last executing test programs:

3.530033679s ago: executing program 1 (id=2075):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000000c0)="10030600e0ff020004004750aa96a13bb100001500007fca1a0f0c762d90", 0x1e, 0x20000080, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r2, 0x82307201, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
vmsplice(r3, &(0x7f0000000140)=[{&(0x7f0000000100)='\x00', 0x20000101}], 0x1000000000000044, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x39, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10208}, 0x0, 0xffffffffffffffff, r3, 0x0)
socket(0x2, 0xa, 0x310)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r4, 0x0, 0x1000000000000}, 0x18)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688634c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2.601763269s ago: executing program 0 (id=2083):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000340), &(0x7f0000000300)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001ec0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='kmem_cache_free\x00', r3}, 0x18)
memfd_secret(0x80000)

2.045127432s ago: executing program 3 (id=2088):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x961}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800ffe000000000000000210d0000aaa8fa017242ba9380d440fe0000", 0x24)

1.976363306s ago: executing program 3 (id=2089):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2000, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x7040, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xc}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x800009, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x444, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xf8c800, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x4, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x1, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0xffffffff, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x8000, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10401, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x6, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x10000, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x1, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r4], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$key(0xf, 0x3, 0x2)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000c80)='./file0\x00', 0x210000, &(0x7f0000000180)={[{@dioread_lock}, {@resgid}, {@mblk_io_submit}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@jqfmt_vfsv0}]}, 0xfc, 0x58f, &(0x7f0000002d00)="$eJzs3U1rXFUfAPD/nUzSNu3zNIVS1IUUurBSO2kSXyoI1pWIFgu6r0MyDSWTTslMShMLtgu7cSNFELEgfgD3LotfwE9R0EKREnQhQuRO7qTTZCavE2fS+f3gtufMuTfn/nPuOTln7gw3gL51Mv0nF/FiRHydRBxtKstHVnhyZb+lJ7cm0y2J5eVP/kgiyV5r7J9k/x/OMi9ExC9fRpzJra+3urA4UyyXS3NZfrQ2e320urB49upscbo0Xbo2PjFx/o2J8bfferNjsb566a/vPn7wwfmvTi19+9OjY/eSuBBHsrLmOHbhdnPmZPGfLDUYF9bsONaBynpJ0u0TYEcGsn4+GOkYcDQGsl4PPP++iIhloE8l+j/0qcY8oLG279A6eN94/N7KAqge+1Bz/PmV90biYH1tNLyUPLMySte7Ix2oP63j59/v30u32Ph9iEOb5AG25fadiDiXz68f/5Ns/Nu5c/U3jze2to5++/sD3fQgnf+81mr+l1ud/0SL+c/hFn13Jzbv/7lHHaimrXT+907L+e/q0DUykOX+V5/zDSZXrpZL5yLi/xFxOgYPpPmN7uecX3q43K6sef6Xbmn9jblgdh6P8geePWaqWCtGxNBu4m54fCfipXyr+JPV9k9atH/6+7i0xTpOlO6/3K5s8/j31vKPEa+0bP+nd7SSje9Pjtavh9HGVbHen3dP/Nqu/m7Hn7b/8MbxjyTN92ur26/jh4N/l9qVpfEP7+D6H0o+racbneBmsVabG4sYSj5a//r402Mb+cb+afynT63E/+xkJbfh9Z8uvj7bYvx3j99tu2svtP/Uttp/+4mHH37+fbv6tzb+vV5Pnc5eyca/1rJrZasnuNvfHwAAAAAAAPSSXEQciSRXWE3ncoXCyuc7jsdwrlyp1s5cqcxfm4r6d2VHYjDXuNN9tOnzEGPZ52Eb+fE1+YmIOBYR3wwcqucLk5XyVLeDBwAAAAAAAAAAAAAAAAAAgB5xuM33/1O/DXT77IA9V3+wwYFunwXQDZs+8r8TT3oCetKm/R94bun/0L/0f+hfa/t/R54sDOwL/v5D/9L/oX/p/9C/9H8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqEsXL6bb8tKTW5NpfurGwvxM5cbZqVJ1pjA7P1mYrMxdL0xXKtPlUmGyMrvZzytXKtfHxmP+5mitVK2NVhcWL89W5q/VLl+dLU6XLpcG/5OoAAAAAAAAAAAAAAAAAAAAYH+pLizOFMvl0txqIp+VzK0v6tPEu9ETp7GXAa7Y0eH5XolibxLvD/TEaewmcSdr3u0d1aUBCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa+DcAAP//Rm0oPg==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r5, 0x10, 0x6, 0x9)

1.839540551s ago: executing program 0 (id=2091):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800ffe000000000000000210d0000aaa8fa017242ba9380d440fe0000", 0x24)

1.792140723s ago: executing program 0 (id=2093):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x3000, 0x3, &(0x7f0000b14000/0x3000)=nil)

1.791583503s ago: executing program 0 (id=2094):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000440), 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r2}, 0x18)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x24}}, 0x0)
getsockname(r4, &(0x7f0000000400)=@xdp={0x2c, 0x0, <r5=>0x0}, &(0x7f00000000c0)=0x30)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c000000044f4f506bbf716a50004ff90000000000000000", @ANYRES32=r5, @ANYBLOB="0580040000000000280012800b000100697036746e6c00001800028014000200fc0100"/48], 0x48}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0xffffff4d, &(0x7f0000000480)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0x0, 0xffe0}}}, 0x24}}, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r9, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r9, 0x0, 0x30, &(0x7f00000012c0)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)
close_range(r1, 0xffffffffffffffff, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r11, 0x0, 0x3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)

1.742464256s ago: executing program 2 (id=2095):
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x248}, 0x0)
openat$autofs(0xffffffffffffff9c, 0x0, 0x200, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1ff, 0x1}, 0x4352, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r5, &(0x7f0000000380)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000002c0)='htcp', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x1100)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f0000000080)=r3}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)

1.741728836s ago: executing program 0 (id=2096):
r0 = socket$pppoe(0x18, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4}, @exit, @alu={0x5, 0x1, 0xa, 0xa, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @multicast, 'ip6gre0\x00'}}, 0x1e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
creat(&(0x7f0000000280)='./file2\x00', 0x1)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f00000004c0), 0x208e24b)
connect$pppoe(r0, &(0x7f0000000240)={0x18, 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 'virt_wifi0\x00'}}, 0x1e)

1.618520391s ago: executing program 3 (id=2097):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)

857.354824ms ago: executing program 2 (id=2103):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000200)='./bus\x00', 0x1000000, &(0x7f00000005c0)=ANY=[], 0x1, 0x126f, &(0x7f0000001600)="$eJzs3U1rY1UcB+B/2vQtY5uq4+gMiAfdKEKcduHKTZEZEAtKtQMqCHdsqqFpU5pQiIhTV64EP4aoS3eC+AW6ceNaEES6cTkL8UqbjDNp0o522lSG59ncwznnd8+5veXCDedw9175cn1ttVlZzVoxUihEcXMsirdTpBiJ0ejYiRdu/PzL02+98+7rC4uL15ZSur7w9tzLKaWZZ35475Nvn/2xdeHGdzPfT8Tu7Pt7f8z/untp9/LeX99ErZlqzbTRaKUs3Ww0WtnNejWt1JprlZTerFezZjVNdse4275ab2xutlO2sTJd2tyqNpsp22intWo7tQqptdVO2YdZbSNVKpU0XQoexPLXt/M8j8jzsRiPPM/zqSjFhXgkpmMmyjEbj8Zj8XhcjCfiUjwZT8Xlg17nPW8AAAAAAAAAAAAAAAAAAAB4uNxn/3+hf///xHlPGQAAAAAAAAAAAAAAAAAAAB46h/f/FyN8/x8AAAAAAAAAAAAAAAAAAACG7D7f/z+0//9F+/8BAAAAAAAAAAAAAAAAAADgLEx2DkspTUasf769vL3cOXbqF1ajFvWoxtUox59xsPu/o1O+/tritavpwGy8tH6rm7+1vTzam58bK8dsYWB+rpNPvfmJKN2bn49yXBw8/vzA/GQ8/9x+/rNOvhLl+OmDaEQ9ViIK3as/yH86l9KrbyxO9eav7Pc70ugZ3xYAAAA4TZX0j/73951up4Htnabu+3nq9iwc8/vAoffzYlwpntdVc0ez/fFaVq9Xt05YGD/6POO9NVPdniceqxARWU98pvTb0v4pTzr5UyuMDnXQseP7PMA9jeL/4I95CoXfv7qnZjKGO/pI9x89q+8/P/9dKnby/EwnNj6oaeK41NHPjMIZP5MYnrs3/bxnAgAAAAAAAAAAwH8xcPXfVET0rQf8qK/mzvLw3nj/mY8e/YshXCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//+E38bU")
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
r2 = epoll_create1(0x80000)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)={0xe000001a})
finit_module(r3, 0x0, 0x3)
syz_open_procfs(0x0, &(0x7f0000000100)='net/raw\x00')
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000000))
io_setup(0x8f0, &(0x7f0000002400)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000940)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x2}])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000005d0601040000b95b36e500000000"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000540)={'syztnl2\x00', &(0x7f00000004c0)={'ip6tnl0\x00', 0x0, 0x2f, 0x9, 0x81, 0xfffffff9, 0x20, @private0, @mcast1, 0x8000, 0x7, 0x8000, 0x8e1}})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r7}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r7], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r9, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x10)
syz_open_procfs(0x0, &(0x7f00000041c0)='net/packet\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000100)={0xa, 0x4620, 0x2, @remote, 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="08bd485a6ddba5a56a1d901800000000000000290000003400000004000000ea000000"], 0x30}}], 0x1, 0xc8800)

799.282806ms ago: executing program 0 (id=2104):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000700)=ANY=[@ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/power/image_size', 0x1a1081, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r2)
sendmsg$MPTCP_PM_CMD_REMOVE(r2, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001200)=ANY=[@ANYRES16=r4, @ANYBLOB="00042abd7000ffdbdf25090000000800030002000000080002000000000030000180060001000a0000001400040020010000000000000000000000000002080006000200000008000300ac1414aa2000068014000400fe880000000000000000000000000101060005004e24000005000500080000001991c3c1e8226d7dc686a1811c05bd44adb8c7145dc0f616911b8a9e77764bfacc35b4f0020a3a87d7935d79a09e07310029b39bdf16b41308bf23ef519b35a2a04bbbf9d09d9f9558676a4ebd3f99ffb2dd0769bca89a8fab315f3b78f59531e01b7b3a7132c5"], 0x7c}, 0x1, 0x0, 0x0, 0x8440}, 0x4048044)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r5 = syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f639489314a7a8eda839df64e9f6f6d7072657373"], 0x3, 0x54c, &(0x7f0000000540)="$eJzs3M9uG8cZAPBZmXJUFTUKBI0dxYeN04MLNApJ1zKEAAW2q6W0CckldleBfSqCWgqESmmRpEDjmy9uC7QPkWufoKe+UdBjjwmWSzqOLdL/ksiIfz9AmuHutzPfrIgZkOIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhSne63V4Uhvl4/2a8WLpTFqMl5+ft/edbxZJ+Q4ian7C2Fi61hy69+s3pXzS/roSL7aOLYa0p1sKdn77283df7azMr1+S0A9gdZbs8cEnywOj8FX0QyX1/dg7/VbvZuO8KvJRspvFeVXE21tb3Xf2BlU8yIdZdauqs1GcdkJSF2V8Nf1V3NvevhZnm7eK/fHuTjLM5gdvvN3vdrfi9zYnWVJWxfid9zardC8fDvPx7jSmOd3E3GieiO/ndVxnySiOD4+OD649LvcmqPckQf3HBfW7/X6v1+/3tq5vX7/R7XYeOdB9SHgk4qyftJy173D2huczX/8BAACAH69o+h578/p/dfo+fBQG+TDrnnVaAAAAwHdo+p//i00x/TTbpRB5/Q8AAAA/Nn9/7B67avJK9N//hbJcje5Obv4yOkmauOTkXHvduYdbrAed6MKskWmx1Zk9SrPL0ett0Ovz6C9nxeHj8oieIoGNBQmEf4aNNmbjdlvenp9pe1kf5MNsMy2G7/ZCklxYqbOb9V8+PvprmA7/H+PRhSgcHh0fbP7hT8e3p7ncbVq5ezLbQPHIPooluXx2f9/jQyP+om1qtcklmvW73vbbfXD8K+3lK0/R573wRhvzxnpbrn97/GtNn73NRaNfj3423Uz3nCO/Fy63MZevvtUUb109JYv+aVmcnzU+3a33YBbPdC+eIItrS+5FODx6JYTwRFn8ZFEWAGflcNEqdH/9f3jd7TzDXPvN6v7b73F1vxfebGPe3JhOrJ2NU2b07vIZfb7G3j3/rKvbv8OVNubKPHjRGtv0+6/7/bar6nTx/2Jhv9WwHzV/qHOfnfw5vPbp53fePjr58KODjw4+7vevbXV/0+1e74fV6TBmxZJMAXh5ZeWX0Xr9t6gs88nve9vbvaTey+KySN+Py3xnN4vzcZ2V6V4y3s3iSVnURVoMm8oH+U5WxdX+ZFKUdTwoynhSVPnN6Te/xLOvfqmy8OtxnafVZJglVRanxbhO0jreyas0nuz/bphXe1k5vbiaZGk+yNOkzotx3Cn2yzTbjOMqyx4IzHeycZ0P8qY6jidlPkrKW/EHxXB/lMU7WZWW+aQu2gbnfeXjQVGOkjo/FzbP+mYDwAvi08/v/PHD4+ODT56w8v+vWk9z1aO9nj+LoQIAM8tWaQAAAAAAAAAAAAAA4MXwtPv/VFRensrKc7fTeQFGsbAynwROjTnbeQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATvN1AAAA//92jZ2z")
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r7, &(0x7f0000004200)='t', 0x1)
sendfile(r7, r6, 0x0, 0x3ffff)
sendfile(r7, r6, 0x0, 0x7ffff000)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xdb, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0xf, 0x10, &(0x7f0000000b80)=ANY=[@ANYRES32=r5, @ANYRES32=r8, @ANYBLOB="0000000000000000b705000008000000850000006900000095e32829d8719f032b0d77b9ca2db6de548057e315e3d495d9c79cd6337637bc394aba19630e021a0fdb3529faa3b0a803e52158ef97d980a872df0d578eef1eb20258f667e5883187ff67b0cc3d"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
write(0xffffffffffffffff, &(0x7f0000004200), 0x0)
r10 = shmget(0x0, 0x2000, 0x2c000400, &(0x7f0000fae000/0x2000)=nil)
shmctl$IPC_RMID(r10, 0x0)

758.994828ms ago: executing program 1 (id=2105):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000026c0)=ANY=[@ANYBLOB='nonumtail=0,uni_xlate=0,shortname=win95,rodir,iocharset=ascii,nonumtail=0,iocharset=koi8-ru,shortname=win95,iocharset=utf8,shortname=win95,shortname=mixed,uni_xlate=1,usefree,uni_xlate=1,shortname=win95,nonumtail=0,nonumtail=0,nfs=nosnnonumtail=1,shortname=mixed,nonumtail=0,rodir,iocharset=macceltic,\x00'], 0x1, 0x36b, &(0x7f0000000a00)="$eJzs3U1vG1UXAODTvM1H85I6C4QECHFVNrCxkvAHGqFWQkQChRoVFkhTMgEr0zjyWEGuEHTHlt9RsWSHhPgDWcCeHbtsWHZRdVDsuPloCIvUHgrPI0X3xPce+4zHM7qb0dm//d3drc2yuZn1Yup6iqmImHoYsTiIhi4djlODeCaOux9vNW7/9tqHH3/y3ura2o31lG6u3np7JaV09fWfvvzq+2s/9/7/0Q9Xf5yNvcVP9/9Y+X3vpb2X9x/f+qJdpnaZtju9lKU7nU4vu1PkaaNdbjVT+qDIszJP7e0y756Y3yw6Ozv9lG1vLMzvdPOyTNl2P23l/dTrpF63n7LPs/Z2ajabaWE++DutB+vr2eownjtn3fVJFcQYdLur2cE1PPvUTOtBLQUBALW66P5/5pnu/6fD/n+Sju//+bc62P/PHF6/J9n/AwAAAAAAAAAAAADA8+BhVTWqqmqMxmr0kPDh/zWXx5g9df5P/dVdH+N17MG9uYji293Wbms4DudXN6MdReSxFI14dHBbGBnGN99du7GUBhZj4e43g/xrv0S0/ncyfzkasXh2/vIwPz3Jj4NxOuaP569EI148O3/lzPyZePONY/nNaMSvn0UnitgY3N6O8r9eTumd99dO5c8O1gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw39BMI6/GsO/9biviSuwe9u9vHi1YPNkff5j/pL/+UjTi0dn9+ZfO7M9/OV65XO+xAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBI2b+3lRVF3p1UMOr5P3hlZhT8ddal4fL7p6auxARrLop86lm94eOqqsZV6txkT+VFgumI885gdfgrufhnvRAR56yZjYj6v41/YlDXHQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqc9T0u+5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqFPZv7eVFUXeHWNQ9zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8T/4MAAD//yeQEY0=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000e80)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x79, 0xb3, 0x1, 0x4, 0x2, 0x6, 0x7, 0x32e, 0x40, 0x1de, 0x7, 0xc40, 0x38, 0x1, 0x7, 0x8, 0xa1}, [{0x2, 0xff, 0x4, 0x800, 0x3, 0x3, 0x6, 0x7}]}, 0x78)
sendfile(r2, r2, &(0x7f0000000000)=0x9, 0xffffffff)

689.910381ms ago: executing program 3 (id=2106):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x3000, 0x3, &(0x7f0000b14000/0x3000)=nil)

656.758972ms ago: executing program 4 (id=2107):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800ffe000000000000000210d0000aaa8fa017242ba9380d440fe0000", 0x24)

