last executing test programs:

48.735174398s ago: executing program 3 (id=4312):
unshare(0x42000000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xffffffff}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f50850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x7, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4, 0x5}}, @TCA_STAB={0x22, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x58}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000000000)={[{@acl}]}, 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

48.381959974s ago: executing program 3 (id=4315):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x4)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000480)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="0198000000000000200012800800", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x215, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x404c0c0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r7}, 0x10)
pipe2$9p(&(0x7f0000000100), 0x80000)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x10)

48.295079605s ago: executing program 3 (id=4316):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xd, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
alarm(0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000061120000000000003cb335cb4a014289b40000000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b00000007000000d7c9000009000000010000", @ANYRES32, @ANYBLOB="0000000000000000000000a880b2fb89e83d560000000000000000", @ANYRES32=0x0, @ANYRES32], 0x48)
open(&(0x7f0000000140)='./file0\x00', 0xec40, 0x12)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x3, &(0x7f0000000740))
timer_create(0x0, 0x0, &(0x7f0000000500)=<r3=>0x0)
timer_delete(r3)

48.230269367s ago: executing program 3 (id=4317):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000f10000000000000000000018010000202070250000000000202020db1af80400000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000ca00000095"], &(0x7f0000000400)='GPL\x00', 0x1, 0xd4, &(0x7f0000000440)=""/212, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x3, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x0, 0xfffffffffffffffe}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00')
r5 = socket(0x18, 0x3, 0x0)
sendfile(r5, r4, 0x0, 0x8)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1400c, &(0x7f0000000840)={[{@stripe={'stripe', 0x3d, 0x3d}}, {@init_itable}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x3, 0x44c, &(0x7f0000000340)="$eJzs28tvG1UXAPAzdpx++dKSUMqr5REoiIpH0qQFumABCCQWRUKCBSyjJK1C3QQ1QaJVJFIWZYUQEnvEkn+BFWwQYoXEFvaoUoWyoWVlNPZMYru2m6R2XOrfT5r23Hnk3uOZa9+ZawcwsCbSf5KI/RHxe0SM1YqNO0zU/ru+sTZ3Y2NtLolK5d2/kup+f2+szeW75seN1hciiSMt6l25eOncbLm8cCErT62e/2hq5eKlFxbPz55dOLuwNHPq1MkT0y+/NPNiV/IcjUIWvfXBV2+f/qIh/6Y8umSi08anK5UuV9dfB+riZKiPDWFHihGRnq5Stf+PRTG2Tt5YvPlZXxsH9FSlUqmMtt+8XgHuYkk0lnV5GBT5B316/5svzYOAV3s3/Oi7a6/VboDSvK9nS23L0OYTg1LT/W03TUTE++v/fJMu0ZvnEAAADX5Ixz/Pp6Od5vFfIR6o2++ebG5oPCLujYiDEXFfLMWhiLg/orrvgxHx0A7rb54kuXn8U7i6q8S2KR3/vZLNbTWO//LRX4wXs9KBav6l5MxieeF49poci9K+tDzdoY4f3/jty3bb6sd/6ZLWn48Fs3ZcHdrXeMz87Ors7eRc79rliMNDrfJPNmcCkoh4OCIO77KOxWe/e6Tdtlvn30EX5pkq30Y8Uzv/69GUfy7pPD859b8oLxyfyq+Km/3y65V32tV/W/l3QXr+/9/y+t/Mfzypn69d2XkdV/74vO09zW6v/+HkvWo8nK37ZHZ19cJ0xHByutbo+vUzW8fm5Xz/NP9jR1v3/4Ox9UociYj0In40Ih6LiMeztj8REU9GxNEO+f/8+lMfNq8b2Xb+vZXmP7+j878VDEfzmtZB8dxP3zdUOr4VZvnf6Hz+T1ajY9ma7bz/baddu7uaAQAA4L+nEBH7IylMbsaFwuRk7Tv8hyIK5eWV1efOLH+8NF/7jcB4lAr5k66xuueh09ltfa18OSJqXy3It5+IQvW58dfFkWp5cm65PN/v5GHAjbbp/6k/i/1uHdBzfq8Fg0v/h8Gl/8Pg2ln/39ezdgB7r0X/H+lHO4C91+rz/9M+tAPYe03937QfDBDP/2Bw6f8wuPR/GEgrI3HrH8l3DPK/tMvD79ogSndEM3oWROGOaIagR0F/35cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC65d8AAAD//9S+3I8=")
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r6}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0)
fsetxattr(r7, &(0x7f0000000000)=@known='security.selinux\x00', &(0x7f0000000080)=':\x00', 0xffdf, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00')
ioctl$RTC_WKALM_SET(r0, 0x40187014, &(0x7f0000000000)={0x1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffc}})
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
ptrace$setregs(0xd, r8, 0x0, &(0x7f00000003c0))
ptrace$getregset(0x4205, r8, 0x200, &(0x7f0000000080)={0x0, 0x30})
sched_setscheduler(r8, 0x0, &(0x7f0000000000)=0x4)

47.490239639s ago: executing program 3 (id=4327):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={&(0x7f0000000280)=""/136, 0x88, <r3=>0x0, &(0x7f0000000340)=""/130, 0x82}}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
close_range(r1, r2, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000006c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x41015500, &(0x7f0000000500))

47.353210501s ago: executing program 3 (id=4331):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x4)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000480)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="019800000000000020001280080001006772", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x215, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x404c0c0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r7}, 0x10)
pipe2$9p(&(0x7f0000000100), 0x80000)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x10)

47.319496001s ago: executing program 32 (id=4331):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x4)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000480)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="019800000000000020001280080001006772", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x215, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x404c0c0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r7}, 0x10)
pipe2$9p(&(0x7f0000000100), 0x80000)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x10)

2.350190632s ago: executing program 2 (id=5449):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x40044)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54, 0x0, 0x1}, 0x9c)

1.495608536s ago: executing program 2 (id=5473):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = epoll_create(0x8)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, 0x0)
close(r3)

1.459353746s ago: executing program 2 (id=5474):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000002000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff8}]})
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4000000000000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40b804, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
r5 = epoll_create1(0x0)
epoll_wait(r5, &(0x7f0000000000)=[{}], 0x1, 0xfffffe38)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000200)={0xa0000001})
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
get_mempolicy(0x0, 0x0, 0x203, &(0x7f0000394000/0x3000)=nil, 0x3)
mq_unlink(0x0)

1.410658797s ago: executing program 5 (id=5476):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='schedstat\x00')
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="871000000000000000000100000008000300000001000500060000000000050005"], 0x30}, 0x1, 0x0, 0x0, 0x94}, 0x8808)
pread64(r1, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000004240)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB=' \x00'], 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000001880000018000000070000000a0000000000001008000000040000000000000c020000000000306f610000"], &(0x7f0000000180)=""/126, 0x37, 0x7e, 0x0, 0xb, 0x10000, @value=r1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000280)='xen_mmu_set_pmd\x00', r5}, 0x18)
getegid()
r6 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
write$selinux_attr(r6, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)

1.410007397s ago: executing program 5 (id=5477):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000004, 0x0, @perf_bp={&(0x7f0000000400), 0x9}, 0x2, 0xffffffff, 0x6, 0x6, 0x4, 0x5, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r3, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x38, r6, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40044)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r5, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x68, 0x4, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x80)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CT_DREG={0x8, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000000075c0000000e0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028"], 0xec}}, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
bind$inet6(r7, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x7}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000001e00010000000000ffdbdf2507000000", @ANYRES32, @ANYBLOB='\x00\x00\b'], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r8}, 0x10)

1.402456057s ago: executing program 0 (id=5478):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0xf, 0x0, 0x0, 0x7995}, 0x10007, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0})

1.23299852s ago: executing program 0 (id=5481):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000009c0)='kfree\x00'}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0) (fail_nth: 5)

1.142145821s ago: executing program 0 (id=5483):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x40044)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54, 0x0, 0x1}, 0x9c)

701.990398ms ago: executing program 4 (id=5485):
r0 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r0, 0x0, 0x29, 0x0, 0x40000)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xffffffff, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r4}}, 0x20)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = dup2(r1, r1)
sendto$inet(r1, &(0x7f0000000100)="ab", 0x34000, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10)
statx(r5, &(0x7f0000000080)='./file0\x00', 0x4000, 0x8, &(0x7f0000000140))

665.273829ms ago: executing program 4 (id=5486):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x49505ab, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x2c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c00"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

643.590229ms ago: executing program 4 (id=5487):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffe, 0x0, 0x0, 0x10, &(0x7f0000002e00), &(0x7f0000000200), 0x8, 0x9d, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r2, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

614.2303ms ago: executing program 4 (id=5489):
r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x7, 0x4, 0x400008, 0x8000, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, r0, 0x3)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0xcc03, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r2, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000a50000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r4 = socket$caif_stream(0x25, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400), 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
removexattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
sendmmsg$inet(r4, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}, 0x1000000}], 0x2, 0x0)
mlock2(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
setsockopt$sock_int(r4, 0x1, 0x2d, &(0x7f00000000c0)=0x4, 0x4)

612.96197ms ago: executing program 1 (id=5490):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
fallocate(r0, 0x20, 0x4000, 0x8000)

561.581331ms ago: executing program 1 (id=5491):
dup2(0xffffffffffffffff, 0xffffffffffffffff) (async)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$USBDEVFS_RESETEP(r0, 0x80045503, &(0x7f0000000200)={0x3}) (async)
ioctl$USBDEVFS_RESETEP(r0, 0x80045503, &(0x7f0000000200)={0x3})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x2, 0x0, 0x0, 0x4, {0xa, 0x4e22, 0x450c9afb, @dev={0xfe, 0x80, '\x00', 0x23}, 0xf}}}, 0x32)
socket$kcm(0x29, 0x2, 0x0)
syz_clone(0x4080b000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000100)=0x100000001)
setsockopt$inet_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000000100)=[{&(0x7f0000001180)=""/147, 0x93}], 0x1, 0x4, 0x0) (async)
preadv(r5, &(0x7f0000000100)=[{&(0x7f0000001180)=""/147, 0x93}], 0x1, 0x4, 0x0)
pread64(r5, &(0x7f0000000040)=""/138, 0x8a, 0x8) (async)
pread64(r5, &(0x7f0000000040)=""/138, 0x8a, 0x8)
ioctl$TUNSETTXFILTER(r4, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e42000c371303ed6a33f2ff8689b3f20e"])
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000001840)=ANY=[@ANYBLOB="00000c00ffffffffaf5aa5cea8c35d23c8fd94acdf9ec180fefffff76fc2000000bbbbbbbbbbbbaaaaaaaaaabbd7b9db29fe3f66c75d7199227ec3ec6bb1488853b78a59e39577"])
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
close(r3) (async)
close(r3)

530.955621ms ago: executing program 4 (id=5492):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
fallocate(r0, 0x20, 0x4000, 0x8000) (fail_nth: 1)

260.977665ms ago: executing program 1 (id=5493):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x1, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7684a974a1adec77, 0x10, &(0x7f0000000a80)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="a6f59ba2a4f8013b3f80864ecb1c3ee7049204caf469b5ab75afb32d57fd884ee04c799a194a23", @ANYBLOB="0000000000000000b70500000800000085000000a500000095", @ANYRES16, @ANYRESDEC=r3, @ANYRES32=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8)
name_to_handle_at(r5, &(0x7f0000004740)='\x00', &(0x7f0000004780)=ANY=[@ANYBLOB='\f'], &(0x7f00000047c0), 0x1200)
openat$cgroup_ro(r5, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000200009500"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r10=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r8, r10, 0x25, 0x0, @val=@netfilter}, 0x40)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0xf0ffffffffffff}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x18)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES8], 0x48)
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1021, 0x400000000000f)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f00000012c0)='sys_enter\x00', r12}, 0x10)
msync(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x6)

260.480335ms ago: executing program 5 (id=5494):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="0b000000050000000400000032a9000001"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10)
select(0x40, &(0x7f0000000340)={0xd, 0x0, 0x0, 0x0, 0x0, 0x2e787ec3, 0x0, 0x1}, 0x0, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4600040000ff7f00000000000003003e00ecffffff940200000000000040000000000000000000000000000000000000002c8f380003"], 0xe6)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)

259.674885ms ago: executing program 4 (id=5495):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x9c}, {}]}, [{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {0x0, 0x0, 0x0, 0x7, 0x5}, {0x0, 0x0, 0x0, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0x400}, {}, {0x0, 0x400}, {}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x8001}, {}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0xfffffffc}, {}, {}, {0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xfff}, {0x0, 0x4, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x4000bf}, {}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {0x7}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xd5}, {0x9}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x3, 0x1}, {}, {0x0, 0x0, 0x0, 0x100}, {0x0, 0x10}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xe6f1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x3e0d905c, 0x6}, {0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x5, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x57, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {0x0, 0x0, 0x0, 0x5}, {}, {0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {0x0, 0x8, 0x0, 0x4, 0x0, 0x7}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x800000}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {0x2}, {0x4}, {0x0, 0x0, 0x0, 0xd9e5}, {0xa7}, {}, {}, {0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa}, {0x0, 0x0, 0x1000}, {}, {0xd2, 0x0, 0x0, 0x0, 0x7, 0x20000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x4, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x1000000}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x10000000}, {0x1}, {}, {0x0, 0x1}, {}, {0x523e, 0xfffffffe}, {}, {0x4, 0x0, 0x0, 0x10}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x3}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x2}, {0x2}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {0x1}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r6, 0xffffffffffffffff, 0x6, 0x0, @val=@perf_event={0x7}}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
getpid()
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c3400000000001090224"], 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

250.368566ms ago: executing program 0 (id=5496):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000016c0)=[{&(0x7f0000000f80)="4191062c1421f8d286fea25179d3bff47ffb95a24f597e0388f330e7dfb81fde917ae89f97d5fde0855ce2942ff541f21652a7409dad35f8886d587bb6e698986ca5f808b1b92c1a374dbc7424a26c0ad2b6840cf3049fc728f9109eb576c388dca33df6129f9efd43ccbd58a93f146ce183a410b8959fe192652e32068e0d8e24d8eab4ecbd5ebaa165771a07c890804037074a1ebad3bcdd46b8f34ecb2f4a6e1bbc6ac3d80ea44fbfedf338583f63ba4607f430acc0a98b4fcbb501006052cb83625cbf60ebf28e9095458c1e9971417b2912bbe30037dd5c1ac06f612816e97ac304404619b0c75222e9339f6ba14eac3c1486ac997f919248490b14a5e12ef47e61857f6d43ebc490155bf06e801547ed96f1264b5c220cf3f66d", 0x11d}, {&(0x7f0000000280)="09ec8b684fbd9f0a18960e84defd08b28dc2f98b5aad5cfeb075441d6d15233b802af831523479391b7297416ddff60a6500da9864b052a3105e6fa49014cb2ce5f295aaff14d9077735f34eaec042e8252a6456999297ed02a01da56a3809f0c58184192ebf4bead7e8618412536273bf08e0f6847e436dc74fd4450e8ff88199f35a0c759aff55639834dc4c945dfb330a7b92b049700cb67e0f14337d8390091514253c2f2d4499d89b5f04759319e2c7b6856f03c69029b689f0be37093c79e8ff2405eb93cbfe5487143a294c3e61b0c9be8323cd4d01c37e5f5d4bf94546d02d4dc988dbb4717ee61e5be16f4c7701cc671d25", 0xf6}, {&(0x7f0000000080)="6a5b3986af4597e55298f14c7f201f060fe2bafbdf16a0ace97ea54e624ac84ccc7fc7f393c4ece5273773faa8c63f157edf2a0d41a7c6340c630b50b30c42d156fa375b30d31bf6a611fd29e60958434b6f597e0bb9ec6731ad3c9b2ee1dc975565bc1d534aae4c0693aebccc5caa31bf5b1c194f52f6325788b12d4fb81e71d68ab2fd", 0x84}, {&(0x7f0000000380)="f3ba9e8346ddfd46f5ba7fbc25c6aed71214dcfaa44b98dfdbc07bc80c42d5501285b1bc305d7f699524d78bca1a151bfd74ca3d4f468f1244e6951083a7e19dec984cc37874a28db922c628a534fb91191d25f636a589", 0x57}, {&(0x7f0000001780)="12dfbd793db81fe455d97618c2aedf67f1b166ec59876a1fbbe13986e69655d6f600262371ef8dae091786d7f9a4d7ca234f8852df8f05000f02b5258ec56ec5fdd5f3531f795bf2f172d6fb23f3549b9734f2eef416b7698a93335a94b8cda61325b62cda1807b03675c6347b431f2d71baa6bc59e9047069153d70ffba20956e58971501c2d9f299fdfa3a38fa73a5da43ba2506d8704592ee5c19ca0d2075ddc9313d8bd2202a89dae6a689d3900818f892f3f17957cd53023399810da5655e0fd0f0f394c9a8bedc", 0xca}, {&(0x7f0000000500)="0f15ce0e2a894e2afb7a77dc4a4ec84b8109b2c95397d40adb9d5e8df8fd9a3167faa56aa764e61ba1a6cc8fd041bb89bee6d17105e169dd8d68d5b79eb5958574299b9035fbed2942a75e731b7571c29a760623e725792c", 0x58}, {&(0x7f0000000580)="2ee97d629c7e44f81166cb7f6ff136f276b93d54b74333781a4c68225b61bae187918e", 0x23}, {&(0x7f00000005c0)="ed48f08c19f5d937fe3f92802a25b07496a34825b6d3fbf57fec343be7e4b6531b0e0f0637b3c46e072578521ad417549bae2e00ad7b67f769ec533e3c9c62b6955e9005ca02506938aeb5adac5798e85f440385c7f26cced77e12ecffa7b98c962259e08cffa0eb0ad803bfdf8336da8df2e85a2a8b407329650ee71f68ca7de83df1c45914bedd1b8add5bc677e5590af05aea657a8b2b7dd4fc76010e259917ab727d4065cee39115ca3d322533bb48b5b8a23e8557688d783d0e5c444fd5ae3e02d7245c498d9c6675c8a9626ecde62915d6ada50bb3a0496c87f77457a664a250ba9d037a463f44057ad767bb933fa0790f660401baa2575729ec0306acedbdda2144218960158223a8759efb5bb977d9ff572bd597b13cf7b1647ffe268d5951288ca88461e1d8739e5aa3c6efda01a565dd2db4eb927815060123eb9d2b945305cad0caef49497b593f4b9f17db2323ffcbc7d743bd572811a09ec96ee3823858205f275fbccc94ca558a3bece72bdb26869f255617e4f10b6f16f9fd0e093508889b46e730834e135889", 0x18e}], 0x8, 0x8)

