T5715] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.433351][ T5715] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  378.456186][ T5715] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  378.466707][ T5715] bond0 (unregistering): Released all slaves
[  378.517471][ T5715] IPVS: stopping master sync thread 18938 ...
[  378.703779][ T5715] veth1_vlan: left promiscuous mode
[  378.716002][ T5715] veth0_vlan: left promiscuous mode
[  378.857391][ T5715] team0 (unregistering): Port device team_slave_1 removed
[  378.883256][ T5715] team0 (unregistering): Port device team_slave_0 removed
[  378.947980][T19920] lo speed is unknown, defaulting to 1000
[  378.956425][T17236] syz1: Port: 1 Link DOWN
[  378.956458][T17237] lo speed is unknown, defaulting to 1000
[  378.956473][T17237] syz2: Port: 1 Link DOWN
[  378.961439][T19920] lo speed is unknown, defaulting to 1000
[  379.211416][T19950] FAULT_INJECTION: forcing a failure.
[  379.211416][T19950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  379.227296][T19950] CPU: 0 UID: 0 PID: 19950 Comm: +}[@ Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  379.227399][T19950] Tainted: [W]=WARN
[  379.227408][T19950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  379.227424][T19950] Call Trace:
[  379.227432][T19950]  <TASK>
[  379.227441][T19950]  __dump_stack+0x1d/0x30
[  379.227509][T19950]  dump_stack_lvl+0xe8/0x140
[  379.227533][T19950]  dump_stack+0x15/0x1b
[  379.227552][T19950]  should_fail_ex+0x265/0x280
[  379.227604][T19950]  should_fail+0xb/0x20
[  379.227620][T19950]  should_fail_usercopy+0x1a/0x20
[  379.227646][T19950]  strncpy_from_user+0x25/0x230
[  379.227700][T19950]  ? kmem_cache_alloc_noprof+0x242/0x480
[  379.227737][T19950]  ? getname_flags+0x80/0x3b0
[  379.227773][T19950]  getname_flags+0xae/0x3b0
[  379.227849][T19950]  do_sys_openat2+0x60/0x110
[  379.227876][T19950]  __se_sys_openat2+0x194/0x1f0
[  379.227901][T19950]  __x64_sys_openat2+0x55/0x70
[  379.227954][T19950]  x64_sys_call+0x1121/0x3000
[  379.228005][T19950]  do_syscall_64+0xd2/0x200
[  379.228101][T19950]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  379.228132][T19950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.228157][T19950] RIP: 0033:0x7f0ca8b1efc9
[  379.228176][T19950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.228195][T19950] RSP: 002b:00007f0ca7587038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  379.228213][T19950] RAX: ffffffffffffffda RBX: 00007f0ca8d75fa0 RCX: 00007f0ca8b1efc9
[  379.228282][T19950] RDX: 0000200000000140 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  379.228325][T19950] RBP: 00007f0ca7587090 R08: 0000000000000000 R09: 0000000000000000
[  379.228337][T19950] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  379.228349][T19950] R13: 00007f0ca8d76038 R14: 00007f0ca8d75fa0 R15: 00007ffe383c9238
[  379.228367][T19950]  </TASK>
[  379.419282][T19856] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  379.452905][T19856] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  379.474427][T19856] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  379.491387][T19856] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  379.531191][T19856] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.546817][T19856] 8021q: adding VLAN 0 to HW filter on device team0
[  379.570181][ T5715] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.577307][ T5715] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.587927][ T5715] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.595162][ T5715] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.611144][T19856] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  379.621681][T19856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  379.694795][T19856] 8021q: adding VLAN 0 to HW filter on device batadv0
[  379.772355][T19856] veth0_vlan: entered promiscuous mode
[  379.781017][T19856] veth1_vlan: entered promiscuous mode
[  379.796913][T19856] veth0_macvtap: entered promiscuous mode
[  379.804660][T19856] veth1_macvtap: entered promiscuous mode
[  379.815225][T19856] batman_adv: batadv0: Interface activated: batadv_slave_0
[  379.826547][T19856] batman_adv: batadv0: Interface activated: batadv_slave_1
[  379.838734][ T5715] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  379.847759][ T5715] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  379.865623][ T5715] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  379.880801][ T5715] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  379.898108][   T29] kauditd_printk_skb: 427 callbacks suppressed
[  379.898125][   T29] audit: type=1400 audit(896.862:21519): avc:  denied  { write } for  pid=19856 comm="syz-executor" name="cgroup.procs" dev="cgroup" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object"
[  379.929447][   T29] audit: type=1400 audit(896.862:21520): avc:  denied  { open } for  pid=19856 comm="syz-executor" path="/syzcgroup/cpu/syz1/cgroup.procs" dev="cgroup" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object"
[  380.298658][   T29] audit: type=1326 audit(897.282:21521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.321747][   T29] audit: type=1326 audit(897.292:21522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.408626][   T29] audit: type=1326 audit(897.292:21523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.431718][   T29] audit: type=1326 audit(897.292:21524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.454805][   T29] audit: type=1326 audit(897.292:21525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.477797][   T29] audit: type=1326 audit(897.292:21526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.500844][   T29] audit: type=1326 audit(897.292:21527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.523933][   T29] audit: type=1326 audit(897.292:21528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19996 comm="syz.2.5992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e167eefc9 code=0x7ffc0000
[  380.734122][T20037] loop1: detected capacity change from 0 to 512
[  380.753559][T20012] lo speed is unknown, defaulting to 1000
[  380.769502][T20037] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.928061][T20034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.967959][T20034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.091265][T19856] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.166115][T20053] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6009'.