636.699673ms ago: executing program 3 (id=2108):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2000, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x7040, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xc}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x800009, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x444, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x0, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xf8c800, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x4, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x1, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0xffffffff, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x8000, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10401, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x6, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x10000, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x1, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r4], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$key(0xf, 0x3, 0x2)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000c80)='./file0\x00', 0x210000, &(0x7f0000000180)={[{@dioread_lock}, {@resgid}, {@mblk_io_submit}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@jqfmt_vfsv0}]}, 0xfc, 0x58f, &(0x7f0000002d00)="$eJzs3U1rXFUfAPD/nUzSNu3zNIVS1IUUurBSO2kSXyoI1pWIFgu6r0MyDSWTTslMShMLtgu7cSNFELEgfgD3LotfwE9R0EKREnQhQuRO7qTTZCavE2fS+f3gtufMuTfn/nPuOTln7gw3gL51Mv0nF/FiRHydRBxtKstHVnhyZb+lJ7cm0y2J5eVP/kgiyV5r7J9k/x/OMi9ExC9fRpzJra+3urA4UyyXS3NZfrQ2e320urB49upscbo0Xbo2PjFx/o2J8bfferNjsb566a/vPn7wwfmvTi19+9OjY/eSuBBHsrLmOHbhdnPmZPGfLDUYF9bsONaBynpJ0u0TYEcGsn4+GOkYcDQGsl4PPP++iIhloE8l+j/0qcY8oLG279A6eN94/N7KAqge+1Bz/PmV90biYH1tNLyUPLMySte7Ix2oP63j59/v30u32Ph9iEOb5AG25fadiDiXz68f/5Ns/Nu5c/U3jze2to5++/sD3fQgnf+81mr+l1ud/0SL+c/hFn13Jzbv/7lHHaimrXT+907L+e/q0DUykOX+V5/zDSZXrpZL5yLi/xFxOgYPpPmN7uecX3q43K6sef6Xbmn9jblgdh6P8geePWaqWCtGxNBu4m54fCfipXyr+JPV9k9atH/6+7i0xTpOlO6/3K5s8/j31vKPEa+0bP+nd7SSje9Pjtavh9HGVbHen3dP/Nqu/m7Hn7b/8MbxjyTN92ur26/jh4N/l9qVpfEP7+D6H0o+racbneBmsVabG4sYSj5a//r402Mb+cb+afynT63E/+xkJbfh9Z8uvj7bYvx3j99tu2svtP/Uttp/+4mHH37+fbv6tzb+vV5Pnc5eyca/1rJrZasnuNvfHwAAAAAAAPSSXEQciSRXWE3ncoXCyuc7jsdwrlyp1s5cqcxfm4r6d2VHYjDXuNN9tOnzEGPZ52Eb+fE1+YmIOBYR3wwcqucLk5XyVLeDBwAAAAAAAAAAAAAAAAAAgB5xuM33/1O/DXT77IA9V3+wwYFunwXQDZs+8r8TT3oCetKm/R94bun/0L/0f+hfa/t/R54sDOwL/v5D/9L/oX/p/9C/9H8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqEsXL6bb8tKTW5NpfurGwvxM5cbZqVJ1pjA7P1mYrMxdL0xXKtPlUmGyMrvZzytXKtfHxmP+5mitVK2NVhcWL89W5q/VLl+dLU6XLpcG/5OoAAAAAAAAAAAAAAAAAAAAYH+pLizOFMvl0txqIp+VzK0v6tPEu9ETp7GXAa7Y0eH5XolibxLvD/TEaewmcSdr3u0d1aUBCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa+DcAAP//Rm0oPg==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fallocate(r5, 0x10, 0x6, 0x9)

595.815895ms ago: executing program 4 (id=2109):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000017c0)=@newtaction={0x898, 0x30, 0xfbed, 0x70bd29, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE64={0xc, 0xb, 0xffffffffffffffff}, @TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x4, 0x5, 0x2, 0x4000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x5f41fde7, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x7ff, 0x0, 0x4e16, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x8001, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x652f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7fe6bd0, 0x6, 0x1ffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa84911, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x2, 0x10000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0xfff, 0x1, 0x0, 0x0, 0x0, 0x2]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x3a4f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x59dad7ad, 0x0, 0x0, 0x894e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x17a00, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400400, 0x0, 0x0, 0x80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffbffff, 0x0, 0x0, 0xcd9, 0x0, 0x0, 0x7, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0xfffffff9, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x319e, 0x4, 0x6, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x5, 0x0, 0xfffffffc, 0x0, 0x0, 0x20000000, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0xfffc, 0x5}, {0x4, 0x0, 0x0, 0x0, 0x0, 0x400}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0)

595.177985ms ago: executing program 4 (id=2110):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x10}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
inotify_add_watch(r1, &(0x7f0000000100)='./file0\x00', 0x62)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000880)="33cbfcd09c9ebf37d72bb80d73f2c6c0c135a19b36e37c68f84ce48a5bb9b0570398bcbe20763263a7d5389737d28e27569c536197c61b8d67011b93036a314b948c37a7a3446c3195773b7631a84aa6070040f91b164f7a9edf156cb1589f3929058388024e198518501c4d5c0667df17e6c3c945fc2cba24af05ed898ac8f849cb2b872221e53ed9e19712d44cf02e5897fa8115255af9431edac75375418ce692170ed4deafcdd63b2839a4d8425657a3d83b0200000000ecc4f343e1b67f17197e934ea7b83a5982f7f7185325000000000023865fe53f39f22c624b955375903759393f7c686b9343ece02a636fd7fa1465be5b0590535a49c29f35697ee08b4fda30fefdc2ec5447d6957ea48cfe7925bea08c6dffa0af657fc19d553ee876548cae2f7802aee2c2e87bf8e8364a370bd2a82a35aa3c0cec71e5c890db23e72de51e15cb243d6c1d4ed30a9e1ba86a9d208e283b6cbc2bf710da8f3d620c3b9f197740d29c0e", 0x16}, {&(0x7f0000000600)="ac541c266392ee314744293a8eacd5abd4510dc6f135f556f4baabfc7c4f24a4b50f089bf6bf9fac64312583661b24fdd6ceb046a28b9a5bc4a6dde30c142aa0b91faa6f818d8eb66b76af580543f44b656c2ae4e40ffe7973d1e0dc8634a15490b2ed9a6e2147d22051bbe400", 0x6d}], 0x2)
mq_getsetattr(r1, &(0x7f0000000080)={0x400, 0xfffffffffffffff8, 0x81, 0x66c}, &(0x7f00000000c0))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
syz_open_dev$usbmon(&(0x7f0000000140), 0x8000, 0x400)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r3}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f00000027c0), r4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000007ccfb6fbdcec0000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r5}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r8)

565.165746ms ago: executing program 2 (id=2111):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x3000, 0x3, &(0x7f0000b14000/0x3000)=nil)

506.543409ms ago: executing program 1 (id=2112):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x10}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
inotify_add_watch(r1, &(0x7f0000000100)='./file0\x00', 0x62)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000880)="33cbfcd09c9ebf37d72bb80d73f2c6c0c135a19b36e37c68f84ce48a5bb9b0570398bcbe20763263a7d5389737d28e27569c536197c61b8d67011b93036a314b948c37a7a3446c3195773b7631a84aa6070040f91b164f7a9edf156cb1589f3929058388024e198518501c4d5c0667df17e6c3c945fc2cba24af05ed898ac8f849cb2b872221e53ed9e19712d44cf02e5897fa8115255af9431edac75375418ce692170ed4deafcdd63b2839a4d8425657a3d83b0200000000ecc4f343e1b67f17197e934ea7b83a5982f7f7185325000000000023865fe53f39f22c624b955375903759393f7c686b9343ece02a636fd7fa1465be5b0590535a49c29f35697ee08b4fda30fefdc2ec5447d6957ea48cfe7925bea08c6dffa0af657fc19d553ee876548cae2f7802aee2c2e87bf8e8364a370bd2a82a35aa3c0cec71e5c890db23e72de51e15cb243d6c1d4ed30a9e1ba86a9d208e283b6cbc2bf710da8f3d620c3b9f197740d29c0e", 0x16}, {&(0x7f0000000600)="ac541c266392ee314744293a8eacd5abd4510dc6f135f556f4baabfc7c4f24a4b50f089bf6bf9fac64312583661b24fdd6ceb046a28b9a5bc4a6dde30c142aa0b91faa6f818d8eb66b76af580543f44b656c2ae4e40ffe7973d1e0dc8634a15490b2ed9a6e2147d22051bbe400", 0x6d}], 0x2)
mq_getsetattr(r1, &(0x7f0000000080)={0x400, 0xfffffffffffffff8, 0x81, 0x66c}, &(0x7f00000000c0))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b165"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
syz_open_dev$usbmon(&(0x7f0000000140), 0x8000, 0x400)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r3}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f00000027c0), r4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000007ccfb6fbdcec0000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r5}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r8)

502.566659ms ago: executing program 2 (id=2113):
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x14, 0x4, 0x8, 0x1}, 0x50)
arch_prctl$ARCH_SHSTK_ENABLE(0x1003, 0xf0ff1f00000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$9p_unix(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000280), 0x808008, &(0x7f0000000440))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
nanosleep(&(0x7f0000000000)={0x0, 0x989680}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x13, 0xc, &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7081700000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000009610a71c64e77fd4df7c000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESDEC, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$tipc(0x1e, 0x5, 0x0)
syz_io_uring_setup(0x7564, 0x0, &(0x7f00000000c0)=<r2=>0x0, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r3}, 0x18)
r4 = socket(0x10, 0x3, 0x9)
connect$netlink(r4, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14}}, 0x28}}, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000080)={0x0, 0x20000001}, 0x8}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000006380)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}}, @call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000380)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

427.469642ms ago: executing program 4 (id=2114):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0xf}) (async, rerun: 64)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (rerun: 64)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000000)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async, rerun: 32)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)) (async, rerun: 32)
r1 = perf_event_open$cgroup(&(0x7f00000000c0)={0x1, 0x80, 0x8, 0x4, 0xf, 0x25, 0x0, 0x2, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x1, @perf_bp={&(0x7f0000000040), 0xc}, 0x1008, 0x2, 0xfffffff9, 0x7, 0x1, 0x0, 0x200, 0x0, 0x1, 0x0, 0x7}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0xf)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89a2, &(0x7f0000000080))

353.812605ms ago: executing program 2 (id=2115):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1002}]})
socket(0x21, 0x6, 0x1)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x80202, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x1000410, &(0x7f0000000000), 0x6, 0x507, &(0x7f0000000680)="$eJzs3b9vW1sdAPDvdeKXNM996YM3AAJeeRQKKnV+tI2qMtAuIFRVQlRISAxtSNwoil1HcVKakCEd2ZFaiQn+BDYGpE4MbGywsZQBqUAEapAYLrrXbpImcR3aJKb25yNd33vOdfw9x845x/c4zgmgb52NiI2IeC8i7kbEaCs/aW1xvbll93uxuT6ztbk+k0Sa3v57kp/P8mLXz2Tebz3mcER8/zsRP072x22sri1MV6uVpVZ6bLm2ONZYXbs4X2jlTE5NTI1fvXRl8sjq+nHt18+/PX/zB7/9zRee/WHj6z/NilX62en83O56HKVm1YtR2pU3GBE3jyNYlwy2fn9492St7VMR8Une/kdjIH81AYBelqajkY7uTgMAvS67/i9FUii35gJKUSiUy805vI9ipFCtN5YvjNZX7s9GPod1JoqFe/PVynhrrvBMFJMsPZEf76Qn96QvRcSHEfHzoVN5ujxTr852840PAPSx9/eM//8aao7/AECPG+52AQCAE2f8B4D+Y/wHgP7zP4z/vh0IAD3C9T8A9B/jPwD0n47j/6OTKQcAcCK+d+tWtqVbrf9/PftgdeWbpQcXZyuNhXJtZaY8U19aLM/V63PVSnkmTTs9XrVeX5y4vJ1srK7dqdVX7i/fma9Nz1XuVIrHXB8AoLMPP376pyQiNq6dyrfYtZaDsRp6W+GV1AEL9QA9a6DbBQC6xvd5oH8d4hrfNAD0uE5X/m3/ROiJxV/hXXX+s+b/oV8Vul0AoGvebP7/W0deDuDkmf+H/pWmiTX/AaDPmOMH3uTz/x9G6/N/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6FOlfEsK5Xwt8I3stlAuR5yOiDNRTO7NVyvjEfFBRPxxqDiUpSe6XWgA4C0V/pq01v86P3qutPfse8m/h/J9RPzkF7cfP5xeXl6ayPL/sZ2//OT244eXv9KNwgMAe13fn5WP35Ot/a4L+Reb6zMvt5Ms4vMbzcVFs7hbra15ZjAG8/1wFCNi5J9JK92UvV8ZOIL4G48i4jM79X+4K0IpnwNprny6N34W+/QxxN95/pNI0zTdiV94JX4hL1u2L+bPxaePoCzQb57eaPaTWbs7tbmeNbFW+yvE2Xx/cPsfznuot/ey/9va1/8Vtvu/gX3xk7zNn91Ov74kzy//7rv7MtPR5rlHEZ8bPCh+sh0/adP/njtkHf/8+S9+0u5c+suI83Fw/KZa3s2OLdcWxxqraxfna9NzlbnK/cnJqYmp8auXrgyM5XPUzdvfHxTjb9cufNAuflb/kTbxhzvU/7BXvL/6z90ffek18b/25YNf/49eEz8bE796yPjTI9cPWr57O/5sm/p3ev0vHDL+s7+szeYHRzFgAwBvrbG6tjBdrVaWOhxk7zU73cfBu3kQGxEnHPQbwxH/F3V30O6g2z0TcNx2Gn23SwIAAAAAAAAAAAAAALTTWF1bGIrj/TpRt+sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7/pvAAAA//9w587+")
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='system.posix_acl_access\x00', 0x0, 0x0, 0x3)

345.091695ms ago: executing program 4 (id=2116):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000006000000000000000085000000070000004500ef0000a0000202a3"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0, 0x0, 0x3}, 0x18)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001400)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x84}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
dup2(r2, r2)
io_setup(0x8, &(0x7f00000001c0)=<r3=>0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0)
io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x734b, r4, &(0x7f0000000040)="c292df", 0x3, 0x7, 0x0, 0x2}])
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20002)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00'}, 0x10)
fcntl$dupfd(r5, 0x0, r5)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000240), &(0x7f0000000280)=r6}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000080)="441f0803000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)

338.212826ms ago: executing program 1 (id=2117):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000006000000000000000085000000070000004500ef0000a0000202a3"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0, 0x0, 0x3}, 0x18)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001400)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x84}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
dup2(r2, r2)
io_setup(0x8, &(0x7f00000001c0)=<r3=>0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0)
io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x734b, r4, &(0x7f0000000040)="c292df", 0x3, 0x7, 0x0, 0x2}])
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20002)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00'}, 0x10)
fcntl$dupfd(r5, 0x0, r5)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000080)="441f0803000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)

300.387458ms ago: executing program 1 (id=2118):
socket$isdn_base(0x22, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e3000000000000000000000000800030000000000140006"], 0x58}}, 0x20008000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f00000026c0)=ANY=[@ANYBLOB='nonumtail=0,uni_xlate=0,shortname=win95,rodir,iocharset=ascii,nonumtail=0,iocharset=koi8-ru,shortname=win95,iocharset=utf8,shortname=win95,shortname=mixed,uni_xlate=1,usefree,uni_xlate=1,shortname=win95,nonumtail=0,nonumtail=0,nfs=nosnnonumtail=1,shortname=mixed,nonumtail=0,rodir,iocharset=macceltic,\x00'], 0x1, 0x36b, &(0x7f0000000a00)="$eJzs3U1vG1UXAODTvM1H85I6C4QECHFVNrCxkvAHGqFWQkQChRoVFkhTMgEr0zjyWEGuEHTHlt9RsWSHhPgDWcCeHbtsWHZRdVDsuPloCIvUHgrPI0X3xPce+4zHM7qb0dm//d3drc2yuZn1Yup6iqmImHoYsTiIhi4djlODeCaOux9vNW7/9tqHH3/y3ura2o31lG6u3np7JaV09fWfvvzq+2s/9/7/0Q9Xf5yNvcVP9/9Y+X3vpb2X9x/f+qJdpnaZtju9lKU7nU4vu1PkaaNdbjVT+qDIszJP7e0y756Y3yw6Ozv9lG1vLMzvdPOyTNl2P23l/dTrpF63n7LPs/Z2ajabaWE++DutB+vr2eownjtn3fVJFcQYdLur2cE1PPvUTOtBLQUBALW66P5/5pnu/6fD/n+Sju//+bc62P/PHF6/J9n/AwAAAAAAAAAAAADA8+BhVTWqqmqMxmr0kPDh/zWXx5g9df5P/dVdH+N17MG9uYji293Wbms4DudXN6MdReSxFI14dHBbGBnGN99du7GUBhZj4e43g/xrv0S0/ncyfzkasXh2/vIwPz3Jj4NxOuaP569EI148O3/lzPyZePONY/nNaMSvn0UnitgY3N6O8r9eTumd99dO5c8O1gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw39BMI6/GsO/9biviSuwe9u9vHi1YPNkff5j/pL/+UjTi0dn9+ZfO7M9/OV65XO+xAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBI2b+3lRVF3p1UMOr5P3hlZhT8ddal4fL7p6auxARrLop86lm94eOqqsZV6txkT+VFgumI885gdfgrufhnvRAR56yZjYj6v41/YlDXHQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqc9T0u+5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqFPZv7eVFUXeHWNQ9zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8T/4MAAD//yeQEY0=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000e80)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x79, 0xb3, 0x1, 0x4, 0x2, 0x6, 0x7, 0x32e, 0x40, 0x1de, 0x7, 0xc40, 0x38, 0x1, 0x7, 0x8, 0xa1}, [{0x2, 0xff, 0x4, 0x800, 0x3, 0x3, 0x6, 0x7}]}, 0x78)
sendfile(r2, r2, &(0x7f0000000000)=0x9, 0xffffffff)
close(0xffffffffffffffff)

240.18428ms ago: executing program 4 (id=2119):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000043c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x4, 0xfffffffd, 0x0, 'queue1\x00', 0xfffffffa})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="070000000400000020010000010200"], 0x50)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000}, 0x20000400)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
time(0x0)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x3fffffffc}, 0x0, 0x0, 0x0, 0x3, 0xfff, 0x8001, 0xfff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x6a1a8b3e81ade295)
modify_ldt$write2(0x11, &(0x7f0000000380)={0x4000, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r2, 0x408c5333, &(0x7f0000000580)={0x0, 0x0, 0x0, 'queue0\x00'})
getpid()
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000002180)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x100a882, &(0x7f0000000000)={[{@jqfmt_vfsv1}, {@abort}, {@discard}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@data_ordered}, {@mblk_io_submit}, {@usrquota}, {@nodioread_nolock}, {@errors_remount}, {}, {@auto_da_alloc}]}, 0x9, 0x606, &(0x7f0000000600)="$eJzs3c1vVFUbAPDnTD9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFoIUaGiNFk0oCW5MjBtjTFy5EP8LJbJlpW5cuHFlSIgaliaOudM7pdPeaenH9Fbm90uGnnvu3J5zpzxzzj1zzp0A2tZg9k8lYn9ETKeI/jS/uK8z8p2DC8978OeHZ7NHimr1td9TpDyv/vyU/+zLD+6JiB++T7GvY2W5M3PXLo5PTU1ezbeHZy9ND8/MXTt84dL4+cnzk5dHXxg9cfzY8RMjRzZ0XtcL8k7ffOe9/o/H3vz6y7/SyDe/jKU4GS/nT1x6HltlMAZrr0lauavvxFYXVqLOZdtpeQY7Vkf+9+uKiCeiPzqW/DX746NXSq0c0FLVFFEF2lRaR/xnvYVW1gXYTvV+QP3afvl1cKWUXgmwHe6fWhgAWBn/nQtjg9FTGxvY/SA1jPOkiNjYyFyjPRFx987YzXN3xm5Gi8bhgGLzNyLiyaL4T7X4H4ieGKjFf6Uh/rN+wZn8Z5b/6gZ7CsuHisU/bJ+F+O9ZNf6jSfy/tST+395EHfJLkeu9DfHf6+oDAAAAAAAA1un2qYh4vujz/8ri/J8omP/TFxEnt6D8wWXbKz//r9zbgmKAAvdPRbxUOP+3Uv/8faAjT/2nNh+gK527MDV5JCL+GxGHomtXtj2yShmHP9n3RbN9g/n8v/ojK/9uPhcwr8e9zl2Nx0yMD45v9ryBiPs3Ip4qnP+bFtv/VND+Z+8H049Yxr5nb51ptm/t+AdapfpVxMHC9v/hXSvS6vfnGK71B4brvYKVnv7g02+blb/R+HeLCdi8rP3fvXr8D6Sl9+uZWfXXzRdlHp3rrDY7YGP9/9nx7vR67a5C3Xne++Ozs1dHIrrT6Y4styF/dK1XAR4zPxVn1+OhHi9Z/B96ZvXxv6L+f29BsKc/GtcU1/3/775fm1VT/x/Kk8X/xLra//UnRm8NfNes/Edr/4/V2vpDeU7W/rfuFYF/j8/rYdrdmF8Qjp1Fu7a7vgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOKhExJ5IlaHFdKUyNBTRFxH/i92VqSszs8+du/Lu5YlsX+37/yv1b/rtX9hOte//r2Tph9uj0bh9NCL2RsRnHb217aGzV6Ymyj55AAAAAAAAAAAAAAAAAAAA2CH6mqz/z/zWUXbtgJbrLLsCQGkK4v/HMuoBbD/tP7SvDcV/mt/6igDbTvsP7Uv8Q/sS/9C+xD+0L/EP7WrZOH4qqx4AAAAAAMAW2Xvg9s8pIuZf7K09Mt35vq5Sawa0WqXsCgClcYsfaF+m/kH7co0PrDXrt6fpQZuZLzx9dhMHAwAAAAAAAAAAAEDbObjf+n9oV9b/Q/uy/h/aV339/4GS6wFsP9f4QKyxkr9w/f+aRwEAAAAAAAAAAAAAW2mmuitiamry6szctYvjLUt0R0SLi9h04o2dUY2iRG+LfnO1Wr2e/S8o/QQfj0R9KvxOqc+yRH2t36MdVd57EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0OifAAAA//8sxicA")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r4, 0x1000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
epoll_create(0x6)
socket$inet6_sctp(0xa, 0x5, 0x84)

