last executing test programs:

56.373731111s ago: executing program 1 (id=184):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GFACILITIES(r0, 0x89e2, &(0x7f0000000000)) (fail_nth: 6)

55.981008471s ago: executing program 1 (id=188):
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e21, 0x6, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r1, 0x0, 0x91, 0x20008800, 0x0, 0x0)

55.951276385s ago: executing program 1 (id=189):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
keyctl$restrict_keyring(0xb, 0xfffffffffffffffc, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1fb}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc888, &(0x7f0000002340)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0], 0x4, 0x273, &(0x7f0000000680)="$eJzs281qE1EYxvGnH9ra2k60Wm1FfFEE3QxtvIJQWhADSm3EDxCmdqIh06RkQiUitju3Xkdx6U4Qb6AbL0BcuOvGZRfiSCexTdoUdWFGzf+3OW85fcI5vGfCWWS27r5aLuZDN+9V1dtj6pfWtS2l1Ks+1fU0xt64Pqpm67o6lv10/va9+zcy2ezsvNlcZuFa2sxGL7x7+vz1xffV4TtvRt8OaDP1cOtL+vPm+ObE1reFJ4XQCqGVylXzbLFcrnqLgW9LhbDomt26/NELfSuUQr/SMp8PyisrNfNKSyNDKxU/DM0r1azo16xatmqlZt5jr1Ay13VtZEj4mdzG/LyXSXoV+LMqlYw3I2nywExuI5EFAQCARP2d9//A5/7fCdz/u8HO/f9B4/ltxf0fAAAAAAAAAAAAAAAAAAAAAIB/wXYUOVEUOT/GI1L8hk/U+PuYpCFJw5KOSxqRNCrJkZSSdELSSUljkk5JOi1pXNIZSWclTTR9VtJ7xUGH9b+P/ncFnv/uRv+7W9OLu4PS8svV3GquPtbnM3kVFMjXlBx9jXvZUK/nrmdnpyyW0rnltUZ+bTXX15qflrNzYNrlp+t5a80PxOduN5+Ws3PA2uXTbfODunKpKe/K0YdHKivQUnwm9/Ivps1mbmb35Sfj//vfubarbf9c97D5ev4Xzkc01bY//ZrsT3bvkMLas6IXBH6FgoKCYrdI+psJnbDX9KRXAgAAAAAAAAAAAAAAAAD4HZ34OWHSewQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYL/vAQAA//94NGA9")
r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
pwrite64(r4, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)

55.046854561s ago: executing program 1 (id=206):
r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000500)='./file0\x00', 0x2200810, &(0x7f0000000080)=ANY=[], 0x5, 0x25d, &(0x7f0000000f40)="$eJzs2s9rnEUcB+Dvm6a0pqQbf9uCOOhBvbw0OXtokBTEBUEboQrSt+aNLnndDXmXwIrYnBQ89ezJs3j0IAjSo5dc/As86CmXHHsQX0k2adMY0WKzG/R5Ljsw82HmnZkd5jBbr9z6aGV5MpaLfkxkWUxcjo24k8VMTMS+jXj5xWs/PvvWtXden2+3F95M6cr81dm5lNL5535495Nvnr/dP/f2t+e/PxObM+9tbc/9svnU5oWt369+2KlTp07dXj8V6Uav1y9uVGVa6tQreUq3qrKoy9Tp1uXaffXLVW91dZCK7tL01OpaWdep6A7SSjlI/V7qrw1S8UHR6aY8z9P0VPBvLH59p2liuzl9PZqmeeSrOHc7pn+OVmSPpuzxy9mT17OnN7IL203TGvdQORbW///twKF+NqL6fH1xfXH4O6yfX45OVFHGpWjFb7GzTfYMy1deay9cSrtm4rPq5l7+5vriqd38F/v52WjFzNH52WE+3Z8/E1MH+5/77rF44s/5X0+1F+aOzJ+Nl144kM+jFT+9H72oYil2svf6/3Q2pVffaB/KX9xtBwDwX5Onu468v+X5X9UP8w9wPzx0v5qMi5Pj/XYi6sHHK0VVlWsjKezsqX/QuDeC8WR7E/D3jZ+ZGNn8jKfw5ckYxjEVhudY3F3vh9zFQ/0Tnd7bkPsH4zinbgyHESN3b9HHPRIAAAAAAAAAAAAexKFHf63jeHI47m8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOtj8CAAD//13bww4=")
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRESOCT=r0, @ANYRES64, @ANYRES64=0x0, @ANYBLOB="b8784d4a2293b769837b8bac9549a75d9776eb217adcfd7b68666a2d665ab2ca9edc8d64634470f85f616704bd845075768854b87bb2f2badc02850e923217ddbe2dfb447a468d43582ae60540dcae96c3d3c92705e35c19f2c734c234a459f98efc4b8c5d1ab0dc80ce9000bffa11cb7d499b3bf9aa63c5ff6d", @ANYBLOB="2550c438e3f5a4d7dc4e39c82018f1848140141bacaa6e1e035689f0ea2f033a9f9335a22c26fff622f85f58c683fcfc3ee051fc16f4be3445bdc0432b6eb1883237e5b8f3b68815d2b57ba8218d1f599a1a51b7fb6d33f31fa116289056db1e8413b2913285f1218f0274f278df38f306764cab68e1d85928c7944473700e1ce573f4f7bf766cee70f4871b7fd3399da5d1a9fb30620c3c283f1640bc989941807485325b6b50ddd65fcb4354d018736f26", @ANYRESOCT=r0, @ANYRES16=r0, @ANYRES16=r0], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, &(0x7f00000002c0)={&(0x7f0000000280)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x480c0}, 0x10)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)={'enc=', 'oaep', ' hash=', {'blake2s-224-generic\x00'}}, 0x0, 0x0)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000080)=' hash=', 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x6a000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r6, 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r6, 0x82307201, &(0x7f0000000f80)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

54.746274901s ago: executing program 1 (id=208):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000007b00000085000000500000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@loopback={0x66}, 0x400, 0x0, 0x1, 0xb, 0x9, 0x4}, 0x24)
lsetxattr$security_selinux(&(0x7f00000012c0)='.\x00', &(0x7f0000001280), &(0x7f0000001240)='system_u:object_r:fsadm_exec_t:s0\x00', 0x15, 0x0)

54.506371531s ago: executing program 1 (id=210):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0xe00, @mcast2, 0x7}, 0x1c)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x1, 0x400, 0x0, {0xa, 0x0, 0xe38, @private0}}}, 0x32)

54.506146291s ago: executing program 32 (id=210):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0xe00, @mcast2, 0x7}, 0x1c)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x1, 0x400, 0x0, {0xa, 0x0, 0xe38, @private0}}}, 0x32)

2.749616826s ago: executing program 5 (id=810):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='blkio.throttle.io_serviced_recursive\x00', 0x7a05, 0x1700)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x225801, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='host1x_syncpt_load_min\x00'}, 0x18)
r1 = syz_io_uring_setup(0x5c4, &(0x7f0000000140)={0x0, 0x1001, 0x0, 0x4}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xb0c9fa2cdd4cf720}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000007000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc1ffe}]})
clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)
request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000000bc0)={'syz', 0x2}, &(0x7f00000027c0)=',*[\\/&)\x00', 0x0)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="90000000051410002cbd7000fcdbdf2508000100000000000800030001000000080001000000000008000300010000000800010001000000080003000400000008000100000000000800030002000000080001000100000008000300030000000800010002000000080003000400000008000100010000000800030000000000080001000100000008000300040000008cd764d6a81b04e325233cb7991c78be40d294c744f0c5e1718656b7cd295e2da20dec713f695ba11d7047b7551406d1b29347445d08dbcc56ca959f338e997a6e00000000894ed79c01da0bf59111767be3c12146149cfa648a9b166571a17a229685a79f5e19e2127f0d"], 0x90}, 0x1, 0x0, 0x0, 0x4855}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x103000, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x2)
readv(r8, &(0x7f0000000640)=[{&(0x7f0000000400)=""/244, 0xf4}], 0x1)