197.874617ms ago: executing program 0 (id=5497):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x70, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x49505ab, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x2c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c00"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

174.294697ms ago: executing program 5 (id=5498):
r0 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r0, 0x0, 0x29, 0x0, 0x40000)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0xffffffff, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r5}}, 0x20)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = dup2(r1, r1)
sendto$inet(r1, &(0x7f0000000100)="ab", 0x34000, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10)
statx(r6, &(0x7f0000000080)='./file0\x00', 0x4000, 0x8, &(0x7f0000000140))

166.306837ms ago: executing program 1 (id=5499):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffe, 0x0, 0x0, 0x10, &(0x7f0000002e00), &(0x7f0000000200), 0x8, 0x9d, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r2, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)

161.747777ms ago: executing program 2 (id=5500):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000016c0)=[{&(0x7f0000000f80)="4191062c1421f8d286fea25179d3bff47ffb95a24f597e0388f330e7dfb81fde917ae89f97d5fde0855ce2942ff541f21652a7409dad35f8886d587bb6e698986ca5f808b1b92c1a374dbc7424a26c0ad2b6840cf3049fc728f9109eb576c388dca33df6129f9efd43ccbd58a93f146ce183a410b8959fe192652e32068e0d8e24d8eab4ecbd5ebaa165771a07c890804037074a1ebad3bcdd46b8f34ecb2f4a6e1bbc6ac3d80ea44fbfedf338583f63ba4607f430acc0a98b4fcbb501006052cb83625cbf60ebf28e9095458c1e9971417b2912bbe30037dd5c1ac06f612816e97ac304404619b0c75222e9339f6ba14eac3c1486ac997f919248490b14a5e12ef47e61857f6d43ebc490155bf06e801547ed96f1264b5c220cf3f66d", 0x11d}, {&(0x7f0000000280)="09ec8b684fbd9f0a18960e84defd08b28dc2f98b5aad5cfeb075441d6d15233b802af831523479391b7297416ddff60a6500da9864b052a3105e6fa49014cb2ce5f295aaff14d9077735f34eaec042e8252a6456999297ed02a01da56a3809f0c58184192ebf4bead7e8618412536273bf08e0f6847e436dc74fd4450e8ff88199f35a0c759aff55639834dc4c945dfb330a7b92b049700cb67e0f14337d8390091514253c2f2d4499d89b5f04759319e2c7b6856f03c69029b689f0be37093c79e8ff2405eb93cbfe5487143a294c3e61b0c9be8323cd4d01c37e5f5d4bf94546d02d4dc988dbb4717ee61e5be16f4c7701cc671d25", 0xf6}, {&(0x7f0000000080)="6a5b3986af4597e55298f14c7f201f060fe2bafbdf16a0ace97ea54e624ac84ccc7fc7f393c4ece5273773faa8c63f157edf2a0d41a7c6340c630b50b30c42d156fa375b30d31bf6a611fd29e60958434b6f597e0bb9ec6731ad3c9b2ee1dc975565bc1d534aae4c0693aebccc5caa31bf5b1c194f52f6325788b12d4fb81e71d68ab2fd", 0x84}, {&(0x7f0000000380)="f3ba9e8346ddfd46f5ba7fbc25c6aed71214dcfaa44b98dfdbc07bc80c42d5501285b1bc305d7f699524d78bca1a151bfd74ca3d4f468f1244e6951083a7e19dec984cc37874a28db922c628a534fb91191d25f636a589", 0x57}, {&(0x7f0000001780)="12dfbd793db81fe455d97618c2aedf67f1b166ec59876a1fbbe13986e69655d6f600262371ef8dae091786d7f9a4d7ca234f8852df8f05000f02b5258ec56ec5fdd5f3531f795bf2f172d6fb23f3549b9734f2eef416b7698a93335a94b8cda61325b62cda1807b03675c6347b431f2d71baa6bc59e9047069153d70ffba20956e58971501c2d9f299fdfa3a38fa73a5da43ba2506d8704592ee5c19ca0d2075ddc9313d8bd2202a89dae6a689d3900818f892f3f17957cd53023399810da5655e0fd0f0f394c9a8bedc", 0xca}, {&(0x7f0000000500)="0f15ce0e2a894e2afb7a77dc4a4ec84b8109b2c95397d40adb9d5e8df8fd9a3167faa56aa764e61ba1a6cc8fd041bb89bee6d17105e169dd8d68d5b79eb5958574299b9035fbed2942a75e731b7571c29a760623e725792c", 0x58}, {&(0x7f0000000580)="2ee97d629c7e44f81166cb7f6ff136f276b93d54b74333781a4c68225b61bae187918e", 0x23}, {&(0x7f00000005c0)="ed48f08c19f5d937fe3f92802a25b07496a34825b6d3fbf57fec343be7e4b6531b0e0f0637b3c46e072578521ad417549bae2e00ad7b67f769ec533e3c9c62b6955e9005ca02506938aeb5adac5798e85f440385c7f26cced77e12ecffa7b98c962259e08cffa0eb0ad803bfdf8336da8df2e85a2a8b407329650ee71f68ca7de83df1c45914bedd1b8add5bc677e5590af05aea657a8b2b7dd4fc76010e259917ab727d4065cee39115ca3d322533bb48b5b8a23e8557688d783d0e5c444fd5ae3e02d7245c498d9c6675c8a9626ecde62915d6ada50bb3a0496c87f77457a664a250ba9d037a463f44057ad767bb933fa0790f660401baa2575729ec0306acedbdda2144218960158223a8759efb5bb977d9ff572bd597b13cf7b1647ffe268d5951288ca88461e1d8739e5aa3c6efda01a565dd2db4eb927815060123eb9d2b945305cad0caef49497b593f4b9f17db2323ffcbc7d743bd572811a09ec96ee3823858205f275fbccc94ca558a3bece72bdb26869f255617e4f10b6f16f9fd0e093508889b46e730834e135889", 0x18e}], 0x8, 0x8)

141.766067ms ago: executing program 5 (id=5501):
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000600)=ANY=[@ANYBLOB="73686f72746e616d653d6d616363656c7469632c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d302c696f636861727365743d69736f383835392dff2c726f6469722c696f636861727365743d63703836352c636f0400000067653d3837342c726f6469722c7569643d", @ANYRESHEX=r0, @ANYBLOB=',shortname=win95,uni_xlate=1,nnonumtail=1,shortname=mixed,dos1xfloppy,shortname=lower,check=relaxed,\x00'], 0x6, 0x2e0, &(0x7f0000000300)="$eJzs3T+LXFUYB+D3zs7OTBScLaxE8IAWViGb1maCJCBuZZhCLXQxGwg7izILC1HxmsrWxsJCv4Ag+CmsbPwGgq1gZ4TAkftvZ5Isk0xwVkyep5mTc8/vnvfeuWRvs+9++PLR4Y0UN+98/luMRkX0JjGJu0XsRC86X8Z9Jl8HAPB/djfn+DM31skVvc3VBABs1uP9/O8vhj+dS1kAwAZdf/e9t6/s7V19J6VRXDv66mRaRET1eaFbcitmcRCXYhz3IuoXhe2o3xaq4bWcc9lPlZ147ag8mZ5MI44++KUNX/kjos7vxjh26qnTt406/9be1d06nj55YZEvqzqeq/I349akyl+Ocbx4Gr4vfzmlNIyUlvYvYzqI119t8vX+F2Mcv34UH8csbtRFLPJf7Kb0Zv7mr8/er8qr8kV5Mh3W6yJi0nzkrXP/cgAAAAAAAAAAAAAAAAAAAAAAeGpdbHrvpGHU/Xuqqbb/zta96h/bkTrV8WGc9udp8kV3ouX+QDnnMsd3XX+dSyml3C5c9Pfpx0v95caCAAAAAAAAAAAAAAAAAAAA8Ow6vv3p4f5sdjD/VwZdN4B+RPx9PeJJzzNZmnklVi8etnvuz2a9djg7mJftcH58u9/MNKnY6tYUESvLqC7iSe9GP9a69gvLFS4Pfvhx3d1Hj16zXe1VrFfhmoPu6TrcL86+h8PoZkZtGd8OIhZrBvGYew0enMnj5jx5rQscnHlovPa1D56vB+WKNVGsKuyN35s718489DUN6rt6Zny7HSzFH3g2Vj7PP3/fxkdN/OH/KwrdOgAAAAAAAAAAAAAAAAAAYKMWvwZ8xsE7K6O9PNxYWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwrhZ//3+NQdmGD+bH/UcsHsT8+D++RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4B/wQAAP//d7hUMg==")
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000", @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(r1)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xc8e}, {0x16}]}, 0x10)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xc, 0x235, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bind$inet(r3, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000ec0)=[{{&(0x7f0000000080)={0x2, 0x4e25, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r3, &(0x7f0000000c80)="e8", 0x6200, 0x0, 0x0, 0x0)

116.044908ms ago: executing program 1 (id=5502):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x100}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r3, r3, 0x0, 0x800000009)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@initdev, <r4=>0x0}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=@newlinkprop={0x40, 0x6c, 0x180, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, 0x8800}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x9}, @IFLA_PHYS_PORT_ID={0x10, 0x22, "a381a76aebdaac4f45253685"}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x40}]}, 0x40}, 0x1, 0x0, 0x0, 0x280048c4}, 0x4000405)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}})

115.555878ms ago: executing program 0 (id=5503):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x18)
r0 = fsopen(&(0x7f0000000000)='pipefs\x00', 0x0)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

113.989438ms ago: executing program 2 (id=5504):
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x100c416, &(0x7f0000000600)={[{@dots}, {@fat=@discard}, {@fat=@nfs_nostale_ro}, {@fat=@nfs}, {@dots}, {@fat=@errors_continue}, {@dots}, {@nodots}, {@nodots}, {@dots}, {@fat=@check_strict}, {@nodots}, {@nodots}, {}, {@nodots}, {@fat=@debug}, {@nodots}, {@fat=@showexec}, {@fat=@flush}, {@fat=@umask={'umask', 0x3d, 0x7}}, {@dots}, {@dots}]}, 0x1, 0x1f0, &(0x7f0000000300)="$eJzs3cFqE1EUANCbmiYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadGNMYBjKj9ZxN7uS+l/fuDJlkk5sUha+3P0eWdWLnIA5i2om92Im58wAArpNpSvEtFdreCwDQjA0+/783vCUAYMtev3n78ulweHiU51nExflkNBkVj0X++Yvh4aP8p71q1sVkMrpxmX+cL393mOV342aZf1LMzy/TvYgY9eLh/SI/yz17Ncx/nd+P91uuHQAAAAAAAAAAAAAAAAAAAAAA2nI38rmV/X3295fzgzJfHC30B1rq39ONO93ysGoPlM6aKAoAAAAAAAAAAAAAAAAAAAD+MSennz6+G48/HFdBPyIWn+muGHN10ClfeKPB7Qc7UW/6oCyzxqKd8hRtt8DB6ou7SRDdv+Xq1A3yBtYarD29Kc2C1e+CeVuMK6f3ImL96g+O6m5+mlIaf7l3fHIaae3g6h7Rb/SOBAAAAAAAAAAAAAAAAAAA/6+FX33/JmtjQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQgur//2sEZxFxK/44eL7WbmTtFgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC19SMAAP//j3Mj5w==")
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
pread64(r0, &(0x7f0000001b80)=""/4084, 0xff4, 0x0) (fail_nth: 2)

95.194668ms ago: executing program 5 (id=5505):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000004, 0x0, @perf_bp={&(0x7f0000000400), 0x9}, 0x2, 0xffffffff, 0x6, 0x6, 0x4, 0x5, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r3, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x38, r6, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40044)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r5, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x68, 0x4, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x80)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CT_DREG={0x8, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000000075c0000000e0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028"], 0xec}}, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
bind$inet6(r7, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x7}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="280000001e00010000000000ffdbdf2507000000", @ANYRES32, @ANYBLOB='\x00\x00\b'], 0x28}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r8}, 0x10)

404.47µs ago: executing program 1 (id=5506):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x40044)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54, 0x0, 0x1}, 0x9c)

0s ago: executing program 2 (id=5507):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000840)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32], 0x50)
lsm_get_self_attr(0x69, &(0x7f0000000340)={0x0, 0x0, 0xdd, 0xbd, ""/189}, &(0x7f00000004c0)=0xdd, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x18)
ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000180)=0x6)
lsm_get_self_attr(0x69, 0x0, 0x0, 0x1)
lsm_set_self_attr(0x69, 0x0, 0x1020, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[], 0xf8}}, 0x0)
rmdir(0x0)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'wg0\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x1]}})
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800})

0s ago: executing program 2 (id=5508):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48) (async)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, 0x0, 0xfffffffffffffffe) (async)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=<r2=>0x0)
syz_pidfd_open(r2, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r3=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000500)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0x2}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
bind$unix(r5, &(0x7f0000000240)=@file={0x1, './file0/file0/file0\x00'}, 0x6e) (async)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={'bridge_slave_1\x00', @multicast})

kernel console output (not intermixed with test programs):