222.652471ms ago: executing program 3 (id=2120):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x98)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6, @random="790c7edd3d8d"}, 0x10)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x18)
open(0x0, 0x0, 0x0)
syz_emit_ethernet(0x15, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000aaaaaaaaaabb88a8000088a8"], 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = dup(r7)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="00006003aaaaaaaaaabbbbbbbbbbbbbb86dd62f4070201140600"], 0x4e)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r9}, 0x18)
write(r1, &(0x7f0000000a00)="c7885a8f24f458bed7211672288cfc5eb321cf4074dc13", 0x17)
prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_')
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

41.309458ms ago: executing program 1 (id=2121):
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x248}, 0x0)
openat$autofs(0xffffffffffffff9c, 0x0, 0x200, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1ff, 0x1}, 0x4352, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r5, &(0x7f0000000380)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000002c0)='htcp', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x1100)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f0000000080)=r3}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)

0s ago: executing program 2 (id=2122):
close(0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='kmem_cache_free\x00', r1, 0x0, 0x80001}, 0x18)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffff58)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan1\x00', <r4=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="070000000400000008000000d900000000000000", @ANYRES32, @ANYBLOB="00000010000900000000000000009aebe8c1aa000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="0380c2000000aa65995fd676691159080045000030030190781200183f250000000000000000010000e00000017f"], 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYRESOCT=r2, @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000600)='task_rename\x00', r6, 0x0, 0x4b2}, 0x18)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f6873720000000014"], 0xfc}}, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r4, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020000000000080004000500000008000100020000"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@map=0x1, 0x7, 0x0, 0xce35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_MESH(r9, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="ce00f3d942869c51b1368e0c57a256fc62920a0eb0e087", @ANYRES16=0x0, @ANYBLOB="020029bd7000ffdbdf250f00000005002a000000000008002b000000000008000b00000800000800340005000000050038000100000005002f00010000000800340000000100"], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x40000c4)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x172f}, 0x94)

kernel console output (not intermixed with test programs):