2.466184823s ago: executing program 5 (id=817):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', 0x1, 0x20)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f00000000c0)={0x8a001, 0x0, 0x20}, 0x18)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f00000002c0)={0x40000, 0x20, 0x22}, 0x18)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file2\x00', 0x2200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x570, &(0x7f0000000c00)="$eJzs3V9rW+UfAPDvSdOt+/P7rYMx1Asp7MLJXLq2/pkgbF6KDgd6P0ObldF0GU061jpwu3A33sgQRByIL8B7L4dvwFcx0MGQUfTCm8pJT7qsTdqmy0zn+XzgtM9zzkme8+T5k+/JOSEB5NZY+qcQ8XJEfJ1EHGnbVoxs49jafiuPb06nSxKrq5/8kUSSrWvtn2T/D2WZlyLily8jThU2l1tfWp4rV6uVhSw/3pi/Nl5fWj59Zb48W5mtXJ2cmjr71tTku++83be6vn7xr+8+vv/B2a9OrHz708Ojd5M4H4ezbe31eFqxlyJutWfGYix7TYbj/IYdJ3p51hdAMugDYFeGsh4+HOkccCSGeuvvwAvsi4hYBXIqMf4hp1pxQOvcvvt58H/To/cjYqRT/Ytrn43ESPPc6OBK8tSZUXq+O9qH8tMyfv793t10iS0/h1iL1QD65dbtiDhTLG6e/5Js/tu9M80Pj7e2sYy8vf/AIN1P4583OsU/hfX4JzrEP4c6jN3d2H78Fx72oZiu0vjvvY7x7/rUNTqU5f7XjPmGk8tXqpUzEfH/iDgZw/vT/FbXc86uPFjttq09/kuXtPxWLJgdx8Pi/qcfM1NulJ+lzu0e3Y54pbhe/yQ2zf8jzVh3Y/unr8fFHZZxvHLv1W7btq9/u/5HwKs/RrzWsf2fXNFKtr4+Od7sD+OtXrHZn3eO/9qt/N7q339p+x/cuv6jSfv12nrvZfww8nel27bd9v99yafN9L5s3Y1yo7EwEbEv+Wjz+sknj23lW/un9T95Yuv5r1P/PxARn+2w/neO3em6615o/5me2r/3xIMPP/++W/k7a/83m6mT2ZqdzH87PcBnee0AAAAAAABgrylExOFICqX1dKFQKq3d33EsDhaqtXrj1OXa4tWZaH5XdjSGC60r3Ufa7oeYyO6HbeUnN+SnIuJoRHwzdKCZL03XqjODrjwAAAAAAAAAAAAAAAAAAADsEYe6fP8/9dvQoI8OeO785Dfk17bjvx+/9ATsSd7/Ib+Mf8gv4x/yy/iH/DL+Ib+Mf8gv4x/yy/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAvrp44UK6rK48vjmd5meuLy3O1a6fnqnU50rzi9Ol6drCtdJsrTZbrZSma/PbPV+1Vrs2MRmLN8YblXpjvL60fGm+tni1cenKfHm2cqky/K/UCgAAAAAAAAAAAAAAAAAAAF4s9aXluXK1WlmQ6Jo4F3viMHadSLZr5XNZZ9hVEcXBV1DiOSQGPDEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJt/AgAA//96TTPP")
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
chmod(&(0x7f0000000100)='./file0\x00', 0x1c8)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000040)={<r7=>0x0, <r8=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000001800010000000000000000000200000008000000e00000020c00088008000c00", @ANYRES32=r8, @ANYBLOB="5a6a677a7c8b530af7ab97d050e978803c789e2bb052dde4947726c427c15ed66a0c77a02ad8bf18c368bdb7cc59bb8071b3ae0ba5d0ca5560f0c68624abfab9db85839ac88dcceb30e960bc193bfb8ca3dc25bf31ed9fcc7e"], 0x28}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {r8, 0xee01}}, './file0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000000)={'\x00', 0xc, 0x202, 0x803fe, 0x1, 0x800, r7})
connect$inet(r1, 0x0, 0x0)

2.465796083s ago: executing program 4 (id=818):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat(r4, &(0x7f0000000080)='./file0\x00', 0x101000, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5, 0x0, 0x8000000000}, 0x18)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000240)=ANY=[@ANYBLOB="9ac0e0856d7d5c5039e6117f9ffc723d00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@quota}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3cFvG1kZAPDPTpw4aXaTXfYACHbL7kJBVZ3E3Y1We4DlhBBaCbFHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lANSgQjUIHEwmvEkdVO7iZrEzsa/nzSa9+ZN/L3XdN6rvyZ+AQytqxGxGxFjEXE7Iqaz67nsiE/aR3Lf0737S/t795dy0Wp99s9c2p5ci46vSVzJXrMYET/6XsRPcy/GbWzvrC1Wq5XNrD7brG3MNrZ3bqzWFlcqK5X1cnlhfmHuo5sfls9srO/UxrLSVx//cfdbP0+6NZVd6RzHWWoPvXAYJzEaET84j2ADMJKNZ2zQHeGV5CPizYh4N33+p2Mk/W4CAJdZqzUdrenOOgBw2eXTHFguX8pyAVORz5dK7RzeWzGZr9Ybzet36lvry+1c2UwU8ndWq5W5LFc4E4VcUp9Py8/q5SP1mxHxRkT8cnwirZeW6tXlQf7DBwCG2JUj6/9/xtvrPwBwyRUH3QEAoO+s/wAwfKz/ADB8rP8AMHza6//EoLsBAPSR9/8AMHys/wAwVH746afJ0drPPv96+e721lr97o3lSmOtVNtaKi3VNzdKK/X6SvqZPbXjXq9ar2/MfxBb92a+vdFozja2d27V6lvrzVvp53rfqhTSu3b7MDIAoJc33nn0l1yyIn88kR7RsZdDYaA9A85bftAdAAZmZNAdAAbGbl8wvE7xHl96AD7vuuzN202x2y8ItVqt1jl0CeiPa1+S/4dh1ZH/91PAMGTk/2F4yf/D8Gq1cifd8z9OeiMAcLHJ8QM9fgzgzez8u+w/B36yfPSOh+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwWETNRyN1ZrVbmIuL1iPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3+1HNNb185LI5FxM9+/dmv7i02m5t/ihjL/Wv84HrzYXa93P/eAwDHO1in03PHG/mne/eXDo5+9ufJdyOi2I6/vzcW+4fxR2M0PRejEBGT/85l9bZcR+7iNHYfRMQXu40/F1NpDqS98+nR+Ens1/oaP/9c/Hza1j4nfxZfOIO+wLB5lMw/n3R7/vJxNT13f/6L6Qx1etn8l7zU0n46Bz6LfzD/jfSY/66eNMYHf/h+uzSRffGz3Z6fPIj48mjEQez9jvnnIH6uR/z3Txj/r195+91eba3fRFyL7vE7Y802axuzje2dG6u1xZXKSmW9XF6YX5j76OaH5dk0Rz3bezX4x8fXX+/Vlox/skf84jHj//oJx//b/93+8ddeEv+b73WLn4+3XhI/WRO/ccL4i5O/L/ZqS+Iv9xj/cd//6yeM//hvOy9sGw4ADE5je2dtsVqtbCooXPxC8lf2AnSja+E7/Yo1Ft2bfvFe+5k+0tRqvVKsXjPGWWTdgIvg8KGPiP8OujMAAAAAAAAAAAAAAEBX/fiNpUGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvr/wEAAP//M+fPJQ==")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f0000001f40)=ANY=[@ANYBLOB="000000004c900200060000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000020000000000000ffffffffffd9ffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff"])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
gettid()
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x20000000000000ff)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)

2.027919139s ago: executing program 3 (id=821):
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x1a, 0x8, &(0x7f0000000300)=ANY=[@ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0xbb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xa041, 0xd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x2, 0x2, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xae}, @exit], &(0x7f0000000280)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x38}, 0x94)
fcntl$setlease(r2, 0x400, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5ffdffa)
close(r2)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x6}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r6, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}, 0x5800000}], 0x1, 0x60010020, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000340)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)

1.930691482s ago: executing program 4 (id=822):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket(0x2, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0)

1.697576731s ago: executing program 3 (id=825):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x10c000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x17, 0x2000000000000242, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x2000000000000016, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e)