[  381.244523][T20034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  381.253205][T20034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.300283][ T7523] bond0 (unregistering): Released all slaves
[  381.319036][T20053] IPVS: Error connecting to the multicast addr
[  381.346175][T20012] chnl_net:caif_netlink_parms(): no params data found
[  381.362501][ T7523] tipc: Disabling bearer <udp:£>
[  381.367580][ T7523] tipc: Left network mode
[  381.405965][T20073] loop1: detected capacity change from 0 to 512
[  381.432879][T20073] EXT4-fs: Ignoring removed nobh option
[  381.448642][T20073] EXT4-fs (loop1): #clusters per group too big: 360448
[  381.458841][ T7523] hsr_slave_0: left promiscuous mode
[  381.467866][ T7523] hsr_slave_1: left promiscuous mode
[  381.552924][ T5715] smc: removing ib device syz0
[  381.615707][T20012] bridge0: port 1(bridge_slave_0) entered blocking state
[  381.622977][T20012] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.640214][T20012] bridge_slave_0: entered allmulticast mode
[  381.654832][T20012] bridge_slave_0: entered promiscuous mode
[  381.671198][T20012] bridge0: port 2(bridge_slave_1) entered blocking state
[  381.678302][T20012] bridge0: port 2(bridge_slave_1) entered disabled state
[  381.689108][T20012] bridge_slave_1: entered allmulticast mode
[  381.707035][T20012] bridge_slave_1: entered promiscuous mode
[  381.719682][T20089] syzkaller1: entered promiscuous mode
[  381.725297][T20089] syzkaller1: entered allmulticast mode
[  381.865650][T20012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  381.896507][T20012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  381.946537][T20012] team0: Port device team_slave_0 added
[  381.962888][T20012] team0: Port device team_slave_1 added
[  381.995322][T20012] batman_adv: batadv0: Adding interface: batadv_slave_0
[  382.002361][T20012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  382.028361][T20012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  382.039538][T20115] netlink: 'syz.2.6031': attribute type 3 has an invalid length.
[  382.049860][T20012] batman_adv: batadv0: Adding interface: batadv_slave_1
[  382.056864][T20012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  382.082917][T20012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  382.111888][ T7523] IPVS: stop unused estimator thread 0...
[  382.169053][T20012] hsr_slave_0: entered promiscuous mode
[  382.175247][T20127] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6035'.
[  382.194909][T20012] hsr_slave_1: entered promiscuous mode
[  382.200995][T20012] debugfs: 'hsr0' already exists in 'hsr'
[  382.206824][T20012] Cannot create hsr debugfs directory
[  382.213333][T20127] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6035'.
[  382.237134][T20133] syzkaller1: entered promiscuous mode
[  382.242916][T20133] syzkaller1: entered allmulticast mode
[  382.407233][T20145] 9pnet_fd: Insufficient options for proto=fd
[  382.514678][T20155] blktrace: Concurrent blktraces are not allowed on loop0
[  382.644095][T20012] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  382.653504][T20012] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  382.655499][T20170] FAULT_INJECTION: forcing a failure.
[  382.655499][T20170] name failslab, interval 1, probability 0, space 0, times 0
[  382.673077][T20170] CPU: 0 UID: 0 PID: 20170 Comm: syz.5.6052 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  382.673114][T20170] Tainted: [W]=WARN
[  382.673120][T20170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  382.673132][T20170] Call Trace:
[  382.673137][T20170]  <TASK>
[  382.673144][T20170]  __dump_stack+0x1d/0x30
[  382.673178][T20170]  dump_stack_lvl+0xe8/0x140
[  382.673224][T20170]  dump_stack+0x15/0x1b
[  382.673240][T20170]  should_fail_ex+0x265/0x280
[  382.673257][T20170]  should_failslab+0x8c/0xb0
[  382.673308][T20170]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  382.673347][T20170]  ? __alloc_skb+0x101/0x320
[  382.673412][T20170]  __alloc_skb+0x101/0x320
[  382.673435][T20170]  ? audit_log_start+0x342/0x720
[  382.673455][T20170]  audit_log_start+0x3a0/0x720
[  382.673526][T20170]  ? kstrtouint+0x76/0xc0
[  382.673589][T20170]  audit_seccomp+0x48/0x100
[  382.673690][T20170]  ? __seccomp_filter+0x82d/0x1250
[  382.673729][T20170]  __seccomp_filter+0x83e/0x1250
[  382.673800][T20170]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  382.673839][T20170]  ? vfs_write+0x7e8/0x960
[  382.673892][T20170]  __secure_computing+0x82/0x150
[  382.673917][T20170]  syscall_trace_enter+0xcf/0x1e0
[  382.673982][T20170]  do_syscall_64+0xac/0x200
[  382.673999][T20170]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  382.674060][T20170]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  382.674123][T20170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.674142][T20170] RIP: 0033:0x7f9d8b49efc9
[  382.674156][T20170] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.674171][T20170] RSP: 002b:00007f9d89f07038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f
[  382.674204][T20170] RAX: ffffffffffffffda RBX: 00007f9d8b6f5fa0 RCX: 00007f9d8b49efc9
[  382.674215][T20170] RDX: 00002000000003c0 RSI: 0000000000000001 RDI: 0000000000000000
[  382.674226][T20170] RBP: 00007f9d89f07090 R08: 0000000000000000 R09: 0000000000000000
[  382.674237][T20170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.674247][T20170] R13: 00007f9d8b6f6038 R14: 00007f9d8b6f5fa0 R15: 00007ffe765361b8
[  382.674265][T20170]  </TASK>
[  382.900163][T20012] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  382.921711][T20012] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  382.968273][T20175] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6053'.