0bd63b6 code=0x7ffc0000
[  180.568855][ T9145] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  180.649324][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.671928][ T9154] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1725'.
[  180.688882][ T9156] 9pnet_fd: p9_fd_create_unix (9156): problem connecting socket: ./file0: -2
[  180.805585][ T9164] loop3: detected capacity change from 0 to 1024
[  180.906926][ T9150] loop4: detected capacity change from 0 to 1024
[  181.024012][ T9159] loop2: detected capacity change from 0 to 1024
[  181.078645][ T9176] loop2: detected capacity change from 0 to 128
[  181.097376][ T9176] FAT-fs (loop2): Directory bread(block 524322) failed
[  181.104978][ T9176] FAT-fs (loop2): Directory bread(block 524323) failed
[  181.112200][ T9176] FAT-fs (loop2): Directory bread(block 524324) failed
[  181.119061][ T9176] FAT-fs (loop2): Directory bread(block 524325) failed
[  181.126238][ T9176] FAT-fs (loop2): Directory bread(block 524326) failed
[  181.133189][ T9176] FAT-fs (loop2): Directory bread(block 524327) failed
[  181.140653][ T9176] FAT-fs (loop2): Directory bread(block 524328) failed
[  181.147535][ T9176] FAT-fs (loop2): Directory bread(block 524329) failed
[  181.156916][ T9176] FAT-fs (loop2): Directory bread(block 524322) failed
[  181.164812][ T9176] FAT-fs (loop2): Directory bread(block 524323) failed
[  181.175557][ T9179] loop4: detected capacity change from 0 to 128
[  181.439026][ T9183] loop2: detected capacity change from 0 to 736
[  181.465600][ T9183] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  181.532636][ T9183] loop2: detected capacity change from 0 to 1024
[  181.546089][ T9183] EXT4-fs: Ignoring removed orlov option
[  181.563833][ T9183] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  181.710911][ T9192] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1736'.
[  181.731474][ T9193] xt_CT: You must specify a L4 protocol and not use inversions on it
[  181.872052][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.908813][ T9197] loop1: detected capacity change from 0 to 1024
[  182.006072][ T9205] loop4: detected capacity change from 0 to 512
[  182.030964][ T9202] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.044943][ T9205] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  182.084974][ T9210] loop1: detected capacity change from 0 to 256
[  182.095359][ T9202] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.147901][ T9205] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  182.156592][ T9205] FAT-fs (loop4): Filesystem has been set read-only
[  182.172757][ T9210] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  182.183998][ T9205] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 548)
[  182.198277][ T9205] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  182.207114][ T9205] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  182.235152][ T9202] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.310642][ T9202] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.374279][ T9199] loop3: detected capacity change from 0 to 1024
[  182.418635][ T9223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1749'.
[  182.436109][   T53] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  182.468814][   T53] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  182.477049][   T53] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  182.491098][ T9227] loop0: detected capacity change from 0 to 512
[  182.493906][ T9225] loop3: detected capacity change from 0 to 736
[  182.507806][   T53] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  182.516386][ T9223] loop4: detected capacity change from 0 to 1024
[  182.539272][ T9223] EXT4-fs: Ignoring removed mblk_io_submit option
[  182.551299][ T9225] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  182.567451][ T9227] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  182.606638][ T9223] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.642754][ T9227] ext4 filesystem being mounted at /332/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.734766][ T9238] lo speed is unknown, defaulting to 1000
[  182.892909][ T9242] xt_CT: You must specify a L4 protocol and not use inversions on it
[  182.940919][ T9238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1753'.
[  182.981568][ T9238] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1753'.
[  182.990683][ T9238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1753'.
[  183.006994][ T9248] loop0: detected capacity change from 0 to 8192
[  183.152311][ T9248] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  183.161105][ T9248] FAT-fs (loop0): Filesystem has been set read-only
[  183.170101][ T9248] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 2068)
[  183.339756][ T9264] netlink: 'syz.2.1763': attribute type 3 has an invalid length.
[  183.441579][ T9268] netlink: 'syz.0.1765': attribute type 4 has an invalid length.
[  183.443742][ T9270] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1766'.
[  183.454698][ T9260] loop4: detected capacity change from 0 to 1024
[  183.474742][ T9268] netlink: 'syz.0.1765': attribute type 4 has an invalid length.
[  183.515796][ T6116] lo speed is unknown, defaulting to 1000
[  183.521534][ T6116] syz2: Port: 1 Link ACTIVE
[  183.526596][ T9268] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1765'.
[  183.538016][ T9274] loop3: detected capacity change from 0 to 512
[  183.550158][ T3487] lo speed is unknown, defaulting to 1000
[  183.555912][ T3487] syz2: Port: 1 Link DOWN
[  183.563016][ T9268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1765'.
[  183.572702][ T9268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1765'.
[  183.578879][ T9274] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  183.607340][ T9278] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1762'.
[  183.657058][ T9280] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1769'.
[  183.778378][ T9276] loop4: detected capacity change from 0 to 32768
[  183.814103][ T9276]  loop4: p1 p2 p3 < > p4 < p5 p6 >
[  183.819725][ T9276] loop4: p1 start 460800 is beyond EOD, truncated
[  183.826253][ T9276] loop4: p2 size 83886080 extends beyond EOD, truncated
[  183.836013][ T9276] loop4: p5 start 460800 is beyond EOD, truncated
[  183.842461][ T9276] loop4: p6 size 83886080 extends beyond EOD, truncated
[  183.933283][ T3512] udevd[3512]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  183.944057][ T3527] udevd[3527]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  183.955340][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  183.955400][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop4p6, 10) failed: No such file or directory
[  184.067795][ T9292] loop4: detected capacity change from 0 to 1024
[  184.146409][ T9296] loop4: detected capacity change from 0 to 736
[  184.157600][ T9296] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  184.215106][ T9298] loop1: detected capacity change from 0 to 8192
[  184.303804][ T9298] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  184.312609][ T9298] FAT-fs (loop1): Filesystem has been set read-only
[  184.314276][ T9302] xt_CT: You must specify a L4 protocol and not use inversions on it
[  184.327132][ T9298] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 2068)
[  184.422691][ T9306] FAULT_INJECTION: forcing a failure.
[  184.422691][ T9306] name failslab, interval 1, probability 0, space 0, times 0
[  184.435361][ T9306] CPU: 1 UID: 0 PID: 9306 Comm: syz.2.1778 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  184.435387][ T9306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  184.435397][ T9306] Call Trace:
[  184.435402][ T9306]  <TASK>
[  184.435409][ T9306]  __dump_stack+0x1d/0x30
[  184.435431][ T9306]  dump_stack_lvl+0xe8/0x140
[  184.435525][ T9306]  dump_stack+0x15/0x1b
[  184.435543][ T9306]  should_fail_ex+0x265/0x280
[  184.435571][ T9306]  should_failslab+0x8c/0xb0
[  184.435602][ T9306]  kmem_cache_alloc_noprof+0x50/0x4a0
[  184.435637][ T9306]  ? __inet_bhash2_update_saddr+0x128/0xf70
[  184.435717][ T9306]  __inet_bhash2_update_saddr+0x128/0xf70
[  184.435744][ T9306]  ? tcp_chrono_stop+0x1f3/0x210
[  184.435770][ T9306]  ? rb_first+0xd/0x40
[  184.435789][ T9306]  ? tcp_write_queue_purge+0x6fc/0x720
[  184.435808][ T9306]  ? terminate_walk+0x1e6/0x210
[  184.435901][ T9306]  inet_bhash2_reset_saddr+0x48/0x60
[  184.435925][ T9306]  tcp_disconnect+0x51a/0xf50
[  184.435947][ T9306]  __mptcp_close_ssk+0x49c/0xb10
[  184.436018][ T9306]  mptcp_destroy_common+0xf9/0x220
[  184.436040][ T9306]  ? mptcp_do_fastclose+0x1e9/0x220
[  184.436107][ T9306]  mptcp_disconnect+0x1c0/0x3e0
[  184.436130][ T9306]  __inet_stream_connect+0x206/0x7d0
[  184.436155][ T9306]  ? _raw_spin_lock_bh+0x56/0xb0
[  184.436303][ T9306]  ? _raw_spin_unlock_bh+0x36/0x40
[  184.436330][ T9306]  ? lock_sock_nested+0x112/0x140
[  184.436354][ T9306]  ? selinux_netlbl_socket_connect+0x114/0x130
[  184.436430][ T9306]  inet_stream_connect+0x44/0x70
[  184.436533][ T9306]  ? __pfx_inet_stream_connect+0x10/0x10
[  184.436557][ T9306]  __sys_connect+0x1f2/0x2b0
[  184.436591][ T9306]  __x64_sys_connect+0x3f/0x50
[  184.436673][ T9306]  x64_sys_call+0x2e09/0x3000
[  184.436692][ T9306]  do_syscall_64+0xd8/0x2a0
[  184.436713][ T9306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.436748][ T9306] RIP: 0033:0x7f959f71f749
[  184.436762][ T9306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.436780][ T9306] RSP: 002b:00007f959e17f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  184.436879][ T9306] RAX: ffffffffffffffda RBX: 00007f959f975fa0 RCX: 00007f959f71f749
[  184.436923][ T9306] RDX: 0000000000000010 RSI: 00002000000009c0 RDI: 0000000000000006
[  184.436935][ T9306] RBP: 00007f959e17f090 R08: 0000000000000000 R09: 0000000000000000
[  184.436949][ T9306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.436961][ T9306] R13: 00007f959f976038 R14: 00007f959f975fa0 R15: 00007ffd52e187f8
[  184.436981][ T9306]  </TASK>
[  184.799752][ T9308] loop3: detected capacity change from 0 to 8192
[  184.818782][ T9308]  loop3: p1 p2 p3 p4
[  184.825629][ T9320] rdma_op ffff8881011e4180 conn xmit_rdma 0000000000000000
[  184.860068][ T9308] loop3: p1 size 196608 extends beyond EOD, truncated
[  184.870283][ T9321] loop2: detected capacity change from 0 to 256
[  184.895683][ T9308] loop3: p2 start 164919041 is beyond EOD, truncated
[  184.902367][ T9308] loop3: p3 size 66846464 extends beyond EOD, truncated
[  184.909806][ T9321] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  184.910446][ T9308] loop3: p4 size 37048832 extends beyond EOD, truncated
[  184.939770][ T3004]  loop3: p1 p2 p3 p4
[  184.951250][ T3004] loop3: p1 size 196608 extends beyond EOD, truncated
[  184.989644][ T3004] loop3: p2 start 164919041 is beyond EOD, truncated
[  184.996320][ T3004] loop3: p3 size 66846464 extends beyond EOD, truncated
[  185.032643][ T3004] loop3: p4 size 37048832 extends beyond EOD, truncated
[  185.152334][ T9337] loop3: detected capacity change from 0 to 128
[  185.197213][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  185.198961][ T3512] udevd[3512]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  185.217817][ T3527] udevd[3527]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  185.242922][ T9335] loop1: detected capacity change from 0 to 8192
[  185.265092][ T9332] loop2: detected capacity change from 0 to 512
[  185.281065][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  185.283201][ T3512] udevd[3512]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  185.292210][ T3527] udevd[3527]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  185.309534][ T9344] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1785'.
[  185.341671][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.341671][ T9337] loop3: rw=2049, sector=169, nr_sectors = 32 limit=128
[  185.356641][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.356641][ T9337] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128
[  185.388164][ T9335] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  185.396979][ T9335] FAT-fs (loop1): Filesystem has been set read-only
[  185.403726][ T9335] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 2068)
[  185.417148][ T9332] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.1789: EA inode hash validation failed
[  185.432370][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.432370][ T9337] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128
[  185.458925][ T9332] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #15: comm syz.2.1789: corrupted inode contents
[  185.471746][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.471746][ T9337] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128
[  185.485637][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.485637][ T9337] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128
[  185.499767][ T9332] EXT4-fs error (device loop2): ext4_dirty_inode:6513: inode #15: comm syz.2.1789: mark_inode_dirty error
[  185.514813][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.514813][ T9337] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128
[  185.535176][ T9332] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #15: comm syz.2.1789: corrupted inode contents
[  185.551624][ T9332] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2996: inode #15: comm syz.2.1789: mark_inode_dirty error
[  185.551640][  T983] kworker/u8:8: attempt to access beyond end of device
[  185.551640][  T983] loop3: rw=1, sector=305, nr_sectors = 8 limit=128
[  185.564030][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.564030][ T9337] loop3: rw=2049, sector=289, nr_sectors = 8 limit=128
[  185.564069][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.564069][ T9337] loop3: rw=2049, sector=337, nr_sectors = 8 limit=128
[  185.564105][ T9337] syz.3.1791: attempt to access beyond end of device
[  185.564105][ T9337] loop3: rw=2049, sector=353, nr_sectors = 8 limit=128
[  185.620176][ T9332] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.1789: mark inode dirty (error -117)
[  185.634364][ T9332] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -117)
[  185.644002][ T9332] EXT4-fs (loop2): 1 orphan inode deleted
[  185.652390][   T29] kauditd_printk_skb: 1495 callbacks suppressed
[  185.652409][   T29] audit: type=1326 audit(1764842353.082:30630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9347 comm="syz.1.1793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  185.700900][   T29] audit: type=1326 audit(1764842353.082:30631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f959f71df90 code=0x7ffc0000
[  185.724603][   T29] audit: type=1326 audit(1764842353.082:30632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f959f71df90 code=0x7ffc0000
[  185.748091][   T29] audit: type=1326 audit(1764842353.082:30633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f959f71f749 code=0x7ffc0000
[  185.771584][   T29] audit: type=1326 audit(1764842353.082:30634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f959f71f749 code=0x7ffc0000
[  185.779206][ T9349] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.795145][   T29] audit: type=1326 audit(1764842353.082:30635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f959f71f749 code=0x7ffc0000
[  185.802188][ T9349] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.832729][   T29] audit: type=1326 audit(1764842353.110:30636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9347 comm="syz.1.1793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  185.856256][   T29] audit: type=1326 audit(1764842353.110:30637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f959f71f749 code=0x7ffc0000
[  185.879727][   T29] audit: type=1326 audit(1764842353.110:30638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f959f71f749 code=0x7ffc0000
[  185.883475][ T9350] loop1: detected capacity change from 0 to 1024
[  185.903235][   T29] audit: type=1326 audit(1764842353.120:30639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9331 comm="syz.2.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f959f71f749 code=0x7ffc0000
[  185.982965][ T9350] EXT4-fs: Ignoring removed mblk_io_submit option
[  185.993247][ T9357] loop3: detected capacity change from 0 to 512
[  186.005394][ T9357] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  186.051398][ T9357] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  186.060244][ T9357] FAT-fs (loop3): Filesystem has been set read-only
[  186.090560][ T9357] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 548)
[  186.105785][ T9357] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  186.165423][ T9357] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  186.303662][ T9375] tipc: Started in network mode
[  186.308579][ T9375] tipc: Node identity aaaaaaaaaa33, cluster identity 4711
[  186.315785][ T9375] tipc: Enabled bearer <eth:vlan1>, priority 2
[  186.360798][ T9385] FAULT_INJECTION: forcing a failure.
[  186.360798][ T9385] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.373985][ T9385] CPU: 1 UID: 0 PID: 9385 Comm: syz.1.1807 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  186.374012][ T9385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  186.374021][ T9385] Call Trace:
[  186.374027][ T9385]  <TASK>
[  186.374105][ T9385]  __dump_stack+0x1d/0x30
[  186.374163][ T9385]  dump_stack_lvl+0xe8/0x140
[  186.374206][ T9385]  dump_stack+0x15/0x1b
[  186.374289][ T9385]  should_fail_ex+0x265/0x280
[  186.374319][ T9385]  should_fail+0xb/0x20
[  186.374348][ T9385]  should_fail_usercopy+0x1a/0x20
[  186.374450][ T9385]  strncpy_from_user+0x27/0x260
[  186.374468][ T9385]  ? kmem_cache_alloc_noprof+0x23f/0x4a0
[  186.374571][ T9385]  getname_flags+0xae/0x3b0
[  186.374588][ T9385]  io_openat_prep+0x129/0x2b0
[  186.374618][ T9385]  io_submit_sqes+0x5ef/0x1060
[  186.374650][ T9385]  __se_sys_io_uring_enter+0x1c1/0x1b70
[  186.374698][ T9385]  ? 0xffffffff81000000
[  186.374708][ T9385]  ? __rcu_read_unlock+0x4f/0x70
[  186.374729][ T9385]  ? get_pid_task+0x96/0xd0
[  186.374758][ T9385]  ? proc_fail_nth_write+0x13b/0x160
[  186.374850][ T9385]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  186.374868][ T9385]  ? vfs_write+0x7e8/0x960
[  186.374901][ T9385]  ? _raw_spin_unlock+0x26/0x50
[  186.374930][ T9385]  ? finish_task_switch+0x7a/0x2a0
[  186.374963][ T9385]  __x64_sys_io_uring_enter+0x78/0x90
[  186.375008][ T9385]  x64_sys_call+0x27e4/0x3000
[  186.375032][ T9385]  do_syscall_64+0xd8/0x2a0
[  186.375134][ T9385]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.375153][ T9385] RIP: 0033:0x7f6ca379f749
[  186.375165][ T9385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.375180][ T9385] RSP: 002b:00007f6ca2207038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  186.375196][ T9385] RAX: ffffffffffffffda RBX: 00007f6ca39f5fa0 RCX: 00007f6ca379f749
[  186.375257][ T9385] RDX: 000000000000addf RSI: 0000000000003518 RDI: 0000000000000003
[  186.375270][ T9385] RBP: 00007f6ca2207090 R08: 0000000000000000 R09: 0000000000000000
[  186.375282][ T9385] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  186.375292][ T9385] R13: 00007f6ca39f6038 R14: 00007f6ca39f5fa0 R15: 00007ffcd61aee28
[  186.375308][ T9385]  </TASK>
[  186.713570][ T9390] loop0: detected capacity change from 0 to 1024
[  186.731305][ T9390] EXT4-fs: Ignoring removed mblk_io_submit option
[  187.189104][ T9432] loop3: detected capacity change from 0 to 128
[  187.522769][ T3872] tipc: Node number set to 10070698
[  187.833124][    C0] bridge0: port 3(syz_tun) entered learning state
[  187.839632][    C0] bridge0: port 4(gretap0) entered learning state
[  187.974786][ T9444] netlink: 'syz.3.1821': attribute type 3 has an invalid length.
[  188.175956][ T9458] 9pnet_fd: p9_fd_create_unix (9458): problem connecting socket: ./file0: -2
[  188.203841][ T9447] FAULT_INJECTION: forcing a failure.
[  188.203841][ T9447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  188.216922][ T9447] CPU: 0 UID: 0 PID: 9447 Comm: syz.1.1822 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  188.216987][ T9447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  188.216997][ T9447] Call Trace:
[  188.217002][ T9447]  <TASK>
[  188.217009][ T9447]  __dump_stack+0x1d/0x30
[  188.217028][ T9447]  dump_stack_lvl+0xe8/0x140
[  188.217047][ T9447]  dump_stack+0x15/0x1b
[  188.217089][ T9447]  should_fail_ex+0x265/0x280
[  188.217111][ T9447]  should_fail+0xb/0x20
[  188.217164][ T9447]  should_fail_usercopy+0x1a/0x20
[  188.217225][ T9447]  _copy_from_user+0x1c/0xb0
[  188.217287][ T9447]  do_ipv6_setsockopt+0x124/0x2160
[  188.217312][ T9447]  ? kstrtoull+0x111/0x140
[  188.217332][ T9447]  ? avc_has_perm_noaudit+0xab/0x130
[  188.217425][ T9447]  ? selinux_netlbl_socket_setsockopt+0x1f9/0x2d0
[  188.217461][ T9447]  ipv6_setsockopt+0x59/0x130
[  188.217487][ T9447]  udpv6_setsockopt+0x99/0xb0
[  188.217527][ T9447]  sock_common_setsockopt+0x69/0x80
[  188.217550][ T9447]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  188.217577][ T9447]  __sys_setsockopt+0x184/0x200
[  188.217687][ T9447]  __x64_sys_setsockopt+0x64/0x80
[  188.217718][ T9447]  x64_sys_call+0x21d5/0x3000
[  188.217912][ T9447]  do_syscall_64+0xd8/0x2a0
[  188.217940][ T9447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.217957][ T9447] RIP: 0033:0x7f6ca379f749
[  188.217970][ T9447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.217990][ T9447] RSP: 002b:00007f6ca2207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  188.218008][ T9447] RAX: ffffffffffffffda RBX: 00007f6ca39f5fa0 RCX: 00007f6ca379f749
[  188.218021][ T9447] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006
[  188.218034][ T9447] RBP: 00007f6ca2207090 R08: 0000000000000310 R09: 0000000000000000
[  188.218048][ T9447] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.218060][ T9447] R13: 00007f6ca39f6038 R14: 00007f6ca39f5fa0 R15: 00007ffcd61aee28
[  188.218075][ T9447]  </TASK>
[  188.448212][ T9458] selinux_netlink_send: 4 callbacks suppressed
[  188.448226][ T9458] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9458 comm=syz.2.1827
[  188.466812][ T9458] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9458 comm=syz.2.1827
[  188.699864][ T9474] FAULT_INJECTION: forcing a failure.
[  188.699864][ T9474] name failslab, interval 1, probability 0, space 0, times 0
[  188.712520][ T9474] CPU: 1 UID: 0 PID: 9474 Comm: syz.3.1831 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  188.712584][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  188.712602][ T9474] Call Trace:
[  188.712609][ T9474]  <TASK>
[  188.712616][ T9474]  __dump_stack+0x1d/0x30
[  188.712758][ T9474]  dump_stack_lvl+0xe8/0x140
[  188.712841][ T9474]  dump_stack+0x15/0x1b
[  188.712856][ T9474]  should_fail_ex+0x265/0x280
[  188.712942][ T9474]  ? newseg+0x17a/0x670
[  188.712964][ T9474]  should_failslab+0x8c/0xb0
[  188.712989][ T9474]  __kmalloc_cache_noprof+0x4c/0x4c0