1.664149966s ago: executing program 2 (id=827):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket(0x2, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0)

1.620441622s ago: executing program 4 (id=828):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='blkio.throttle.io_serviced_recursive\x00', 0x7a05, 0x1700)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x225801, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='host1x_syncpt_load_min\x00'}, 0x18)
r1 = syz_io_uring_setup(0x5c4, &(0x7f0000000140)={0x0, 0x1001, 0x0, 0x4}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xb0c9fa2cdd4cf720}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000007000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc1ffe}]})
clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)
request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000000bc0)={'syz', 0x2}, &(0x7f00000027c0)=',*[\\/&)\x00', 0x0)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="90000000051410002cbd7000fcdbdf2508000100000000000800030001000000080001000000000008000300010000000800010001000000080003000400000008000100000000000800030002000000080001000100000008000300030000000800010002000000080003000400000008000100010000000800030000000000080001000100000008000300040000008cd764d6a81b04e325233cb7991c78be40d294c744f0c5e1718656b7cd295e2da20dec713f695ba11d7047b7551406d1b29347445d08dbcc56ca959f338e997a6e00000000894ed79c01da0bf59111767be3c12146149cfa648a9b166571a17a229685a79f5e19e2127f0d"], 0x90}, 0x1, 0x0, 0x0, 0x4855}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x103000, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x2)
readv(r8, &(0x7f0000000640)=[{&(0x7f0000000400)=""/244, 0xf4}], 0x1)

1.619375602s ago: executing program 3 (id=829):
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000700000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e21, 0x6, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r1, 0x0, 0x91, 0x20008800, 0x0, 0x0)

1.572493748s ago: executing program 2 (id=830):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7000000}, 0xee0000b0}], 0x1, 0x0)

1.559847579s ago: executing program 5 (id=831):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kfree\x00', r0, 0x0, 0x3}, 0x18)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630bf7c045f94cd977", 0x18, 0xffffffffffffffff)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42041, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x18, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff620af0fff8ffffff71a4f0ff000000002d040000000000003d030000000000006504000001ed000079110000000000006c440000000000007a0ab0fe000000007913ffd000000000b5000000000000009500000000000000023bc065b7a379d183f9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c26f71b29ee35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8ea8fcb913466aaa7f6d150352e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa48f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e52915"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = syz_usb_connect$cdc_ncm(0x4, 0x87, &(0x7f0000001040)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x42d6006cefd917d7, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x2, 0x1, 0x5, 0x20, 0xf8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "f89630c4b7"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x1, 0x301, 0x5}, {0x6, 0x24, 0x1a, 0x5, 0x22}, [@obex={0x5, 0x24, 0x15, 0x2}, @mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x66, 0x3}, @network_terminal={0x7, 0x24, 0xa, 0x2, 0x8, 0x6, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x1, 0xbe, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x3, 0x1, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x7ef, 0x8, 0xe9, 0x5d}}}}}}}]}}, &(0x7f00000006c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x2, 0xe, 0xe, 0x28, 0x6}, 0x2d, &(0x7f0000000500)=ANY=[@ANYBLOB="05000214100402f0fa3acc5cdab35fcf9e253c74bc367685a6da34d87a5b3d28c9e82ffe1410040643331094509eecc026b3f8af8e5bdb90f1a31d238081604d959c54c38ae0f982a03dcaf8474f38041b533f4cb71030ab0b941c7828b7c58cf88f9cb0d58dab7b2e19a9ebdf9e7f80fab9648ca2761dd1a1"], 0x4, [{0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0xc09}}, {0xa7, &(0x7f0000001100)=ANY=[@ANYBLOB="a703d4f49c326527008819cd1c754812ec63a460d32995f9076ecbb629bd3913c70a108083ebc82018fc4320646f6f0d3563a3b32174f4937a67b2f5700f818e311e7c9d2d5d2b5e3415d25639c31a3b1c5025a8d35b8f56a21020904d4dbd14fabadf5fdfbb55b29097fa8bee322d7d1d1f71bcc1b4a12491857ca3037bbf60420185592a0279c6773c44d6cfc3774bc5f76e9469c65447bd30e17130d80c4afd353a0a626a91"]}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x402}}, {0xdf, &(0x7f00000005c0)=@string={0xdf, 0x3, "ab7cbed7681627dcb8593314f1fcd97a620e60f22359f84b2744e901a93a2794734062c44cbf18cb86955513e78f7a7a226dee4569b7238c3cf73b3bd76d837b6f16aff01e464c141a18359fc13d13ba87270a82871ccd2db6ede320c1090d8ac95f57b9ec8ec0e9e8763fe02387e5cc108dcefaedccb234ef785c216b641e531f76776666066e509d3f392086bfc1137088c49aeeda94f771aae388027b762b2bb161ae14dee5e2d22ef0e0c8e40744b761841b6fa025fe2bfee37cb5780d54af77f636141c77927cb480823ee22a15fa9b67e2bef24b6f4dbb485bd4"}}]})
syz_usb_control_io(r1, &(0x7f0000000900)={0x2c, &(0x7f00000011c0)=ANY=[@ANYBLOB="0022b9000000b90e5a259d9e5ea831961f244dbdf95dc6f5ec02329459d055c425d57d35ef09d53b36cdd00e6f6f0984551bc1d4d6a8e6638a85bc9749d3e16f005488e7bcd50f1fc43ac3c702b546fae42760ca2e8e43cda2430a98edf6d4a9bd27157efe7f0b7e17cb79fd490f7a538e0c283bf49eb47209e6129483726546dd7201eb70c74a2820d1610d660f1183596303c89e96e6c8682173239f8e8fc3e7e0c386a1f9edff996dd421dac08a479ffd459e9c2f87d09ac90304e1b9793cd0e6b2640227d6cada"], &(0x7f0000000800)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x4c0a}}, &(0x7f0000000840)={0x0, 0xf, 0xc, {0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x2, 0x6, 0x1}]}}, &(0x7f0000000880)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x3, 0x5, 0x74, "a3d18032", "62b7f1e4"}}, &(0x7f00000008c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x46, 0x60, 0xe, 0x0, 0x1, 0xb, 0x401}}}, &(0x7f0000000f00)={0x84, &(0x7f0000000ac0)={0x20, 0x16, 0xfd, "a0d6bfea93169bae1d995d8030470e10a26cda4dc3b9aafd000db33ec524b6192d1f16b930f87234d3902efb6d18e225d269d1519feeb3426065e57f9bedf06129938951666036560ce8403c2df0782ed4184604b8dd6ab16e215b0294abeedf9c613426592527dc09efb917b02d1060ebd510b98d56b11c00de1bfe5e0f7d686eb01cc440200c9e62b733e55fd9424257c1d4868cfe21a6f0135db2882fee0af926a5e78e10e43f10e5696f8ca2fb91ed8a271179e40d5fcd71f199ca2203c324b2ffecb6b5898a2ab31b2530639394a3ec3ca9509285dc5dd43ab4f07a1587a830aff9f020d66f7bd2ba2bed0c49434f45c88fe3e8ff3f431ddd48ad"}, &(0x7f0000000940)={0x0, 0xa, 0x1}, &(0x7f0000000980)={0x0, 0x8, 0x1, 0x4}, &(0x7f00000009c0)={0x20, 0x0, 0x4, {0x6, 0x3}}, &(0x7f0000000c00)={0x20, 0x0, 0x4, {0x1000, 0x40}}, &(0x7f0000000c40)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000c80)={0x40, 0x9, 0x1, 0x5}, &(0x7f0000000fc0)={0x40, 0xb, 0x2, "de9a"}, &(0x7f0000000d00)={0x40, 0xf, 0x2, 0x5}, 0x0, &(0x7f0000000d80)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000dc0)={0x40, 0x19, 0x2, "e514"}, &(0x7f0000000e00)={0x40, 0x1a, 0x2, 0x9ade}, &(0x7f0000000e40)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000000e80)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000ec0)={0x40, 0x21, 0x1, 0x3}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
sigaltstack(0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x5}, 0x18)
socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r8)
sendmsg$SEG6_CMD_SETHMAC(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="871000000000000000000100000008000300000001000500060000000000050005"], 0x30}, 0x1, 0x0, 0x0, 0x400c4}, 0x8808)
bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x17, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x51, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = getpgid(0xffffffffffffffff)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)={0x28, 0x10, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x121, 0x0, 0x0, @pid=r10}]}, 0x28}], 0x1}, 0x24040010)
msgget(0x3, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1.47315749s ago: executing program 2 (id=833):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat(r4, &(0x7f0000000080)='./file0\x00', 0x101000, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5, 0x0, 0x8000000000}, 0x18)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000240)=ANY=[@ANYBLOB="9ac0e0856d7d5c5039e6117f9ffc723d00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@quota}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3cFvG1kZAPDPTpw4aXaTXfYACHbL7kJBVZ3E3Y1We4DlhBBaCbFHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lANSgQjUIHEwmvEkdVO7iZrEzsa/nzSa9+ZN/L3XdN6rvyZ+AQytqxGxGxFjEXE7Iqaz67nsiE/aR3Lf0737S/t795dy0Wp99s9c2p5ci46vSVzJXrMYET/6XsRPcy/GbWzvrC1Wq5XNrD7brG3MNrZ3bqzWFlcqK5X1cnlhfmHuo5sfls9srO/UxrLSVx//cfdbP0+6NZVd6RzHWWoPvXAYJzEaET84j2ADMJKNZ2zQHeGV5CPizYh4N33+p2Mk/W4CAJdZqzUdrenOOgBw2eXTHFguX8pyAVORz5dK7RzeWzGZr9Ybzet36lvry+1c2UwU8ndWq5W5LFc4E4VcUp9Py8/q5SP1mxHxRkT8cnwirZeW6tXlQf7DBwCG2JUj6/9/xtvrPwBwyRUH3QEAoO+s/wAwfKz/ADB8rP8AMHza6//EoLsBAPSR9/8AMHys/wAwVH746afJ0drPPv96+e721lr97o3lSmOtVNtaKi3VNzdKK/X6SvqZPbXjXq9ar2/MfxBb92a+vdFozja2d27V6lvrzVvp53rfqhTSu3b7MDIAoJc33nn0l1yyIn88kR7RsZdDYaA9A85bftAdAAZmZNAdAAbGbl8wvE7xHl96AD7vuuzN202x2y8ItVqt1jl0CeiPa1+S/4dh1ZH/91PAMGTk/2F4yf/D8Gq1cifd8z9OeiMAcLHJ8QM9fgzgzez8u+w/B36yfPSOh+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwWETNRyN1ZrVbmIuL1iPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3+1HNNb185LI5FxM9+/dmv7i02m5t/ihjL/Wv84HrzYXa93P/eAwDHO1in03PHG/mne/eXDo5+9ufJdyOi2I6/vzcW+4fxR2M0PRejEBGT/85l9bZcR+7iNHYfRMQXu40/F1NpDqS98+nR+Ens1/oaP/9c/Hza1j4nfxZfOIO+wLB5lMw/n3R7/vJxNT13f/6L6Qx1etn8l7zU0n46Bz6LfzD/jfSY/66eNMYHf/h+uzSRffGz3Z6fPIj48mjEQez9jvnnIH6uR/z3Txj/r195+91eba3fRFyL7vE7Y802axuzje2dG6u1xZXKSmW9XF6YX5j76OaH5dk0Rz3bezX4x8fXX+/Vlox/skf84jHj//oJx//b/93+8ddeEv+b73WLn4+3XhI/WRO/ccL4i5O/L/ZqS+Iv9xj/cd//6yeM//hvOy9sGw4ADE5je2dtsVqtbCooXPxC8lf2AnSja+E7/Yo1Ft2bfvFe+5k+0tRqvVKsXjPGWWTdgIvg8KGPiP8OujMAAAAAAAAAAAAAAEBX/fiNpUGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvr/wEAAP//M+fPJQ==")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f0000001f40)=ANY=[@ANYBLOB="000000004c900200060000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000020000000000000ffffffffffd9ffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff"])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
gettid()
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x20000000000000ff)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)