53680][T16328] 0ªX¹¦À: left allmulticast mode
[  253.698484][T16345] atomic_op ffff88813d4cb128 conn xmit_atomic 0000000000000000
[  253.791407][T16357] loop1: detected capacity change from 0 to 1024
[  253.813053][T16357] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.837595][T16363] netlink: 'syz.4.4562': attribute type 27 has an invalid length.
[  253.847059][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.886898][T16369] FAULT_INJECTION: forcing a failure.
[  253.886898][T16369] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  253.900437][T16369] CPU: 1 UID: 0 PID: 16369 Comm:  Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  253.900468][T16369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  253.900482][T16369] Call Trace:
[  253.900490][T16369]  <TASK>
[  253.900550][T16369]  dump_stack_lvl+0xf6/0x150
[  253.900580][T16369]  dump_stack+0x15/0x1a
[  253.900600][T16369]  should_fail_ex+0x261/0x270
[  253.900686][T16369]  should_fail_alloc_page+0xfd/0x110
[  253.900746][T16369]  __alloc_frozen_pages_noprof+0x11d/0x360
[  253.900776][T16369]  alloc_pages_mpol+0xb6/0x260
[  253.900816][T16369]  alloc_pages_noprof+0xe8/0x130
[  253.900854][T16369]  __pmd_alloc+0x4d/0x440
[  253.900887][T16369]  handle_mm_fault+0x188d/0x2e80
[  253.900978][T16369]  ? mas_walk+0x204/0x320
[  253.900999][T16369]  ? __rcu_read_unlock+0x4e/0x70
[  253.901032][T16369]  exc_page_fault+0x3b9/0x6a0
[  253.901058][T16369]  ? do_syscall_64+0xd6/0x1a0
[  253.901089][T16369]  asm_exc_page_fault+0x26/0x30
[  253.901138][T16369] RIP: 0033:0x7f0805390c86
[  253.901155][T16369] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[  253.901176][T16369] RSP: 002b:00007f0803b363f0 EFLAGS: 00010246
[  253.901191][T16369] RAX: 0000000000000001 RBX: 00007f0803b36490 RCX: 0000000000000101
[  253.901203][T16369] RDX: 000000000000000f RSI: 0000000000000001 RDI: 00007f0803b36530
[  253.901215][T16369] RBP: 0000000000000102 R08: 00007f07fb717000 R09: 0000000000000000
[  253.901229][T16369] R10: 0000000000000000 R11: 00007f0803b364a0 R12: 0000000000000001
[  253.901243][T16369] R13: 00007f080556bf40 R14: 0000000000000000 R15: 00007f0803b36530
[  253.901297][T16369]  </TASK>
[  253.901308][T16369] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  253.919215][T16371] atomic_op ffff88813d4cb928 conn xmit_atomic 0000000000000000
[  253.932347][T16369] loop1: detected capacity change from 0 to 2048
[  254.137401][T16369] Alternate GPT is invalid, using primary GPT.
[  254.143771][T16369]  loop1: p1 p2 p3
[  254.294582][T16398] netlink: 'syz.1.4575': attribute type 27 has an invalid length.
[  254.303736][T16398] 0ªX¹¦À: left allmulticast mode
[  254.334055][T16402] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  254.412772][T16408] loop1: detected capacity change from 0 to 512
[  254.433632][T16408] EXT4-fs error (device loop1): ext4_iget_extra_inode:4693: inode #15: comm : corrupted in-inode xattr: invalid ea_ino
[  254.460663][T16408] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm : couldn't read orphan inode 15 (err -117)
[  254.474078][T16408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.571172][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.661829][T16429] vlan2: entered allmulticast mode
[  254.667077][T16429] bridge_slave_0: entered allmulticast mode
[  254.676729][T16430] netlink: 3 bytes leftover after parsing attributes in process `syz.1.4587'.
[  254.685963][T16430] 1ªX¹¦À: renamed from 
60ªX¹¦À
[  254.692798][T16430] 1ªX¹¦À: entered allmulticast mode
[  254.698192][T16430] A link change request failed with some changes committed already. Interface 
61ªX¹¦À may have been left with an inconsistent configuration, please check.
[  254.757261][T16433] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4589'.
[  254.766465][T16433] 1ªX¹¦À: renamed from 
60ªX¹¦À
[  254.773180][T16433] 1ªX¹¦À: entered allmulticast mode
[  254.778557][T16433] A link change request failed with some changes committed already. Interface 
61ªX¹¦À may have been left with an inconsistent configuration, please check.
[  254.814470][T16437] FAULT_INJECTION: forcing a failure.
[  254.814470][T16437] name failslab, interval 1, probability 0, space 0, times 0
[  254.827215][T16437] CPU: 0 UID: 0 PID: 16437 Comm: syz.1.4590 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  254.827246][T16437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  254.827260][T16437] Call Trace:
[  254.827347][T16437]  <TASK>
[  254.827357][T16437]  dump_stack_lvl+0xf6/0x150
[  254.827448][T16437]  dump_stack+0x15/0x1a
[  254.827470][T16437]  should_fail_ex+0x261/0x270
[  254.827527][T16437]  should_failslab+0x8f/0xb0
[  254.827556][T16437]  __kmalloc_cache_noprof+0x55/0x320
[  254.827632][T16437]  ? alloc_netdev_mqs+0x884/0xac0
[  254.827664][T16437]  alloc_netdev_mqs+0x884/0xac0
[  254.827697][T16437]  rtnl_create_link+0x232/0x720
[  254.827799][T16437]  rtnl_newlink_create+0x14f/0x640
[  254.827841][T16437]  ? security_capable+0x81/0x90
[  254.827873][T16437]  ? netlink_ns_capable+0x88/0xa0
[  254.827910][T16437]  rtnl_newlink+0xf38/0x12d0
[  254.828013][T16437]  ? xa_load+0xbd/0xe0
[  254.828115][T16437]  ? memcg_list_lru_alloc+0xde/0x4a0
[  254.828149][T16437]  ? mod_objcg_state+0x3f6/0x530
[  254.828216][T16437]  ? __rcu_read_unlock+0x4e/0x70
[  254.828243][T16437]  ? avc_has_perm_noaudit+0x1cc/0x210
[  254.828276][T16437]  ? selinux_capable+0x1f9/0x260
[  254.828315][T16437]  ? security_capable+0x81/0x90
[  254.828344][T16437]  ? ns_capable+0x7d/0xb0
[  254.828499][T16437]  ? __pfx_rtnl_newlink+0x10/0x10
[  254.828535][T16437]  rtnetlink_rcv_msg+0x65a/0x740
[  254.828565][T16437]  ? avc_has_perm_noaudit+0x1cc/0x210
[  254.828590][T16437]  netlink_rcv_skb+0x12f/0x230
[  254.828617][T16437]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  254.828662][T16437]  rtnetlink_rcv+0x1c/0x30
[  254.828694][T16437]  netlink_unicast+0x605/0x6c0
[  254.828789][T16437]  netlink_sendmsg+0x609/0x720
[  254.828900][T16437]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.828926][T16437]  __sock_sendmsg+0x140/0x180
[  254.828965][T16437]  ____sys_sendmsg+0x350/0x4e0
[  254.829000][T16437]  __sys_sendmsg+0x1a0/0x240
[  254.829129][T16437]  __x64_sys_sendmsg+0x46/0x50
[  254.829168][T16437]  x64_sys_call+0x26f3/0x2e10
[  254.829196][T16437]  do_syscall_64+0xc9/0x1a0
[  254.829227][T16437]  ? clear_bhb_loop+0x25/0x80
[  254.829254][T16437]  ? clear_bhb_loop+0x25/0x80
[  254.829281][T16437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.829365][T16437] RIP: 0033:0x7f08054ce169
[  254.829385][T16437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.829466][T16437] RSP: 002b:00007f0803b37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  254.829491][T16437] RAX: ffffffffffffffda RBX: 00007f08056f5fa0 RCX: 00007f08054ce169
[  254.829506][T16437] RDX: 0000000000008004 RSI: 0000200000000300 RDI: 0000000000000006
[  254.829521][T16437] RBP: 00007f0803b37090 R08: 0000000000000000 R09: 0000000000000000
[  254.829536][T16437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  254.829587][T16437] R13: 0000000000000000 R14: 00007f08056f5fa0 R15: 00007ffcf3b7b098
[  254.829677][T16437]  </TASK>
[  254.831159][T16423] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16423 comm=syz.2.4586
[  255.199466][T16455] loop1: detected capacity change from 0 to 128
[  255.210596][T16457] 1ªX¹¦À: renamed from 
60ªX¹¦À
[  255.230343][T16457] 1ªX¹¦À: entered allmulticast mode
[  255.235685][T16457] A link change request failed with some changes committed already. Interface 
61ªX¹¦À may have been left with an inconsistent configuration, please check.
[  255.257532][T16463] 9pnet_fd: Insufficient options for proto=fd
[  255.276705][T16469] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  255.277812][T16467] atomic_op ffff88813d4c8d28 conn xmit_atomic 0000000000000000
[  255.314331][T16471] rdma_op ffff88813d4c8d80 conn xmit_rdma 0000000000000000
[  255.382409][T16471] batadv0: entered allmulticast mode
[  255.424544][T16488] netlink: 'syz.1.4612': attribute type 1 has an invalid length.
[  255.468120][T16494] FAULT_INJECTION: forcing a failure.
[  255.468120][T16494] name failslab, interval 1, probability 0, space 0, times 0
[  255.475996][T16496] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  255.481060][T16494] CPU: 1 UID: 0 PID: 16494 Comm: syz.0.4615 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  255.481097][T16494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  255.481113][T16494] Call Trace:
[  255.481121][T16494]  <TASK>
[  255.481131][T16494]  dump_stack_lvl+0xf6/0x150
[  255.481162][T16494]  dump_stack+0x15/0x1a
[  255.481203][T16494]  should_fail_ex+0x261/0x270
[  255.481234][T16494]  should_failslab+0x8f/0xb0
[  255.481263][T16494]  kmem_cache_alloc_node_noprof+0x5c/0x340
[  255.481367][T16494]  ? __alloc_skb+0x10d/0x320
[  255.481395][T16494]  __alloc_skb+0x10d/0x320
[  255.481493][T16494]  netlink_alloc_large_skb+0xad/0xe0
[  255.481536][T16494]  netlink_sendmsg+0x3da/0x720
[  255.481569][T16494]  ? __pfx_netlink_sendmsg+0x10/0x10
[  255.481608][T16494]  __sock_sendmsg+0x140/0x180
[  255.481648][T16494]  ____sys_sendmsg+0x350/0x4e0
[  255.481687][T16494]  __sys_sendmsg+0x1a0/0x240
[  255.481740][T16494]  __x64_sys_sendmsg+0x46/0x50
[  255.481771][T16494]  x64_sys_call+0x26f3/0x2e10
[  255.481799][T16494]  do_syscall_64+0xc9/0x1a0
[  255.481840][T16494]  ? clear_bhb_loop+0x25/0x80
[  255.481866][T16494]  ? clear_bhb_loop+0x25/0x80
[  255.481894][T16494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.481985][T16494] RIP: 0033:0x7f616de8e169
[  255.482004][T16494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  255.482026][T16494] RSP: 002b:00007f616c4f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  255.482049][T16494] RAX: ffffffffffffffda RBX: 00007f616e0b5fa0 RCX: 00007f616de8e169
[  255.482065][T16494] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004
[  255.482081][T16494] RBP: 00007f616c4f7090 R08: 0000000000000000 R09: 0000000000000000
[  255.482096][T16494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  255.482111][T16494] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  255.482136][T16494]  </TASK>
[  255.784834][T16514] FAULT_INJECTION: forcing a failure.
[  255.784834][T16514] name failslab, interval 1, probability 0, space 0, times 0
[  255.797691][T16514] CPU: 1 UID: 0 PID: 16514 Comm: syz.0.4623 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  255.797724][T16514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  255.797809][T16514] Call Trace:
[  255.797818][T16514]  <TASK>
[  255.797828][T16514]  dump_stack_lvl+0xf6/0x150
[  255.797857][T16514]  dump_stack+0x15/0x1a
[  255.797877][T16514]  should_fail_ex+0x261/0x270
[  255.797916][T16514]  should_failslab+0x8f/0xb0
[  255.797942][T16514]  __kmalloc_node_track_caller_noprof+0xaa/0x410
[  255.798001][T16514]  ? sidtab_sid2str_get+0xb8/0x140
[  255.798024][T16514]  ? vsnprintf+0x84d/0x8a0
[  255.798060][T16514]  kmemdup_noprof+0x2b/0x70
[  255.798161][T16514]  sidtab_sid2str_get+0xb8/0x140
[  255.798186][T16514]  security_sid_to_context_core+0x1eb/0x2f0
[  255.798231][T16514]  security_sid_to_context+0x27/0x30
[  255.798344][T16514]  selinux_lsmprop_to_secctx+0x6c/0xf0
[  255.798400][T16514]  security_lsmprop_to_secctx+0x40/0x80
[  255.798431][T16514]  audit_log_task_context+0x7a/0x180
[  255.798483][T16514]  audit_log_task+0xfb/0x250
[  255.798584][T16514]  ? kstrtouint+0x7b/0xc0
[  255.798660][T16514]  audit_seccomp+0x62/0x100
[  255.798690][T16514]  __seccomp_filter+0x694/0x10e0
[  255.798797][T16514]  ? vfs_write+0x669/0x950
[  255.798815][T16514]  ? putname+0xe1/0x100
[  255.798903][T16514]  __secure_computing+0x7e/0x150
[  255.798924][T16514]  syscall_trace_enter+0xcf/0x1f0
[  255.798946][T16514]  ? fpregs_assert_state_consistent+0x83/0xa0
[  255.798977][T16514]  do_syscall_64+0xaa/0x1a0
[  255.799094][T16514]  ? clear_bhb_loop+0x25/0x80
[  255.799115][T16514]  ? clear_bhb_loop+0x25/0x80
[  255.799136][T16514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.799157][T16514] RIP: 0033:0x7f616de8e169
[  255.799171][T16514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  255.799189][T16514] RSP: 002b:00007f616c4f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000011a
[  255.799255][T16514] RAX: ffffffffffffffda RBX: 00007f616e0b5fa0 RCX: 00007f616de8e169
[  255.799267][T16514] RDX: 0000000000000008 RSI: 00002000000004c0 RDI: ffffffffffffffff
[  255.799279][T16514] RBP: 00007f616c4f7090 R08: 0000000000000000 R09: 0000000000000000
[  255.799291][T16514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  255.799303][T16514] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  255.799342][T16514]  </TASK>
[  256.066925][T16518] netlink: 'syz.1.4625': attribute type 1 has an invalid length.
[  256.124777][T16523] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  256.206900][T16539] atomic_op ffff888142a88d28 conn xmit_atomic 0000000000000000
[  256.235769][T16546] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  256.244621][T16546] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  256.253404][T16546] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  256.262221][T16546] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  256.332910][T16533] loop5: detected capacity change from 0 to 256
[  256.342061][T16533] FAT-fs (loop5): Directory bread(block 1285) failed
[  256.352977][T16559] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  256.353044][T16557] loop1: detected capacity change from 0 to 512
[  256.368967][T16557] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  256.384870][   T29] kauditd_printk_skb: 126 callbacks suppressed
[  256.384889][   T29] audit: type=1326 audit(1745322250.647:13706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.415832][   T29] audit: type=1326 audit(1745322250.647:13707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.439766][   T29] audit: type=1326 audit(1745322250.647:13708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.463869][   T29] audit: type=1326 audit(1745322250.647:13709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.465282][T16563] loop0: detected capacity change from 0 to 512
[  256.487609][   T29] audit: type=1326 audit(1745322250.647:13710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.505080][T16549] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  256.517442][   T29] audit: type=1326 audit(1745322250.647:13711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.524800][T16549] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  256.548532][   T29] audit: type=1326 audit(1745322250.647:13712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.557239][T16557] EXT4-fs (loop1): 1 truncate cleaned up
[  256.580082][T16563] EXT4-fs: Ignoring removed orlov option
[  256.593900][T16549] vhci_hcd: default hub control req: 0006 v0008 i0002 l0
[  256.607565][   T29] audit: type=1326 audit(1745322250.847:13713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.631576][   T29] audit: type=1326 audit(1745322250.847:13714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.633063][T16557] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  256.655370][   T29] audit: type=1326 audit(1745322250.847:13715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16561 comm="syz.4.4645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f357b9be169 code=0x7ffc0000
[  256.669641][T16533] program syz.5.4633 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  256.720408][T16563] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.733548][T16563] ext4 filesystem being mounted at /399/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.757654][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.851336][T16578] atomic_op ffff88812e128128 conn xmit_atomic 0000000000000000
[  256.922650][T16589] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  256.979223][T16592] loop1: detected capacity change from 0 to 2048
[  256.989063][T16596] netlink: '+}[@': attribute type 3 has an invalid length.
[  257.016542][T16600] atomic_op ffff888142a8a928 conn xmit_atomic 0000000000000000
[  257.025820][T16592]  loop1: p1 < > p4
[  257.036914][T16592] loop1: p4 size 8388608 extends beyond EOD, truncated
[  257.170211][T11736] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.199064][T16620] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  257.216019][T16609] loop5: detected capacity change from 0 to 8192
[  257.242814][T16609] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  257.269151][T16626] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[  257.282279][T16626] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5)
[  257.292423][T16609] devtmpfs: Bad value for 'mpol'
[  257.346842][T16634] tipc: Started in network mode
[  257.351774][T16634] tipc: Node identity ac14140f, cluster identity 4711
[  257.372690][T16634] tipc: New replicast peer: 10.1.1.2
[  257.378259][T16634] tipc: Enabled bearer <udp:s>, priority 10
[  257.391924][T16637] netlink: 'syz.1.4677': attribute type 1 has an invalid length.
[  257.469322][T16609] vhci_hcd: invalid port number 0
[  257.554996][T16656] __nla_validate_parse: 4 callbacks suppressed
[  257.555059][T16656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4680'.
[  257.574590][T16657] loop5: detected capacity change from 0 to 256
[  257.584506][T16662] atomic_op ffff888142a89d28 conn xmit_atomic 0000000000000000
[  257.639436][T16648] lo: entered promiscuous mode
[  257.644255][T16648] lo: entered allmulticast mode
[  257.650894][T16657] FAT-fs (loop5): error, corrupted file size (i_pos 196, 2097162)
[  257.651371][T16669] netlink: 'syz.2.4690': attribute type 1 has an invalid length.
[  257.658825][T16657] FAT-fs (loop5): Filesystem has been set read-only
[  257.839896][T16695] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4700'.
[  257.848981][T16695] 0ªX¹¦À: renamed from caif0
[  257.855777][T16695] 0ªX¹¦À: entered allmulticast mode
[  257.861060][T16695] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  258.495410][ T3464] tipc: Node number set to 2886997007
[  258.499182][T16724] netlink: 'syz.5.4713': attribute type 1 has an invalid length.
[  258.780382][T16748] FAULT_INJECTION: forcing a failure.