[  188.713011][ T9474]  newseg+0x17a/0x670
[  188.713052][ T9474]  ipcget+0x33d/0x4f0
[  188.713085][ T9474]  __x64_sys_shmget+0xa5/0xd0
[  188.713113][ T9474]  x64_sys_call+0x2991/0x3000
[  188.713131][ T9474]  do_syscall_64+0xd8/0x2a0
[  188.713183][ T9474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.713210][ T9474] RIP: 0033:0x7f0b30c1f749
[  188.713223][ T9474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.713262][ T9474] RSP: 002b:00007f0b2f687038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  188.713281][ T9474] RAX: ffffffffffffffda RBX: 00007f0b30e75fa0 RCX: 00007f0b30c1f749
[  188.713331][ T9474] RDX: 0000000000000010 RSI: 0000000000008000 RDI: 0000000000000000
[  188.713362][ T9474] RBP: 00007f0b2f687090 R08: 0000000000000000 R09: 0000000000000000
[  188.713375][ T9474] R10: 0000200000ff5000 R11: 0000000000000246 R12: 0000000000000001
[  188.713387][ T9474] R13: 00007f0b30e76038 R14: 00007f0b30e75fa0 R15: 00007ffd5780f988
[  188.713402][ T9474]  </TASK>
[  189.079488][ T9472] loop4: detected capacity change from 0 to 1024
[  189.144857][ T9482] netlink: 'syz.0.1835': attribute type 3 has an invalid length.
[  189.213203][ T9483] loop2: detected capacity change from 0 to 128
[  189.331967][ T9493] 9pnet_fd: p9_fd_create_unix (9493): problem connecting socket: ./file0: -2
[  189.362731][ T9491] loop4: detected capacity change from 0 to 8192
[  189.398993][ T9493] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9493 comm=syz.0.1840
[  189.402617][ T9496] loop1: detected capacity change from 0 to 512
[  189.411502][ T9493] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9493 comm=syz.0.1840
[  189.451040][ T9498] __nla_validate_parse: 4 callbacks suppressed
[  189.451052][ T9498] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1841'.
[  189.479698][ T9496] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  189.511360][ T9491] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  189.520281][ T9491] FAT-fs (loop4): Filesystem has been set read-only
[  189.533326][ T9491] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 2068)
[  189.542350][ T9496] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters
[  189.565258][ T9496] EXT4-fs (loop1): 1 truncate cleaned up
[  189.573652][ T9496] EXT4-fs mount: 8 callbacks suppressed
[  189.573664][ T9496] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.638991][ T8823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.649287][ T9505] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1843'.
[  189.686549][ T9507] lo speed is unknown, defaulting to 1000
[  189.702521][ T9507] lo speed is unknown, defaulting to 1000
[  189.716705][ T9507] lo speed is unknown, defaulting to 1000
[  189.744039][ T9507] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  189.767923][ T9507] lo speed is unknown, defaulting to 1000
[  189.775527][ T9512] netlink: 'syz.4.1846': attribute type 3 has an invalid length.
[  189.785352][ T9507] lo speed is unknown, defaulting to 1000
[  189.792450][ T9507] lo speed is unknown, defaulting to 1000
[  189.809757][ T9507] lo speed is unknown, defaulting to 1000
[  189.824721][ T9507] lo speed is unknown, defaulting to 1000
[  189.834291][ T9518] loop4: detected capacity change from 0 to 512
[  189.841456][ T9507] lo speed is unknown, defaulting to 1000
[  189.862550][ T9518] msdos: Bad value for 'fmask'
[  189.901874][ T9521] FAULT_INJECTION: forcing a failure.
[  189.901874][ T9521] name failslab, interval 1, probability 0, space 0, times 0
[  189.914520][ T9521] CPU: 1 UID: 0 PID: 9521 Comm: syz.0.1848 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  189.914547][ T9521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  189.914560][ T9521] Call Trace:
[  189.914567][ T9521]  <TASK>
[  189.914574][ T9521]  __dump_stack+0x1d/0x30
[  189.914600][ T9521]  dump_stack_lvl+0xe8/0x140
[  189.914623][ T9521]  dump_stack+0x15/0x1b
[  189.914642][ T9521]  should_fail_ex+0x265/0x280
[  189.914808][ T9521]  should_failslab+0x8c/0xb0
[  189.914892][ T9521]  __kmalloc_node_track_caller_noprof+0xa5/0x5a0
[  189.914983][ T9521]  ? __request_module+0x1df/0x3e0
[  189.915064][ T9521]  ? should_failslab+0x8c/0xb0
[  189.915080][ T9521]  kstrdup+0x3e/0xd0
[  189.915095][ T9521]  __request_module+0x1df/0x3e0
[  189.915118][ T9521]  dev_load+0xa3/0xc0
[  189.915130][ T9521]  dev_ioctl+0x2d1/0x960
[  189.915171][ T9521]  sock_do_ioctl+0x197/0x220
[  189.915185][ T9521]  sock_ioctl+0x41b/0x610
[  189.915243][ T9521]  ? __pfx_sock_ioctl+0x10/0x10
[  189.915254][ T9521]  __se_sys_ioctl+0xce/0x140
[  189.915269][ T9521]  __x64_sys_ioctl+0x43/0x50
[  189.915282][ T9521]  x64_sys_call+0x14b0/0x3000
[  189.915358][ T9521]  do_syscall_64+0xd8/0x2a0
[  189.915372][ T9521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.915384][ T9521] RIP: 0033:0x7fdab805f749
[  189.915392][ T9521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.915407][ T9521] RSP: 002b:00007fdab6ac7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  189.915419][ T9521] RAX: ffffffffffffffda RBX: 00007fdab82b5fa0 RCX: 00007fdab805f749
[  189.915426][ T9521] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000007
[  189.915476][ T9521] RBP: 00007fdab6ac7090 R08: 0000000000000000 R09: 0000000000000000
[  189.915534][ T9521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.915602][ T9521] R13: 00007fdab82b6038 R14: 00007fdab82b5fa0 R15: 00007ffd2cad67a8
[  189.915621][ T9521]  </TASK>
[  190.140988][ T9526] 9pnet_fd: p9_fd_create_unix (9526): problem connecting socket: ./cgroup: -111
[  190.165514][ T9528] 9pnet_fd: p9_fd_create_unix (9528): problem connecting socket: ./file0: -2
[  190.196848][ T9528] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9528 comm=syz.3.1851
[  190.209298][ T9528] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9528 comm=syz.3.1851
[  190.251612][ T9536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1853'.
[  190.268054][ T9538] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  190.279937][ T9538] FAULT_INJECTION: forcing a failure.
[  190.279937][ T9538] name failslab, interval 1, probability 0, space 0, times 0
[  190.292622][ T9538] CPU: 0 UID: 0 PID: 9538 Comm: syz.3.1856 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  190.292704][ T9538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  190.292715][ T9538] Call Trace:
[  190.292721][ T9538]  <TASK>
[  190.292729][ T9538]  __dump_stack+0x1d/0x30
[  190.292752][ T9538]  dump_stack_lvl+0xe8/0x140
[  190.292830][ T9538]  dump_stack+0x15/0x1b
[  190.292849][ T9538]  should_fail_ex+0x265/0x280
[  190.292877][ T9538]  should_failslab+0x8c/0xb0
[  190.292972][ T9538]  __kmalloc_node_noprof+0xaa/0x5b0
[  190.293002][ T9538]  ? qdisc_alloc+0x65/0x410
[  190.293066][ T9538]  qdisc_alloc+0x65/0x410
[  190.293080][ T9538]  ? vprintk_default+0x26/0x30
[  190.293108][ T9538]  ? vprintk+0x1d/0x30
[  190.293129][ T9538]  qdisc_create_dflt+0x7f/0x2d0
[  190.293148][ T9538]  fifo_create_dflt+0x4a/0x1a0
[  190.293316][ T9538]  tbf_change+0x62a/0xc30
[  190.293331][ T9538]  ? _raw_spin_lock_irqsave+0x75/0xd0
[  190.293358][ T9538]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  190.293406][ T9538]  ? rtnetlink_rcv+0x1c/0x30
[  190.293425][ T9538]  ? netlink_unicast+0x5c0/0x690
[  190.293461][ T9538]  ? netlink_sendmsg+0x58b/0x6b0
[  190.293482][ T9538]  ? __sock_sendmsg+0x145/0x180
[  190.293571][ T9538]  ? read_tsc+0x9/0x20
[  190.293592][ T9538]  ? __pfx_tbf_init+0x10/0x10
[  190.293610][ T9538]  tbf_init+0x72/0x90
[  190.293628][ T9538]  qdisc_create+0x591/0x9e0
[  190.293653][ T9538]  tc_modify_qdisc+0xf9c/0x1480
[  190.293773][ T9538]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  190.293801][ T9538]  rtnetlink_rcv_msg+0x65a/0x6d0
[  190.293825][ T9538]  ? avc_has_perm_noaudit+0xab/0x130
[  190.293851][ T9538]  netlink_rcv_skb+0x123/0x220
[  190.293916][ T9538]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  190.293944][ T9538]  rtnetlink_rcv+0x1c/0x30
[  190.293962][ T9538]  netlink_unicast+0x5c0/0x690
[  190.293979][ T9538]  netlink_sendmsg+0x58b/0x6b0
[  190.293999][ T9538]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.294064][ T9538]  __sock_sendmsg+0x145/0x180
[  190.294142][ T9538]  ____sys_sendmsg+0x31e/0x4a0
[  190.294161][ T9538]  ___sys_sendmsg+0x17b/0x1d0
[  190.294189][ T9538]  __x64_sys_sendmsg+0xd4/0x160
[  190.294210][ T9538]  x64_sys_call+0x17ba/0x3000
[  190.294256][ T9538]  do_syscall_64+0xd8/0x2a0
[  190.294280][ T9538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.294299][ T9538] RIP: 0033:0x7f0b30c1f749
[  190.294312][ T9538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.294326][ T9538] RSP: 002b:00007f0b2f687038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  190.294381][ T9538] RAX: ffffffffffffffda RBX: 00007f0b30e75fa0 RCX: 00007f0b30c1f749
[  190.294394][ T9538] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000005
[  190.294407][ T9538] RBP: 00007f0b2f687090 R08: 0000000000000000 R09: 0000000000000000
[  190.294420][ T9538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.294433][ T9538] R13: 00007f0b30e76038 R14: 00007f0b30e75fa0 R15: 00007ffd5780f988
[  190.294452][ T9538]  </TASK>
[  190.296661][ T9542] netlink: 'syz.2.1858': attribute type 3 has an invalid length.
[  190.342254][   T52] Bluetooth: hci0: Frame reassembly failed (-84)
[  190.471709][ T9552] loop3: detected capacity change from 0 to 1024
[  190.624482][ T9552] EXT4-fs: Ignoring removed bh option
[  190.650905][ T9552] EXT4-fs: inline encryption not supported
[  190.672780][ T9552] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  190.710891][ T9552] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  190.723325][ T9555] bridge1: entered promiscuous mode
[  190.728557][ T9555] bridge1: entered allmulticast mode
[  190.734817][ T9552] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 2: comm syz.3.1860: lblock 2 mapped to illegal pblock 2 (length 1)
[  190.749641][ T9555] team0: Port device bridge1 added
[  190.749886][ T9552] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 48: comm syz.3.1860: lblock 0 mapped to illegal pblock 48 (length 1)
[  190.756057][ T9555] bridge0: port 3(team0) entered blocking state
[  190.769456][ T9552] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.1860: Failed to acquire dquot type 0
[  190.775257][ T9555] bridge0: port 3(team0) entered disabled state
[  190.775422][ T9555] team0: entered allmulticast mode
[  190.792770][ T9555] team_slave_0: entered allmulticast mode
[  190.798215][ T9552] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  190.803640][ T9555] team_slave_1: entered allmulticast mode
[  190.804923][ T9555] team0: entered promiscuous mode
[  190.813471][ T9552] EXT4-fs error (device loop3): ext4_evict_inode:253: inode #11: comm syz.3.1860: mark_inode_dirty error
[  190.818841][ T9555] team_slave_0: entered promiscuous mode
[  190.824024][ T9552] EXT4-fs warning (device loop3): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  190.835068][ T9555] team_slave_1: entered promiscuous mode
[  190.841236][ T9552] EXT4-fs (loop3): 1 orphan inode deleted
[  190.854231][ T9556] IPv6: sit1: Disabled Multicast RS
[  190.856871][ T9552] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.879990][  T983] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  190.894304][  T983] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:8: Failed to release dquot type 0
[  190.906685][ T9552] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.916018][ T9552] EXT4-fs error (device loop3): __ext4_get_inode_loc:4828: comm syz.3.1860: Invalid inode table block 1 in block_group 0
[  190.928876][ T9552] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  190.939085][ T9552] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz.3.1860: mark_inode_dirty error
[  191.008706][   T29] kauditd_printk_skb: 617 callbacks suppressed
[  191.008718][   T29] audit: type=1400 audit(1764842358.097:31252): avc:  denied  { create } for  pid=9565 comm="syz.1.1866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  191.085662][   T29] audit: type=1400 audit(1764842358.125:31253): avc:  denied  { connect } for  pid=9565 comm="syz.1.1866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  191.150750][   T29] audit: type=1400 audit(1764842358.228:31254): avc:  denied  { mounton } for  pid=9568 comm="syz.4.1867" path="/387" dev="tmpfs" ino=2199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  191.173208][ T9569] 9pnet_fd: p9_fd_create_unix (9569): problem connecting socket: ./file0: -2
[  191.212509][ T9569] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9569 comm=syz.4.1867
[  191.224962][ T9569] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9569 comm=syz.4.1867
[  191.238456][   T29] audit: type=1400 audit(1764842358.265:31255): avc:  denied  { allowed } for  pid=9563 comm="syz.3.1865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  191.257884][   T29] audit: type=1400 audit(1764842358.265:31256): avc:  denied  { create } for  pid=9563 comm="syz.3.1865" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  191.279331][   T29] audit: type=1400 audit(1764842358.265:31257): avc:  denied  { map } for  pid=9563 comm="syz.3.1865" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=26519 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  191.303592][   T29] audit: type=1400 audit(1764842358.265:31258): avc:  denied  { read write } for  pid=9563 comm="syz.3.1865" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=26519 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  191.328481][   T29] audit: type=1400 audit(1764842358.275:31259): avc:  denied  { firmware_load } for  pid=9563 comm="syz.3.1865" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  191.353368][   T29] audit: type=1400 audit(1764842358.275:31260): avc:  denied  { create } for  pid=9568 comm="syz.4.1867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  191.483233][ T9573] loop1: detected capacity change from 0 to 128
[  191.603417][ T9581] FAULT_INJECTION: forcing a failure.
[  191.603417][ T9581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  191.616487][ T9581] CPU: 1 UID: 0 PID: 9581 Comm: syz.4.1871 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  191.616508][ T9581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  191.616518][ T9581] Call Trace:
[  191.616523][ T9581]  <TASK>
[  191.616531][ T9581]  __dump_stack+0x1d/0x30
[  191.616554][ T9581]  dump_stack_lvl+0xe8/0x140
[  191.616635][ T9581]  dump_stack+0x15/0x1b
[  191.616729][ T9581]  should_fail_ex+0x265/0x280
[  191.616754][ T9581]  should_fail+0xb/0x20
[  191.616773][ T9581]  should_fail_usercopy+0x1a/0x20
[  191.616837][ T9581]  _copy_to_user+0x20/0xa0
[  191.616852][ T9581]  simple_read_from_buffer+0xb5/0x130
[  191.616876][ T9581]  proc_fail_nth_read+0x10e/0x150
[  191.616935][ T9581]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  191.616951][ T9581]  vfs_read+0x1a8/0x770
[  191.616973][ T9581]  ? __rcu_read_unlock+0x4f/0x70
[  191.616989][ T9581]  ? __fget_files+0x184/0x1c0
[  191.617152][ T9581]  ? mutex_lock+0x58/0x90
[  191.617244][ T9581]  ksys_read+0xda/0x1a0
[  191.617266][ T9581]  __x64_sys_read+0x40/0x50
[  191.617287][ T9581]  x64_sys_call+0x2889/0x3000
[  191.617385][ T9581]  do_syscall_64+0xd8/0x2a0
[  191.617468][ T9581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.617485][ T9581] RIP: 0033:0x7f61ada8e15c
[  191.617497][ T9581] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  191.617513][ T9581] RSP: 002b:00007f61ac4ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  191.617616][ T9581] RAX: ffffffffffffffda RBX: 00007f61adce5fa0 RCX: 00007f61ada8e15c
[  191.617626][ T9581] RDX: 000000000000000f RSI: 00007f61ac4ef0a0 RDI: 0000000000000007
[  191.617636][ T9581] RBP: 00007f61ac4ef090 R08: 0000000000000000 R09: 0000000000000000
[  191.617646][ T9581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.617657][ T9581] R13: 00007f61adce6038 R14: 00007f61adce5fa0 R15: 00007ffd6ff40c78
[  191.617696][ T9581]  </TASK>
[  191.625886][   T29] audit: type=1400 audit(1764842358.667:31261): avc:  denied  { mount } for  pid=9565 comm="syz.1.1866" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  191.888612][ T9585] loop4: detected capacity change from 0 to 1024
[  191.906026][ T9585] EXT4-fs: Ignoring removed mblk_io_submit option
[  191.951880][ T9588] FAULT_INJECTION: forcing a failure.
[  191.951880][ T9588] name failslab, interval 1, probability 0, space 0, times 0
[  191.964578][ T9588] CPU: 0 UID: 0 PID: 9588 Comm: syz.3.1874 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  191.964603][ T9588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  191.964620][ T9588] Call Trace:
[  191.964627][ T9588]  <TASK>
[  191.964697][ T9588]  __dump_stack+0x1d/0x30
[  191.964720][ T9588]  dump_stack_lvl+0xe8/0x140
[  191.964741][ T9588]  dump_stack+0x15/0x1b
[  191.964760][ T9588]  should_fail_ex+0x265/0x280
[  191.964787][ T9588]  ? __se_sys_memfd_create+0x1d6/0x6b0
[  191.964824][ T9588]  should_failslab+0x8c/0xb0
[  191.964854][ T9588]  __kmalloc_cache_noprof+0x4c/0x4c0
[  191.964938][ T9588]  ? mutex_unlock+0x4f/0x90
[  191.964955][ T9588]  __se_sys_memfd_create+0x1d6/0x6b0
[  191.964980][ T9588]  ? syscall_user_dispatch+0x85/0xf0
[  191.965029][ T9588]  __x64_sys_memfd_create+0x31/0x40
[  191.965056][ T9588]  x64_sys_call+0x28cb/0x3000
[  191.965081][ T9588]  do_syscall_64+0xd8/0x2a0
[  191.965107][ T9588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.965177][ T9588] RIP: 0033:0x7f0b30c1f749
[  191.965190][ T9588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.965254][ T9588] RSP: 002b:00007f0b2f686e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  191.965273][ T9588] RAX: ffffffffffffffda RBX: 0000000000000490 RCX: 00007f0b30c1f749
[  191.965287][ T9588] RDX: 00007f0b2f686ef0 RSI: 0000000000000000 RDI: 00007f0b30ca4960
[  191.965299][ T9588] RBP: 0000200000001280 R08: 00007f0b2f686bb7 R09: 00007f0b2f686e40
[  191.965312][ T9588] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000002c0
[  191.965325][ T9588] R13: 00007f0b2f686ef0 R14: 00007f0b2f686eb0 R15: 0000200000000340
[  191.965344][ T9588]  </TASK>
[  192.172780][ T9585] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  192.191916][ T9595] loop3: detected capacity change from 0 to 1024
[  192.217247][ T9595] EXT4-fs: Ignoring removed bh option
[  192.244240][ T9595] EXT4-fs: inline encryption not supported
[  192.255974][ T9595] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  192.268269][ T9595] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  192.277124][ T9595] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 2: comm syz.3.1875: lblock 2 mapped to illegal pblock 2 (length 1)
[  192.291879][ T9595] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 48: comm syz.3.1875: lblock 0 mapped to illegal pblock 48 (length 1)
[  192.306182][ T9595] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.1875: Failed to acquire dquot type 0
[  192.317889][ T9595] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  192.327565][ T9595] EXT4-fs error (device loop3): ext4_evict_inode:253: inode #11: comm syz.3.1875: mark_inode_dirty error
[  192.338990][ T9595] EXT4-fs warning (device loop3): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  192.351034][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.369795][ T9595] EXT4-fs (loop3): 1 orphan inode deleted
[  192.375999][ T9595] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.388540][  T970] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 1: comm kworker/u8:7: lblock 1 mapped to illegal pblock 1 (length 1)
[  192.403716][  T970] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:7: Failed to release dquot type 0
[  192.412734][ T9600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1876'.
[  192.419460][ T9595] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.433334][ T9595] EXT4-fs error (device loop3): __ext4_get_inode_loc:4828: comm syz.3.1875: Invalid inode table block 1 in block_group 0
[  192.446036][ T9595] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  192.455758][ T9595] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz.3.1875: mark_inode_dirty error
[  192.484477][ T9599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1876'.
[  192.509805][ T9603] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1877'.
[  192.535725][ T9605] loop1: detected capacity change from 0 to 736
[  192.542305][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  192.543483][ T9605] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  192.548459][ T3515] Bluetooth: hci0: command 0x1003 tx timeout
[  192.576903][ T9605] loop1: detected capacity change from 0 to 1024
[  192.584346][ T9605] EXT4-fs: Ignoring removed orlov option
[  192.592846][ T9605] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.677109][ T9609] loop4: detected capacity change from 0 to 8192
[  192.739179][ T9611] xt_CT: You must specify a L4 protocol and not use inversions on it
[  192.783474][ T9609] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  192.792334][ T9609] FAT-fs (loop4): Filesystem has been set read-only
[  192.799173][ T9609] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 2068)
[  192.840609][ T8823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.937886][ T9622] netlink: 'wޣ�': attribute type 4 has an invalid length.
[  193.002613][ T9630] loop2: detected capacity change from 0 to 1024
[  193.009228][ T9626] loop4: detected capacity change from 0 to 4096
[  193.015825][ T9628] loop1: detected capacity change from 0 to 1024
[  193.023300][ T9628] EXT4-fs: Ignoring removed mblk_io_submit option
[  193.026559][ T9626] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  193.029839][ T9630] EXT4-fs: Ignoring removed bh option
[  193.044407][ T9630] EXT4-fs: inline encryption not supported
[  193.052406][ T9630] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  193.063322][ T9630] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  193.071912][ T9628] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.119117][ T9630] EXT4-fs error (device loop2): ext4_map_blocks:777: inode #3: block 2: comm syz.2.1888: lblock 2 mapped to illegal pblock 2 (length 1)
[  193.136122][ T9637] FAULT_INJECTION: forcing a failure.
[  193.136122][ T9637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.149173][ T9637] CPU: 0 UID: 0 PID: 9637 Comm: syz.0.1890 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  193.149311][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  193.149376][ T9637] Call Trace:
[  193.149379][ T9637]  <TASK>
[  193.149384][ T9637]  __dump_stack+0x1d/0x30
[  193.149405][ T9637]  dump_stack_lvl+0xe8/0x140
[  193.149417][ T9637]  dump_stack+0x15/0x1b
[  193.149427][ T9637]  should_fail_ex+0x265/0x280
[  193.149496][ T9637]  should_fail+0xb/0x20
[  193.149509][ T9637]  should_fail_usercopy+0x1a/0x20
[  193.149525][ T9637]  _copy_from_user+0x1c/0xb0
[  193.149571][ T9637]  __se_sys_capset+0x1f4/0x450
[  193.149589][ T9637]  __x64_sys_capset+0x31/0x40