1.462710681s ago: executing program 4 (id=835):
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x1a, 0x8, &(0x7f0000000300)=ANY=[@ANYRES8=r0], &(0x7f0000000100)='GPL\x00', 0xbb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xa041, 0xd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x2, 0x2, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xae}, @exit], &(0x7f0000000280)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x38}, 0x94)
fcntl$setlease(r2, 0x400, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5ffdffa)
close(r2)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x6}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r6, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}, 0x5800000}], 0x1, 0x60010020, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000340)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)

1.314682241s ago: executing program 2 (id=836):
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
syz_open_dev$usbfs(0x0, 0x74, 0x101301)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e)

1.276205276s ago: executing program 2 (id=837):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc17}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x6}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r5 = add_key$keyring(&(0x7f0000000040), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$clear(0x7, r5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r6, &(0x7f0000001240)=""/102400, 0x19000, 0xfffffdff8)

1.174599708s ago: executing program 4 (id=838):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket(0x2, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0}}], 0x1, 0x0)

904.125424ms ago: executing program 4 (id=841):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', 0x1, 0x20)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f00000000c0)={0x8a001, 0x0, 0x20}, 0x18)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f00000002c0)={0x40000, 0x20, 0x22}, 0x18)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file2\x00', 0x2200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x570, &(0x7f0000000c00)="$eJzs3V9rW+UfAPDvSdOt+/P7rYMx1Asp7MLJXLq2/pkgbF6KDgd6P0ObldF0GU061jpwu3A33sgQRByIL8B7L4dvwFcx0MGQUfTCm8pJT7qsTdqmy0zn+XzgtM9zzkme8+T5k+/JOSEB5NZY+qcQ8XJEfJ1EHGnbVoxs49jafiuPb06nSxKrq5/8kUSSrWvtn2T/D2WZlyLily8jThU2l1tfWp4rV6uVhSw/3pi/Nl5fWj59Zb48W5mtXJ2cmjr71tTku++83be6vn7xr+8+vv/B2a9OrHz708Ojd5M4H4ezbe31eFqxlyJutWfGYix7TYbj/IYdJ3p51hdAMugDYFeGsh4+HOkccCSGeuvvwAvsi4hYBXIqMf4hp1pxQOvcvvt58H/To/cjYqRT/Ytrn43ESPPc6OBK8tSZUXq+O9qH8tMyfv793t10iS0/h1iL1QD65dbtiDhTLG6e/5Js/tu9M80Pj7e2sYy8vf/AIN1P4583OsU/hfX4JzrEP4c6jN3d2H78Fx72oZiu0vjvvY7x7/rUNTqU5f7XjPmGk8tXqpUzEfH/iDgZw/vT/FbXc86uPFjttq09/kuXtPxWLJgdx8Pi/qcfM1NulJ+lzu0e3Y54pbhe/yQ2zf8jzVh3Y/unr8fFHZZxvHLv1W7btq9/u/5HwKs/RrzWsf2fXNFKtr4+Od7sD+OtXrHZn3eO/9qt/N7q339p+x/cuv6jSfv12nrvZfww8nel27bd9v99yafN9L5s3Y1yo7EwEbEv+Wjz+sknj23lW/un9T95Yuv5r1P/PxARn+2w/neO3em6615o/5me2r/3xIMPP/++W/k7a/83m6mT2ZqdzH87PcBnee0AAAAAAABgrylExOFICqX1dKFQKq3d33EsDhaqtXrj1OXa4tWZaH5XdjSGC60r3Ufa7oeYyO6HbeUnN+SnIuJoRHwzdKCZL03XqjODrjwAAAAAAAAAAAAAAAAAAADsEYe6fP8/9dvQoI8OeO785Dfk17bjvx+/9ATsSd7/Ib+Mf8gv4x/yy/iH/DL+Ib+Mf8gv4x/yy/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAvrp44UK6rK48vjmd5meuLy3O1a6fnqnU50rzi9Ol6drCtdJsrTZbrZSma/PbPV+1Vrs2MRmLN8YblXpjvL60fGm+tni1cenKfHm2cqky/K/UCgAAAAAAAAAAAAAAAAAAAF4s9aXluXK1WlmQ6Jo4F3viMHadSLZr5XNZZ9hVEcXBV1DiOSQGPDEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJt/AgAA//96TTPP")
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]})
chmod(&(0x7f0000000100)='./file0\x00', 0x1c8)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000040)={<r7=>0x0, <r8=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000001800010000000000000000000200000008000000e00000020c00088008000c00", @ANYRES32=r8, @ANYBLOB="5a6a677a7c8b530af7ab97d050e978803c789e2bb052dde4947726c427c15ed66a0c77a02ad8bf18c368bdb7cc59bb8071b3ae0ba5d0ca5560f0c68624abfab9db85839ac88dcceb30e960bc193bfb8ca3dc25bf31ed9fcc7e"], 0x28}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1, {r8, 0xee01}}, './file0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000000)={'\x00', 0xc, 0x202, 0x803fe, 0x1, 0x800, r7})
connect$inet(r1, 0x0, 0x0)