[  258.780382][T16748] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  258.793708][T16748] CPU: 0 UID: 0 PID: 16748 Comm: syz.0.4722 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  258.793738][T16748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  258.793753][T16748] Call Trace:
[  258.793762][T16748]  <TASK>
[  258.793794][T16748]  dump_stack_lvl+0xf6/0x150
[  258.793818][T16748]  dump_stack+0x15/0x1a
[  258.793839][T16748]  should_fail_ex+0x261/0x270
[  258.793926][T16748]  should_fail_alloc_page+0xfd/0x110
[  258.793955][T16748]  __alloc_frozen_pages_noprof+0x11d/0x360
[  258.794033][T16748]  alloc_pages_mpol+0xb6/0x260
[  258.794141][T16748]  alloc_pages_noprof+0xe8/0x130
[  258.794171][T16748]  pte_alloc_one+0x2f/0x110
[  258.794205][T16748]  __pte_alloc+0x36/0x2b0
[  258.794253][T16748]  handle_mm_fault+0x1d69/0x2e80
[  258.794275][T16748]  ? mas_walk+0x204/0x320
[  258.794296][T16748]  ? __rcu_read_unlock+0x4e/0x70
[  258.794328][T16748]  exc_page_fault+0x3b9/0x6a0
[  258.794401][T16748]  ? do_syscall_64+0xd6/0x1a0
[  258.794433][T16748]  asm_exc_page_fault+0x26/0x30
[  258.794544][T16748] RIP: 0033:0x7f616dd50c86
[  258.794559][T16748] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[  258.794575][T16748] RSP: 002b:00007f616c4f64a0 EFLAGS: 00010246
[  258.794591][T16748] RAX: 0000000000000001 RBX: 00007f616c4f6540 RCX: 0000000000000101
[  258.794650][T16748] RDX: 0000000000000030 RSI: 0000000000000001 RDI: 00007f616c4f65e0
[  258.794665][T16748] RBP: 0000000000000102 R08: 00007f61640d7000 R09: 0000000000000000
[  258.794679][T16748] R10: 0000000000000000 R11: 00007f616c4f6550 R12: 0000000000000001
[  258.794693][T16748] R13: 00007f616df2bf40 R14: 0000000000000000 R15: 00007f616c4f65e0
[  258.794715][T16748]  </TASK>
[  258.794762][T16748] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  258.837567][T16744] loop2: detected capacity change from 0 to 512
[  258.991767][T16744] EXT4-fs (loop2): orphan cleanup on readonly fs
[  259.011553][T16748] loop0: detected capacity change from 0 to 512
[  259.012259][T16744] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.4719: bg 0: block 248: padding at end of block bitmap is not set
[  259.018290][T16748] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  259.051036][T16744] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.4719: Failed to acquire dquot type 1
[  259.084785][T16744] EXT4-fs (loop2): 1 truncate cleaned up
[  259.092341][T16744] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  259.121093][T16739] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  259.145820][T16739] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.4719: Failed to acquire dquot type 1
[  259.157525][T16739] EXT4-fs warning (device loop2): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-28, ino=4). Please run e2fsck to fix.
[  259.189186][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.201745][T16773] netlink: 'syz.0.4732': attribute type 1 has an invalid length.
[  259.630715][T16785] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4737'.
[  259.734189][T16797] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  259.775049][T16799] FAULT_INJECTION: forcing a failure.
[  259.775049][T16799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.788433][T16799] CPU: 0 UID: 0 PID: 16799 Comm: syz.5.4744 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  259.788461][T16799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  259.788477][T16799] Call Trace:
[  259.788484][T16799]  <TASK>
[  259.788491][T16799]  dump_stack_lvl+0xf6/0x150
[  259.788520][T16799]  dump_stack+0x15/0x1a
[  259.788537][T16799]  should_fail_ex+0x261/0x270
[  259.788595][T16799]  should_fail+0xb/0x10
[  259.788664][T16799]  should_fail_usercopy+0x1a/0x20
[  259.788686][T16799]  fpu__restore_sig+0x124/0xaa0
[  259.788722][T16799]  __do_sys_rt_sigreturn+0x2a7/0x360
[  259.788849][T16799]  x64_sys_call+0x2b49/0x2e10
[  259.788868][T16799]  do_syscall_64+0xc9/0x1a0
[  259.788891][T16799]  ? clear_bhb_loop+0x25/0x80
[  259.788911][T16799]  ? clear_bhb_loop+0x25/0x80
[  259.788997][T16799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.789016][T16799] RIP: 0033:0x7f02d02fe167
[  259.789029][T16799] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  259.789055][T16799] RSP: 002b:00007f02ce967038 EFLAGS: 00000246
[  259.789069][T16799] RAX: 0000000000000113 RBX: 00007f02d0525fa0 RCX: 00007f02d02fe169
[  259.789080][T16799] RDX: 000000000000000d RSI: 0000000000000000 RDI: 000000000000000e
[  259.789170][T16799] RBP: 00007f02ce967090 R08: 0000000000000001 R09: 0000000000000000
[  259.789224][T16799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.789238][T16799] R13: 0000000000000000 R14: 00007f02d0525fa0 R15: 00007ffd094178f8
[  259.789262][T16799]  </TASK>
[  259.967479][T16801] netlink: 'syz.5.4745': attribute type 1 has an invalid length.
[  260.013403][T16807] xt_cgroup: xt_cgroup: no path or classid specified
[  260.112095][T16826] netlink: 'syz.0.4756': attribute type 1 has an invalid length.
[  260.146183][T16832] loop2: detected capacity change from 0 to 512
[  260.178285][T16832] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  260.191278][T16832] ext4 filesystem being mounted at /372/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  260.247363][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.266338][T16847] loop2: detected capacity change from 0 to 512
[  260.287175][T16847] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  260.301403][T16847] ext4 filesystem being mounted at /373/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.314545][T16847] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  260.322984][T16847] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2087 sclass=netlink_route_socket pid=16847 comm=syz.2.4765
[  260.337230][T16847] netlink: 'syz.2.4765': attribute type 2 has an invalid length.
[  260.368340][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.447388][T16863] netlink: 'syz.2.4771': attribute type 1 has an invalid length.
[  260.508808][T16867] xt_hashlimit: size too large, truncated to 1048576
[  260.588268][T16867] Cannot find set identified by id 2 to match
[  260.678996][T16874] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  260.764737][T16886] netlink: 376 bytes leftover after parsing attributes in process `syz.1.4779'.
[  260.781124][T16886] netlink: 376 bytes leftover after parsing attributes in process `syz.1.4779'.
[  260.855428][T16891] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4784'.
[  260.898792][T16896] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  260.909628][T16896] wireguard0: entered promiscuous mode
[  260.915525][T16896] wireguard0: entered allmulticast mode
[  261.057026][T16912] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4792'.
[  261.126163][T16922] atomic_op ffff88813e7dbd28 conn xmit_atomic 0000000000000000
[  261.256891][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.264888][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.272802][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.283667][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.291507][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.299334][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.307190][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.315017][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.322794][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.330646][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.338552][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.346343][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.354108][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.361946][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.370218][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.378023][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.385807][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.393600][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.401422][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.409202][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.416982][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.424780][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.432605][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.440389][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.448223][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.456018][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.463868][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.471642][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.479665][ T3464] hid-generic 0000:0004:20000000.000E: unknown main item tag 0x0
[  261.495321][ T3464] hid-generic 0000:0004:20000000.000E: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[  261.554885][T16954] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  261.583400][T16957] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16957 comm=syz.5.4809
[  261.596009][T16956] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16956 comm=syz.5.4809
[  261.608669][T16957] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4809'.
[  261.617614][T16957] 0ªX¹¦À: renamed from caif0
[  261.624049][T16957] 0ªX¹¦À: entered allmulticast mode
[  261.629405][T16957] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  261.680491][T16961] atomic_op ffff8881176fd928 conn xmit_atomic 0000000000000000
[  261.707690][   T29] kauditd_printk_skb: 264 callbacks suppressed
[  261.707705][   T29] audit: type=1400 audit(1745322255.967:13976): avc:  denied  { bind } for  pid=16962 comm="syz.5.4812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  261.753618][   T29] audit: type=1400 audit(1745322255.967:13977): avc:  denied  { node_bind } for  pid=16962 comm="syz.5.4812" saddr=127.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  262.067178][T16968] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  262.075018][   T29] audit: type=1400 audit(1745322256.327:13978): avc:  denied  { bind } for  pid=16967 comm="syz.1.4813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  262.235740][   T29] audit: type=1326 audit(1745322256.497:13979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16976 comm="syz.1.4818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08054ce169 code=0x7ffc0000
[  262.259522][   T29] audit: type=1326 audit(1745322256.497:13980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16976 comm="syz.1.4818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08054ce169 code=0x7ffc0000
[  262.334467][   T29] audit: type=1326 audit(1745322256.547:13981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16976 comm="syz.1.4818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f08054ce169 code=0x7ffc0000
[  262.358207][   T29] audit: type=1326 audit(1745322256.547:13982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16976 comm="syz.1.4818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08054ce169 code=0x7ffc0000
[  262.381913][   T29] audit: type=1326 audit(1745322256.547:13983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16976 comm="syz.1.4818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f08054ce169 code=0x7ffc0000
[  262.405534][   T29] audit: type=1326 audit(1745322256.547:13984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16976 comm="syz.1.4818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08054ce169 code=0x7ffc0000
[  262.429358][   T29] audit: type=1326 audit(1745322256.547:13985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16976 comm="syz.1.4818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f08054ce169 code=0x7ffc0000
[  262.459765][T16986] SELinux:  Context system_u:object_r:setrans_exec_t:s0 is not valid (left unmapped).
[  262.473221][T16986] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.482238][T16986] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.491238][T16986] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.500178][T16986] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.513431][T16986] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  262.814964][T17010] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4831'.
[  262.824079][T17010] 1ªX¹¦À: renamed from 
60ªX¹¦À
[  262.831077][T17010] A link change request failed with some changes committed already. Interface 
61ªX¹¦À may have been left with an inconsistent configuration, please check.
[  262.872226][T17013] loop5: detected capacity change from 0 to 512
[  262.886372][T17013] EXT4-fs (loop5): too many log groups per flexible block group
[  262.894284][T17013] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  262.902273][T17013] EXT4-fs (loop5): mount failed
[  263.111740][T17052] FAULT_INJECTION: forcing a failure.
[  263.111740][T17052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.125178][T17052] CPU: 1 UID: 0 PID: 17052 Comm: syz.1.4845 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  263.125286][T17052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  263.125300][T17052] Call Trace:
[  263.125305][T17052]  <TASK>
[  263.125312][T17052]  dump_stack_lvl+0xf6/0x150
[  263.125336][T17052]  dump_stack+0x15/0x1a
[  263.125356][T17052]  should_fail_ex+0x261/0x270
[  263.125386][T17052]  should_fail+0xb/0x10
[  263.125484][T17052]  should_fail_usercopy+0x1a/0x20
[  263.125551][T17052]  strncpy_from_user+0x25/0x230
[  263.125591][T17052]  ? 0xffffffff81000000
[  263.125613][T17052]  ? __rcu_read_unlock+0x4e/0x70
[  263.125640][T17052]  path_removexattrat+0x83/0x4f0
[  263.125684][T17052]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  263.125747][T17052]  __x64_sys_removexattr+0x38/0x50
[  263.125807][T17052]  x64_sys_call+0x2969/0x2e10
[  263.125828][T17052]  do_syscall_64+0xc9/0x1a0
[  263.125921][T17052]  ? clear_bhb_loop+0x25/0x80
[  263.125979][T17052]  ? clear_bhb_loop+0x25/0x80
[  263.126003][T17052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.126029][T17052] RIP: 0033:0x7f08054ce169
[  263.126045][T17052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.126062][T17052] RSP: 002b:00007f0803b37038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[  263.126161][T17052] RAX: ffffffffffffffda RBX: 00007f08056f5fa0 RCX: 00007f08054ce169
[  263.126176][T17052] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000200000000100
[  263.126248][T17052] RBP: 00007f0803b37090 R08: 0000000000000000 R09: 0000000000000000
[  263.126259][T17052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.126277][T17052] R13: 0000000000000000 R14: 00007f08056f5fa0 R15: 00007ffcf3b7b098
[  263.126295][T17052]  </TASK>
[  263.423463][T17070] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  263.472694][T17075] loop1: detected capacity change from 0 to 512
[  263.481533][T17075] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.4853: invalid indirect mapped block 256 (level 2)
[  263.496796][T17075] EXT4-fs (loop1): 2 truncates cleaned up
[  263.503032][T17075] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.519060][T17075] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.4853: bg 0: block 5: invalid block bitmap
[  263.532138][T17075] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3355443200 > max in inode 15
[  263.543482][T17075] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3355443201 > max in inode 15
[  263.633528][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.670665][ T3386] hid-generic 0000:0FFF:0007.000F: unknown main item tag 0x0
[  263.678460][ T3386] hid-generic 0000:0FFF:0007.000F: unknown main item tag 0x0
[  263.686947][ T3386] hid-generic 0000:0FFF:0007.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on 
[  263.730521][T17087] FAULT_INJECTION: forcing a failure.
[  263.730521][T17087] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.743767][T17087] CPU: 1 UID: 0 PID: 17087 Comm: syz.1.4857 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  263.743792][T17087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  263.743804][T17087] Call Trace:
[  263.743809][T17087]  <TASK>
[  263.743815][T17087]  dump_stack_lvl+0xf6/0x150
[  263.743901][T17087]  dump_stack+0x15/0x1a
[  263.743921][T17087]  should_fail_ex+0x261/0x270
[  263.743942][T17087]  should_fail+0xb/0x10
[  263.743960][T17087]  should_fail_usercopy+0x1a/0x20
[  263.744050][T17087]  strncpy_from_user+0x25/0x230
[  263.744079][T17087]  ? __se_sys_memfd_create+0x1ea/0x5a0
[  263.744185][T17087]  __se_sys_memfd_create+0x218/0x5a0
[  263.744214][T17087]  __x64_sys_memfd_create+0x31/0x40
[  263.744241][T17087]  x64_sys_call+0x1163/0x2e10
[  263.744309][T17087]  do_syscall_64+0xc9/0x1a0
[  263.744330][T17087]  ? clear_bhb_loop+0x25/0x80
[  263.744348][T17087]  ? clear_bhb_loop+0x25/0x80
[  263.744390][T17087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.744407][T17087] RIP: 0033:0x7f08054ce169
[  263.744421][T17087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.744436][T17087] RSP: 002b:00007f0803b36e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  263.744452][T17087] RAX: ffffffffffffffda RBX: 00000000000004f2 RCX: 00007f08054ce169
[  263.744463][T17087] RDX: 00007f0803b36ef0 RSI: 0000000000000000 RDI: 00007f0805551404
[  263.744473][T17087] RBP: 0000200000000600 R08: 00007f0803b36bb7 R09: 00007f0803b36e40
[  263.744502][T17087] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  263.744516][T17087] R13: 00007f0803b36ef0 R14: 00007f0803b36eb0 R15: 00002000000002c0
[  263.744541][T17087]  </TASK>
[  263.984121][T17100] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  264.044647][T17104] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  264.052198][T17104] vhci_hcd: default hub control req: 2307 v0008 i0002 l4096
[  264.298727][T17116] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4868'.
[  264.308132][T17116] FAULT_INJECTION: forcing a failure.
[  264.308132][T17116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.321425][T17116] CPU: 0 UID: 0 PID: 17116 Comm: syz.0.4868 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  264.321459][T17116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  264.321505][T17116] Call Trace:
[  264.321511][T17116]  <TASK>
[  264.321518][T17116]  dump_stack_lvl+0xf6/0x150
[  264.321542][T17116]  dump_stack+0x15/0x1a
[  264.321562][T17116]  should_fail_ex+0x261/0x270
[  264.321593][T17116]  should_fail+0xb/0x10
[  264.321618][T17116]  should_fail_usercopy+0x1a/0x20
[  264.321702][T17116]  _copy_from_user+0x1c/0xa0
[  264.321812][T17116]  kstrtouint_from_user+0x84/0x100