[  193.149604][ T9637]  x64_sys_call+0x2868/0x3000
[  193.149650][ T9637]  do_syscall_64+0xd8/0x2a0
[  193.149713][ T9637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.149738][ T9637] RIP: 0033:0x7fdab805f749
[  193.149747][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.149758][ T9637] RSP: 002b:00007fdab6ac7038 EFLAGS: 00000246 ORIG_RAX: 000000000000007e
[  193.149769][ T9637] RAX: ffffffffffffffda RBX: 00007fdab82b5fa0 RCX: 00007fdab805f749
[  193.149776][ T9637] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[  193.149783][ T9637] RBP: 00007fdab6ac7090 R08: 0000000000000000 R09: 0000000000000000
[  193.149802][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.149809][ T9637] R13: 00007fdab82b6038 R14: 00007fdab82b5fa0 R15: 00007ffd2cad67a8
[  193.149819][ T9637]  </TASK>
[  193.150198][ T9630] EXT4-fs error (device loop2): ext4_map_blocks:777: inode #3: block 48: comm syz.2.1888: lblock 0 mapped to illegal pblock 48 (length 1)
[  193.155490][ T9635] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1889'.
[  193.230849][ T9630] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.1888: Failed to acquire dquot type 0
[  193.303081][ T9647] loop0: detected capacity change from 0 to 512
[  193.322392][ T9647] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  193.331031][ T9630] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  193.369692][ T9630] EXT4-fs error (device loop2): ext4_evict_inode:253: inode #11: comm syz.2.1888: mark_inode_dirty error
[  193.384236][ T9630] EXT4-fs warning (device loop2): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  193.404669][ T9647] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  193.412684][ T9630] EXT4-fs (loop2): 1 orphan inode deleted
[  193.413455][ T9647] FAT-fs (loop0): Filesystem has been set read-only
[  193.413625][ T9647] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 548)
[  193.433974][   T42] EXT4-fs error (device loop2): ext4_map_blocks:777: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  193.440301][ T9647] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  193.450408][ T9630] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.469472][ T9647] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  193.478313][   T42] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:2: Failed to release dquot type 0
[  193.497343][ T9649] loop3: detected capacity change from 0 to 4096
[  193.500709][ T9630] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.514919][ T8823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.514944][ T9630] EXT4-fs error (device loop2): __ext4_get_inode_loc:4828: comm syz.2.1888: Invalid inode table block 1 in block_group 0
[  193.537171][ T9630] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  193.551881][ T9649] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  193.569861][ T9630] EXT4-fs error (device loop2): ext4_quota_off:7229: inode #3: comm syz.2.1888: mark_inode_dirty error
[  193.587432][ T9653] loop4: detected capacity change from 0 to 512
[  193.601569][ T9653] EXT4-fs error (device loop4): __ext4_iget:5439: inode #2: block 512: comm syz.4.1897: invalid block
[  193.618197][ T9653] EXT4-fs (loop4): get root inode failed
[  193.623874][ T9653] EXT4-fs (loop4): mount failed
[  193.628995][ T9649] FAULT_INJECTION: forcing a failure.
[  193.628995][ T9649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.642155][ T9649] CPU: 1 UID: 0 PID: 9649 Comm: syz.3.1895 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  193.642177][ T9649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  193.642187][ T9649] Call Trace:
[  193.642193][ T9649]  <TASK>
[  193.642200][ T9649]  __dump_stack+0x1d/0x30
[  193.642252][ T9649]  dump_stack_lvl+0xe8/0x140
[  193.642297][ T9649]  dump_stack+0x15/0x1b
[  193.642313][ T9649]  should_fail_ex+0x265/0x280
[  193.642341][ T9649]  should_fail+0xb/0x20
[  193.642406][ T9649]  should_fail_usercopy+0x1a/0x20
[  193.642519][ T9649]  strncpy_from_user+0x27/0x260
[  193.642546][ T9649]  ? kmem_cache_alloc_noprof+0x23f/0x4a0
[  193.642576][ T9649]  getname_flags+0xae/0x3b0
[  193.642597][ T9649]  user_path_at+0x28/0x130
[  193.642639][ T9649]  do_fchownat+0xb0/0x210
[  193.642661][ T9649]  __x64_sys_lchown+0x4a/0x60
[  193.642679][ T9649]  x64_sys_call+0x2eda/0x3000
[  193.642715][ T9649]  do_syscall_64+0xd8/0x2a0
[  193.642739][ T9649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.642759][ T9649] RIP: 0033:0x7f0b30c1f749
[  193.642775][ T9649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.642792][ T9649] RSP: 002b:00007f0b2f687038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e
[  193.642843][ T9649] RAX: ffffffffffffffda RBX: 00007f0b30e75fa0 RCX: 00007f0b30c1f749
[  193.642928][ T9649] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  193.642939][ T9649] RBP: 00007f0b2f687090 R08: 0000000000000000 R09: 0000000000000000
[  193.642950][ T9649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.642961][ T9649] R13: 00007f0b30e76038 R14: 00007f0b30e75fa0 R15: 00007ffd5780f988
[  193.642980][ T9649]  </TASK>
[  193.861500][ T9664] syz.3.1902 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  193.887943][ T9666] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1897'.
[  193.917511][ T9671] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1905'.
[  193.941850][ T9669] loop2: detected capacity change from 0 to 1024
[  193.948992][ T9669] EXT4-fs: Ignoring removed mblk_io_submit option
[  193.966301][ T9675] FAULT_INJECTION: forcing a failure.
[  193.966301][ T9675] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.967446][ T9669] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  193.979359][ T9675] CPU: 0 UID: 0 PID: 9675 Comm: syz.3.1903 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  193.979444][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  193.979456][ T9675] Call Trace:
[  193.979463][ T9675]  <TASK>
[  193.979471][ T9675]  __dump_stack+0x1d/0x30
[  193.979493][ T9675]  dump_stack_lvl+0xe8/0x140
[  193.979551][ T9675]  dump_stack+0x15/0x1b
[  193.979569][ T9675]  should_fail_ex+0x265/0x280
[  193.979655][ T9675]  should_fail+0xb/0x20
[  193.979678][ T9675]  should_fail_usercopy+0x1a/0x20
[  193.979713][ T9675]  _copy_to_user+0x20/0xa0
[  193.979731][ T9675]  simple_read_from_buffer+0xb5/0x130
[  193.979783][ T9675]  proc_fail_nth_read+0x10e/0x150
[  193.979875][ T9675]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  193.979964][ T9675]  vfs_read+0x1a8/0x770
[  193.979989][ T9675]  ? __rcu_read_unlock+0x4f/0x70
[  193.980066][ T9675]  ? __fget_files+0x184/0x1c0
[  193.980175][ T9675]  ? mutex_lock+0x58/0x90
[  193.980206][ T9675]  ksys_read+0xda/0x1a0
[  193.980266][ T9675]  __x64_sys_read+0x40/0x50
[  193.980289][ T9675]  x64_sys_call+0x2889/0x3000
[  193.980312][ T9675]  do_syscall_64+0xd8/0x2a0
[  193.980412][ T9675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.980432][ T9675] RIP: 0033:0x7f0b30c1e15c
[  193.980446][ T9675] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  193.980513][ T9675] RSP: 002b:00007f0b2f687030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  193.980532][ T9675] RAX: ffffffffffffffda RBX: 00007f0b30e75fa0 RCX: 00007f0b30c1e15c
[  193.980545][ T9675] RDX: 000000000000000f RSI: 00007f0b2f6870a0 RDI: 0000000000000004
[  193.980558][ T9675] RBP: 00007f0b2f687090 R08: 0000000000000000 R09: 0000000000000000
[  193.980571][ T9675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.980639][ T9675] R13: 00007f0b30e76038 R14: 00007f0b30e75fa0 R15: 00007ffd5780f988
[  193.980657][ T9675]  </TASK>
[  194.111142][ T9678] netlink: 'syz.3.1906': attribute type 3 has an invalid length.
[  194.259216][ T9660] loop1: detected capacity change from 0 to 1024
[  194.289078][ T9684] FAULT_INJECTION: forcing a failure.
[  194.289078][ T9684] name failslab, interval 1, probability 0, space 0, times 0
[  194.301793][ T9684] CPU: 1 UID: 0 PID: 9684 Comm: syz.1.1909 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  194.301838][ T9684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  194.301845][ T9684] Call Trace:
[  194.301848][ T9684]  <TASK>
[  194.301853][ T9684]  __dump_stack+0x1d/0x30
[  194.301918][ T9684]  dump_stack_lvl+0xe8/0x140
[  194.301930][ T9684]  dump_stack+0x15/0x1b
[  194.302044][ T9684]  should_fail_ex+0x265/0x280
[  194.302065][ T9684]  should_failslab+0x8c/0xb0
[  194.302094][ T9684]  kmem_cache_alloc_noprof+0x50/0x4a0
[  194.302111][ T9684]  ? skb_clone+0x151/0x1f0
[  194.302123][ T9684]  skb_clone+0x151/0x1f0
[  194.302134][ T9684]  nfnetlink_rcv+0x2fc/0x16c0
[  194.302152][ T9684]  ? kmem_cache_free+0xe3/0x3a0
[  194.302163][ T9684]  ? __kfree_skb+0x109/0x150
[  194.302248][ T9684]  ? consume_skb+0x49/0x150
[  194.302273][ T9684]  ? nlmon_xmit+0x4f/0x60
[  194.302333][ T9684]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  194.302346][ T9684]  ? __dev_queue_xmit+0x138d/0x1ec0
[  194.302357][ T9684]  ? __dev_queue_xmit+0x148/0x1ec0
[  194.302367][ T9684]  ? __account_obj_stock+0x211/0x350
[  194.302409][ T9684]  ? ref_tracker_free+0x37d/0x3e0
[  194.302430][ T9684]  netlink_unicast+0x5c0/0x690
[  194.302474][ T9684]  netlink_sendmsg+0x58b/0x6b0
[  194.302493][ T9684]  ? __pfx_netlink_sendmsg+0x10/0x10
[  194.302505][ T9684]  __sock_sendmsg+0x145/0x180
[  194.302531][ T9684]  ____sys_sendmsg+0x31e/0x4a0
[  194.302544][ T9684]  ___sys_sendmsg+0x17b/0x1d0
[  194.302562][ T9684]  __x64_sys_sendmsg+0xd4/0x160
[  194.302592][ T9684]  x64_sys_call+0x17ba/0x3000
[  194.302605][ T9684]  do_syscall_64+0xd8/0x2a0
[  194.302619][ T9684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.302631][ T9684] RIP: 0033:0x7f6ca379f749
[  194.302647][ T9684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.302658][ T9684] RSP: 002b:00007f6ca2207038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  194.302669][ T9684] RAX: ffffffffffffffda RBX: 00007f6ca39f5fa0 RCX: 00007f6ca379f749
[  194.302706][ T9684] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[  194.302713][ T9684] RBP: 00007f6ca2207090 R08: 0000000000000000 R09: 0000000000000000
[  194.302720][ T9684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.302727][ T9684] R13: 00007f6ca39f6038 R14: 00007f6ca39f5fa0 R15: 00007ffcd61aee28
[  194.302738][ T9684]  </TASK>
[  194.555071][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.581045][ T9689] 9pnet_fd: p9_fd_create_unix (9689): problem connecting socket: ./file0: -2
[  194.614971][ T9689] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9689 comm=syz.4.1912
[  194.627455][ T9689] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9689 comm=syz.4.1912
[  194.685220][ T9697] FAULT_INJECTION: forcing a failure.
[  194.685220][ T9697] name failslab, interval 1, probability 0, space 0, times 0
[  194.697925][ T9697] CPU: 0 UID: 0 PID: 9697 Comm: syz.1.1915 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  194.697951][ T9697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  194.698002][ T9697] Call Trace:
[  194.698006][ T9697]  <TASK>
[  194.698010][ T9697]  __dump_stack+0x1d/0x30
[  194.698034][ T9697]  dump_stack_lvl+0xe8/0x140
[  194.698045][ T9697]  dump_stack+0x15/0x1b
[  194.698056][ T9697]  should_fail_ex+0x265/0x280
[  194.698072][ T9697]  ? do_proc_control+0x1d6/0x8b0
[  194.698161][ T9697]  should_failslab+0x8c/0xb0
[  194.698216][ T9697]  __kmalloc_cache_noprof+0x4c/0x4c0
[  194.698265][ T9697]  do_proc_control+0x1d6/0x8b0
[  194.698332][ T9697]  ? should_fail_ex+0xdb/0x280
[  194.698347][ T9697]  proc_control+0x71/0xa0
[  194.698362][ T9697]  usbdev_ioctl+0x93c/0x1700
[  194.698377][ T9697]  ? __pfx_usbdev_ioctl+0x10/0x10
[  194.698458][ T9697]  __se_sys_ioctl+0xce/0x140
[  194.698473][ T9697]  __x64_sys_ioctl+0x43/0x50
[  194.698526][ T9697]  x64_sys_call+0x14b0/0x3000
[  194.698622][ T9697]  do_syscall_64+0xd8/0x2a0
[  194.698637][ T9697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.698649][ T9697] RIP: 0033:0x7f6ca379f749
[  194.698658][ T9697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.698668][ T9697] RSP: 002b:00007f6ca2207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  194.698721][ T9697] RAX: ffffffffffffffda RBX: 00007f6ca39f5fa0 RCX: 00007f6ca379f749
[  194.698729][ T9697] RDX: 0000200000000080 RSI: 00000000c0185500 RDI: 0000000000000006
[  194.698736][ T9697] RBP: 00007f6ca2207090 R08: 0000000000000000 R09: 0000000000000000
[  194.698785][ T9697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.698846][ T9697] R13: 00007f6ca39f6038 R14: 00007f6ca39f5fa0 R15: 00007ffcd61aee28
[  194.698857][ T9697]  </TASK>
[  194.908510][ T9708] FAULT_INJECTION: forcing a failure.
[  194.908510][ T9708] name failslab, interval 1, probability 0, space 0, times 0
[  194.921226][ T9708] CPU: 0 UID: 0 PID: 9708 Comm: syz.1.1917 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  194.921314][ T9708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  194.921327][ T9708] Call Trace:
[  194.921333][ T9708]  <TASK>
[  194.921341][ T9708]  __dump_stack+0x1d/0x30
[  194.921365][ T9708]  dump_stack_lvl+0xe8/0x140
[  194.921454][ T9708]  dump_stack+0x15/0x1b
[  194.921479][ T9708]  should_fail_ex+0x265/0x280
[  194.921529][ T9708]  should_failslab+0x8c/0xb0
[  194.921606][ T9708]  kmem_cache_alloc_node_noprof+0x57/0x4c0
[  194.921635][ T9708]  ? __alloc_skb+0x324/0x4d0
[  194.921719][ T9708]  __alloc_skb+0x324/0x4d0
[  194.921805][ T9708]  ? __alloc_skb+0x24d/0x4d0
[  194.921828][ T9708]  netlink_alloc_large_skb+0xbf/0xf0
[  194.921857][ T9708]  netlink_sendmsg+0x3cf/0x6b0
[  194.921882][ T9708]  ? __pfx_netlink_sendmsg+0x10/0x10
[  194.921975][ T9708]  __sock_sendmsg+0x145/0x180
[  194.921996][ T9708]  ____sys_sendmsg+0x31e/0x4a0
[  194.922015][ T9708]  ___sys_sendmsg+0x17b/0x1d0
[  194.922096][ T9708]  __x64_sys_sendmsg+0xd4/0x160
[  194.922120][ T9708]  x64_sys_call+0x17ba/0x3000
[  194.922161][ T9708]  do_syscall_64+0xd8/0x2a0
[  194.922209][ T9708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.922231][ T9708] RIP: 0033:0x7f6ca379f749
[  194.922246][ T9708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.922262][ T9708] RSP: 002b:00007f6ca2207038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  194.922279][ T9708] RAX: ffffffffffffffda RBX: 00007f6ca39f5fa0 RCX: 00007f6ca379f749
[  194.922290][ T9708] RDX: 000000002000c800 RSI: 0000200000000380 RDI: 0000000000000006
[  194.922351][ T9708] RBP: 00007f6ca2207090 R08: 0000000000000000 R09: 0000000000000000
[  194.922364][ T9708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.922375][ T9708] R13: 00007f6ca39f6038 R14: 00007f6ca39f5fa0 R15: 00007ffcd61aee28
[  194.922391][ T9708]  </TASK>
[  195.173056][ T9716] loop2: detected capacity change from 0 to 1024
[  195.183125][ T9716] EXT4-fs: Ignoring removed mblk_io_submit option
[  195.269363][ T9729] FAULT_INJECTION: forcing a failure.
[  195.269363][ T9729] name failslab, interval 1, probability 0, space 0, times 0
[  195.282042][ T9729] CPU: 0 UID: 0 PID: 9729 Comm: syz.1.1925 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  195.282066][ T9729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  195.282076][ T9729] Call Trace:
[  195.282082][ T9729]  <TASK>
[  195.282090][ T9729]  __dump_stack+0x1d/0x30
[  195.282146][ T9729]  dump_stack_lvl+0xe8/0x140
[  195.282183][ T9729]  dump_stack+0x15/0x1b
[  195.282198][ T9729]  should_fail_ex+0x265/0x280
[  195.282302][ T9729]  should_failslab+0x8c/0xb0
[  195.282327][ T9729]  kmem_cache_alloc_noprof+0x50/0x4a0
[  195.282436][ T9729]  ? skb_clone+0x151/0x1f0
[  195.282459][ T9729]  skb_clone+0x151/0x1f0
[  195.282478][ T9729]  nfnetlink_rcv+0x2fc/0x16c0
[  195.282585][ T9729]  ? kmem_cache_free+0xe3/0x3a0
[  195.282629][ T9729]  ? __kfree_skb+0x109/0x150
[  195.282653][ T9729]  ? consume_skb+0x49/0x150
[  195.282677][ T9729]  ? nlmon_xmit+0x4f/0x60
[  195.282700][ T9729]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  195.282731][ T9729]  ? __dev_queue_xmit+0x138d/0x1ec0
[  195.282748][ T9729]  ? __dev_queue_xmit+0x148/0x1ec0
[  195.282790][ T9729]  ? __account_obj_stock+0x211/0x350
[  195.282816][ T9729]  ? ref_tracker_free+0x37d/0x3e0
[  195.282853][ T9729]  netlink_unicast+0x5c0/0x690
[  195.282893][ T9729]  netlink_sendmsg+0x58b/0x6b0
[  195.282949][ T9729]  ? __pfx_netlink_sendmsg+0x10/0x10
[  195.282974][ T9729]  __sock_sendmsg+0x145/0x180
[  195.283000][ T9729]  ____sys_sendmsg+0x31e/0x4a0
[  195.283024][ T9729]  ___sys_sendmsg+0x17b/0x1d0
[  195.283054][ T9729]  __x64_sys_sendmsg+0xd4/0x160
[  195.283172][ T9729]  x64_sys_call+0x17ba/0x3000
[  195.283192][ T9729]  do_syscall_64+0xd8/0x2a0
[  195.283218][ T9729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.283241][ T9729] RIP: 0033:0x7f6ca379f749
[  195.283254][ T9729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.283405][ T9729] RSP: 002b:00007f6ca2207038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  195.283425][ T9729] RAX: ffffffffffffffda RBX: 00007f6ca39f5fa0 RCX: 00007f6ca379f749
[  195.283436][ T9729] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  195.283455][ T9729] RBP: 00007f6ca2207090 R08: 0000000000000000 R09: 0000000000000000
[  195.283469][ T9729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.283482][ T9729] R13: 00007f6ca39f6038 R14: 00007f6ca39f5fa0 R15: 00007ffcd61aee28
[  195.283502][ T9729]  </TASK>
[  195.528218][ T9731] 9pnet_fd: p9_fd_create_unix (9731): problem connecting socket: ./file0: -2
[  195.531443][ T9716] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.553327][ T9731] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9731 comm=syz.4.1926
[  195.565833][ T9731] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9731 comm=syz.4.1926
[  195.717906][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.800199][ T9756] loop1: detected capacity change from 0 to 128
[  195.843446][ T9757] loop2: detected capacity change from 0 to 256
[  195.882576][ T9757] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  195.894756][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.902156][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.909596][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.917077][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.924554][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.931942][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.939393][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.946790][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.954202][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  195.961646][ T3872] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  196.013476][ T3872] hid-generic 0003:0004:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  196.031652][ T9766] loop0: detected capacity change from 0 to 1024
[  196.050021][ T9766] EXT4-fs: Ignoring removed bh option
[  196.067136][ T9766] EXT4-fs: inline encryption not supported
[  196.086337][ T9766] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  196.102303][ T9770] fido_id[9770]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  196.244057][ T9767] loop3: detected capacity change from 0 to 32768
[  196.256064][ T9766] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  196.291157][ T9766] EXT4-fs error (device loop0): ext4_map_blocks:777: inode #3: block 2: comm syz.0.1936: lblock 2 mapped to illegal pblock 2 (length 1)
[  196.320240][ T9766] EXT4-fs error (device loop0): ext4_map_blocks:777: inode #3: block 48: comm syz.0.1936: lblock 0 mapped to illegal pblock 48 (length 1)
[  196.320693][ T9767]  loop3: p1 p2 p3 < p5 p6 >
[  196.334546][ T9766] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.1936: Failed to acquire dquot type 0
[  196.353383][ T9775] 9pnet_fd: p9_fd_create_unix (9775): problem connecting socket: ./file0: -2
[  196.356753][ T9767] loop3: p1 size 242222080 extends beyond EOD, truncated
[  196.369441][ T9766] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  196.379497][   T29] kauditd_printk_skb: 676 callbacks suppressed
[  196.379511][   T29] audit: type=1400 audit(1764842363.121:31930): avc:  denied  { prog_run } for  pid=9774 comm="syz.2.1938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  196.386471][ T9775] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9775 comm=syz.2.1938
[  196.415428][   T29] audit: type=1400 audit(1764842363.121:31931): avc:  denied  { create } for  pid=9774 comm="syz.2.1938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  196.417252][ T9775] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9775 comm=syz.2.1938
[  196.436767][   T29] audit: type=1400 audit(1764842363.121:31932): avc:  denied  { allowed } for  pid=9774 comm="syz.2.1938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  196.468528][   T29] audit: type=1400 audit(1764842363.121:31933): avc:  denied  { create } for  pid=9774 comm="syz.2.1938" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  196.489807][   T29] audit: type=1400 audit(1764842363.121:31934): avc:  denied  { map } for  pid=9774 comm="syz.2.1938" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28255 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  196.514115][   T29] audit: type=1400 audit(1764842363.121:31935): avc:  denied  { read write } for  pid=9774 comm="syz.2.1938" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28255 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  196.533876][ T9767] loop3: p2 start 4294967295 is beyond EOD, truncated
[  196.539068][ T9766] EXT4-fs error (device loop0): ext4_evict_inode:253: inode #11: comm syz.0.1936: mark_inode_dirty error
[  196.578738][ T9766] EXT4-fs warning (device loop0): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  196.579531][ T9779] FAULT_INJECTION: forcing a failure.
[  196.579531][ T9779] name failslab, interval 1, probability 0, space 0, times 0
[  196.601524][ T9779] CPU: 0 UID: 0 PID: 9779 Comm: syz.2.1939 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  196.601549][ T9779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  196.601559][ T9779] Call Trace:
[  196.601564][ T9779]  <TASK>
[  196.601570][ T9779]  __dump_stack+0x1d/0x30
[  196.601666][ T9779]  dump_stack_lvl+0xe8/0x140
[  196.601683][ T9779]  dump_stack+0x15/0x1b
[  196.601768][ T9779]  should_fail_ex+0x265/0x280
[  196.601856][ T9779]  ? bpf_uprobe_multi_link_attach+0x315/0x900
[  196.601881][ T9779]  should_failslab+0x8c/0xb0
[  196.601907][ T9779]  __kmalloc_cache_noprof+0x4c/0x4c0
[  196.602008][ T9779]  bpf_uprobe_multi_link_attach+0x315/0x900
[  196.602037][ T9779]  ? __rcu_read_unlock+0x4f/0x70
[  196.602058][ T9779]  link_create+0x680/0x6e0
[  196.602076][ T9779]  __sys_bpf+0x628/0x7c0
[  196.602148][ T9779]  __x64_sys_bpf+0x41/0x50
[  196.602172][ T9779]  x64_sys_call+0x28e1/0x3000
[  196.602267][ T9779]  do_syscall_64+0xd8/0x2a0
[  196.602288][ T9779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.602372][ T9779] RIP: 0033:0x7f959f71f749
[  196.602388][ T9779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.602443][ T9779] RSP: 002b:00007f959e17f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  196.602506][ T9779] RAX: ffffffffffffffda RBX: 00007f959f975fa0 RCX: 00007f959f71f749