[  383.101889][T20012] 8021q: adding VLAN 0 to HW filter on device bond0
[  383.114856][T20012] 8021q: adding VLAN 0 to HW filter on device team0
[  383.139347][ T5715] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.146479][ T5715] bridge0: port 1(bridge_slave_0) entered forwarding state
[  383.167288][ T5715] bridge0: port 2(bridge_slave_1) entered blocking state
[  383.174413][ T5715] bridge0: port 2(bridge_slave_1) entered forwarding state
[  383.342261][T20012] 8021q: adding VLAN 0 to HW filter on device batadv0
[  383.391229][T20171] Set syz1 is full, maxelem 65536 reached
[  383.586530][T20012] veth0_vlan: entered promiscuous mode
[  383.598952][T20012] veth1_vlan: entered promiscuous mode
[  383.628726][T20012] veth0_macvtap: entered promiscuous mode
[  383.637370][T20012] veth1_macvtap: entered promiscuous mode
[  383.653267][T20012] batman_adv: batadv0: Interface activated: batadv_slave_0
[  383.668812][T20012] batman_adv: batadv0: Interface activated: batadv_slave_1
[  383.680238][ T7524] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  383.691573][ T7524] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  383.702661][ T7524] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  383.712049][ T7524] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  383.752962][T20227] loop1: detected capacity change from 0 to 512
[  383.785964][T20227] EXT4-fs error (device loop1): __ext4_fill_super:5512: inode #2: comm syz.1.6065: iget: checksum invalid
[  383.806385][T20227] EXT4-fs (loop1): get root inode failed
[  383.812081][T20227] EXT4-fs (loop1): mount failed
[  383.827443][T20227] sch_tbf: peakrate 9 is lower than or equals to rate 6829859379779001161 !
[  383.892631][T20239] loop1: detected capacity change from 0 to 256
[  383.900621][T20239] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  383.977444][T20247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6073'.
[  384.008145][T20249] syzkaller1: entered promiscuous mode
[  384.013961][T20249] syzkaller1: entered allmulticast mode
[  384.115716][T20255] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6076'.
[  384.125166][T20255] IPVS: Unknown mcast interface: ipvlan1
[  384.521683][T20276] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[  384.530000][T20276] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[  384.577266][T20276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.596068][T20276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.606841][T20269] lo speed is unknown, defaulting to 1000
[  384.761299][T20269] chnl_net:caif_netlink_parms(): no params data found
[  384.808087][   T29] kauditd_printk_skb: 248 callbacks suppressed
[  384.808104][   T29] audit: type=1326 audit(902.027:21775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20287 comm="syz.0.6087" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x0
[  384.874380][T20269] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.881570][T20269] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.888734][T20269] bridge_slave_0: entered allmulticast mode
[  384.895252][T20269] bridge_slave_0: entered promiscuous mode
[  384.902320][T20269] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.909771][T20269] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.916930][T20269] bridge_slave_1: entered allmulticast mode
[  384.923937][T20269] bridge_slave_1: entered promiscuous mode
[  384.948378][T20269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  384.959145][T20269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  384.981962][T20269] team0: Port device team_slave_0 added
[  384.988659][T20269] team0: Port device team_slave_1 added
[  385.005161][T20269] batman_adv: batadv0: Adding interface: batadv_slave_0
[  385.012225][T20269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  385.038149][T20269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  385.051632][T20269] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.058617][T20269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  385.084795][T20269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  385.117615][T20269] hsr_slave_0: entered promiscuous mode
[  385.123898][T20269] hsr_slave_1: entered promiscuous mode
[  385.130034][T20269] debugfs: 'hsr0' already exists in 'hsr'
[  385.135789][T20269] Cannot create hsr debugfs directory
[  385.206382][   T52] bridge_slave_1: left allmulticast mode
[  385.212123][   T52] bridge_slave_1: left promiscuous mode
[  385.217895][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.225643][   T52] bridge_slave_0: left allmulticast mode
[  385.231293][   T52] bridge_slave_0: left promiscuous mode
[  385.237167][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.259403][   T52] bond3 (unregistering): (slave geneve2): Releasing active interface
[  385.396675][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  385.406080][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  385.415206][   T52] bond0 (unregistering): Released all slaves
[  385.424204][   T52] bond1 (unregistering): (slave veth3): Releasing active interface
[  385.432173][   T52] dummy0: entered promiscuous mode
[  385.438279][   T52] bond1 (unregistering): (slave dummy0): Releasing active interface
[  385.446737][   T52] bond1 (unregistering): Released all slaves
[  385.455042][   T52] bond2 (unregistering): Released all slaves
[  385.463600][   T52] bond3 (unregistering): Released all slaves
[  385.513827][T20302] loop3: detected capacity change from 0 to 512
[  385.521359][T20302] EXT4-fs: Ignoring removed orlov option
[  385.527997][T20302] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  385.538596][T20302] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.6091: corrupted in-inode xattr: e_value size too large
[  385.553188][T20302] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.6091: couldn't read orphan inode 15 (err -117)
[  385.569838][T20302] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  385.589902][   T52] team0 (unregistering): Port device team_slave_1 removed
[  385.600191][   T52] team0 (unregistering): Port device team_slave_0 removed
[  385.635057][   T31] smc: removing ib device s
z1
[  385.665760][T20012] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  385.815454][   T29] audit: type=1326 audit(903.087:21776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  385.838555][   T29] audit: type=1326 audit(903.087:21777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  385.865050][   T29] audit: type=1326 audit(903.140:21778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  385.937305][   T29] audit: type=1326 audit(903.182:21779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  385.960449][   T29] audit: type=1326 audit(903.182:21780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  385.983504][   T29] audit: type=1326 audit(903.182:21781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  386.006603][   T29] audit: type=1326 audit(903.182:21782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  386.008084][T20269] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  386.029819][   T29] audit: type=1326 audit(903.182:21783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b72aefc9 code=0x7ffc0000
[  386.059552][   T29] audit: type=1326 audit(903.182:21784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20320 comm="syz.0.6097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f48b72ad810 code=0x7ffc0000
[  386.091902][   T52] IPVS: stop unused estimator thread 0...