[  264.321842][T17116]  ? 0xffffffff81000000
[  264.321864][T17116]  ? selinux_file_permission+0x22d/0x360
[  264.321891][T17116]  proc_fail_nth_write+0x54/0x160
[  264.321976][T17116]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  264.322018][T17116]  vfs_write+0x295/0x950
[  264.322036][T17116]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  264.322143][T17116]  ? __fget_files+0x186/0x1c0
[  264.322166][T17116]  ksys_write+0xeb/0x1b0
[  264.322184][T17116]  __x64_sys_write+0x42/0x50
[  264.322202][T17116]  x64_sys_call+0x2a45/0x2e10
[  264.322258][T17116]  do_syscall_64+0xc9/0x1a0
[  264.322289][T17116]  ? clear_bhb_loop+0x25/0x80
[  264.322312][T17116]  ? clear_bhb_loop+0x25/0x80
[  264.322332][T17116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.322422][T17116] RIP: 0033:0x7f616de8cc1f
[  264.322438][T17116] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  264.322460][T17116] RSP: 002b:00007f616c4f7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  264.322478][T17116] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f616de8cc1f
[  264.322489][T17116] RDX: 0000000000000001 RSI: 00007f616c4f70a0 RDI: 0000000000000007
[  264.322500][T17116] RBP: 00007f616c4f7090 R08: 0000000000000000 R09: 0000000000000000
[  264.322513][T17116] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  264.322537][T17116] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  264.322605][T17116]  </TASK>
[  264.607271][T17128] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  264.701820][T17137] loop0: detected capacity change from 0 to 512
[  264.710233][T17137] EXT4-fs (loop0): orphan cleanup on readonly fs
[  264.717739][T17137] EXT4-fs error (device loop0): ext4_orphan_get:1416: comm syz.0.4877: bad orphan inode 13
[  264.728290][T17137] ext4_test_bit(bit=12, block=18) = 1
[  264.733813][T17137] is_bad_inode(inode)=0
[  264.738053][T17137] NEXT_ORPHAN(inode)=2130706432
[  264.742931][T17137] max_ino=32
[  264.746287][T17137] i_nlink=1
[  264.749949][T17137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  264.773786][T11736] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.817637][T17140] usb usb8: usbfs: process 17140 (syz.5.4879) did not claim interface 0 before use
[  264.833679][T17140] loop5: detected capacity change from 0 to 512
[  264.937092][T17140] EXT4-fs (loop5): too many log groups per flexible block group
[  264.945091][T17140] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  264.953083][T17140] EXT4-fs (loop5): mount failed
[  265.110603][T17151] loop2: detected capacity change from 0 to 2048
[  265.178115][T17151] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  265.283352][T17160] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  265.476306][T17166] netlink: 100 bytes leftover after parsing attributes in process `syz.5.4886'.
[  265.617465][T17171] loop1: detected capacity change from 0 to 512
[  265.626253][T17171] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.4888: bg 0: block 393: padding at end of block bitmap is not set
[  265.642076][T17171] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  265.652141][T17171] EXT4-fs (loop1): 2 truncates cleaned up
[  265.658367][T17171] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.685319][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.736974][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.831951][T17187] loop0: detected capacity change from 0 to 512
[  265.839304][T17187] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  265.848554][T17187] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  265.867884][T17187] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[  265.877040][T17187] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  265.885218][T17187] System zones: 0-2, 18-18, 34-34
[  265.890701][T17187] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  265.906188][T17187] EXT4-fs (loop0): 1 truncate cleaned up
[  265.912529][T17187] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  265.939146][T11736] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.984919][T17199] can0: slcan on ttyS3.
[  266.015366][T17197] can0 (unregistered): slcan off ttyS3.
[  266.087144][T17204] loop0: detected capacity change from 0 to 512
[  266.094226][T17204] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  266.103766][T17204] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  266.112725][T17204] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[  266.122075][T17204] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  266.130389][T17204] System zones: 0-2, 18-18, 34-35
[  266.136067][T17204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  266.151733][T17204] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000.
[  266.180195][T17209] atomic_op ffff88813e7da128 conn xmit_atomic 0000000000000000
[  266.324611][T17219] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4904'.
[  266.373194][T11736] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.608607][T17247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4913'.
[  266.651457][T17251] batadv_slave_1: entered promiscuous mode
[  266.756523][   T29] kauditd_printk_skb: 188 callbacks suppressed
[  266.756543][   T29] audit: type=1326 audit(1745322261.017:14174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.786501][   T29] audit: type=1326 audit(1745322261.017:14175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.810131][   T29] audit: type=1326 audit(1745322261.047:14176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.834280][   T29] audit: type=1326 audit(1745322261.097:14177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.858095][   T29] audit: type=1326 audit(1745322261.097:14178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.881818][   T29] audit: type=1326 audit(1745322261.097:14179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.905472][   T29] audit: type=1326 audit(1745322261.097:14180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.929149][   T29] audit: type=1326 audit(1745322261.097:14181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.952796][   T29] audit: type=1326 audit(1745322261.097:14182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  266.976571][   T29] audit: type=1326 audit(1745322261.097:14183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17222 comm="syz.5.4906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  267.045709][T17250] batadv_slave_1: left promiscuous mode
[  267.055060][T17263] loop1: detected capacity change from 0 to 256
[  267.062384][T17263] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  267.336602][T17289] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4927'.
[  267.362002][T17291] netlink: 'syz.5.4928': attribute type 1 has an invalid length.
[  267.401411][T17296] FAULT_INJECTION: forcing a failure.
[  267.401411][T17296] name failslab, interval 1, probability 0, space 0, times 0
[  267.414144][T17296] CPU: 1 UID: 0 PID: 17296 Comm: syz.5.4930 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  267.414176][T17296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  267.414192][T17296] Call Trace:
[  267.414199][T17296]  <TASK>
[  267.414209][T17296]  dump_stack_lvl+0xf6/0x150
[  267.414231][T17296]  dump_stack+0x15/0x1a
[  267.414245][T17296]  should_fail_ex+0x261/0x270
[  267.414266][T17296]  should_failslab+0x8f/0xb0
[  267.414285][T17296]  kmem_cache_alloc_noprof+0x59/0x340
[  267.414309][T17296]  ? mas_alloc_nodes+0x1f4/0x4a0
[  267.414333][T17296]  mas_alloc_nodes+0x1f4/0x4a0
[  267.414363][T17296]  mas_preallocate+0x48d/0x6b0
[  267.414389][T17296]  mmap_region+0x983/0x1490
[  267.414431][T17296]  do_mmap+0x9ef/0xc80
[  267.414451][T17296]  vm_mmap_pgoff+0x16d/0x2d0
[  267.414483][T17296]  ksys_mmap_pgoff+0xd0/0x340
[  267.414501][T17296]  ? fpregs_assert_state_consistent+0x83/0xa0
[  267.414528][T17296]  x64_sys_call+0x1945/0x2e10
[  267.414546][T17296]  do_syscall_64+0xc9/0x1a0
[  267.414567][T17296]  ? clear_bhb_loop+0x25/0x80
[  267.414585][T17296]  ? clear_bhb_loop+0x25/0x80
[  267.414605][T17296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.414623][T17296] RIP: 0033:0x7f02d02fe1a3
[  267.414636][T17296] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
[  267.414652][T17296] RSP: 002b:00007f02ce966e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  267.414668][T17296] RAX: ffffffffffffffda RBX: 00000000000004f0 RCX: 00007f02d02fe1a3
[  267.414679][T17296] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000
[  267.414689][T17296] RBP: 0000200000000602 R08: 00000000ffffffff R09: 0000000000000000
[  267.414700][T17296] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000007
[  267.414710][T17296] R13: 00007f02ce966ef0 R14: 00007f02ce966eb0 R15: 00002000000002c0
[  267.414727][T17296]  </TASK>
[  267.644200][T17302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4932'.
[  267.664107][T17304] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4933'.
[  267.693537][T17310] atomic_op ffff888118d26d28 conn xmit_atomic 0000000000000000
[  267.715033][T17312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.724089][T17312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.733321][T17314] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4938'.
[  267.763420][T17317] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4939'.
[  267.870606][T17329] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  267.904645][T17333] usb usb1: usbfs: process 17333 (syz.4.4946) did not claim interface 63 before use
[  267.924359][T17337] atomic_op ffff888118d26d28 conn xmit_atomic 0000000000000000
[  267.949646][T17339] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4949'.
[  268.099696][T17362] atomic_op ffff8881179cd128 conn xmit_atomic 0000000000000000
[  268.146368][T17368] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4962'.
[  268.222960][T17379] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=17379 comm=syz.0.4963
[  268.285027][T17370] SELinux: ebitmap: truncated map
[  268.294797][T17370] SELinux: failed to load policy
[  268.313753][T17387] loop1: detected capacity change from 0 to 512
[  268.325714][T17387] /dev/loop1: Can't open blockdev
[  268.337435][T17385] loop1: detected capacity change from 0 to 512
[  268.349515][T17385] EXT4-fs: Ignoring removed mblk_io_submit option
[  268.353202][T17379] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  268.353202][T17379] The task syz.0.4963 (17379) triggered the difference, watch for misbehavior.
[  268.381630][T17385] syz.1.4967: attempt to access beyond end of device
[  268.381630][T17385] loop1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  268.396149][T17385] EXT4-fs (loop1): unable to read superblock
[  268.547559][T17397] atomic_op ffff88811819a928 conn xmit_atomic 0000000000000000
[  268.571643][T17399] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  268.675205][ T3386] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  268.682729][ T3386] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  268.693226][ T3386] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  268.729923][T17412] loop1: detected capacity change from 0 to 1024
[  268.739615][T17412] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.4978: Failed to acquire dquot type 0
[  268.751628][T17412] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  268.766526][T17412] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #13: comm syz.1.4978: corrupted inode contents
[  268.778806][T17412] EXT4-fs error (device loop1): ext4_dirty_inode:6103: inode #13: comm syz.1.4978: mark_inode_dirty error
[  268.790684][T17412] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #13: comm syz.1.4978: corrupted inode contents
[  268.802875][T17412] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #13: comm syz.1.4978: mark_inode_dirty error
[  268.814518][T17412] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #13: comm syz.1.4978: corrupted inode contents
[  268.826689][T17412] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[  268.835892][T17412] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #13: comm syz.1.4978: corrupted inode contents
[  268.848194][T17412] EXT4-fs error (device loop1): ext4_truncate:4255: inode #13: comm syz.1.4978: mark_inode_dirty error
[  268.859519][T17412] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[  268.869123][T17412] EXT4-fs (loop1): 1 truncate cleaned up
[  268.875409][T17412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  268.905066][T17412] netlink: 140 bytes leftover after parsing attributes in process `syz.1.4978'.
[  268.915157][T17412] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.4978: Failed to acquire dquot type 0
[  268.937545][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.028365][T17419] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  269.036845][T17419] vhci_hcd: default hub control req: 2314 v0008 i0002 l0
[  269.088318][T17427] atomic_op ffff888118198528 conn xmit_atomic 0000000000000000
[  269.090076][T17428] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  269.180881][T17447] netlink: 'syz.2.4990': attribute type 1 has an invalid length.
[  269.192068][T17449] netlink: 'syz.5.4991': attribute type 1 has an invalid length.
[  269.243572][T17455] FAULT_INJECTION: forcing a failure.
[  269.243572][T17455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  269.257052][T17455] CPU: 0 UID: 0 PID: 17455 Comm: syz.0.4992 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  269.257082][T17455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  269.257140][T17455] Call Trace:
[  269.257148][T17455]  <TASK>
[  269.257157][T17455]  dump_stack_lvl+0xf6/0x150
[  269.257201][T17455]  dump_stack+0x15/0x1a
[  269.257218][T17455]  should_fail_ex+0x261/0x270
[  269.257244][T17455]  should_fail+0xb/0x10
[  269.257291][T17455]  should_fail_usercopy+0x1a/0x20
[  269.257322][T17455]  _copy_to_user+0x20/0xa0
[  269.257356][T17455]  simple_read_from_buffer+0xb2/0x130
[  269.257426][T17455]  proc_fail_nth_read+0x103/0x140
[  269.257468][T17455]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  269.257506][T17455]  vfs_read+0x1b2/0x710
[  269.257526][T17455]  ? __rcu_read_unlock+0x4e/0x70
[  269.257553][T17455]  ? __fget_files+0x186/0x1c0
[  269.257581][T17455]  ksys_read+0xeb/0x1b0
[  269.257620][T17455]  __x64_sys_read+0x42/0x50
[  269.257642][T17455]  x64_sys_call+0x2a3b/0x2e10
[  269.257668][T17455]  do_syscall_64+0xc9/0x1a0
[  269.257699][T17455]  ? clear_bhb_loop+0x25/0x80
[  269.257756][T17455]  ? clear_bhb_loop+0x25/0x80
[  269.257788][T17455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.257813][T17455] RIP: 0033:0x7f616de8cb7c
[  269.257831][T17455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  269.257897][T17455] RSP: 002b:00007f616c4f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  269.257918][T17455] RAX: ffffffffffffffda RBX: 00007f616e0b5fa0 RCX: 00007f616de8cb7c
[  269.257930][T17455] RDX: 000000000000000f RSI: 00007f616c4f70a0 RDI: 0000000000000006
[  269.257941][T17455] RBP: 00007f616c4f7090 R08: 0000000000000000 R09: 0000000000000000
[  269.257952][T17455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.257964][T17455] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  269.257987][T17455]  </TASK>
[  269.262078][T17460] atomic_op ffff88811819a928 conn xmit_atomic 0000000000000000
[  269.331376][T17462] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4996'.
[  269.411112][T17467] ip6t_rpfilter: unknown options
[  269.486008][T17462] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4996'.
[  269.495049][T17462] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4996'.
[  269.512939][T17462] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4996'.
[  269.521977][T17462] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4996'.
[  269.531062][T17462] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4996'.
[  269.560834][T17480] openvswitch: netlink: Message has 6 unknown bytes.
[  269.565082][T17482] atomic_op ffff8881179cc928 conn xmit_atomic 0000000000000000
[  269.631319][T17492] atomic_op ffff88811819a928 conn xmit_atomic 0000000000000000
[  269.713039][T17507] netlink: 'syz.5.5014': attribute type 1 has an invalid length.
[  269.737037][T17509] atomic_op ffff888118198528 conn xmit_atomic 0000000000000000
[  269.754130][T17511] SELinux:  Context system_u:object_r:hald_mac_exec_t:s0 is not valid (left unmapped).
[  269.783064][T17515] FAULT_INJECTION: forcing a failure.
[  269.783064][T17515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  269.796275][T17515] CPU: 0 UID: 0 PID: 17515 Comm: syz.5.5017 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  269.796379][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  269.796453][T17515] Call Trace:
[  269.796492][T17515]  <TASK>
[  269.796499][T17515]  dump_stack_lvl+0xf6/0x150
[  269.796520][T17515]  dump_stack+0x15/0x1a
[  269.796535][T17515]  should_fail_ex+0x261/0x270
[  269.796557][T17515]  should_fail+0xb/0x10
[  269.796574][T17515]  should_fail_usercopy+0x1a/0x20
[  269.796619][T17515]  strncpy_from_user+0x25/0x230
[  269.796648][T17515]  ? __se_sys_memfd_create+0x1ea/0x5a0
[  269.796679][T17515]  __se_sys_memfd_create+0x218/0x5a0
[  269.796770][T17515]  __x64_sys_memfd_create+0x31/0x40
[  269.796833][T17515]  x64_sys_call+0x1163/0x2e10
[  269.796894][T17515]  do_syscall_64+0xc9/0x1a0
[  269.796916][T17515]  ? clear_bhb_loop+0x25/0x80
[  269.796935][T17515]  ? clear_bhb_loop+0x25/0x80
[  269.796953][T17515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.796971][T17515] RIP: 0033:0x7f02d02fe169
[  269.796999][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.797015][T17515] RSP: 002b:00007f02ce966e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  269.797031][T17515] RAX: ffffffffffffffda RBX: 0000000000000503 RCX: 00007f02d02fe169
[  269.797041][T17515] RDX: 00007f02ce966ef0 RSI: 0000000000000000 RDI: 00007f02d0381404
[  269.797105][T17515] RBP: 0000200000000140 R08: 00007f02ce966bb7 R09: 00007f02ce966e40
[  269.797116][T17515] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080
[  269.797126][T17515] R13: 00007f02ce966ef0 R14: 00007f02ce966eb0 R15: 0000200000000000
[  269.797143][T17515]  </TASK>
[  269.981794][T17510] pim6reg1: entered promiscuous mode
[  269.987217][T17510] pim6reg1: entered allmulticast mode
[  270.040406][T17526] xt_hashlimit: size too large, truncated to 1048576