[  196.602520][ T9779] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c
[  196.602531][ T9779] RBP: 00007f959e17f090 R08: 0000000000000000 R09: 0000000000000000
[  196.602543][ T9779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  196.602554][ T9779] R13: 00007f959f976038 R14: 00007f959f975fa0 R15: 00007ffd52e187f8
[  196.602570][ T9779]  </TASK>
[  196.605993][ T9766] EXT4-fs (loop0): 1 orphan inode deleted
[  196.625841][   T42] EXT4-fs error (device loop0): ext4_map_blocks:777: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  196.683384][ T9766] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.710456][   T42] Quota error (device loop0): remove_tree: Can't read quota data block 1
[  196.820589][   T42] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:2: Failed to release dquot type 0
[  196.838144][   T29] audit: type=1400 audit(1764842363.448:31936): avc:  denied  { create } for  pid=9780 comm="syz.4.1940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  196.857854][   T29] audit: type=1400 audit(1764842363.457:31937): avc:  denied  { execmem } for  pid=9780 comm="syz.4.1940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  196.877143][   T29] audit: type=1400 audit(1764842363.542:31938): avc:  denied  { mount } for  pid=9765 comm="syz.0.1936" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  196.926431][ T9766] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.936260][ T9766] EXT4-fs error (device loop0): __ext4_get_inode_loc:4828: comm syz.0.1936: Invalid inode table block 1 in block_group 0
[  196.948995][ T9766] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  196.958816][ T9766] EXT4-fs error (device loop0): ext4_quota_off:7229: inode #3: comm syz.0.1936: mark_inode_dirty error
[  196.994198][ T9788] loop4: detected capacity change from 0 to 128
[  197.201443][ T3527] udevd[3527]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  197.214288][ T9795] netlink: 'syz.3.1945': attribute type 3 has an invalid length.
[  197.215884][ T9342] udevd[9342]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[  197.233018][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory
[  197.240897][ T3512] udevd[3512]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  197.504775][ T9805] lo speed is unknown, defaulting to 1000
[  197.539103][ T9805] lo speed is unknown, defaulting to 1000
[  197.705417][ T9810] FAULT_INJECTION: forcing a failure.
[  197.705417][ T9810] name failslab, interval 1, probability 0, space 0, times 0
[  197.718153][ T9810] CPU: 0 UID: 0 PID: 9810 Comm: syz.3.1951 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  197.718176][ T9810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  197.718242][ T9810] Call Trace:
[  197.718310][ T9810]  <TASK>
[  197.718317][ T9810]  __dump_stack+0x1d/0x30
[  197.718336][ T9810]  dump_stack_lvl+0xe8/0x140
[  197.718390][ T9810]  dump_stack+0x15/0x1b
[  197.718418][ T9810]  should_fail_ex+0x265/0x280
[  197.718447][ T9810]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  197.718474][ T9810]  should_failslab+0x8c/0xb0
[  197.718557][ T9810]  kmem_cache_alloc_lru_noprof+0x55/0x4b0
[  197.718589][ T9810]  ? shmem_alloc_inode+0x34/0x50
[  197.718611][ T9810]  ? kstrtouint_from_user+0x9f/0xf0
[  197.718633][ T9810]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  197.718717][ T9810]  shmem_alloc_inode+0x34/0x50
[  197.718860][ T9810]  alloc_inode+0x40/0x170
[  197.718888][ T9810]  new_inode+0x1d/0xe0
[  197.718919][ T9810]  shmem_get_inode+0x244/0x750
[  197.719020][ T9810]  __shmem_file_setup+0x113/0x210
[  197.719044][ T9810]  shmem_file_setup+0x3b/0x50
[  197.719081][ T9810]  __se_sys_memfd_create+0x2f7/0x6b0
[  197.719105][ T9810]  __x64_sys_memfd_create+0x31/0x40
[  197.719201][ T9810]  x64_sys_call+0x28cb/0x3000
[  197.719220][ T9810]  do_syscall_64+0xd8/0x2a0
[  197.719246][ T9810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.719263][ T9810] RIP: 0033:0x7f0b30c1f749
[  197.719291][ T9810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.719306][ T9810] RSP: 002b:00007f0b2f686d68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  197.719325][ T9810] RAX: ffffffffffffffda RBX: 000000000000059d RCX: 00007f0b30c1f749
[  197.719377][ T9810] RDX: 00007f0b2f686dec RSI: 0000000000000000 RDI: 00007f0b30ca4960
[  197.719390][ T9810] RBP: 0000200000000000 R08: 00007f0b2f686b07 R09: 0000000000000000
[  197.719431][ T9810] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[  197.719477][ T9810] R13: 00007f0b2f686dec R14: 00007f0b2f686df0 R15: 00007ffd5780f988
[  197.719497][ T9810]  </TASK>
[  198.062157][ T9819] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1950'.
[  198.115913][ T9818] loop0: detected capacity change from 0 to 1024
[  198.138399][ T9818] EXT4-fs: Ignoring removed mblk_io_submit option
[  198.171765][ T9818] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.185621][ T9827] 9pnet_fd: p9_fd_create_unix (9827): problem connecting socket: ./file0: -2
[  198.241691][ T9827] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9827 comm=syz.3.1957
[  198.254261][ T9827] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9827 comm=syz.3.1957
[  198.283152][ T9825] loop2: detected capacity change from 0 to 8192
[  198.476244][ T9825] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  198.485063][ T9825] FAT-fs (loop2): Filesystem has been set read-only
[  198.502510][ T9825] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068)
[  198.520595][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.894240][ T9846] loop4: detected capacity change from 0 to 256
[  198.920806][ T9846] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  198.963876][ T9864] loop0: detected capacity change from 0 to 1024
[  198.991442][ T9864] EXT4-fs: Ignoring removed bh option
[  199.009502][ T9864] EXT4-fs: inline encryption not supported
[  199.015829][ T9864] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  199.019190][ T9863] loop1: detected capacity change from 0 to 2048
[  199.032510][ T9849] loop2: detected capacity change from 0 to 2048
[  199.040318][ T9864] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  199.049229][ T9864] EXT4-fs error (device loop0): ext4_map_blocks:777: inode #3: block 2: comm syz.0.1968: lblock 2 mapped to illegal pblock 2 (length 1)
[  199.063385][ T9864] EXT4-fs error (device loop0): ext4_map_blocks:777: inode #3: block 48: comm syz.0.1968: lblock 0 mapped to illegal pblock 48 (length 1)
[  199.077649][ T9864] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.1968: Failed to acquire dquot type 0
[  199.085515][ T3306] Alternate GPT is invalid, using primary GPT.
[  199.095198][ T3306]  loop1: p2 p3 p7
[  199.099238][ T9864] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  199.101000][ T3512] Alternate GPT is invalid, using primary GPT.
[  199.114886][ T3512]  loop2: p2 p3 p7
[  199.131401][ T9864] EXT4-fs error (device loop0): ext4_evict_inode:253: inode #11: comm syz.0.1968: mark_inode_dirty error
[  199.164813][ T9864] EXT4-fs warning (device loop0): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  199.168623][ T9849] Alternate GPT is invalid, using primary GPT.
[  199.181471][ T9849]  loop2: p2 p3 p7
[  199.194934][ T9863] Alternate GPT is invalid, using primary GPT.
[  199.198930][ T9864] EXT4-fs (loop0): 1 orphan inode deleted
[  199.201310][ T9863]  loop1: p2 p3 p7
[  199.207418][ T9864] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.223434][ T1643] EXT4-fs error (device loop0): ext4_map_blocks:777: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  199.257848][ T1643] EXT4-fs error (device loop0): ext4_release_dquot:6981: comm kworker/u8:10: Failed to release dquot type 0
[  199.292552][ T3527] udevd[3527]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  199.292754][ T6833] udevd[6833]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  199.316492][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  199.316883][ T9864] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.354276][ T6833] udevd[6833]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  199.354479][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  199.366510][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  199.393582][ T9864] EXT4-fs error (device loop0): __ext4_get_inode_loc:4828: comm syz.0.1968: Invalid inode table block 1 in block_group 0
[  199.405296][ T9873] netlink: 'syz.1.1971': attribute type 3 has an invalid length.
[  199.421380][ T9864] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  199.431017][ T9864] EXT4-fs error (device loop0): ext4_quota_off:7229: inode #3: comm syz.0.1968: mark_inode_dirty error
[  199.461056][ T9875] loop2: detected capacity change from 0 to 1024
[  199.468477][ T9875] EXT4-fs: Ignoring removed mblk_io_submit option
[  199.505605][ T9875] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.526985][ T9880] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1974'.
[  199.551233][ T9885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1975'.
[  199.568733][ T1643] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.583209][ T9888] loop1: detected capacity change from 0 to 736
[  199.587216][ T1643] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.592268][ T9888] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  199.604963][ T1643] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.613731][ T1643] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  199.652320][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.670362][ T9888] loop1: detected capacity change from 0 to 1024
[  199.677830][ T9897] FAULT_INJECTION: forcing a failure.
[  199.677830][ T9897] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.677850][ T9888] EXT4-fs: Ignoring removed orlov option
[  199.690939][ T9897] CPU: 0 UID: 0 PID: 9897 Comm: syz.0.1980 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  199.690994][ T9897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  199.691007][ T9897] Call Trace:
[  199.691013][ T9897]  <TASK>
[  199.691021][ T9897]  __dump_stack+0x1d/0x30
[  199.691043][ T9897]  dump_stack_lvl+0xe8/0x140
[  199.691063][ T9897]  dump_stack+0x15/0x1b
[  199.691107][ T9897]  should_fail_ex+0x265/0x280
[  199.691134][ T9897]  should_fail+0xb/0x20
[  199.691214][ T9897]  should_fail_usercopy+0x1a/0x20
[  199.691242][ T9897]  _copy_from_user+0x1c/0xb0
[  199.691299][ T9897]  ___sys_sendmsg+0xc1/0x1d0
[  199.691330][ T9897]  __x64_sys_sendmsg+0xd4/0x160
[  199.691389][ T9897]  x64_sys_call+0x17ba/0x3000
[  199.691411][ T9897]  do_syscall_64+0xd8/0x2a0
[  199.691435][ T9897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.691456][ T9897] RIP: 0033:0x7fdab805f749
[  199.691521][ T9897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.691539][ T9897] RSP: 002b:00007fdab6ac7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  199.691558][ T9897] RAX: ffffffffffffffda RBX: 00007fdab82b5fa0 RCX: 00007fdab805f749
[  199.691677][ T9897] RDX: 0000000020000000 RSI: 0000200000000600 RDI: 0000000000000006
[  199.691690][ T9897] RBP: 00007fdab6ac7090 R08: 0000000000000000 R09: 0000000000000000
[  199.691703][ T9897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.691716][ T9897] R13: 00007fdab82b6038 R14: 00007fdab82b5fa0 R15: 00007ffd2cad67a8
[  199.691734][ T9897]  </TASK>
[  199.863606][ T9888] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.901783][ T9911] netlink: 'syz.0.1984': attribute type 3 has an invalid length.
[  199.936685][ T9913] loop3: detected capacity change from 0 to 1024
[  199.958181][ T9913] EXT4-fs: Ignoring removed bh option
[  199.975235][ T9913] EXT4-fs: inline encryption not supported
[  199.986889][ T9913] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  200.026950][ T9920] xt_CT: You must specify a L4 protocol and not use inversions on it
[  200.036074][ T9913] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  200.055326][ T9913] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 2: comm syz.3.1985: lblock 2 mapped to illegal pblock 2 (length 1)
[  200.089437][ T9913] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 48: comm syz.3.1985: lblock 0 mapped to illegal pblock 48 (length 1)
[  200.112178][ T9913] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.1985: Failed to acquire dquot type 0
[  200.123618][ T9913] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  200.134787][ T9913] EXT4-fs error (device loop3): ext4_evict_inode:253: inode #11: comm syz.3.1985: mark_inode_dirty error
[  200.148426][ T9919] loop0: detected capacity change from 0 to 256
[  200.163784][ T9919] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  200.174463][ T9913] EXT4-fs warning (device loop3): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  200.189554][ T9913] EXT4-fs (loop3): 1 orphan inode deleted
[  200.200513][ T9913] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.213194][ T1643] EXT4-fs error (device loop3): ext4_map_blocks:777: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  200.228975][ T1643] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:10: Failed to release dquot type 0
[  200.242110][ T9913] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.252586][ T8823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.262703][ T9913] EXT4-fs error (device loop3): __ext4_get_inode_loc:4828: comm syz.3.1985: Invalid inode table block 1 in block_group 0
[  200.278513][ T9913] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  200.347977][ T9913] EXT4-fs error (device loop3): ext4_quota_off:7229: inode #3: comm syz.3.1985: mark_inode_dirty error
[  200.413633][ T9926] loop4: detected capacity change from 0 to 1024
[  200.499170][ T9943] FAULT_INJECTION: forcing a failure.
[  200.499170][ T9943] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.512263][ T9943] CPU: 1 UID: 0 PID: 9943 Comm: syz.4.1995 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  200.512285][ T9943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  200.512347][ T9943] Call Trace:
[  200.512354][ T9943]  <TASK>
[  200.512361][ T9943]  __dump_stack+0x1d/0x30
[  200.512381][ T9943]  dump_stack_lvl+0xe8/0x140
[  200.512405][ T9943]  dump_stack+0x15/0x1b
[  200.512453][ T9943]  should_fail_ex+0x265/0x280
[  200.512477][ T9943]  should_fail+0xb/0x20
[  200.512542][ T9943]  should_fail_usercopy+0x1a/0x20
[  200.512602][ T9943]  _copy_from_user+0x1c/0xb0
[  200.512627][ T9943]  ___sys_sendmsg+0xc1/0x1d0
[  200.512659][ T9943]  __x64_sys_sendmsg+0xd4/0x160
[  200.512683][ T9943]  x64_sys_call+0x17ba/0x3000
[  200.512702][ T9943]  do_syscall_64+0xd8/0x2a0
[  200.512751][ T9943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.512772][ T9943] RIP: 0033:0x7f61ada8f749
[  200.512836][ T9943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.512851][ T9943] RSP: 002b:00007f61ac4ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  200.512931][ T9943] RAX: ffffffffffffffda RBX: 00007f61adce5fa0 RCX: 00007f61ada8f749
[  200.512942][ T9943] RDX: 0000000026004808 RSI: 0000200000000400 RDI: 0000000000000006
[  200.512999][ T9943] RBP: 00007f61ac4ef090 R08: 0000000000000000 R09: 0000000000000000
[  200.513013][ T9943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.513025][ T9943] R13: 00007f61adce6038 R14: 00007f61adce5fa0 R15: 00007ffd6ff40c78
[  200.513045][ T9943]  </TASK>
[  200.707257][ T9947] netlink: 'syz.4.1996': attribute type 3 has an invalid length.
[  200.815991][ T9952] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1993'.
[  201.124197][ T9951] loop4: detected capacity change from 0 to 1024
[  201.204147][ T9957] loop4: detected capacity change from 0 to 8192
[  201.270571][ T9961] loop1: detected capacity change from 0 to 1024
[  201.277200][ T9961] EXT4-fs: Ignoring removed bh option
[  201.293250][ T9961] EXT4-fs: inline encryption not supported
[  201.300513][ T9961] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  201.326018][ T9957] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  201.334862][ T9957] FAT-fs (loop4): Filesystem has been set read-only
[  201.341696][ T9961] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  201.353001][ T9957] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 2068)
[  201.363110][ T9965] 9pnet_fd: p9_fd_create_unix (9965): problem connecting socket: ./file0: -2
[  201.375150][ T9961] EXT4-fs error (device loop1): ext4_map_blocks:777: inode #3: block 2: comm syz.1.2002: lblock 2 mapped to illegal pblock 2 (length 1)
[  201.405332][ T9965] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9965 comm=syz.2.2003
[  201.417851][ T9965] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=9965 comm=syz.2.2003
[  201.431384][ T9961] EXT4-fs error (device loop1): ext4_map_blocks:777: inode #3: block 48: comm syz.1.2002: lblock 0 mapped to illegal pblock 48 (length 1)
[  201.446156][ T9961] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.2002: Failed to acquire dquot type 0
[  201.463045][ T9961] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  201.474579][ T9961] EXT4-fs error (device loop1): ext4_evict_inode:253: inode #11: comm syz.1.2002: mark_inode_dirty error
[  201.486382][ T9961] EXT4-fs warning (device loop1): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  201.497809][ T9961] EXT4-fs (loop1): 1 orphan inode deleted
[  201.504619][ T9961] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.504915][ T1643] EXT4-fs error (device loop1): ext4_map_blocks:777: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  201.539001][ T9970] geneve2: entered promiscuous mode
[  201.569273][   T52] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  201.578085][   T53] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  201.586544][ T1643] EXT4-fs error (device loop1): ext4_release_dquot:6981: comm kworker/u8:10: Failed to release dquot type 0
[  201.617288][  T970] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  201.628751][ T9961] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.637706][  T970] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  201.651977][ T9961] EXT4-fs error (device loop1): __ext4_get_inode_loc:4828: comm syz.1.2002: Invalid inode table block 1 in block_group 0
[  201.665031][ T9961] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6309: Corrupt filesystem
[  201.674521][ T9961] EXT4-fs error (device loop1): ext4_quota_off:7229: inode #3: comm syz.1.2002: mark_inode_dirty error
[  201.695217][ T9977] netlink: 'syz.4.2008': attribute type 3 has an invalid length.
[  201.740447][   T29] kauditd_printk_skb: 723 callbacks suppressed
[  201.740526][   T29] audit: type=1400 audit(1764842368.126:32653): avc:  denied  { name_bind } for  pid=9967 comm="syz.2.2005" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  201.768488][   T29] audit: type=1400 audit(1764842368.126:32654): avc:  denied  { node_bind } for  pid=9967 comm="syz.2.2005" saddr=224.0.0.1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  201.804335][ T9980] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2009'.
[  201.867775][    C1] 0: reclassify loop, rule prio 0, protocol 800
[  201.949673][   T29] audit: type=1326 audit(1764842368.247:32655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  201.973249][   T29] audit: type=1326 audit(1764842368.247:32656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  201.996761][   T29] audit: type=1326 audit(1764842368.247:32657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  202.020227][   T29] audit: type=1326 audit(1764842368.247:32658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  202.043717][   T29] audit: type=1326 audit(1764842368.247:32659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  202.067267][   T29] audit: type=1326 audit(1764842368.247:32660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  202.090714][   T29] audit: type=1326 audit(1764842368.247:32661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  202.114266][   T29] audit: type=1326 audit(1764842368.247:32662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9982 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6ca379f749 code=0x7ffc0000
[  202.145737][    C1] 0: reclassify loop, rule prio 0, protocol 800
[  202.200641][ T9991] FAULT_INJECTION: forcing a failure.
[  202.200641][ T9991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.213999][ T9991] CPU: 0 UID: 0 PID: 9991 Comm: syz.0.2013 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  202.214023][ T9991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  202.214102][ T9991] Call Trace:
[  202.214109][ T9991]  <TASK>
[  202.214116][ T9991]  __dump_stack+0x1d/0x30
[  202.214139][ T9991]  dump_stack_lvl+0xe8/0x140
[  202.214156][ T9991]  dump_stack+0x15/0x1b
[  202.214247][ T9991]  should_fail_ex+0x265/0x280
[  202.214267][ T9991]  should_fail+0xb/0x20
[  202.214280][ T9991]  should_fail_usercopy+0x1a/0x20
[  202.214327][ T9991]  _copy_to_user+0x20/0xa0
[  202.214375][ T9991]  simple_read_from_buffer+0xb5/0x130
[  202.214420][ T9991]  proc_fail_nth_read+0x10e/0x150
[  202.214433][ T9991]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.214445][ T9991]  vfs_read+0x1a8/0x770
[  202.214530][ T9991]  ? __rcu_read_unlock+0x4f/0x70
[  202.214542][ T9991]  ? __fget_files+0x184/0x1c0
[  202.214655][ T9991]  ? mutex_lock+0x58/0x90
[  202.214673][ T9991]  ksys_read+0xda/0x1a0
[  202.214688][ T9991]  __x64_sys_read+0x40/0x50
[  202.214703][ T9991]  x64_sys_call+0x2889/0x3000
[  202.214757][ T9991]  do_syscall_64+0xd8/0x2a0
[  202.214771][ T9991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.214846][ T9991] RIP: 0033:0x7fdab805e15c
[  202.214855][ T9991] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  202.214865][ T9991] RSP: 002b:00007fdab6ac7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  202.214877][ T9991] RAX: ffffffffffffffda RBX: 00007fdab82b5fa0 RCX: 00007fdab805e15c
[  202.214884][ T9991] RDX: 000000000000000f RSI: 00007fdab6ac70a0 RDI: 0000000000000007
[  202.214912][ T9991] RBP: 00007fdab6ac7090 R08: 0000000000000000 R09: 0000000000000000
[  202.214919][ T9991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.214926][ T9991] R13: 00007fdab82b6038 R14: 00007fdab82b5fa0 R15: 00007ffd2cad67a8
[  202.214936][ T9991]  </TASK>
[  202.416402][ T9983] loop1: detected capacity change from 0 to 1024
[  202.513572][T10000] loop0: detected capacity change from 0 to 1024
[  202.520915][T10000] EXT4-fs: Ignoring removed mblk_io_submit option
[  202.543915][T10000] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  202.575942][T10002] loop2: detected capacity change from 0 to 8192
[  202.654653][T10006] loop1: detected capacity change from 0 to 512
[  202.670236][T10006] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  202.670487][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.703867][T10002] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  202.712719][T10002] FAT-fs (loop2): Filesystem has been set read-only
[  202.723108][T10002] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068)