[  386.097811][T20269] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  386.116574][T20269] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  386.129463][T20269] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  386.167981][T20269] 8021q: adding VLAN 0 to HW filter on device bond0
[  386.180333][T20269] 8021q: adding VLAN 0 to HW filter on device team0
[  386.189674][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.196831][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.209291][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.216369][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.279641][T20269] 8021q: adding VLAN 0 to HW filter on device batadv0
[  386.295862][T20335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.305153][T20335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.352191][T20269] veth0_vlan: entered promiscuous mode
[  386.360122][T20269] veth1_vlan: entered promiscuous mode
[  386.374936][T20269] veth0_macvtap: entered promiscuous mode
[  386.382300][T20269] veth1_macvtap: entered promiscuous mode
[  386.393344][T20269] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.404867][T20269] batman_adv: batadv0: Interface activated: batadv_slave_1
[  386.416459][   T31] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.425389][   T31] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.436370][   T31] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.446798][   T31] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.481674][T20354] FAULT_INJECTION: forcing a failure.
[  386.481674][T20354] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.494874][T20354] CPU: 0 UID: 0 PID: 20354 Comm: syz.2.6083 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  386.494963][T20354] Tainted: [W]=WARN
[  386.494970][T20354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  386.494984][T20354] Call Trace:
[  386.494991][T20354]  <TASK>
[  386.494999][T20354]  __dump_stack+0x1d/0x30
[  386.495084][T20354]  dump_stack_lvl+0xe8/0x140
[  386.495108][T20354]  dump_stack+0x15/0x1b
[  386.495128][T20354]  should_fail_ex+0x265/0x280
[  386.495153][T20354]  should_fail+0xb/0x20
[  386.495173][T20354]  should_fail_usercopy+0x1a/0x20
[  386.495199][T20354]  _copy_from_iter+0xd2/0xe80
[  386.495294][T20354]  ? should_fail_ex+0xdb/0x280
[  386.495312][T20354]  ? should_failslab+0x8c/0xb0
[  386.495337][T20354]  ? __kmalloc_noprof+0x2a2/0x570
[  386.495417][T20354]  ? kernfs_fop_write_iter+0xe2/0x300
[  386.495437][T20354]  kernfs_fop_write_iter+0x125/0x300
[  386.495483][T20354]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  386.495514][T20354]  vfs_write+0x52a/0x960
[  386.495542][T20354]  ksys_write+0xda/0x1a0
[  386.495592][T20354]  __x64_sys_write+0x40/0x50
[  386.495622][T20354]  x64_sys_call+0x2802/0x3000
[  386.495652][T20354]  do_syscall_64+0xd2/0x200
[  386.495686][T20354]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  386.495776][T20354]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  386.495818][T20354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.495838][T20354] RIP: 0033:0x7f4b9225efc9
[  386.495851][T20354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.495873][T20354] RSP: 002b:00007f4b90cbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  386.495890][T20354] RAX: ffffffffffffffda RBX: 00007f4b924b5fa0 RCX: 00007f4b9225efc9
[  386.495901][T20354] RDX: 0000000000000005 RSI: 00002000000001c0 RDI: 0000000000000008
[  386.495913][T20354] RBP: 00007f4b90cbf090 R08: 0000000000000000 R09: 0000000000000000
[  386.495923][T20354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.495934][T20354] R13: 00007f4b924b6038 R14: 00007f4b924b5fa0 R15: 00007ffedc90ef68
[  386.495952][T20354]  </TASK>
[  386.715063][T20335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.743384][T20335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.781822][T20361] loop2: detected capacity change from 0 to 512
[  386.788606][T20361] EXT4-fs: Ignoring removed oldalloc option
[  386.799989][T20361] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: comm syz.2.6105: Parent and EA inode have the same ino 15
[  386.819921][T20361] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: comm syz.2.6105: Parent and EA inode have the same ino 15
[  386.850687][T20361] EXT4-fs (loop2): 1 orphan inode deleted
[  386.863583][T20361] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  386.877587][T20361] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.2.6105: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  386.908763][T20269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.987850][T20373] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=20373 comm=syz.3.6109
[  387.114699][T20364] chnl_net:caif_netlink_parms(): no params data found
[  387.188390][T20399] bond1: option primary_reselect: invalid value (4)
[  387.196227][T20399] bond1 (unregistering): Released all slaves
[  387.206582][T20364] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.213647][T20364] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.221101][T20364] bridge_slave_0: entered allmulticast mode
[  387.227720][T20364] bridge_slave_0: entered promiscuous mode
[  387.240477][T20364] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.247863][T20364] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.256222][T20364] bridge_slave_1: entered allmulticast mode
[  387.277336][T20364] bridge_slave_1: entered promiscuous mode
[  387.307526][T20364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  387.347404][   T52] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  387.365464][T20364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.405423][T20364] team0: Port device team_slave_0 added
[  387.418007][T20364] team0: Port device team_slave_1 added
[  387.452919][   T52] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  387.524632][   T52] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  387.538041][T20415] loop2: detected capacity change from 0 to 2048
[  387.549579][T20364] batman_adv: batadv0: Adding interface: batadv_slave_0
[  387.556710][T20364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  387.582812][T20364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  387.595721][T20417] syzkaller1: entered promiscuous mode
[  387.601246][T20417] syzkaller1: entered allmulticast mode
[  387.607371][T20415]  loop2: p1 < > p4
[  387.613578][T20415] loop2: p4 size 8388608 extends beyond EOD, truncated
[  387.621538][   T52] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  387.632600][T20406] lo speed is unknown, defaulting to 1000
[  387.633482][T20364] batman_adv: batadv0: Adding interface: batadv_slave_1
[  387.645551][T20364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  387.671562][T20364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  387.684971][T20406] lo speed is unknown, defaulting to 1000
[  387.694045][T20406] lo speed is unknown, defaulting to 1000
[  387.707800][T20406] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  387.728389][T20364] hsr_slave_0: entered promiscuous mode
[  387.739627][T20364] hsr_slave_1: entered promiscuous mode
[  387.745706][T20364] debugfs: 'hsr0' already exists in 'hsr'
[  387.751500][T20364] Cannot create hsr debugfs directory
[  387.757223][T20406] lo speed is unknown, defaulting to 1000
[  387.771999][T20406] lo speed is unknown, defaulting to 1000
[  387.779961][T20428] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6124'.