[  270.086356][T17527] xt_hashlimit: size too large, truncated to 1048576
[  270.185577][T17543] netlink: 'syz.2.5026': attribute type 1 has an invalid length.
[  270.263795][T17550] loop5: detected capacity change from 0 to 512
[  270.271341][T17547] loop2: detected capacity change from 0 to 512
[  270.278445][T17547] EXT4-fs: Ignoring removed oldalloc option
[  270.298882][T17547] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.5028: Parent and EA inode have the same ino 15
[  270.311537][T17560] FAULT_INJECTION: forcing a failure.
[  270.311537][T17560] name failslab, interval 1, probability 0, space 0, times 0
[  270.313072][T17550] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  270.324243][T17560] CPU: 1 UID: 0 PID: 17560 Comm: syz.4.5032 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  270.324329][T17560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  270.324347][T17560] Call Trace:
[  270.324356][T17560]  <TASK>
[  270.324367][T17560]  dump_stack_lvl+0xf6/0x150
[  270.324397][T17560]  dump_stack+0x15/0x1a
[  270.324419][T17560]  should_fail_ex+0x261/0x270
[  270.324451][T17560]  should_failslab+0x8f/0xb0
[  270.324479][T17560]  __kmalloc_noprof+0xad/0x410
[  270.324545][T17560]  ? security_tun_dev_alloc_security+0x3e/0x130
[  270.324589][T17560]  security_tun_dev_alloc_security+0x3e/0x130
[  270.324631][T17560]  tun_net_init+0x52/0x290
[  270.324690][T17560]  register_netdevice+0x297/0xee0
[  270.324734][T17560]  tun_set_iff+0x609/0x8c0
[  270.324762][T17560]  __tun_chr_ioctl+0x6a6/0x1590
[  270.324836][T17560]  tun_chr_ioctl+0x27/0x30
[  270.324858][T17560]  ? __pfx_tun_chr_ioctl+0x10/0x10
[  270.324887][T17560]  __se_sys_ioctl+0xc9/0x140
[  270.324926][T17560]  __x64_sys_ioctl+0x43/0x50
[  270.324963][T17560]  x64_sys_call+0x168d/0x2e10
[  270.325011][T17560]  do_syscall_64+0xc9/0x1a0
[  270.325120][T17560]  ? clear_bhb_loop+0x25/0x80
[  270.325147][T17560]  ? clear_bhb_loop+0x25/0x80
[  270.325175][T17560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.325282][T17560] RIP: 0033:0x7f357b9be169
[  270.325364][T17560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.325387][T17560] RSP: 002b:00007f357a027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.325410][T17560] RAX: ffffffffffffffda RBX: 00007f357bbe5fa0 RCX: 00007f357b9be169
[  270.325426][T17560] RDX: 0000200000000100 RSI: 00000000400454ca RDI: 0000000000000004
[  270.325441][T17560] RBP: 00007f357a027090 R08: 0000000000000000 R09: 0000000000000000
[  270.325456][T17560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  270.325471][T17560] R13: 0000000000000000 R14: 00007f357bbe5fa0 R15: 00007ffce8ea4f68
[  270.325508][T17560]  </TASK>
[  270.355933][T17547] EXT4-fs (loop2): 1 orphan inode deleted
[  270.358833][T17550] EXT4-fs (loop5): orphan cleanup on readonly fs
[  270.362988][T17547] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.366366][T17550] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  270.449487][T17547] SELinux: syz.2.5028 (17547) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  270.592923][T17550] EXT4-fs (loop5): Cannot turn on quotas: error -117
[  270.600039][T17550] EXT4-fs error (device loop5): ext4_orphan_get:1390: inode #16: comm syz.5.5030: casefold flag without casefold feature
[  270.601040][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.614293][T17550] EXT4-fs error (device loop5): ext4_orphan_get:1395: comm syz.5.5030: couldn't read orphan inode 16 (err -117)
[  270.634460][T17550] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  270.662413][T17565] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  270.670128][T17563] loop2: detected capacity change from 0 to 1024
[  270.717167][T15745] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.781797][T17584] netlink: 'syz.0.5041': attribute type 1 has an invalid length.
[  270.832780][T17593] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  270.864205][T17597] tmpfs: Bad value for 'nr_inodes'
[  270.906283][T17603] veth0_to_bond: entered allmulticast mode
[  271.003492][T17612] xt_CT: You must specify a L4 protocol and not use inversions on it
[  271.017406][T17617] netlink: 'syz.0.5055': attribute type 1 has an invalid length.
[  271.097261][T17627] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  271.213457][T17638] FAULT_INJECTION: forcing a failure.
[  271.213457][T17638] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  271.226975][T17638] CPU: 1 UID: 0 PID: 17638 Comm: syz.0.5065 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  271.227009][T17638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  271.227025][T17638] Call Trace:
[  271.227033][T17638]  <TASK>
[  271.227117][T17638]  dump_stack_lvl+0xf6/0x150
[  271.227145][T17638]  dump_stack+0x15/0x1a
[  271.227165][T17638]  should_fail_ex+0x261/0x270
[  271.227203][T17638]  should_fail_alloc_page+0xfd/0x110
[  271.227234][T17638]  __alloc_frozen_pages_noprof+0x11d/0x360
[  271.227263][T17638]  alloc_pages_mpol+0xb6/0x260
[  271.227415][T17638]  alloc_pages_noprof+0xe8/0x130
[  271.227450][T17638]  kimage_alloc_control_pages+0x14c/0x730
[  271.227533][T17638]  alloc_pgt_page+0x17/0x50
[  271.227565][T17638]  kernel_ident_mapping_init+0xfc/0x240
[  271.227598][T17638]  machine_kexec_prepare+0x19d/0x7b0
[  271.227631][T17638]  ? __pfx_alloc_pgt_page+0x10/0x10
[  271.227721][T17638]  do_kexec_load+0x3d7/0x510
[  271.227827][T17638]  __se_sys_kexec_load+0x12b/0x160
[  271.227863][T17638]  __x64_sys_kexec_load+0x55/0x70
[  271.227946][T17638]  x64_sys_call+0xded/0x2e10
[  271.227969][T17638]  do_syscall_64+0xc9/0x1a0
[  271.228010][T17638]  ? clear_bhb_loop+0x25/0x80
[  271.228032][T17638]  ? clear_bhb_loop+0x25/0x80
[  271.228054][T17638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.228076][T17638] RIP: 0033:0x7f616de8e169
[  271.228093][T17638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.228124][T17638] RSP: 002b:00007f616c4f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  271.228145][T17638] RAX: ffffffffffffffda RBX: 00007f616e0b5fa0 RCX: 00007f616de8e169
[  271.228158][T17638] RDX: 0000200000000140 RSI: 0000000000000001 RDI: 0000000000000000
[  271.228214][T17638] RBP: 00007f616c4f7090 R08: 0000000000000000 R09: 0000000000000000
[  271.228226][T17638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.228238][T17638] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  271.228259][T17638]  </TASK>
[  271.465638][T17644] netlink: 'syz.4.5066': attribute type 1 has an invalid length.
[  271.536673][T17649] loop5: detected capacity change from 0 to 4096
[  271.562768][T17657] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  271.590946][T17649] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  271.730794][T17659] FAULT_INJECTION: forcing a failure.
[  271.730794][T17659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  271.744030][T17659] CPU: 0 UID: 0 PID: 17659 Comm: gtp Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  271.744056][T17659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  271.744069][T17659] Call Trace:
[  271.744076][T17659]  <TASK>
[  271.744086][T17659]  dump_stack_lvl+0xf6/0x150
[  271.744120][T17659]  dump_stack+0x15/0x1a
[  271.744215][T17659]  should_fail_ex+0x261/0x270
[  271.744238][T17659]  should_fail+0xb/0x10
[  271.744257][T17659]  should_fail_usercopy+0x1a/0x20
[  271.744333][T17659]  strncpy_from_user+0x25/0x230
[  271.744373][T17659]  ? __se_sys_memfd_create+0x1ea/0x5a0
[  271.744406][T17659]  __se_sys_memfd_create+0x218/0x5a0
[  271.744494][T17659]  __x64_sys_memfd_create+0x31/0x40
[  271.744523][T17659]  x64_sys_call+0x1163/0x2e10
[  271.744544][T17659]  do_syscall_64+0xc9/0x1a0
[  271.744601][T17659]  ? clear_bhb_loop+0x25/0x80
[  271.744688][T17659]  ? clear_bhb_loop+0x25/0x80
[  271.744713][T17659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.744783][T17659] RIP: 0033:0x7f616de8e169
[  271.744800][T17659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.744822][T17659] RSP: 002b:00007f616c4f6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  271.744913][T17659] RAX: ffffffffffffffda RBX: 000000000000029c RCX: 00007f616de8e169
[  271.744928][T17659] RDX: 00007f616c4f6ef0 RSI: 0000000000000000 RDI: 00007f616df11404
[  271.744944][T17659] RBP: 0000200000000400 R08: 00007f616c4f6bb7 R09: 00007f616c4f6e40
[  271.744957][T17659] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  271.744980][T17659] R13: 00007f616c4f6ef0 R14: 00007f616c4f6eb0 R15: 0000200000000040
[  271.745003][T17659]  </TASK>
[  271.920625][   T29] kauditd_printk_skb: 330 callbacks suppressed
[  271.920645][   T29] audit: type=1326 audit(1745322266.007:14509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  271.953215][   T29] audit: type=1326 audit(1745322266.217:14510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  271.981689][T17649] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  271.993049][   T29] audit: type=1326 audit(1745322266.237:14511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  272.016773][   T29] audit: type=1326 audit(1745322266.237:14512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  272.040459][   T29] audit: type=1326 audit(1745322266.237:14513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  272.064085][   T29] audit: type=1326 audit(1745322266.237:14514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  272.087941][   T29] audit: type=1326 audit(1745322266.237:14515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  272.111576][   T29] audit: type=1326 audit(1745322266.257:14516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17647 comm="syz.5.5068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  272.149254][T15745] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.177382][   T29] audit: type=1400 audit(1745322266.417:14517): avc:  denied  { setopt } for  pid=17664 comm="syz.0.5075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  272.197314][   T29] audit: type=1400 audit(1745322266.417:14518): avc:  denied  { write } for  pid=17664 comm="syz.0.5075" path="socket:[55589]" dev="sockfs" ino=55589 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  272.227688][T17673] loop2: detected capacity change from 0 to 512
[  272.234693][T17672] 9pnet: p9_errstr2errno: server reported unknown error &ëŸjâáë=‹ùÆ«&B
[  272.247627][T17675] tmpfs: Bad value for 'nr_inodes'
[  272.251385][T17673] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  272.305457][T17673] EXT4-fs (loop2): 1 truncate cleaned up
[  272.334112][T17673] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.375665][T17685] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  272.385747][T17670] hub 2-0:1.0: USB hub found
[  272.401454][T17670] hub 2-0:1.0: 8 ports detected
[  272.447748][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  272.557727][T17709] netlink: 'syz.2.5092': attribute type 1 has an invalid length.
[  272.584262][T17711] netlink: 'syz.1.5093': attribute type 1 has an invalid length.
[  272.653062][T17717] loop1: detected capacity change from 0 to 2048
[  272.697467][T17723] rds_sendmsg: 4 callbacks suppressed
[  272.697485][T17723] atomic_op ffff888137890528 conn xmit_atomic 0000000000000000
[  272.711520][T17717]  loop1: p1 < > p4
[  272.722698][T17721] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  272.722745][T17717] loop1: p4 size 8388608 extends beyond EOD, truncated
[  272.788513][T17729] loop2: detected capacity change from 0 to 512
[  272.921830][T17746] __nla_validate_parse: 10 callbacks suppressed
[  272.921845][T17746] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  272.988645][T17749] SELinux: syz.0.5107 (17749) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  273.005956][T17749] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5107'.
[  273.040120][T17758] loop5: detected capacity change from 0 to 1024
[  273.047488][T17758] EXT4-fs: Ignoring removed nobh option
[  273.053115][T17758] EXT4-fs: Ignoring removed bh option
[  273.067749][T17758] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.068548][T17761] FAULT_INJECTION: forcing a failure.
[  273.068548][T17761] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  273.085680][T17758] EXT4-fs error (device loop5): ext4_xattr_inode_iget:437: comm syz.5.5111: inode #327696: comm syz.5.5111: iget: illegal inode #
[  273.093364][T17761] CPU: 0 UID: 0 PID: 17761 Comm: syz.0.5112 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  273.093397][T17761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  273.093413][T17761] Call Trace:
[  273.093421][T17761]  <TASK>
[  273.093431][T17761]  dump_stack_lvl+0xf6/0x150
[  273.093462][T17761]  dump_stack+0x15/0x1a
[  273.093485][T17761]  should_fail_ex+0x261/0x270
[  273.093528][T17761]  should_fail+0xb/0x10
[  273.093554][T17761]  should_fail_usercopy+0x1a/0x20
[  273.093588][T17761]  strncpy_from_user+0x25/0x230
[  273.093629][T17761]  ? kstrtouint_from_user+0xbf/0x100
[  273.093661][T17761]  path_setxattrat+0xef/0x320
[  273.093757][T17761]  __x64_sys_lsetxattr+0x71/0x90
[  273.093785][T17761]  x64_sys_call+0x2014/0x2e10
[  273.093850][T17761]  do_syscall_64+0xc9/0x1a0
[  273.093882][T17761]  ? clear_bhb_loop+0x25/0x80
[  273.093910][T17761]  ? clear_bhb_loop+0x25/0x80
[  273.093964][T17761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.093992][T17761] RIP: 0033:0x7f616de8e169
[  273.094010][T17761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.094032][T17761] RSP: 002b:00007f616c4f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  273.094063][T17761] RAX: ffffffffffffffda RBX: 00007f616e0b5fa0 RCX: 00007f616de8e169
[  273.094096][T17761] RDX: 0000200000000100 RSI: 0000200000000080 RDI: 0000200000000000
[  273.094112][T17761] RBP: 00007f616c4f7090 R08: 0000000000000002 R09: 0000000000000000
[  273.094127][T17761] R10: 000000000000003c R11: 0000000000000246 R12: 0000000000000001
[  273.094142][T17761] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  273.094165][T17761]  </TASK>
[  273.278841][T17758] EXT4-fs (loop5): Remounting filesystem read-only
[  273.285790][T17758] EXT4-fs warning (device loop5): ext4_xattr_inode_inc_ref_all:1129: inode #18: comm syz.5.5111: cleanup dec ref error -30
[  273.298891][T17758] EXT4-fs warning (device loop5): ext4_xattr_block_set:2190: inode #18: comm syz.5.5111: dec ref error=-30
[  273.323484][T15745] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.356576][T17774] loop5: detected capacity change from 0 to 256
[  273.363175][T17774] vfat: Bad value for 'shortname'
[  273.479181][T17780] loop5: detected capacity change from 0 to 128
[  273.487281][T17780] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  273.499651][T17780] ext4 filesystem being mounted at /158/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  273.525574][T15745] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  273.769893][T17800] loop1: detected capacity change from 0 to 256
[  273.776851][T17800] vfat: Bad value for 'shortname'
[  273.877847][T17804] loop1: detected capacity change from 0 to 128
[  273.886232][T17804] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  273.898772][T17804] ext4 filesystem being mounted at /389/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  273.940619][T12248] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  273.951064][T17818] atomic_op ffff888101492928 conn xmit_atomic 0000000000000000
[  274.090415][T17836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  274.099280][T17836] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  274.112423][T17836] tipc: Started in network mode
[  274.117545][T17836] tipc: Node identity 1abdd4998061, cluster identity 4711
[  274.124824][T17836] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  274.137634][T17836] tipc: Disabling bearer <eth:syzkaller0>
[  274.155439][T17841] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5146'.
[  274.179101][T17843] atomic_op ffff888101492128 conn xmit_atomic 0000000000000000
[  274.209841][T17845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  274.218426][T17845] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  274.495723][T17855] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  274.522200][T17857] rdma_op ffff888101492980 conn xmit_rdma 0000000000000000
[  274.569087][T17857] netlink: 3 bytes leftover after parsing attributes in process `syz.5.5153'.
[  274.580800][T17857] batadv0: entered allmulticast mode
[  274.646913][T17859] loop5: detected capacity change from 0 to 256
[  274.653498][T17859] vfat: Bad value for 'shortname'
[  274.821680][T17880] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  274.839068][T17879] loop1: detected capacity change from 0 to 512
[  274.846505][T17879] EXT4-fs: Ignoring removed oldalloc option
[  274.861794][T17879] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.5160: Parent and EA inode have the same ino 15
[  274.875899][T17879] EXT4-fs (loop1): 1 orphan inode deleted
[  274.882133][T17879] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  274.900729][T17887] atomic_op ffff888137890128 conn xmit_atomic 0000000000000000
[  275.104793][T17907] netlink: 'syz.4.5174': attribute type 1 has an invalid length.
[  275.114165][T17908] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  275.153136][T17913] netlink: 'syz.0.5177': attribute type 1 has an invalid length.
[  275.218663][T17916] atomic_op ffff88812a348528 conn xmit_atomic 0000000000000000
[  275.450157][T17938] loop5: detected capacity change from 0 to 512
[  275.458113][T17938] EXT4-fs: Ignoring removed orlov option
[  275.478267][T17938] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.490938][T17938] ext4 filesystem being mounted at /174/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  275.508499][T17938] EXT4-fs error (device loop5): __ext4_new_inode:1278: comm syz.5.5185: failed to insert inode 16: doubly allocated?
[  275.608004][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.630388][T17942] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  275.776984][T17949] loop1: detected capacity change from 0 to 128
[  275.785471][T17949] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  275.798077][T17949] ext4 filesystem being mounted at /402/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  275.829026][T12248] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  275.847828][T17953] loop1: detected capacity change from 0 to 256