886.084336ms ago: executing program 0 (id=842):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket(0x2, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0)

850.14937ms ago: executing program 5 (id=843):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0xffffffffffff8001}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x158, 0x11, 0x148, 0x0, 0x0, 0x230, 0x2a8, 0x2a8, 0x230, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x110, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x40, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x4, 0x18}}}, @common=@unspec=@limit={{0x48}, {0x5, 0x5, 0x4, 0x3, 0x9, 0x3, 0xfffffffffffffff8}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @multicast1, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x12, 0x9, 0x5, 0x1, 'netbios-ns\x00', 'syz0\x00', {0x4a7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)

706.203769ms ago: executing program 3 (id=844):
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x240, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x0, 0x0})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[@ANYRESDEC=r1], 0x6c}}, 0xc000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, 0x0, 0x81)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r3, 0x0, 0x0)

696.03598ms ago: executing program 5 (id=845):
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='blkio.throttle.io_serviced_recursive\x00', 0x7a05, 0x1700)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x225801, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='host1x_syncpt_load_min\x00'}, 0x18)
r1 = syz_io_uring_setup(0x5c4, &(0x7f0000000140)={0x0, 0x1001, 0x0, 0x4}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xb0c9fa2cdd4cf720}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000007000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc1ffe}]})
clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)
request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000000bc0)={'syz', 0x2}, &(0x7f00000027c0)=',*[\\/&)\x00', 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x103000, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x2)
readv(r8, &(0x7f0000000640)=[{&(0x7f0000000400)=""/244, 0xf4}], 0x1)

652.474006ms ago: executing program 0 (id=846):
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
gettid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x200000000000006}, 0x18)
getpeername$packet(0xffffffffffffffff, &(0x7f0000001b00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001b40)=0x14)

589.383214ms ago: executing program 3 (id=847):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat(r4, &(0x7f0000000080)='./file0\x00', 0x101000, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5, 0x0, 0x8000000000}, 0x18)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000240)=ANY=[@ANYBLOB="9ac0e0856d7d5c5039e6117f9ffc723d00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@quota}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3cFvG1kZAPDPTpw4aXaTXfYACHbL7kJBVZ3E3Y1We4DlhBBaCbFHkNqQuFEUO45ipzShh/TMFYlKnODIH8C5J+5cENy4lANSgQjUIHEwmvEkdVO7iZrEzsa/nzSa9+ZN/L3XdN6rvyZ+AQytqxGxGxFjEXE7Iqaz67nsiE/aR3Lf0737S/t795dy0Wp99s9c2p5ci46vSVzJXrMYET/6XsRPcy/GbWzvrC1Wq5XNrD7brG3MNrZ3bqzWFlcqK5X1cnlhfmHuo5sfls9srO/UxrLSVx//cfdbP0+6NZVd6RzHWWoPvXAYJzEaET84j2ADMJKNZ2zQHeGV5CPizYh4N33+p2Mk/W4CAJdZqzUdrenOOgBw2eXTHFguX8pyAVORz5dK7RzeWzGZr9Ybzet36lvry+1c2UwU8ndWq5W5LFc4E4VcUp9Py8/q5SP1mxHxRkT8cnwirZeW6tXlQf7DBwCG2JUj6/9/xtvrPwBwyRUH3QEAoO+s/wAwfKz/ADB8rP8AMHza6//EoLsBAPSR9/8AMHys/wAwVH746afJ0drPPv96+e721lr97o3lSmOtVNtaKi3VNzdKK/X6SvqZPbXjXq9ar2/MfxBb92a+vdFozja2d27V6lvrzVvp53rfqhTSu3b7MDIAoJc33nn0l1yyIn88kR7RsZdDYaA9A85bftAdAAZmZNAdAAbGbl8wvE7xHl96AD7vuuzN202x2y8ItVqt1jl0CeiPa1+S/4dh1ZH/91PAMGTk/2F4yf/D8Gq1cifd8z9OeiMAcLHJ8QM9fgzgzez8u+w/B36yfPSOh+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwWETNRyN1ZrVbmIuL1iPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3+1HNNb185LI5FxM9+/dmv7i02m5t/ihjL/Wv84HrzYXa93P/eAwDHO1in03PHG/mne/eXDo5+9ufJdyOi2I6/vzcW+4fxR2M0PRejEBGT/85l9bZcR+7iNHYfRMQXu40/F1NpDqS98+nR+Ens1/oaP/9c/Hza1j4nfxZfOIO+wLB5lMw/n3R7/vJxNT13f/6L6Qx1etn8l7zU0n46Bz6LfzD/jfSY/66eNMYHf/h+uzSRffGz3Z6fPIj48mjEQez9jvnnIH6uR/z3Txj/r195+91eba3fRFyL7vE7Y802axuzje2dG6u1xZXKSmW9XF6YX5j76OaH5dk0Rz3bezX4x8fXX+/Vlox/skf84jHj//oJx//b/93+8ddeEv+b73WLn4+3XhI/WRO/ccL4i5O/L/ZqS+Iv9xj/cd//6yeM//hvOy9sGw4ADE5je2dtsVqtbCooXPxC8lf2AnSja+E7/Yo1Ft2bfvFe+5k+0tRqvVKsXjPGWWTdgIvg8KGPiP8OujMAAAAAAAAAAAAAAEBX/fiNpUGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvr/wEAAP//M+fPJQ==")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r7, 0xc0c0583b, &(0x7f0000001f40)=ANY=[@ANYBLOB="000000004c900200060000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000020000000000000ffffffffffd9ffff00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff"])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
gettid()
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x20000000000000ff)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)

576.903536ms ago: executing program 0 (id=848):
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r0 = gettid()
tkill(r0, 0x12)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r3, 0x0, 0x200000000000006}, 0x18)
tkill(r0, 0x14)

548.700509ms ago: executing program 5 (id=849):
r0 = socket(0x2b, 0x80801, 0x1)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x3, 0x14, &(0x7f0000000c40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xfffffffffffffec7, 0x8, &(0x7f00000002c0)='\x00\x00P\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x12e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9}, 0x50)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x18050, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x1216, 0x10000, 0x5, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601020000000a00000000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000000708001240fffffffa0c000300686173683a697000050004"], 0x58}}, 0x0)
r6 = syz_open_dev$sg(0x0, 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r6, 0x2284, 0x0)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2], 0x58}}, 0x20000800)
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="270e28bd70000000000004"], 0x14}, 0x1, 0x40030000000000}, 0x4000)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r8}, 0x10)
lsm_get_self_attr(0x65, &(0x7f0000000100)={0x0, 0x0, 0xd5, 0xb5, ""/181}, &(0x7f0000000200)=0xd5, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001740)=@raw={'raw\x00', 0x8000000, 0x7fffffe, 0x2b0, 0x110, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x1e0, 0xffffffff, 0xffffffff, 0x1e0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, @mcast1, [0x0, 0x0, 0x0, 0xffffff], [0xff000000, 0x0, 0x4c62d6309aaa1bde, 0xffffff00], 'batadv0\x00', 'nicvf0\x00', {}, {0xff}, 0x3a, 0x0, 0x3, 0x42}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xa, 0x100, 0x2, 0x8, 'pptp\x00', 'syz0\x00', {0xf}}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0x0, 0x0, 0xffffffff, 0xffffff00], [0x0, 0x0, 0xffffff00, 0xff], 'syzkaller0\x00', 'vxcan1\x00', {}, {}, 0x3c}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1a, 0x7, 0xc}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000001540)={0x0}, 0x1, 0x0, 0x0, 0xe75001b60ea60cd8}, 0x6000c054)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$EXT4_IOC_SETFSUUID(r7, 0x4008662c, &(0x7f0000000380)={0x10, 0x0, "59e77f5840f8e0be32090f53561f48d5"})
connect$inet6(r9, 0x0, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r10], 0x4c}}, 0x0)