[  387.809222][T20406] lo speed is unknown, defaulting to 1000
[  387.837366][   T52] bridge_slave_1: left allmulticast mode
[  387.843073][   T52] bridge_slave_1: left promiscuous mode
[  387.848757][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.876339][   T52] bridge_slave_0: left allmulticast mode
[  387.882091][   T52] bridge_slave_0: left promiscuous mode
[  387.887898][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.970254][T20445] FAULT_INJECTION: forcing a failure.
[  387.970254][T20445] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.983644][T20445] CPU: 0 UID: 0 PID: 20445 Comm: syz.3.6132 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  387.983687][T20445] Tainted: [W]=WARN
[  387.983696][T20445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  387.983712][T20445] Call Trace:
[  387.983719][T20445]  <TASK>
[  387.983793][T20445]  __dump_stack+0x1d/0x30
[  387.983821][T20445]  dump_stack_lvl+0xe8/0x140
[  387.983847][T20445]  dump_stack+0x15/0x1b
[  387.983887][T20445]  should_fail_ex+0x265/0x280
[  387.983913][T20445]  should_fail+0xb/0x20
[  387.983938][T20445]  should_fail_usercopy+0x1a/0x20
[  387.983993][T20445]  _copy_from_user+0x1c/0xb0
[  387.984026][T20445]  ___sys_sendmsg+0xc1/0x1d0
[  387.984089][T20445]  __sys_sendmmsg+0x178/0x300
[  387.984200][T20445]  __x64_sys_sendmmsg+0x57/0x70
[  387.984224][T20445]  x64_sys_call+0x1c4a/0x3000
[  387.984253][T20445]  do_syscall_64+0xd2/0x200
[  387.984353][T20445]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  387.984390][T20445]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  387.984430][T20445]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.984459][T20445] RIP: 0033:0x7fda15e9efc9
[  387.984477][T20445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.984509][T20445] RSP: 002b:00007fda148ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  387.984529][T20445] RAX: ffffffffffffffda RBX: 00007fda160f5fa0 RCX: 00007fda15e9efc9
[  387.984542][T20445] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000003
[  387.984554][T20445] RBP: 00007fda148ff090 R08: 0000000000000000 R09: 0000000000000000
[  387.984567][T20445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  387.984579][T20445] R13: 00007fda160f6038 R14: 00007fda160f5fa0 R15: 00007ffef3361538
[  387.984631][T20445]  </TASK>
[  388.177091][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  388.214306][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  388.224151][   T52] bond0 (unregistering): Released all slaves
[  388.234172][   T52] bond1 (unregistering): Released all slaves
[  388.242347][T20406] lo speed is unknown, defaulting to 1000
[  388.276049][T20406] lo speed is unknown, defaulting to 1000
[  388.287080][   T52] tipc: Left network mode
[  388.287890][T20450] syzkaller1: entered promiscuous mode
[  388.297102][T20450] syzkaller1: entered allmulticast mode
[  388.304583][T20406] lo speed is unknown, defaulting to 1000
[  388.338029][   T52] hsr_slave_0: left promiscuous mode
[  388.343916][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  388.355842][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  388.366904][   T52] batman_adv: batadv0: Removing interface: dummy0
[  388.425414][   T52] team0 (unregistering): Port device team_slave_0 removed
[  388.476126][T20468] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6140'.
[  388.494957][T20468] IPVS: Error connecting to the multicast addr
[  388.577711][T20481] veth2: entered promiscuous mode
[  388.582895][T20481] veth2: entered allmulticast mode
[  388.668553][T20486] syzkaller1: entered promiscuous mode
[  388.674332][T20486] syzkaller1: entered allmulticast mode
[  388.763501][   T52] IPVS: stop unused estimator thread 0...
[  388.966211][T20497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6151'.
[  389.006558][T20364] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  389.025517][T20497] blktrace: Concurrent blktraces are not allowed on loop2
[  389.050592][T20364] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  389.084644][T20364] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  389.107587][T20364] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  389.166837][T20502] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6153'.
[  389.252170][T20364] 8021q: adding VLAN 0 to HW filter on device bond0
[  389.282091][T20364] 8021q: adding VLAN 0 to HW filter on device team0
[  389.292957][ T7530] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.300082][ T7530] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.311485][ T5715] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.318657][ T5715] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.370000][T20364] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  389.442010][T20364] 8021q: adding VLAN 0 to HW filter on device batadv0
[  389.504561][T20533] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6161'.
[  389.531806][T20538] netlink: 'syz.2.6163': attribute type 1 has an invalid length.
[  389.608366][T20364] veth0_vlan: entered promiscuous mode
[  389.625969][T20364] veth1_vlan: entered promiscuous mode
[  389.664050][T20548] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6166'.
[  389.682004][T20364] veth0_macvtap: entered promiscuous mode
[  389.697652][T20548] IPVS: Error connecting to the multicast addr
[  389.706085][T20364] veth1_macvtap: entered promiscuous mode
[  389.739327][T20364] batman_adv: batadv0: Interface activated: batadv_slave_0
[  389.753332][T20364] batman_adv: batadv0: Interface activated: batadv_slave_1
[  389.764992][   T52] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  389.780998][T20557] FAULT_INJECTION: forcing a failure.