[  275.854698][T17953] vfat: Bad value for 'shortname'
[  276.137820][T17958] loop1: detected capacity change from 0 to 256
[  276.144674][T17958] vfat: Bad value for 'shortname'
[  276.250132][T15745] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.284079][T17980] netlink: 'syz.2.5203': attribute type 1 has an invalid length.
[  276.439887][T18007] netlink: 'syz.4.5215': attribute type 12 has an invalid length.
[  276.450736][T18008] loop1: detected capacity change from 0 to 512
[  276.457631][T18008] EXT4-fs: Ignoring removed orlov option
[  276.485343][T18008] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.499751][T18008] ext4 filesystem being mounted at /409/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  276.515067][T18008] EXT4-fs error (device loop1): __ext4_new_inode:1278: comm syz.1.5212: failed to insert inode 16: doubly allocated?
[  276.543359][T18015] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5217'.
[  276.615460][T18021] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  277.172691][   T29] kauditd_printk_skb: 232 callbacks suppressed
[  277.172710][   T29] audit: type=1326 audit(1745322271.427:14751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18028 comm="syz.5.5222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.204755][   T29] audit: type=1326 audit(1745322271.427:14752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18028 comm="syz.5.5222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.228432][   T29] audit: type=1326 audit(1745322271.427:14753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18028 comm="syz.5.5222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.252043][   T29] audit: type=1326 audit(1745322271.427:14754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18028 comm="syz.5.5222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.276366][   T29] audit: type=1326 audit(1745322271.427:14755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18028 comm="syz.5.5222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.300105][   T29] audit: type=1326 audit(1745322271.427:14756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18028 comm="syz.5.5222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.332200][T18032] netlink: 36 bytes leftover after parsing attributes in process `syz.5.5223'.
[  277.357004][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.409800][   T29] audit: type=1326 audit(1745322271.667:14757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18043 comm="syz.5.5229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.433743][   T29] audit: type=1326 audit(1745322271.667:14758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18043 comm="syz.5.5229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.468723][T18039] loop1: detected capacity change from 0 to 128
[  277.470043][T18049] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  277.494043][T18039] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  277.507451][   T29] audit: type=1326 audit(1745322271.767:14759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18043 comm="syz.5.5229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.507454][T18039] ext4 filesystem being mounted at /410/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  277.541489][   T29] audit: type=1326 audit(1745322271.767:14760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18043 comm="syz.5.5229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  277.598995][T12248] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  277.722140][T18071] loop1: detected capacity change from 0 to 164
[  277.747075][T18071] syz.1.5238: attempt to access beyond end of device
[  277.747075][T18071] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  277.775198][T18071] syz.1.5238: attempt to access beyond end of device
[  277.775198][T18071] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  278.106536][T18089] loop1: detected capacity change from 0 to 1024
[  278.114900][T18089] EXT4-fs: Ignoring removed nobh option
[  278.116883][T18092] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  278.120629][T18089] EXT4-fs: Ignoring removed bh option
[  278.154389][T18089] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.187481][T18089] random: crng reseeded on system resumption
[  278.294797][T18108] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.5243: Allocating blocks 385-513 which overlap fs metadata
[  278.351457][T18089] EXT4-fs (loop1): pa ffff8881069575b0: logic 16, phys. 129, len 24
[  278.359677][T18089] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8
[  278.377871][T18113] __nla_validate_parse: 17 callbacks suppressed
[  278.377887][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.380919][T18112] batadv1: entered allmulticast mode
[  278.384201][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.403160][T18112] 8021q: adding VLAN 0 to HW filter on device batadv1
[  278.416260][T18089] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  278.428533][T18089] EXT4-fs (loop1): This should not happen!! Data will be lost
[  278.428533][T18089] 
[  278.438241][T18089] EXT4-fs (loop1): Total free blocks count 0
[  278.444286][T18089] EXT4-fs (loop1): Free/Dirty block details
[  278.450296][T18089] EXT4-fs (loop1): free_blocks=128
[  278.455458][T18089] EXT4-fs (loop1): dirty_blocks=0
[  278.460496][T18089] EXT4-fs (loop1): Block reservation details
[  278.466535][T18089] EXT4-fs (loop1): i_reserved_data_blocks=0
[  278.472806][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.513483][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.522645][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.550468][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.563067][T18126] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  278.626571][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.635676][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.660291][T18139] loop5: detected capacity change from 0 to 256
[  278.668536][T18113] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5252'.
[  278.678393][T18139] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  278.846721][T18163] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  278.992232][T18182] loop5: detected capacity change from 0 to 256
[  278.999009][T18182] vfat: Bad value for 'shortname'
[  279.157812][T18197] atomic_op ffff88812a34bd28 conn xmit_atomic 0000000000000000
[  279.578557][T18213] atomic_op ffff88810104c928 conn xmit_atomic 0000000000000000
[  279.670092][T18218] netlink: 'syz.5.5293': attribute type 1 has an invalid length.
[  279.713270][T18224] atomic_op ffff88812a34ad28 conn xmit_atomic 0000000000000000
[  279.790327][T18239] atomic_op ffff88812a34ad28 conn xmit_atomic 0000000000000000
[  279.832147][ T1064] IPVS: starting estimator thread 0...
[  279.925191][T18243] IPVS: using max 2016 ests per chain, 100800 per kthread
[  280.063636][T18254] atomic_op ffff88812a349928 conn xmit_atomic 0000000000000000
[  280.195809][T18265] atomic_op ffff88816fa5dd28 conn xmit_atomic 0000000000000000
[  280.408538][T18277] FAULT_INJECTION: forcing a failure.
[  280.408538][T18277] name failslab, interval 1, probability 0, space 0, times 0
[  280.421262][T18277] CPU: 0 UID: 0 PID: 18277 Comm: syz.2.5318 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  280.421327][T18277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  280.421343][T18277] Call Trace:
[  280.421352][T18277]  <TASK>
[  280.421363][T18277]  dump_stack_lvl+0xf6/0x150
[  280.421384][T18277]  dump_stack+0x15/0x1a
[  280.421472][T18277]  should_fail_ex+0x261/0x270
[  280.421512][T18277]  should_failslab+0x8f/0xb0
[  280.421531][T18277]  kmem_cache_alloc_noprof+0x59/0x340
[  280.421555][T18277]  ? alloc_empty_file+0x78/0x200
[  280.421577][T18277]  ? _raw_spin_unlock+0x26/0x50
[  280.421680][T18277]  alloc_empty_file+0x78/0x200
[  280.421702][T18277]  alloc_file_pseudo+0xcb/0x160
[  280.421806][T18277]  __shmem_file_setup+0x1bb/0x1f0
[  280.421826][T18277]  shmem_file_setup+0x3b/0x50
[  280.421897][T18277]  __se_sys_memfd_create+0x2e1/0x5a0
[  280.421927][T18277]  __x64_sys_memfd_create+0x31/0x40
[  280.421955][T18277]  x64_sys_call+0x1163/0x2e10
[  280.422033][T18277]  do_syscall_64+0xc9/0x1a0
[  280.422087][T18277]  ? clear_bhb_loop+0x25/0x80
[  280.422105][T18277]  ? clear_bhb_loop+0x25/0x80
[  280.422178][T18277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.422195][T18277] RIP: 0033:0x7f3c8d6ae169
[  280.422241][T18277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.422261][T18277] RSP: 002b:00007f3c8bd16e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  280.422319][T18277] RAX: ffffffffffffffda RBX: 00000000000005ad RCX: 00007f3c8d6ae169
[  280.422337][T18277] RDX: 00007f3c8bd16ef0 RSI: 0000000000000000 RDI: 00007f3c8d731404
[  280.422352][T18277] RBP: 0000200000000180 R08: 00007f3c8bd16bb7 R09: 00007f3c8bd16e40
[  280.422367][T18277] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000040
[  280.422381][T18277] R13: 00007f3c8bd16ef0 R14: 00007f3c8bd16eb0 R15: 0000200000000940
[  280.422403][T18277]  </TASK>
[  280.684488][T18288] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  280.707946][T18289] loop1: detected capacity change from 0 to 512
[  280.718741][T18289] EXT4-fs: Ignoring removed orlov option
[  280.739675][T18289] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.762555][T18289] ext4 filesystem being mounted at /427/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  280.787682][T18289] EXT4-fs error (device loop1): __ext4_new_inode:1278: comm syz.1.5319: failed to insert inode 16: doubly allocated?
[  280.943763][T18297] atomic_op ffff88816fa5d928 conn xmit_atomic 0000000000000000
[  281.181719][T18315] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18315 comm=syz.4.5331
[  281.260360][T18321] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  281.479002][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.512464][T18326] loop1: detected capacity change from 0 to 512
[  281.543247][T18326] EXT4-fs: Ignoring removed nomblk_io_submit option
[  281.559647][T18326] EXT4-fs: Ignoring removed mblk_io_submit option
[  281.578989][T18326] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  281.587115][T18326] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  281.595738][T18326] EXT4-fs (loop1): 1 truncate cleaned up
[  281.601941][T18326] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.626684][T18326] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #2: block 4: comm syz.1.5335: lblock 0 mapped to illegal pblock 4 (length 1)
[  281.641075][T18326] EXT4-fs (loop1): Remounting filesystem read-only
[  281.674901][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.692200][T18332] atomic_op ffff88811dc58d28 conn xmit_atomic 0000000000000000
[  281.966762][T18345] FAULT_INJECTION: forcing a failure.
[  281.966762][T18345] name failslab, interval 1, probability 0, space 0, times 0
[  281.979557][T18345] CPU: 1 UID: 0 PID: 18345 Comm: syz.0.5342 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  281.979584][T18345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  281.979596][T18345] Call Trace:
[  281.979644][T18345]  <TASK>
[  281.979654][T18345]  dump_stack_lvl+0xf6/0x150
[  281.979680][T18345]  dump_stack+0x15/0x1a
[  281.979695][T18345]  should_fail_ex+0x261/0x270
[  281.979721][T18345]  should_failslab+0x8f/0xb0
[  281.979748][T18345]  kmem_cache_alloc_node_noprof+0x5c/0x340
[  281.979847][T18345]  ? perf_event_alloc+0x154/0x1660
[  281.979872][T18345]  perf_event_alloc+0x154/0x1660
[  281.979972][T18345]  __se_sys_perf_event_open+0x7f8/0x2220
[  281.980003][T18345]  ? vfs_write+0x641/0x950
[  281.980025][T18345]  ? putname+0xe1/0x100
[  281.980058][T18345]  __x64_sys_perf_event_open+0x67/0x80
[  281.980106][T18345]  x64_sys_call+0x27bb/0x2e10
[  281.980174][T18345]  do_syscall_64+0xc9/0x1a0
[  281.980234][T18345]  ? clear_bhb_loop+0x25/0x80
[  281.980256][T18345]  ? clear_bhb_loop+0x25/0x80
[  281.980278][T18345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.980297][T18345] RIP: 0033:0x7f616de8e169
[  281.980316][T18345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.980344][T18345] RSP: 002b:00007f616c4f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  281.980367][T18345] RAX: ffffffffffffffda RBX: 00007f616e0b5fa0 RCX: 00007f616de8e169
[  281.980383][T18345] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000000
[  281.980397][T18345] RBP: 00007f616c4f7090 R08: 0000000000000000 R09: 0000000000000000
[  281.980412][T18345] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  281.980425][T18345] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  281.980508][T18345]  </TASK>
[  282.182675][T18347] sd 0:0:1:0: device reset
[  282.197628][T18351] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  282.393871][T18363] netlink: 'syz.0.5348': attribute type 27 has an invalid length.
[  282.401924][T18363] lo: left promiscuous mode
[  282.406573][T18363] lo: left allmulticast mode
[  282.411313][T18363] 1ªX¹¦À: left allmulticast mode
[  282.416784][T18363] batadv0: left promiscuous mode
[  282.422068][T18363] batadv0: left allmulticast mode
[  282.430620][T18363] ip6erspan0: left promiscuous mode
[  282.664167][   T29] kauditd_printk_skb: 259 callbacks suppressed
[  282.664184][   T29] audit: type=1401 audit(1745322276.917:15020): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t
[  282.767700][T18383] netlink: 'syz.5.5355': attribute type 1 has an invalid length.
[  283.043773][T18387] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  283.310167][   T29] audit: type=1326 audit(1745322277.567:15021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.333906][   T29] audit: type=1326 audit(1745322277.567:15022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.380121][   T29] audit: type=1326 audit(1745322277.597:15023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.383225][T18398] loop5: detected capacity change from 0 to 164
[  283.403666][   T29] audit: type=1326 audit(1745322277.597:15024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.433756][   T29] audit: type=1326 audit(1745322277.597:15025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.457366][   T29] audit: type=1326 audit(1745322277.597:15026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.481112][   T29] audit: type=1326 audit(1745322277.597:15027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.504717][   T29] audit: type=1326 audit(1745322277.597:15028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18393 comm="syz.5.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  283.513078][T18398] iso9660: Corrupted directory entry in block 4 of inode 1792
[  283.559154][T18403] atomic_op ffff8881868c0128 conn xmit_atomic 0000000000000000
[  283.579356][T18405] loop1: detected capacity change from 0 to 128
[  283.589932][   T29] audit: type=1326 audit(1745322277.847:15029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18396 comm="syz.2.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c8d6ae169 code=0x7ffc0000
[  283.590733][T18405] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  283.626291][T18405] ext4 filesystem being mounted at /435/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  283.639903][T18409] netlink: 'syz.0.5366': attribute type 27 has an invalid length.
[  283.668285][T18411] __nla_validate_parse: 32 callbacks suppressed
[  283.668376][T18411] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5367'.
[  283.684262][T18411] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5367'.
[  283.684853][T12248] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  283.711644][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.720817][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.732894][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.761329][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.770493][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.781502][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.817138][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.826209][T18413] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5368'.
[  283.846922][T18422] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18422 comm=syz.5.5370
[  283.859558][T18422] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=18422 comm=syz.5.5370
[  283.912679][T18432] loop1: detected capacity change from 0 to 512
[  283.925908][T18432] EXT4-fs: test_dummy_encryption option not supported
[  284.027681][T18449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  284.036429][T18449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  284.666930][T18491] loop2: detected capacity change from 0 to 512
[  284.673831][T18491] EXT4-fs: Ignoring removed orlov option
[  284.687747][T18491] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.700675][T18491] ext4 filesystem being mounted at /483/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  284.714780][T18491] EXT4-fs error (device loop2): __ext4_new_inode:1278: comm syz.2.5396: failed to insert inode 16: doubly allocated?
[  284.810414][T18505] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  284.817766][T18505] syzkaller0: entered promiscuous mode
[  284.823307][T18505] syzkaller0: entered allmulticast mode
[  284.834104][T18504] tipc: Resetting bearer <eth:syzkaller0>
[  284.841321][T18504] tipc: Disabling bearer <eth:syzkaller0>
[  284.953330][T18512] atomic_op ffff88811dc5bd28 conn xmit_atomic 0000000000000000
[  285.304198][T18542] FAULT_INJECTION: forcing a failure.
[  285.304198][T18542] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.317552][T18542] CPU: 0 UID: 0 PID: 18542 Comm: syz.5.5417 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  285.317582][T18542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  285.317605][T18542] Call Trace:
[  285.317611][T18542]  <TASK>
[  285.317619][T18542]  dump_stack_lvl+0xf6/0x150
[  285.317649][T18542]  dump_stack+0x15/0x1a
[  285.317670][T18542]  should_fail_ex+0x261/0x270
[  285.317698][T18542]  should_fail+0xb/0x10
[  285.317791][T18542]  should_fail_usercopy+0x1a/0x20
[  285.317874][T18542]  _copy_from_user+0x1c/0xa0
[  285.317906][T18542]  vmemdup_user+0x66/0xd0
[  285.317935][T18542]  map_lookup_and_delete_elem+0x230/0x560
[  285.317971][T18542]  __sys_bpf+0x468/0x800
[  285.318050][T18542]  __x64_sys_bpf+0x43/0x50