508.191795ms ago: executing program 0 (id=850):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000000400), 0x4)
io_destroy(0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000180)={[{@dioread_lock}, {@resgid}, {@jqfmt_vfsold}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@nobarrier}, {@grpid}, {@jqfmt_vfsv0}]}, 0xfc, 0x58f, &(0x7f0000002d00)="$eJzs3U1rXFUfAPD/nUzSNu3zNIVS1IUUurBSO2kSXyoI1pWIFgu6r0MyDSWTTslMShMLtgu7cSNFELEgfgD3LotfwE9R0EKREnQhQuRO7qTTZCavE2fS+f3gtufMuTfn/nPuOTln7gw3gL51Mv0nF/FiRHydRBxtKstHVnhyZb+lJ7cm0y2J5eVP/kgiyV5r7J9k/x/OMi9ExC9fRpzJra+3urA4UyyXS3NZfrQ2e320urB49upscbo0Xbo2PjFx/o2J8bfferNjsb566a/vPn7wwfmvTi19+9OjY/eSuBBHsrLmOHbhdnPmZPGfLDUYF9bsONaBynpJ0u0TYEcGsn4+GOkYcDQGsl4PPP++iIhloE8l+j/0qcY8oLG279A6eN94/N7KAqge+1Bz/PmV90biYH1tNLyUPLMySte7Ix2oP63j59/v30u32Ph9iEOb5AG25fadiDiXz68f/5Ns/Nu5c/U3jze2to5++/sD3fQgnf+81mr+l1ud/0SL+c/hFn13Jzbv/7lHHaimrXT+907L+e/q0DUykOX+V5/zDSZXrpZL5yLi/xFxOgYPpPmN7uecX3q43K6sef6Xbmn9jblgdh6P8geePWaqWCtGxNBu4m54fCfipXyr+JPV9k9atH/6+7i0xTpOlO6/3K5s8/j31vKPEa+0bP+nd7SSje9Pjtavh9HGVbHen3dP/Nqu/m7Hn7b/8MbxjyTN92ur26/jh4N/l9qVpfEP7+D6H0o+racbneBmsVabG4sYSj5a//r402Mb+cb+afynT63E/+xkJbfh9Z8uvj7bYvx3j99tu2svtP/Uttp/+4mHH37+fbv6tzb+vV5Pnc5eyca/1rJrZasnuNvfHwAAAAAAAPSSXEQciSRXWE3ncoXCyuc7jsdwrlyp1s5cqcxfm4r6d2VHYjDXuNN9tOnzEGPZ52Eb+fE1+YmIOBYR3wwcqucLk5XyVLeDBwAAAAAAAAAAAAAAAAAAgB5xuM33/1O/DXT77IA9V3+wwYFunwXQDZs+8r8TT3oCetKm/R94bun/0L/0f+hfa/t/R54sDOwL/v5D/9L/oX/p/9C/9H8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqEsXL6bb8tKTW5NpfurGwvxM5cbZqVJ1pjA7P1mYrMxdL0xXKtPlUmGyMrvZzytXKtfHxmP+5mitVK2NVhcWL89W5q/VLl+dLU6XLpcG/5OoAAAAAAAAAAAAAAAAAAAAYH+pLizOFMvl0txqIp+VzK0v6tPEu9ETp7GXAa7Y0eH5XolibxLvD/TEaewmcSdr3u0d1aUBCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa+DcAAP//Rm0oPg==")
r2 = creat(&(0x7f0000000000)='./file1\x00', 0x14c)
fallocate(r2, 0x0, 0x9, 0x2000403)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

302.983691ms ago: executing program 2 (id=851):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket(0x2, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0}}], 0x1, 0x0)

153.06187ms ago: executing program 0 (id=852):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') (async)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a}) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x1c0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a}) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000700)='mnt/encrypted_dir/file\x00', 0x42, 0x180)
write(r3, &(0x7f0000000740)='foo', 0x3) (async)
r4 = socket$netlink(0x10, 0x3, 0x10) (async, rerun: 32)
socket$netlink(0x10, 0x3, 0x10) (rerun: 32)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x100a0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2ef}, 0x0, 0xffffffffffffffff, r6, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0) (async, rerun: 32)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f00000001c0)=r7}, 0x20) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r5, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

26.331226ms ago: executing program 0 (id=853):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r3}, 0x10)
sendto$inet6(r0, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

0s ago: executing program 3 (id=854):
socket$inet6_icmp(0xa, 0x2, 0x3a)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_setup(0x1, &(0x7f0000000b80)=<r1=>0x0)
socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
io_destroy(r1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000180)={[{@dioread_lock}, {@resgid}, {@jqfmt_vfsold}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@nobarrier}, {@grpid}, {@jqfmt_vfsv0}]}, 0xfc, 0x58f, &(0x7f0000002d00)="$eJzs3U1rXFUfAPD/nUzSNu3zNIVS1IUUurBSO2kSXyoI1pWIFgu6r0MyDSWTTslMShMLtgu7cSNFELEgfgD3LotfwE9R0EKREnQhQuRO7qTTZCavE2fS+f3gtufMuTfn/nPuOTln7gw3gL51Mv0nF/FiRHydRBxtKstHVnhyZb+lJ7cm0y2J5eVP/kgiyV5r7J9k/x/OMi9ExC9fRpzJra+3urA4UyyXS3NZfrQ2e320urB49upscbo0Xbo2PjFx/o2J8bfferNjsb566a/vPn7wwfmvTi19+9OjY/eSuBBHsrLmOHbhdnPmZPGfLDUYF9bsONaBynpJ0u0TYEcGsn4+GOkYcDQGsl4PPP++iIhloE8l+j/0qcY8oLG279A6eN94/N7KAqge+1Bz/PmV90biYH1tNLyUPLMySte7Ix2oP63j59/v30u32Ph9iEOb5AG25fadiDiXz68f/5Ns/Nu5c/U3jze2to5++/sD3fQgnf+81mr+l1ud/0SL+c/hFn13Jzbv/7lHHaimrXT+907L+e/q0DUykOX+V5/zDSZXrpZL5yLi/xFxOgYPpPmN7uecX3q43K6sef6Xbmn9jblgdh6P8geePWaqWCtGxNBu4m54fCfipXyr+JPV9k9atH/6+7i0xTpOlO6/3K5s8/j31vKPEa+0bP+nd7SSje9Pjtavh9HGVbHen3dP/Nqu/m7Hn7b/8MbxjyTN92ur26/jh4N/l9qVpfEP7+D6H0o+racbneBmsVabG4sYSj5a//r402Mb+cb+afynT63E/+xkJbfh9Z8uvj7bYvx3j99tu2svtP/Uttp/+4mHH37+fbv6tzb+vV5Pnc5eyca/1rJrZasnuNvfHwAAAAAAAPSSXEQciSRXWE3ncoXCyuc7jsdwrlyp1s5cqcxfm4r6d2VHYjDXuNN9tOnzEGPZ52Eb+fE1+YmIOBYR3wwcqucLk5XyVLeDBwAAAAAAAAAAAAAAAAAAgB5xuM33/1O/DXT77IA9V3+wwYFunwXQDZs+8r8TT3oCetKm/R94bun/0L/0f+hfa/t/R54sDOwL/v5D/9L/oX/p/9C/9H8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqEsXL6bb8tKTW5NpfurGwvxM5cbZqVJ1pjA7P1mYrMxdL0xXKtPlUmGyMrvZzytXKtfHxmP+5mitVK2NVhcWL89W5q/VLl+dLU6XLpcG/5OoAAAAAAAAAAAAAAAAAAAAYH+pLizOFMvl0txqIp+VzK0v6tPEu9ETp7GXAa7Y0eH5XolibxLvD/TEaewmcSdr3u0d1aUBCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa+DcAAP//Rm0oPg==")
r4 = creat(&(0x7f0000000000)='./file1\x00', 0x14c)
fallocate(r4, 0x0, 0x9, 0x2000403)