[  202.745969][T10006] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  202.754733][T10006] FAT-fs (loop1): Filesystem has been set read-only
[  202.763248][T10006] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548)
[  202.785004][T10006] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  202.793829][T10006] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  202.835953][T10017] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2015'.
[  202.920877][  T970] Bluetooth: hci0: Frame reassembly failed (-84)
[  202.964812][T10027] loop4: detected capacity change from 0 to 512
[  203.022876][T10027] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  203.177923][T10027] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  203.186686][T10027] FAT-fs (loop4): Filesystem has been set read-only
[  203.201827][T10027] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 548)
[  203.216224][T10027] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  203.225412][T10027] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  203.298839][T10034] 9pnet_fd: p9_fd_create_unix (10034): problem connecting socket: ./file0: -2
[  203.344066][T10024] loop1: detected capacity change from 0 to 2048
[  203.356240][T10034] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10034 comm=syz.4.2030
[  203.368787][T10034] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10034 comm=syz.4.2030
[  203.396626][T10024] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.433215][T10024] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  203.460073][T10040] loop3: detected capacity change from 0 to 1024
[  203.473301][T10040] EXT4-fs: Ignoring removed mblk_io_submit option
[  203.485742][T10030] loop0: detected capacity change from 0 to 1024
[  203.494115][T10024] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.545607][T10040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.575379][T10046] loop4: detected capacity change from 0 to 8192
[  203.606062][T10050] netlink: 'syz.0.2036': attribute type 21 has an invalid length.
[  203.614226][T10050] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2036'.
[  203.639708][T10052] loop0: detected capacity change from 0 to 512
[  203.646500][T10052] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  203.671748][T10052] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  203.680452][T10052] FAT-fs (loop0): Filesystem has been set read-only
[  203.687272][T10052] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 548)
[  203.699899][T10052] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  203.708697][T10052] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  203.716107][T10053] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  203.726168][T10053] FAT-fs (loop4): Filesystem has been set read-only
[  203.742599][T10053] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 2068)
[  203.751810][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.790754][T10060] loop0: detected capacity change from 0 to 512
[  203.817123][T10065] loop0: detected capacity change from 0 to 512
[  203.825974][T10065] ext4: Unknown parameter 'fowner'
[  203.944559][T10125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2044'.
[  203.993717][T10132] loop4: detected capacity change from 0 to 7
[  204.002965][T10132] buffer_io_error: 2 callbacks suppressed
[  204.002975][T10132] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.026411][T10132] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.034260][T10132]  loop4: unable to read partition table
[  204.057909][T10132] loop_reread_partitions: partition scan of loop4 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  204.071915][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.091924][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.101073][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.109219][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.117196][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.155471][T10135] team0: Port device dummy0 removed
[  204.161131][T10135] batman_adv: batadv0: Adding interface: dummy0
[  204.167412][T10135] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  204.180067][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.192656][T10135] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  204.237554][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.251392][    C0] bridge0: port 4(gretap0) entered forwarding state
[  204.257989][    C0] bridge0: topology change detected, propagating
[  204.264402][    C0] bridge0: port 3(syz_tun) entered forwarding state
[  204.270986][    C0] bridge0: topology change detected, propagating
[  204.287238][ T3527] Buffer I/O error on dev loop4, logical block 0, async page read
[  204.508079][T10149] loop3: detected capacity change from 0 to 1024
[  204.526994][T10149] EXT4-fs: Ignoring removed mblk_io_submit option
[  204.549627][T10140] loop1: detected capacity change from 0 to 1024
[  204.575924][T10149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.707137][T10153] loop1: detected capacity change from 0 to 512
[  204.720889][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.741558][T10153] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  204.786445][T10153] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  204.795193][T10153] FAT-fs (loop1): Filesystem has been set read-only
[  204.828816][T10153] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548)
[  204.862162][T10153] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  204.863801][T10159] loop3: detected capacity change from 0 to 8192
[  204.881511][T10153] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  204.958048][T10159] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  204.966829][T10159] FAT-fs (loop3): Filesystem has been set read-only
[  204.994594][T10159] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 2068)
[  205.019215][T10164] loop1: detected capacity change from 0 to 4096
[  205.033823][T10164] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.106629][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  205.113846][ T3515] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  205.131579][T10166] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2055'.
[  205.184021][T10166] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  205.196944][T10166] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  205.217016][T10166] bond0 (unregistering): Released all slaves
[  205.227441][T10168] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2056'.
[  205.295094][ T8823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.358593][T10177] loop3: detected capacity change from 0 to 736
[  205.365401][T10177] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  205.571780][T10179] xt_CT: You must specify a L4 protocol and not use inversions on it
[  205.602569][T10175] loop1: detected capacity change from 0 to 1024
[  205.657450][T10181] netlink: 'syz.0.2061': attribute type 3 has an invalid length.
[  205.665037][T10183] loop4: detected capacity change from 0 to 1024
[  205.672041][T10183] EXT4-fs: Ignoring removed mblk_io_submit option
[  205.688359][T10183] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.750244][T10191] loop1: detected capacity change from 0 to 512
[  205.772080][T10191] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  205.818738][T10191] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  205.827494][T10191] FAT-fs (loop1): Filesystem has been set read-only
[  205.855458][T10191] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548)
[  205.875653][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.881582][T10191] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  205.921358][T10191] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  206.027725][T10196] loop4: detected capacity change from 0 to 8192
[  206.036796][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2070'.
[  206.048633][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2070'.
[  206.058664][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2070'.
[  206.103915][T10207] FAULT_INJECTION: forcing a failure.
[  206.103915][T10207] name failslab, interval 1, probability 0, space 0, times 0
[  206.116640][T10207] CPU: 0 UID: 0 PID: 10207 Comm: syz.1.2072 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  206.116666][T10207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  206.116678][T10207] Call Trace:
[  206.116685][T10207]  <TASK>
[  206.116693][T10207]  __dump_stack+0x1d/0x30
[  206.116717][T10207]  dump_stack_lvl+0xe8/0x140
[  206.116772][T10207]  dump_stack+0x15/0x1b
[  206.116791][T10207]  should_fail_ex+0x265/0x280
[  206.116819][T10207]  ? __pfx_sock_alloc_inode+0x10/0x10
[  206.116853][T10207]  should_failslab+0x8c/0xb0
[  206.116883][T10207]  kmem_cache_alloc_lru_noprof+0x55/0x4b0
[  206.116915][T10207]  ? sock_alloc_inode+0x34/0xa0
[  206.116971][T10207]  ? __pfx_sock_alloc_inode+0x10/0x10
[  206.116997][T10207]  sock_alloc_inode+0x34/0xa0
[  206.117079][T10207]  alloc_inode+0x40/0x170
[  206.117107][T10207]  __sock_create+0x120/0x580
[  206.117211][T10207]  ? mutex_unlock+0x4f/0x90
[  206.117229][T10207]  ? fput+0x8f/0xc0
[  206.117347][T10207]  __sys_socket+0xb0/0x2a0
[  206.117390][T10207]  __x64_sys_socket+0x3f/0x50
[  206.117476][T10207]  x64_sys_call+0x127b/0x3000
[  206.117500][T10207]  do_syscall_64+0xd8/0x2a0
[  206.117550][T10207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.117568][T10207] RIP: 0033:0x7f6ca379f749
[  206.117584][T10207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.117622][T10207] RSP: 002b:00007f6ca2207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  206.117642][T10207] RAX: ffffffffffffffda RBX: 00007f6ca39f5fa0 RCX: 00007f6ca379f749
[  206.117656][T10207] RDX: 000000000000000f RSI: 0000000000000003 RDI: 0000000000000010
[  206.117669][T10207] RBP: 00007f6ca2207090 R08: 0000000000000000 R09: 0000000000000000
[  206.117680][T10207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.117691][T10207] R13: 00007f6ca39f6038 R14: 00007f6ca39f5fa0 R15: 00007ffcd61aee28
[  206.117708][T10207]  </TASK>
[  206.117716][T10207] socket: no more sockets
[  206.195162][T10209] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  206.300323][T10213] loop0: detected capacity change from 0 to 1024
[  206.306623][T10209] FAT-fs (loop4): Filesystem has been set read-only
[  206.325154][T10209] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 2068)
[  206.389422][T10213] EXT4-fs (loop0): unsupported inode size: 143
[  206.395599][T10213] EXT4-fs (loop0): blocksize: 1024
[  206.456875][   T53] Bluetooth: hci0: Frame reassembly failed (-84)
[  206.619677][T10205] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2071'.
[  206.640649][T10224] loop4: detected capacity change from 0 to 1024
[  206.647558][T10224] EXT4-fs: Ignoring removed mblk_io_submit option
[  206.669459][T10224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  206.762446][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.038556][T10235] FAULT_INJECTION: forcing a failure.
[  207.038556][T10235] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  207.051706][T10235] CPU: 1 UID: 0 PID: 10235 Comm: syz.2.2081 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  207.051742][T10235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  207.051752][T10235] Call Trace:
[  207.051759][T10235]  <TASK>
[  207.051766][T10235]  __dump_stack+0x1d/0x30
[  207.051822][T10235]  dump_stack_lvl+0xe8/0x140
[  207.051839][T10235]  dump_stack+0x15/0x1b
[  207.051857][T10235]  should_fail_ex+0x265/0x280
[  207.051885][T10235]  should_fail+0xb/0x20
[  207.051906][T10235]  should_fail_usercopy+0x1a/0x20
[  207.052006][T10235]  _copy_from_user+0x1c/0xb0
[  207.052021][T10235]  __sys_bpf+0x183/0x7c0
[  207.052092][T10235]  __x64_sys_bpf+0x41/0x50
[  207.052116][T10235]  x64_sys_call+0x28e1/0x3000
[  207.052138][T10235]  do_syscall_64+0xd8/0x2a0
[  207.052175][T10235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.052197][T10235] RIP: 0033:0x7f959f71f749
[  207.052212][T10235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.052278][T10235] RSP: 002b:00007f959e17f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  207.052295][T10235] RAX: ffffffffffffffda RBX: 00007f959f975fa0 RCX: 00007f959f71f749
[  207.052305][T10235] RDX: 0000000000000018 RSI: 0000200000000080 RDI: 0000000000000006
[  207.052322][T10235] RBP: 00007f959e17f090 R08: 0000000000000000 R09: 0000000000000000
[  207.052333][T10235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.052346][T10235] R13: 00007f959f976038 R14: 00007f959f975fa0 R15: 00007ffd52e187f8
[  207.052365][T10235]  </TASK>
[  207.228814][   T29] kauditd_printk_skb: 1063 callbacks suppressed
[  207.228828][   T29] audit: type=1400 audit(1764842373.262:33726): avc:  denied  { setopt } for  pid=10236 comm="syz.4.2082" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  207.254862][   T29] audit: type=1400 audit(1764842373.262:33727): avc:  denied  { bind } for  pid=10236 comm="syz.4.2082" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  207.274366][   T29] audit: type=1400 audit(1764842373.262:33728): avc:  denied  { name_bind } for  pid=10236 comm="syz.4.2082" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  207.296486][   T29] audit: type=1400 audit(1764842373.262:33729): avc:  denied  { node_bind } for  pid=10236 comm="syz.4.2082" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  207.318325][   T29] audit: type=1400 audit(1764842373.262:33730): avc:  denied  { write } for  pid=10236 comm="syz.4.2082" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  207.339810][   T29] audit: type=1400 audit(1764842373.262:33731): avc:  denied  { connect } for  pid=10236 comm="syz.4.2082" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  207.361493][   T29] audit: type=1400 audit(1764842373.262:33732): avc:  denied  { name_connect } for  pid=10236 comm="syz.4.2082" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  207.386989][   T29] audit: type=1400 audit(1764842373.318:33733): avc:  denied  { prog_load } for  pid=10238 comm="syz.0.2083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  207.406281][   T29] audit: type=1400 audit(1764842373.318:33734): avc:  denied  { bpf } for  pid=10238 comm="syz.0.2083" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  207.427005][   T29] audit: type=1400 audit(1764842373.318:33735): avc:  denied  { perfmon } for  pid=10238 comm="syz.0.2083" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  207.593960][T10249] loop4: detected capacity change from 0 to 736
[  207.619131][T10249] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  207.674058][T10249] loop4: detected capacity change from 0 to 1024
[  207.702413][T10249] EXT4-fs: Ignoring removed orlov option
[  207.717010][T10249] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.758138][T10245] loop3: detected capacity change from 0 to 1024
[  207.808701][T10253] loop2: detected capacity change from 0 to 8192
[  207.887657][T10253] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  207.896528][T10253] FAT-fs (loop2): Filesystem has been set read-only
[  207.905671][T10258] xt_CT: You must specify a L4 protocol and not use inversions on it
[  207.932225][T10261] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2089'.
[  207.948985][T10253] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068)
[  207.968753][T10261] loop3: detected capacity change from 0 to 1024
[  207.981026][T10261] EXT4-fs: Ignoring removed mblk_io_submit option
[  207.996732][T10261] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  208.073539][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.119596][T10273] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10273 comm=syz.0.2094
[  208.132964][T10273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2094'.
[  208.262557][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.383917][T10286] loop0: detected capacity change from 0 to 128
[  208.527155][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  208.533190][ T3515] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  208.652673][T10290] loop4: detected capacity change from 0 to 8192
[  208.732048][T10290] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  208.740970][T10290] FAT-fs (loop4): Filesystem has been set read-only
[  208.747684][T10290] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 2068)
[  209.071867][T10296] loop2: detected capacity change from 0 to 8192
[  209.156424][T10299] loop1: detected capacity change from 0 to 512
[  209.165109][T10299] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  209.175352][T10296] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 2068)
[  209.185654][T10296] FAT-fs (loop2): Filesystem has been set read-only
[  209.207239][T10296] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068)
[  209.228984][T10299] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  209.237693][T10299] FAT-fs (loop1): Filesystem has been set read-only
[  209.247376][T10299] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548)
[  209.269933][T10299] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  209.284934][T10303] loop0: detected capacity change from 0 to 736
[  209.292235][T10303] iso9660: Unknown parameter 'noc��1Jz�ڃ��N�ompress'
[  209.307117][T10299] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  209.309729][T10307] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2108'.
[  209.386573][T10307] loop3: detected capacity change from 0 to 1024
[  209.432807][T10307] EXT4-fs: Ignoring removed mblk_io_submit option
[  209.435579][T10317] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10317 comm=syz.2.2113
[  209.451832][T10317] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10317 comm=syz.2.2113
[  209.486143][T10307] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.523704][T10327] loop2: detected capacity change from 0 to 512
[  209.566396][T10327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.595866][T10322] xt_CT: You must specify a L4 protocol and not use inversions on it
[  209.599502][T10327] ext4 filesystem being mounted at /413/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.619462][T10335] loop1: detected capacity change from 0 to 512
[  209.635048][T10335] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  209.656181][T10327] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #4: comm syz.2.2115: corrupted inode contents
[  209.668338][T10327] EXT4-fs error (device loop2): ext4_dirty_inode:6513: inode #4: comm syz.2.2115: mark_inode_dirty error
[  209.681965][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.697604][T10335] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  209.706334][T10335] FAT-fs (loop1): Filesystem has been set read-only
[  209.713194][T10327] EXT4-fs error (device loop2): ext4_do_update_inode:5628: inode #4: comm syz.2.2115: corrupted inode contents
[  209.725453][T10335] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548)
[  209.740162][T10335] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  209.749105][T10327] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #4: comm syz.2.2115: mark_inode_dirty error
[  209.760731][T10335] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  209.769569][T10327] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2115: Failed to acquire dquot type 1
[  209.888695][T10342] loop3: detected capacity change from 0 to 128
[  209.995336][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.102517][T10338] loop4: detected capacity change from 0 to 1024
[  210.127139][T10342] ==================================================================
[  210.135221][T10342] BUG: KCSAN: data-race in __writeback_single_inode / xas_set_mark
[  210.143118][T10342] 
[  210.145432][T10342] write to 0xffff888104cb9414 of 4 bytes by task 10348 on cpu 1:
[  210.153142][T10342]  xas_set_mark+0x12b/0x140
[  210.157649][T10342]  __folio_start_writeback+0x155/0x390
[  210.163108][T10342]  mpage_writepages+0xd18/0x1250
[  210.168039][T10342]  fat_writepages+0x24/0x30
[  210.172540][T10342]  do_writepages+0x1c6/0x310
[  210.177125][T10342]  file_write_and_wait_range+0x156/0x2c0
[  210.182762][T10342]  __generic_file_fsync+0x46/0x160
[  210.187873][T10342]  fat_file_fsync+0x49/0x100
[  210.192468][T10342]  vfs_fsync_range+0x10d/0x130
[  210.197238][T10342]  generic_file_write_iter+0x1b8/0x2f0
[  210.202702][T10342]  iter_file_splice_write+0x66b/0xa20
[  210.208074][T10342]  direct_splice_actor+0x156/0x2a0
[  210.213190][T10342]  splice_direct_to_actor+0x312/0x680
[  210.218565][T10342]  do_splice_direct+0xda/0x150
[  210.223329][T10342]  do_sendfile+0x380/0x650
[  210.227737][T10342]  __x64_sys_sendfile64+0x105/0x150
[  210.232926][T10342]  x64_sys_call+0x2db1/0x3000
[  210.237601][T10342]  do_syscall_64+0xd8/0x2a0
[  210.242109][T10342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.248006][T10342] 
[  210.250331][T10342] read to 0xffff888104cb9414 of 4 bytes by task 10342 on cpu 0:
[  210.257949][T10342]  __writeback_single_inode+0x201/0x7c0
[  210.263497][T10342]  writeback_single_inode+0x16d/0x3f0
[  210.268893][T10342]  sync_inode_metadata+0x5b/0x90
[  210.273833][T10342]  __generic_file_fsync+0x109/0x160
[  210.279040][T10342]  fat_file_fsync+0x49/0x100
[  210.283637][T10342]  vfs_fsync_range+0x10d/0x130
[  210.288415][T10342]  generic_file_write_iter+0x1b8/0x2f0
[  210.293870][T10342]  iter_file_splice_write+0x66b/0xa20
[  210.299246][T10342]  direct_splice_actor+0x156/0x2a0
[  210.304359][T10342]  splice_direct_to_actor+0x312/0x680
[  210.309757][T10342]  do_splice_direct+0xda/0x150
[  210.314526][T10342]  do_sendfile+0x380/0x650
[  210.318943][T10342]  __x64_sys_sendfile64+0x105/0x150
[  210.324139][T10342]  x64_sys_call+0x2db1/0x3000
[  210.328817][T10342]  do_syscall_64+0xd8/0x2a0
[  210.333318][T10342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.339208][T10342] 
[  210.341519][T10342] value changed: 0x0a000021 -> 0x04000021
[  210.347226][T10342] 
[  210.349539][T10342] Reported by Kernel Concurrency Sanitizer on:
[  210.355675][T10342] CPU: 0 UID: 0 PID: 10342 Comm: � Not tainted syzkaller #0 PREEMPT(voluntary) 
[  210.364693][T10342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  210.374737][T10342] ==================================================================
[  210.627181][T10348] bio_check_eod: 96 callbacks suppressed
[  210.627195][T10348] syz.3.2120: attempt to access beyond end of device
[  210.627195][T10348] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  210.646290][T10348] buffer_io_error: 2 callbacks suppressed
[  210.646301][T10348] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  210.660805][T10342] �: attempt to access beyond end of device
[  210.660805][T10342] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128
[  210.673538][T10342] Buffer I/O error on dev loop3, logical block 128, lost async page write
[  210.729223][T10351] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2122'.