[  285.318074][T18542]  x64_sys_call+0x23da/0x2e10
[  285.318100][T18542]  do_syscall_64+0xc9/0x1a0
[  285.318175][T18542]  ? clear_bhb_loop+0x25/0x80
[  285.318247][T18542]  ? clear_bhb_loop+0x25/0x80
[  285.318268][T18542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.318292][T18542] RIP: 0033:0x7f02d02fe169
[  285.318310][T18542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.318332][T18542] RSP: 002b:00007f02ce967038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  285.318354][T18542] RAX: ffffffffffffffda RBX: 00007f02d0525fa0 RCX: 00007f02d02fe169
[  285.318369][T18542] RDX: 0000000000000020 RSI: 0000200000000000 RDI: 0000000000000015
[  285.318430][T18542] RBP: 00007f02ce967090 R08: 0000000000000000 R09: 0000000000000000
[  285.318444][T18542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.318458][T18542] R13: 0000000000000000 R14: 00007f02d0525fa0 R15: 00007ffd094178f8
[  285.318483][T18542]  </TASK>
[  285.510548][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.554860][T18549] netlink: 'syz.2.5420': attribute type 27 has an invalid length.
[  285.563043][T18549] 1ªX¹¦À: left allmulticast mode
[  285.639794][T18559] netlink: 'syz.5.5425': attribute type 10 has an invalid length.
[  285.650853][T18561] atomic_op ffff88811dc58d28 conn xmit_atomic 0000000000000000
[  285.678194][T18559] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.687135][T18559] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.695962][T18559] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.704864][T18559] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.717005][T18559] team0: Port device geneve1 added
[  285.999036][T18594] atomic_op ffff8881868c2928 conn xmit_atomic 0000000000000000
[  286.285888][T18608] xt_connbytes: Forcing CT accounting to be enabled
[  286.292651][T18608] Cannot find set identified by id 0 to match
[  286.368222][T18617] loop2: detected capacity change from 0 to 512
[  286.397184][T18617] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.410200][T18617] ext4 filesystem being mounted at /502/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  286.478576][T12054] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.496142][T18621] loop2: detected capacity change from 0 to 128
[  286.535899][T18625] netlink: 'syz.1.5450': attribute type 27 has an invalid length.
[  286.544035][T18625] 1ªX¹¦À: left allmulticast mode
[  286.707635][T18642] loop1: detected capacity change from 0 to 512
[  286.724999][T18646] FAULT_INJECTION: forcing a failure.
[  286.724999][T18646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.738347][T18646] CPU: 1 UID: 0 PID: 18646 Comm: syz.5.5460 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  286.738381][T18646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  286.738446][T18646] Call Trace:
[  286.738454][T18646]  <TASK>
[  286.738464][T18646]  dump_stack_lvl+0xf6/0x150
[  286.738494][T18646]  dump_stack+0x15/0x1a
[  286.738513][T18646]  should_fail_ex+0x261/0x270
[  286.738542][T18646]  should_fail+0xb/0x10
[  286.738597][T18646]  should_fail_usercopy+0x1a/0x20
[  286.738701][T18646]  _copy_to_user+0x20/0xa0
[  286.738741][T18646]  simple_read_from_buffer+0xb2/0x130
[  286.738780][T18646]  proc_fail_nth_read+0x103/0x140
[  286.738865][T18646]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  286.738900][T18646]  vfs_read+0x1b2/0x710
[  286.738960][T18646]  ? __rcu_read_unlock+0x4e/0x70
[  286.739038][T18646]  ? __fget_files+0x186/0x1c0
[  286.739060][T18646]  ksys_read+0xeb/0x1b0
[  286.739081][T18646]  __x64_sys_read+0x42/0x50
[  286.739104][T18646]  x64_sys_call+0x2a3b/0x2e10
[  286.739183][T18646]  do_syscall_64+0xc9/0x1a0
[  286.739207][T18646]  ? clear_bhb_loop+0x25/0x80
[  286.739228][T18646]  ? clear_bhb_loop+0x25/0x80
[  286.739249][T18646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.739273][T18646] RIP: 0033:0x7f02d02fcb7c
[  286.739339][T18646] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  286.739357][T18646] RSP: 002b:00007f02ce967030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  286.739375][T18646] RAX: ffffffffffffffda RBX: 00007f02d0525fa0 RCX: 00007f02d02fcb7c
[  286.739386][T18646] RDX: 000000000000000f RSI: 00007f02ce9670a0 RDI: 0000000000000006
[  286.739480][T18646] RBP: 00007f02ce967090 R08: 0000000000000000 R09: 0000000000000000
[  286.739495][T18646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.739508][T18646] R13: 0000000000000000 R14: 00007f02d0525fa0 R15: 00007ffd094178f8
[  286.739530][T18646]  </TASK>
[  286.741726][T18642] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.952029][T18650] netlink: 'syz.4.5461': attribute type 27 has an invalid length.
[  286.952928][T18642] ext4 filesystem being mounted at /455/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  286.971525][T18650] 0ªX¹¦À: left allmulticast mode
[  287.162662][T18660] loop5: detected capacity change from 0 to 8192
[  287.164506][T18660] syz.5.5466: attempt to access beyond end of device
[  287.164506][T18660] loop5: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  287.189019][T18658] FAULT_INJECTION: forcing a failure.
[  287.189019][T18658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.189080][T18658] CPU: 0 UID: 0 PID: 18658 Comm: syz.4.5465 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  287.189119][T18658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  287.189135][T18658] Call Trace:
[  287.189219][T18658]  <TASK>
[  287.189227][T18658]  dump_stack_lvl+0xf6/0x150
[  287.189287][T18658]  dump_stack+0x15/0x1a
[  287.189304][T18658]  should_fail_ex+0x261/0x270
[  287.189335][T18658]  should_fail+0xb/0x10
[  287.189359][T18658]  should_fail_usercopy+0x1a/0x20
[  287.189393][T18658]  _copy_from_user+0x1c/0xa0
[  287.189480][T18658]  kstrtouint_from_user+0x84/0x100
[  287.189526][T18658]  ? 0xffffffff81000000
[  287.189543][T18658]  ? selinux_file_permission+0x22d/0x360
[  287.189572][T18658]  proc_fail_nth_write+0x54/0x160
[  287.189692][T18658]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  287.189735][T18658]  vfs_write+0x295/0x950
[  287.189757][T18658]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  287.189811][T18658]  ? __fget_files+0x186/0x1c0
[  287.189839][T18658]  ksys_write+0xeb/0x1b0
[  287.189862][T18658]  __x64_sys_write+0x42/0x50
[  287.189886][T18658]  x64_sys_call+0x2a45/0x2e10
[  287.189914][T18658]  do_syscall_64+0xc9/0x1a0
[  287.189945][T18658]  ? clear_bhb_loop+0x25/0x80
[  287.190013][T18658]  ? clear_bhb_loop+0x25/0x80
[  287.190040][T18658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.190067][T18658] RIP: 0033:0x7f357b9bcc1f
[  287.190085][T18658] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  287.190115][T18658] RSP: 002b:00007f357a027030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  287.190138][T18658] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f357b9bcc1f
[  287.190154][T18658] RDX: 0000000000000001 RSI: 00007f357a0270a0 RDI: 000000000000000a
[  287.190169][T18658] RBP: 00007f357a027090 R08: 0000000000000000 R09: 0000000000000000
[  287.190184][T18658] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  287.190200][T18658] R13: 0000000000000000 R14: 00007f357bbe5fa0 R15: 00007ffce8ea4f68
[  287.190223][T18658]  </TASK>
[  287.202461][T18660] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  287.202488][T18660] FAT-fs (loop5): Filesystem has been set read-only
[  287.222836][T18660] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  287.223052][T18660] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[  287.470409][T18696] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  287.641574][T18705] FAULT_INJECTION: forcing a failure.
[  287.641574][T18705] name failslab, interval 1, probability 0, space 0, times 0
[  287.654457][T18705] CPU: 0 UID: 0 PID: 18705 Comm: syz.0.5481 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  287.654492][T18705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  287.654559][T18705] Call Trace:
[  287.654566][T18705]  <TASK>
[  287.654575][T18705]  dump_stack_lvl+0xf6/0x150
[  287.654605][T18705]  dump_stack+0x15/0x1a
[  287.654625][T18705]  should_fail_ex+0x261/0x270
[  287.654653][T18705]  should_failslab+0x8f/0xb0
[  287.654679][T18705]  __kmalloc_node_noprof+0xaf/0x420
[  287.654777][T18705]  ? qdisc_alloc+0x65/0x450
[  287.654801][T18705]  qdisc_alloc+0x65/0x450
[  287.654824][T18705]  qdisc_create+0xc0/0x930
[  287.654922][T18705]  tc_modify_qdisc+0xe13/0x14d0
[  287.654959][T18705]  ? ns_capable+0x7d/0xb0
[  287.655005][T18705]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  287.655040][T18705]  rtnetlink_rcv_msg+0x6b7/0x740
[  287.655077][T18705]  ? avc_has_perm_noaudit+0x1cc/0x210
[  287.655111][T18705]  netlink_rcv_skb+0x12f/0x230
[  287.655195][T18705]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  287.655236][T18705]  rtnetlink_rcv+0x1c/0x30
[  287.655263][T18705]  netlink_unicast+0x605/0x6c0
[  287.655377][T18705]  netlink_sendmsg+0x609/0x720
[  287.655405][T18705]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.655424][T18705]  __sock_sendmsg+0x140/0x180
[  287.655456][T18705]  ____sys_sendmsg+0x350/0x4e0
[  287.655578][T18705]  __sys_sendmsg+0x1a0/0x240
[  287.655638][T18705]  __x64_sys_sendmsg+0x46/0x50
[  287.655664][T18705]  x64_sys_call+0x26f3/0x2e10
[  287.655689][T18705]  do_syscall_64+0xc9/0x1a0
[  287.655786][T18705]  ? clear_bhb_loop+0x25/0x80
[  287.655810][T18705]  ? clear_bhb_loop+0x25/0x80
[  287.655835][T18705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.655861][T18705] RIP: 0033:0x7f616de8e169
[  287.655879][T18705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.655927][T18705] RSP: 002b:00007f616c4f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  287.655949][T18705] RAX: ffffffffffffffda RBX: 00007f616e0b5fa0 RCX: 00007f616de8e169
[  287.655964][T18705] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  287.656028][T18705] RBP: 00007f616c4f7090 R08: 0000000000000000 R09: 0000000000000000
[  287.656041][T18705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.656052][T18705] R13: 0000000000000000 R14: 00007f616e0b5fa0 R15: 00007ffc9d863688
[  287.656075][T18705]  </TASK>
[  287.695523][   T29] kauditd_printk_skb: 309 callbacks suppressed
[  287.695544][   T29] audit: type=1326 audit(1745322281.947:15339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  287.706107][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.708510][   T29] audit: type=1326 audit(1745322281.947:15340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  287.958896][   T29] audit: type=1326 audit(1745322281.947:15341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  287.982643][   T29] audit: type=1326 audit(1745322281.947:15342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  288.006299][   T29] audit: type=1326 audit(1745322281.947:15343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  288.029904][   T29] audit: type=1326 audit(1745322281.947:15344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  288.053574][   T29] audit: type=1326 audit(1745322281.947:15345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  288.077281][   T29] audit: type=1326 audit(1745322281.957:15346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  288.101109][   T29] audit: type=1326 audit(1745322281.957:15347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  288.124698][   T29] audit: type=1326 audit(1745322281.957:15348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18693 comm="syz.5.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02d02fe169 code=0x7ffc0000
[  288.265049][T18727] loop1: detected capacity change from 0 to 1024
[  288.276936][T18727] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.304674][T12248] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.351691][T18736] FAULT_INJECTION: forcing a failure.
[  288.351691][T18736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  288.365084][T18736] CPU: 1 UID: 0 PID: 18736 Comm: syz.4.5492 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  288.365121][T18736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  288.365167][T18736] Call Trace:
[  288.365174][T18736]  <TASK>
[  288.365183][T18736]  dump_stack_lvl+0xf6/0x150
[  288.365211][T18736]  dump_stack+0x15/0x1a
[  288.365243][T18736]  should_fail_ex+0x261/0x270
[  288.365269][T18736]  should_fail+0xb/0x10
[  288.365289][T18736]  should_fail_usercopy+0x1a/0x20
[  288.365313][T18736]  _copy_to_user+0x20/0xa0
[  288.365387][T18736]  simple_read_from_buffer+0xb2/0x130
[  288.365426][T18736]  proc_fail_nth_read+0x103/0x140
[  288.365541][T18736]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  288.365581][T18736]  vfs_read+0x1b2/0x710
[  288.365609][T18736]  ? __rcu_read_unlock+0x4e/0x70
[  288.365633][T18736]  ? __fget_files+0x186/0x1c0
[  288.365683][T18736]  ksys_read+0xeb/0x1b0
[  288.365707][T18736]  __x64_sys_read+0x42/0x50
[  288.365728][T18736]  x64_sys_call+0x2a3b/0x2e10
[  288.365759][T18736]  do_syscall_64+0xc9/0x1a0
[  288.365789][T18736]  ? clear_bhb_loop+0x25/0x80
[  288.365813][T18736]  ? clear_bhb_loop+0x25/0x80
[  288.365833][T18736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.365919][T18736] RIP: 0033:0x7f357b9bcb7c
[  288.365937][T18736] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  288.365958][T18736] RSP: 002b:00007f357a027030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  288.365980][T18736] RAX: ffffffffffffffda RBX: 00007f357bbe5fa0 RCX: 00007f357b9bcb7c
[  288.365993][T18736] RDX: 000000000000000f RSI: 00007f357a0270a0 RDI: 0000000000000007
[  288.366008][T18736] RBP: 00007f357a027090 R08: 0000000000000000 R09: 0000000000000000
[  288.366022][T18736] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001
[  288.366036][T18736] R13: 0000000000000000 R14: 00007f357bbe5fa0 R15: 00007ffce8ea4f68
[  288.366105][T18736]  </TASK>
[  288.608667][T18739] xt_connbytes: Forcing CT accounting to be enabled
[  288.619738][T18739] Cannot find set identified by id 0 to match
[  288.646990][T18747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.674656][T18747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  288.732653][T18758] loop5: detected capacity change from 0 to 256
[  288.739974][T18758] vfat: Bad value for 'shortname'
[  288.759634][T18762] loop2: detected capacity change from 0 to 256
[  288.771640][T18761] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  288.780055][T18761] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  288.790954][T18762] FAULT_INJECTION: forcing a failure.
[  288.790954][T18762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  288.796530][T18766] __nla_validate_parse: 9 callbacks suppressed
[  288.796616][T18766] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5505'.
[  288.804057][T18762] CPU: 0 UID: 0 PID: 18762 Comm: syz.2.5504 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  288.804126][T18762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  288.804174][T18762] Call Trace:
[  288.804183][T18762]  <TASK>
[  288.804193][T18762]  dump_stack_lvl+0xf6/0x150
[  288.804287][T18762]  dump_stack+0x15/0x1a
[  288.804307][T18762]  should_fail_ex+0x261/0x270
[  288.804339][T18762]  should_fail+0xb/0x10
[  288.804364][T18762]  should_fail_usercopy+0x1a/0x20
[  288.804396][T18762]  _copy_to_iter+0xd8/0xd10
[  288.804478][T18762]  ? seq_write+0x9f/0xc0
[  288.804514][T18762]  ? __pfx_fat_show_options+0x10/0x10
[  288.804552][T18762]  ? show_vfsmnt+0x3c3/0x3f0
[  288.804619][T18762]  ? __virt_addr_valid+0x1ed/0x250
[  288.804643][T18762]  ? __check_object_size+0x367/0x510
[  288.804722][T18762]  seq_read_iter+0x7b8/0x970
[  288.804770][T18762]  vfs_read+0x5e6/0x710
[  288.804799][T18762]  __x64_sys_pread64+0xfb/0x150
[  288.804827][T18762]  x64_sys_call+0x26ad/0x2e10
[  288.804921][T18762]  do_syscall_64+0xc9/0x1a0
[  288.804984][T18762]  ? clear_bhb_loop+0x25/0x80
[  288.805012][T18762]  ? clear_bhb_loop+0x25/0x80
[  288.805040][T18762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.805066][T18762] RIP: 0033:0x7f3c8d6ae169
[  288.805086][T18762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.805190][T18762] RSP: 002b:00007f3c8bd17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  288.805214][T18762] RAX: ffffffffffffffda RBX: 00007f3c8d8d5fa0 RCX: 00007f3c8d6ae169
[  288.805229][T18762] RDX: 0000000000000ff4 RSI: 0000200000001b80 RDI: 0000000000000004
[  288.805246][T18762] RBP: 00007f3c8bd17090 R08: 0000000000000000 R09: 0000000000000000
[  288.805261][T18762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.805276][T18762] R13: 0000000000000000 R14: 00007f3c8d8d5fa0 R15: 00007ffc727e1368
[  288.805300][T18762]  </TASK>
[  289.040619][T18776] ==================================================================
[  289.048756][T18776] BUG: KCSAN: data-race in mas_wr_store_entry / mtree_range_walk
[  289.056507][T18776] 
[  289.058844][T18776] write to 0xffff888134edd910 of 8 bytes by task 18775 on cpu 1:
[  289.066569][T18776]  mas_wr_store_entry+0x1266/0x2460
[  289.071788][T18776]  mas_store_prealloc+0x6d5/0x960
[  289.076853][T18776]  commit_merge+0x685/0x710
[  289.081376][T18776]  vma_expand+0x1d9/0x380
[  289.085716][T18776]  vma_merge_new_range+0x2c2/0x340
[  289.090841][T18776]  mmap_region+0x805/0x1490
[  289.095401][T18776]  do_mmap+0x9ef/0xc80
[  289.099530][T18776]  vm_mmap_pgoff+0x16d/0x2d0
[  289.104144][T18776]  ksys_mmap_pgoff+0xd0/0x340
[  289.108832][T18776]  x64_sys_call+0x1945/0x2e10
[  289.113530][T18776]  do_syscall_64+0xc9/0x1a0
[  289.118053][T18776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.124003][T18776] 
[  289.126342][T18776] read to 0xffff888134edd910 of 8 bytes by task 18776 on cpu 0:
[  289.134069][T18776]  mtree_range_walk+0x1b3/0x460
[  289.138936][T18776]  mas_walk+0x16e/0x320
[  289.143102][T18776]  lock_vma_under_rcu+0xa7/0x340
[  289.148085][T18776]  exc_page_fault+0x150/0x6a0
[  289.152771][T18776]  asm_exc_page_fault+0x26/0x30
[  289.157631][T18776] 
[  289.159963][T18776] value changed: 0x00007f3c8bcf6fff -> 0xffffffff8561e830
[  289.167070][T18776] 
[  289.169401][T18776] Reported by Kernel Concurrency Sanitizer on:
[  289.175554][T18776] CPU: 0 UID: 0 PID: 18776 Comm: syz.2.5508 Not tainted 6.15.0-rc3-syzkaller-00008-ga33b5a08cbbd #0 PREEMPT(voluntary) 
[  289.188071][T18776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  289.198139][T18776] ==================================================================