kernel console output (not intermixed with test programs):

mpat=0 ip=0x7f5ad2f32005 code=0x7ffc0000
[   40.648384][   T29] audit: type=1326 audit(1768324002.556:3028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4069 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5ad2f32005 code=0x7ffc0000
[   40.671903][   T29] audit: type=1326 audit(1768324002.566:3029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4069 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5ad2f32005 code=0x7ffc0000
[   40.695426][   T29] audit: type=1326 audit(1768324002.566:3030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4069 comm="syz.3.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5ad2f32005 code=0x7ffc0000
[   40.726563][ T4081] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   40.741932][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.769722][ T4061] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.835931][ T4070] 8021q: adding VLAN 0 to HW filter on device bond2
[   40.984747][ T4081] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[   41.007790][ T4081] System zones: 1-12
[   41.031030][ T4081] EXT4-fs (loop2): 1 truncate cleaned up
[   41.059531][ T4081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.105737][ T4098] futex_wake_op: syz.4.187 tries to shift op by -3; fix this program
[   41.159757][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.285762][ T4098] netlink: 'syz.4.187': attribute type 1 has an invalid length.
[   41.311518][ T4098] 8021q: adding VLAN 0 to HW filter on device bond2
[   41.331031][ T4106] set_capacity_and_notify: 3 callbacks suppressed
[   41.331048][ T4106] loop1: detected capacity change from 0 to 128
[   41.537709][ T4121] futex_wake_op: syz.2.195 tries to shift op by -3; fix this program
[   41.570381][ T4122] loop4: detected capacity change from 0 to 1024
[   41.596384][ T4122] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.615942][ T4121] netlink: 'syz.2.195': attribute type 1 has an invalid length.
[   41.638340][ T4121] 8021q: adding VLAN 0 to HW filter on device bond2
[   41.664693][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.739723][ T4132] loop2: detected capacity change from 0 to 1024
[   41.767215][ T4136] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   41.788084][ T4132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.840009][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.889869][ T4147] netlink: 12 bytes leftover after parsing attributes in process `syz.2.202'.
[   41.920942][ T4149] netlink: 12 bytes leftover after parsing attributes in process `syz.4.203'.
[   41.937525][ T4149] netlink: 'syz.4.203': attribute type 1 has an invalid length.
[   41.948287][ T4149] netlink: 4 bytes leftover after parsing attributes in process `syz.4.203'.
[   41.978868][ T4147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.202'.
[   42.003547][ T4147] macvtap0: refused to change device tx_queue_len
[   42.033475][ T4154] FAULT_INJECTION: forcing a failure.
[   42.033475][ T4154] name failslab, interval 1, probability 0, space 0, times 0
[   42.046298][ T4154] CPU: 1 UID: 0 PID: 4154 Comm: syz.2.205 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   42.046397][ T4154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   42.046462][ T4154] Call Trace:
[   42.046467][ T4154]  <TASK>
[   42.046474][ T4154]  __dump_stack+0x1d/0x30
[   42.046501][ T4154]  dump_stack_lvl+0x95/0xd0
[   42.046525][ T4154]  dump_stack+0x15/0x1b
[   42.046602][ T4154]  should_fail_ex+0x265/0x280
[   42.046624][ T4154]  should_failslab+0x8c/0xb0
[   42.046676][ T4154]  kmem_cache_alloc_noprof+0x69/0x4b0
[   42.046695][ T4154]  ? prepare_creds+0x39/0x550
[   42.046714][ T4154]  prepare_creds+0x39/0x550
[   42.046735][ T4154]  __sys_setresuid+0x464/0x6d0
[   42.046780][ T4154]  __x64_sys_setresuid+0x3f/0x50
[   42.046803][ T4154]  x64_sys_call+0x1e85/0x3000
[   42.046825][ T4154]  do_syscall_64+0xca/0x2b0
[   42.046935][ T4154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.046954][ T4154] RIP: 0033:0x7fef281cf749
[   42.046967][ T4154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.046982][ T4154] RSP: 002b:00007fef26c2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075
[   42.047044][ T4154] RAX: ffffffffffffffda RBX: 00007fef28425fa0 RCX: 00007fef281cf749
[   42.047058][ T4154] RDX: 0000000000000000 RSI: 000000000000ee00 RDI: 000000000000ee00
[   42.047071][ T4154] RBP: 00007fef26c2f090 R08: 0000000000000000 R09: 0000000000000000
[   42.047085][ T4154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.047099][ T4154] R13: 00007fef28426038 R14: 00007fef28425fa0 R15: 00007ffc28294778
[   42.047174][ T4154]  </TASK>
[   42.241386][ T4156] loop1: detected capacity change from 0 to 128
[   42.313175][ T4162] loop4: detected capacity change from 0 to 1024
[   42.356017][ T3313] FAT-fs (loop1): error, corrupted directory (invalid entries)
[   42.363712][ T3313] FAT-fs (loop1): Filesystem has been set read-only
[   42.371005][ T3313] FAT-fs (loop1): error, corrupted directory (invalid entries)
[   42.424917][ T4162] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.451446][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.478790][ T4167] loop4: detected capacity change from 0 to 128
[   42.680348][  T837] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.747398][  T837] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.810479][ T4184] netlink: 20 bytes leftover after parsing attributes in process `syz.4.209'.
[   42.827599][ T4182] loop3: detected capacity change from 0 to 512
[   42.837236][  T837] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.874772][ T4182] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.903061][ T4182] ext4 filesystem being mounted at /53/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   42.934702][  T837] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.967455][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.996304][ T4171] chnl_net:caif_netlink_parms(): no params data found
[   43.086799][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.099820][ T4199] futex_wake_op: syz.3.215 tries to shift op by -3; fix this program
[   43.133739][ T4200] loop4: detected capacity change from 0 to 1024
[   43.161327][ T4200] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.179094][  T837] bridge_slave_1: left allmulticast mode
[   43.184987][  T837] bridge_slave_1: left promiscuous mode
[   43.190619][  T837] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.201647][ T4207] loop2: detected capacity change from 0 to 1024
[   43.209186][  T837] bridge_slave_0: left allmulticast mode
[   43.215273][  T837] bridge_slave_0: left promiscuous mode
[   43.221071][  T837] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.230227][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.259117][ T4207] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.313828][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.382192][ T4220] loop4: detected capacity change from 0 to 512
[   43.392950][  T837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   43.403832][  T837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   43.403877][ T4221] validate_nla: 6 callbacks suppressed
[   43.403888][ T4221] netlink: 'syz.2.223': attribute type 13 has an invalid length.
[   43.425800][ T4221] netlink: 152 bytes leftover after parsing attributes in process `syz.2.223'.
[   43.437368][  T837] bond0 (unregistering): Released all slaves
[   43.446668][  T837] bond1 (unregistering): Released all slaves
[   43.457195][  T837] bond2 (unregistering): Released all slaves
[   43.458009][ T4220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.477175][ T4171] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.484436][ T4171] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.491992][ T4220] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   43.502967][ T4171] bridge_slave_0: entered allmulticast mode
[   43.511078][ T4171] bridge_slave_0: entered promiscuous mode
[   43.529099][ T4199] 8021q: adding VLAN 0 to HW filter on device bond3
[   43.537822][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.560480][ T4221] syz_tun: refused to change device tx_queue_len
[   43.566886][ T4221] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[   43.589316][  T837] hsr_slave_0: left promiscuous mode
[   43.596962][  T837] hsr_slave_1: left promiscuous mode
[   43.602934][  T837] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   43.610530][  T837] batman_adv: batadv0: Removing interface: batadv_slave_0
[   43.620496][  T837] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   43.628108][  T837] batman_adv: batadv0: Removing interface: batadv_slave_1