[  389.780998][T20557] name failslab, interval 1, probability 0, space 0, times 0
[  389.782735][   T52] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  389.794479][T20557] CPU: 0 UID: 0 PID: 20557 Comm: syz.2.6170 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  389.794523][T20557] Tainted: [W]=WARN
[  389.794532][T20557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  389.794617][T20557] Call Trace:
[  389.794626][T20557]  <TASK>
[  389.794635][T20557]  __dump_stack+0x1d/0x30
[  389.794666][T20557]  dump_stack_lvl+0xe8/0x140
[  389.794694][T20557]  dump_stack+0x15/0x1b
[  389.794795][T20557]  should_fail_ex+0x265/0x280
[  389.794823][T20557]  should_failslab+0x8c/0xb0
[  389.794881][T20557]  __kmalloc_noprof+0xa5/0x570
[  389.794921][T20557]  ? kernfs_fop_write_iter+0xe2/0x300
[  389.794949][T20557]  ? selinux_file_permission+0x1e4/0x320
[  389.795077][T20557]  kernfs_fop_write_iter+0xe2/0x300
[  389.795107][T20557]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  389.795135][T20557]  vfs_write+0x52a/0x960
[  389.795206][T20557]  ksys_write+0xda/0x1a0
[  389.795249][T20557]  __x64_sys_write+0x40/0x50
[  389.795292][T20557]  x64_sys_call+0x2802/0x3000
[  389.795408][T20557]  do_syscall_64+0xd2/0x200
[  389.795434][T20557]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  389.795473][T20557]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  389.795539][T20557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.795581][T20557] RIP: 0033:0x7f4b9225efc9
[  389.795646][T20557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.795670][T20557] RSP: 002b:00007f4b90cbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  389.795696][T20557] RAX: ffffffffffffffda RBX: 00007f4b924b5fa0 RCX: 00007f4b9225efc9
[  389.795712][T20557] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000008
[  389.795730][T20557] RBP: 00007f4b90cbf090 R08: 0000000000000000 R09: 0000000000000000
[  389.795746][T20557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.795762][T20557] R13: 00007f4b924b6038 R14: 00007f4b924b5fa0 R15: 00007ffedc90ef68
[  389.795853][T20557]  </TASK>
[  390.002185][   T52] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  390.015915][   T52] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  390.059031][T20569] loop2: detected capacity change from 0 to 512
[  390.086813][T20569] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  390.097271][   T29] kauditd_printk_skb: 170 callbacks suppressed
[  390.097289][   T29] audit: type=1326 audit(907.580:21955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.104236][T20569] EXT4-fs (loop2): orphan cleanup on readonly fs
[  390.105916][T20569] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.6174: corrupted inode contents
[  390.127517][   T29] audit: type=1326 audit(907.580:21956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.170816][   T29] audit: type=1326 audit(907.622:21957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.193942][   T29] audit: type=1326 audit(907.622:21958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.217029][   T29] audit: type=1326 audit(907.622:21959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.240146][   T29] audit: type=1326 audit(907.622:21960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.263258][   T29] audit: type=1326 audit(907.622:21961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.286256][   T29] audit: type=1326 audit(907.622:21962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.309253][   T29] audit: type=1326 audit(907.622:21963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.332310][   T29] audit: type=1326 audit(907.654:21964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20572 comm="syz.0.6106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  390.360618][T20569] EXT4-fs (loop2): Remounting filesystem read-only
[  390.367453][T20569] EXT4-fs (loop2): 1 truncate cleaned up
[  390.373226][   T52] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  390.383921][   T52] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  390.423047][   T52] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  390.465848][T20569] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  390.503333][T20269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.616012][T20602] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6186'.
[  390.624980][T20602] netlink: 'syz.2.6186': attribute type 30 has an invalid length.
[  390.637456][ T5715] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  390.649793][ T5715] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  390.669488][ T5715] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  390.680770][ T5715] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  390.775687][T20611] loop2: detected capacity change from 0 to 512
[  390.784030][T20611] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  390.792252][T20611] EXT4-fs (loop2): orphan cleanup on readonly fs
[  390.805374][T20611] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.6189: Failed to acquire dquot type 1
[  390.807211][T20617] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6192'.
[  390.830593][T20611] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6189: bg 0: block 40: padding at end of block bitmap is not set
[  390.845760][T20611] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  390.855447][T20611] EXT4-fs (loop2): 1 truncate cleaned up
[  390.861636][T20611] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  391.053021][T20269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.242042][T20637] loop2: detected capacity change from 0 to 128
[  391.250676][T20637] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  391.264593][T20637] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:375: inode #2: comm syz.2.6199: No space for directory leaf checksum. Please run e2fsck -D.
[  391.280705][T20637] EXT4-fs error (device loop2): htree_dirblock_to_tree:1051: inode #2: comm syz.2.6199: Directory block failed checksum
[  391.304101][T20637] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6199'.
[  391.318161][T20631] Invalid ELF header magic: != ELF
[  391.363014][T20269] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  391.386556][T20647] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6202'.
[  391.395942][T20647] IPVS: Error connecting to the multicast addr
[  391.449142][T20653] netlink: 'syz.2.6204': attribute type 1 has an invalid length.
[  391.487125][T20649] loop0: detected capacity change from 0 to 256
[  391.501387][T20649] vfat: Unknown parameter ''
[  391.530878][T20649] dummy0: entered allmulticast mode
[  391.539809][T20648] dummy0: left allmulticast mode
[  392.281898][T20677] loop0: detected capacity change from 0 to 1024
[  392.292664][T20679] loop3: detected capacity change from 0 to 164
[  392.323700][T20677] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  392.334816][T20677] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  392.378366][T20677] JBD2: no valid journal superblock found
[  392.384140][T20677] EXT4-fs (loop0): Could not load journal inode
[  392.390901][T20682] loop1: detected capacity change from 0 to 512
[  392.415488][T20682] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  392.435486][T20677] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  392.445806][T20682] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.6214: bad orphan inode 131083
[  392.466569][T20682] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  392.491613][T20677] loop0: detected capacity change from 0 to 512
[  392.499409][T20677] journal_path: Non-blockdev passed as './bus'
[  392.506246][T20677] EXT4-fs: error: could not find journal device path
[  392.582668][T19856] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.679561][T20694] netlink: 'syz.2.6219': attribute type 1 has an invalid length.
[  392.698853][T20696] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6220'.
[  392.712101][T20696] blktrace: Concurrent blktraces are not allowed on loop0
[  393.027671][T20708] FAULT_INJECTION: forcing a failure.
[  393.027671][T20708] name failslab, interval 1, probability 0, space 0, times 0
[  393.040486][T20708] CPU: 0 UID: 0 PID: 20708 Comm: syz.0.6225 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  393.040534][T20708] Tainted: [W]=WARN
[  393.040543][T20708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  393.040559][T20708] Call Trace:
[  393.040567][T20708]  <TASK>
[  393.040638][T20708]  __dump_stack+0x1d/0x30
[  393.040662][T20708]  dump_stack_lvl+0xe8/0x140
[  393.040682][T20708]  dump_stack+0x15/0x1b
[  393.040782][T20708]  should_fail_ex+0x265/0x280
[  393.040857][T20708]  should_failslab+0x8c/0xb0
[  393.040959][T20708]  __kmalloc_node_track_caller_noprof+0xa5/0x580
[  393.040993][T20708]  ? sidtab_sid2str_get+0xa0/0x130
[  393.041044][T20708]  kmemdup_noprof+0x2b/0x70
[  393.041073][T20708]  sidtab_sid2str_get+0xa0/0x130
[  393.041103][T20708]  security_sid_to_context_core+0x1eb/0x2e0
[  393.041141][T20708]  security_sid_to_context+0x27/0x40
[  393.041179][T20708]  selinux_lsmprop_to_secctx+0x67/0xf0
[  393.041290][T20708]  security_lsmprop_to_secctx+0x1a3/0x1c0
[  393.041318][T20708]  audit_log_subj_ctx+0xa4/0x3e0
[  393.041408][T20708]  ? skb_put+0xa9/0xf0
[  393.041442][T20708]  audit_log_task_context+0x48/0x70
[  393.041465][T20708]  audit_log_task+0xf4/0x250
[  393.041538][T20708]  ? __do_wait+0x4b6/0x510
[  393.041557][T20708]  audit_seccomp+0x61/0x100
[  393.041587][T20708]  ? __seccomp_filter+0x82d/0x1250
[  393.041696][T20708]  __seccomp_filter+0x83e/0x1250
[  393.041742][T20708]  __secure_computing+0x82/0x150
[  393.041770][T20708]  syscall_trace_enter+0xcf/0x1e0
[  393.041804][T20708]  do_syscall_64+0xac/0x200
[  393.041843][T20708]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  393.041876][T20708]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  393.041907][T20708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.041929][T20708] RIP: 0033:0x7f4e4eb0d9dc
[  393.041983][T20708] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  393.042006][T20708] RSP: 002b:00007f4e4d577030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  393.042028][T20708] RAX: ffffffffffffffda RBX: 00007f4e4ed65fa0 RCX: 00007f4e4eb0d9dc
[  393.042041][T20708] RDX: 000000000000000f RSI: 00007f4e4d5770a0 RDI: 0000000000000003
[  393.042053][T20708] RBP: 00007f4e4d577090 R08: 0000000000000000 R09: 0000000000000000
[  393.042065][T20708] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  393.042077][T20708] R13: 00007f4e4ed66038 R14: 00007f4e4ed65fa0 R15: 00007ffdbc1d65d8
[  393.042096][T20708]  </TASK>
[  393.312113][T20711] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6226'.
[  393.340074][T20711] IPVS: Error connecting to the multicast addr
[  393.393772][T20713] loop0: detected capacity change from 0 to 1024
[  393.483091][T20719] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6230'.
[  393.499790][T20717] syzkaller1: entered promiscuous mode
[  393.505654][T20717] syzkaller1: entered allmulticast mode
[  393.596480][T20725] loop1: detected capacity change from 0 to 512
[  393.624222][T20725] EXT4-fs: Ignoring removed orlov option
[  393.646214][T20725] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  393.676196][T20725] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.6233: corrupted in-inode xattr: e_value size too large
[  393.697752][T20735] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6234'.
[  393.719383][T20725] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.6233: couldn't read orphan inode 15 (err -117)
[  393.764164][T20735] hsr_slave_1 (unregistering): left promiscuous mode
[  393.775540][T20725] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.795341][T20747] loop3: detected capacity change from 0 to 512
[  393.827195][T20747] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  393.838792][T20747] EXT4-fs (loop3): orphan cleanup on readonly fs
[  393.857037][T20747] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.6240: Failed to acquire dquot type 1
[  393.883280][T20747] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6240: bg 0: block 40: padding at end of block bitmap is not set
[  393.911522][T20747] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  393.929809][T20747] EXT4-fs (loop3): 1 truncate cleaned up
[  393.940144][T20747] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  393.993003][T20012] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.009305][T19856] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.059219][T20760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  394.076894][T20760] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  394.117531][T20767] syzkaller1: entered promiscuous mode
[  394.123096][T20767] syzkaller1: entered allmulticast mode
[  394.231218][T20783] bond1: option primary_reselect: invalid value (4)
[  394.239608][T20783] bond1 (unregistering): Released all slaves
[  394.283034][T20787] 9pnet_fd: Insufficient options for proto=fd
[  394.398924][T20797] FAULT_INJECTION: forcing a failure.
[  394.398924][T20797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  394.412426][T20797] CPU: 1 UID: 0 PID: 20797 Comm: syz.5.6258 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  394.412459][T20797] Tainted: [W]=WARN
[  394.412465][T20797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  394.412509][T20797] Call Trace:
[  394.412515][T20797]  <TASK>
[  394.412522][T20797]  __dump_stack+0x1d/0x30
[  394.412546][T20797]  dump_stack_lvl+0xe8/0x140
[  394.412567][T20797]  dump_stack+0x15/0x1b
[  394.412584][T20797]  should_fail_ex+0x265/0x280
[  394.412642][T20797]  should_fail+0xb/0x20
[  394.412658][T20797]  should_fail_usercopy+0x1a/0x20
[  394.412739][T20797]  _copy_from_iter+0xd2/0xe80
[  394.412762][T20797]  ? __build_skb_around+0x1ab/0x200
[  394.412792][T20797]  ? __alloc_skb+0x223/0x320
[  394.412825][T20797]  netlink_sendmsg+0x471/0x6b0
[  394.412846][T20797]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.412866][T20797]  __sock_sendmsg+0x145/0x180
[  394.412930][T20797]  ____sys_sendmsg+0x31e/0x4e0
[  394.413095][T20797]  ___sys_sendmsg+0x17b/0x1d0
[  394.413144][T20797]  __x64_sys_sendmsg+0xd4/0x160
[  394.413182][T20797]  x64_sys_call+0x191e/0x3000
[  394.413205][T20797]  do_syscall_64+0xd2/0x200
[  394.413248][T20797]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  394.413277][T20797]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  394.413373][T20797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.413395][T20797] RIP: 0033:0x7f9d8b49efc9
[  394.413450][T20797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.413468][T20797] RSP: 002b:00007f9d89f07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  394.413515][T20797] RAX: ffffffffffffffda RBX: 00007f9d8b6f5fa0 RCX: 00007f9d8b49efc9
[  394.413545][T20797] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  394.413557][T20797] RBP: 00007f9d89f07090 R08: 0000000000000000 R09: 0000000000000000
[  394.413570][T20797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  394.413582][T20797] R13: 00007f9d8b6f6038 R14: 00007f9d8b6f5fa0 R15: 00007ffe765361b8
[  394.413602][T20797]  </TASK>
[  394.699161][T20808] syzkaller1: entered promiscuous mode
[  394.704781][T20808] syzkaller1: entered allmulticast mode
[  394.731419][T20810] netlink: 'syz.3.6264': attribute type 1 has an invalid length.
[  394.884765][   T29] kauditd_printk_skb: 281 callbacks suppressed
[  394.884784][   T29] audit: type=1326 audit(912.609:22235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20815 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  394.918788][   T29] audit: type=1326 audit(912.619:22236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20815 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  394.941818][   T29] audit: type=1326 audit(912.619:22237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20815 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  394.964904][   T29] audit: type=1326 audit(912.619:22238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20815 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  394.964945][   T29] audit: type=1326 audit(912.619:22239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20815 comm="syz.0.6267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f4e4eb0efc9 code=0x7ffc0000
[  395.039118][   T29] audit: type=1400 audit(912.766:22240): avc:  denied  { setopt } for  pid=20831 comm="syz.3.6274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  395.045556][T20839] syzkaller1: entered promiscuous mode
[  395.066299][T20839] syzkaller1: entered allmulticast mode
[  395.068499][T20837] SELinux:  policydb magic number 0x4c5047 does not match expected magic number 0xf97cff8c
[  395.080631][   T29] audit: type=1326 audit(912.787:22241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20836 comm="syz.5.6276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  395.105038][T20837] SELinux: failed to load policy
[  395.106371][T20837] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6276'.
[  395.110467][   T29] audit: type=1326 audit(912.787:22242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20836 comm="syz.5.6276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  395.119461][T20837] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6276'.
[  395.143304][   T29] audit: type=1326 audit(912.787:22243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20836 comm="syz.5.6276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  395.175513][   T29] audit: type=1326 audit(912.787:22244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20836 comm="syz.5.6276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d8b49efc9 code=0x7ffc0000
[  395.535006][T20894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6297'.
[  395.599414][T20898] loop2: detected capacity change from 0 to 512
[  395.610130][T20898] EXT4-fs: Ignoring removed orlov option
[  395.619089][ T3557] ==================================================================
[  395.627216][ T3557] BUG: KCSAN: data-race in hci_uart_open / hci_uart_tty_close
[  395.634747][ T3557] 
[  395.637077][ T3557] write to 0xffff88813ae41410 of 8 bytes by task 20904 on cpu 1:
[  395.644843][ T3557]  hci_uart_tty_close+0x61/0x170
[  395.649817][ T3557]  tty_ldisc_kill+0x8d/0x140
[  395.654444][ T3557]  tty_ldisc_hangup+0x2fa/0x370
[  395.655417][T20898] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  395.659361][ T3557]  __tty_hangup+0x3c2/0x540
[  395.659388][ T3557]  tty_ioctl+0x601/0xb80
[  395.669358][T20898] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.6299: corrupted in-inode xattr: e_value size too large
[  395.672044][ T3557]  __se_sys_ioctl+0xce/0x140
[  395.676993][T20898] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.6299: couldn't read orphan inode 15 (err -117)
[  395.690274][ T3557]  __x64_sys_ioctl+0x43/0x50
[  395.690306][ T3557]  x64_sys_call+0x1816/0x3000
[  395.690334][ T3557]  do_syscall_64+0xd2/0x200
[  395.695764][T20898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  395.706715][ T3557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.706746][ T3557] 
[  395.706753][ T3557] write to 0xffff88813ae41410 of 8 bytes by task 3557 on cpu 0:
[  395.706773][ T3557]  hci_uart_open+0x19/0x30
[  395.752748][ T3557]  hci_dev_open_sync+0x186/0x2290
[  395.757791][ T3557]  hci_power_on+0xef/0x390
[  395.762230][ T3557]  process_scheduled_works+0x4ce/0x9d0
[  395.767715][ T3557]  worker_thread+0x582/0x770
[  395.772314][ T3557]  kthread+0x489/0x510
[  395.776392][ T3557]  ret_from_fork+0x122/0x1b0
[  395.780993][ T3557]  ret_from_fork_asm+0x1a/0x30
[  395.785772][ T3557] 
[  395.788103][ T3557] value changed: 0xffffffff83e189e0 -> 0x0000000000000000
[  395.795255][ T3557] 
[  395.797587][ T3557] Reported by Kernel Concurrency Sanitizer on:
[  395.803749][ T3557] CPU: 0 UID: 0 PID: 3557 Comm: kworker/u9:1 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  395.815221][ T3557] Tainted: [W]=WARN
[  395.819032][ T3557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  395.829100][ T3557] Workqueue: hci0 hci_power_on
[  395.833899][ T3557] ==================================================================
[  395.920906][T20269] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.806307][ T3557] Bluetooth: hci0: Opcode 0x1003 failed: -110