[   43.639764][  T837] veth1_macvtap: left promiscuous mode
[   43.645540][  T837] veth0_macvtap: left promiscuous mode
[   43.651195][  T837] veth1_vlan: left promiscuous mode
[   43.657190][  T837] veth0_vlan: left promiscuous mode
[   43.683428][ T4233] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[   43.690248][ T4233] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   43.698031][ T4233] vhci_hcd vhci_hcd.0: Device attached
[   43.914622][   T10] vhci_hcd vhci_hcd.4: vhci_device speed not set
[   43.946797][  T837] team0 (unregistering): Port device team_slave_1 removed
[   43.958573][  T837] team0 (unregistering): Port device team_slave_0 removed
[   43.975835][   T10] usb 9-1: new full-speed USB device number 2 using vhci_hcd
[   44.006984][ T4171] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.014171][ T4171] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.022338][ T4171] bridge_slave_1: entered allmulticast mode
[   44.029101][ T4171] bridge_slave_1: entered promiscuous mode
[   44.081948][ T4171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   44.093102][ T4171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   44.210770][ T4171] team0: Port device team_slave_0 added
[   44.249847][ T4171] team0: Port device team_slave_1 added
[   44.336891][ T4171] batman_adv: batadv0: Adding interface: batadv_slave_0
[   44.343960][ T4171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   44.369999][ T4171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   44.481983][ T4171] batman_adv: batadv0: Adding interface: batadv_slave_1
[   44.489050][ T4171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   44.515220][ T4171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   44.611718][ T4171] hsr_slave_0: entered promiscuous mode
[   44.622793][ T4171] hsr_slave_1: entered promiscuous mode
[   44.778571][ T4171] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   44.799718][ T4268] EXT4-fs: Ignoring removed orlov option
[   44.948114][ T4268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.996296][ T4171] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   45.014005][ T4171] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   45.027247][ T4171] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   45.070562][ T4234] vhci_hcd: connection reset by peer
[   45.090813][  T837] vhci_hcd vhci_hcd.4: stop threads
[   45.096695][  T837] vhci_hcd vhci_hcd.4: release socket
[   45.102669][  T837] vhci_hcd vhci_hcd.4: disconnect device
[   45.150866][ T4171] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.164688][ T4171] 8021q: adding VLAN 0 to HW filter on device team0
[   45.182273][  T837] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.189423][  T837] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.225284][  T837] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.232377][  T837] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.253505][ T4299] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.273141][ T4299] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   45.340656][ T4320] EXT4-fs: Ignoring removed nomblk_io_submit option
[   45.355708][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.470628][ T4319] netlink: 'syz.3.241': attribute type 13 has an invalid length.
[   45.491102][   T29] kauditd_printk_skb: 4680 callbacks suppressed
[   45.491154][   T29] audit: type=1326 audit(1768324007.546:7711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fef2816b829 code=0x7ffc0000
[   45.521436][   T29] audit: type=1326 audit(1768324007.546:7712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef281c65e7 code=0x7ffc0000
[   45.545474][   T29] audit: type=1326 audit(1768324007.546:7713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fef2816b829 code=0x7ffc0000
[   45.568808][   T29] audit: type=1326 audit(1768324007.546:7714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef281c65e7 code=0x7ffc0000
[   45.592275][   T29] audit: type=1326 audit(1768324007.546:7715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fef2816b829 code=0x7ffc0000
[   45.615526][   T29] audit: type=1326 audit(1768324007.546:7716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef281c65e7 code=0x7ffc0000
[   45.639017][   T29] audit: type=1326 audit(1768324007.546:7717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fef2816b829 code=0x7ffc0000
[   45.662537][   T29] audit: type=1326 audit(1768324007.546:7718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef281c65e7 code=0x7ffc0000
[   45.686063][   T29] audit: type=1326 audit(1768324007.546:7719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fef2816b829 code=0x7ffc0000
[   45.704871][ T4171] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.709376][   T29] audit: type=1326 audit(1768324007.546:7720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4253 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef281c65e7 code=0x7ffc0000
[   45.749453][ T4320] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.239: iget: bad extended attribute block 262144
[   45.784625][ T4320] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.239: couldn't read orphan inode 15 (err -117)
[   45.796952][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.807631][ T4320] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.853824][ T4365] FAULT_INJECTION: forcing a failure.
[   45.853824][ T4365] name failslab, interval 1, probability 0, space 0, times 0
[   45.865647][ T4362] netlink: 12 bytes leftover after parsing attributes in process `syz.0.240'.
[   45.866562][ T4365] CPU: 0 UID: 0 PID: 4365 Comm: syz.3.243 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   45.866589][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   45.866626][ T4365] Call Trace:
[   45.866633][ T4365]  <TASK>
[   45.866640][ T4365]  __dump_stack+0x1d/0x30
[   45.866664][ T4365]  dump_stack_lvl+0x95/0xd0
[   45.866685][ T4365]  dump_stack+0x15/0x1b
[   45.866705][ T4365]  should_fail_ex+0x265/0x280
[   45.866782][ T4365]  should_failslab+0x8c/0xb0
[   45.866816][ T4365]  __kmalloc_noprof+0xb9/0x5a0
[   45.866841][ T4365]  ? flow_action_cookie_create+0x26/0x70
[   45.866875][ T4365]  flow_action_cookie_create+0x26/0x70
[   45.866953][ T4365]  tc_setup_action+0x104/0x440
[   45.866981][ T4365]  ? __kmalloc_noprof+0x2b4/0x5a0
[   45.867006][ T4365]  tcf_action_offload_add_ex+0x261/0x3c0
[   45.867039][ T4365]  tcf_action_init+0x333/0x6d0
[   45.867142][ T4365]  tc_ctl_action+0x291/0x830
[   45.867176][ T4365]  ? __mutex_lock_slowpath+0xa/0x10
[   45.867232][ T4365]  ? __pfx_tc_ctl_action+0x10/0x10
[   45.867253][ T4365]  rtnetlink_rcv_msg+0x65a/0x6d0
[   45.867273][ T4365]  ? avc_has_perm_noaudit+0xab/0x130
[   45.867319][ T4365]  netlink_rcv_skb+0x123/0x220
[   45.867348][ T4365]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   45.867380][ T4365]  rtnetlink_rcv+0x1c/0x30
[   45.867397][ T4365]  netlink_unicast+0x5c0/0x690
[   45.867426][ T4365]  netlink_sendmsg+0x58b/0x6b0
[   45.867465][ T4365]  ? __pfx_netlink_sendmsg+0x10/0x10
[   45.867565][ T4365]  __sock_sendmsg+0x145/0x180
[   45.867585][ T4365]  ____sys_sendmsg+0x31e/0x4a0
[   45.867618][ T4365]  ___sys_sendmsg+0x17b/0x1d0
[   45.867656][ T4365]  __x64_sys_sendmsg+0xd4/0x160
[   45.867687][ T4365]  x64_sys_call+0x17ba/0x3000
[   45.867711][ T4365]  do_syscall_64+0xca/0x2b0
[   45.867795][ T4365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.867831][ T4365] RIP: 0033:0x7f5ad2eff749
[   45.867845][ T4365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.867863][ T4365] RSP: 002b:00007f5ad1967038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   45.867882][ T4365] RAX: ffffffffffffffda RBX: 00007f5ad3155fa0 RCX: 00007f5ad2eff749
[   45.867971][ T4365] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[   45.868010][ T4365] RBP: 00007f5ad1967090 R08: 0000000000000000 R09: 0000000000000000
[   45.868023][ T4365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   45.868035][ T4365] R13: 00007f5ad3156038 R14: 00007f5ad3155fa0 R15: 00007ffdacbe6ac8
[   45.868053][ T4365]  </TASK>
[   45.956971][ T4374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.240'.
[   45.986728][ T4372] netlink: 16 bytes leftover after parsing attributes in process `syz.4.239'.
[   46.007490][ T4373] futex_wake_op: syz.2.246 tries to shift op by -3; fix this program
[   46.021350][ T4372] netlink: 12 bytes leftover after parsing attributes in process `syz.4.239'.
[   46.102534][ T4362] macvtap0: refused to change device tx_queue_len
[   46.108278][ T4372] netlink: 20 bytes leftover after parsing attributes in process `syz.4.239'.
[   46.129150][ T4380] netlink: 'syz.2.246': attribute type 1 has an invalid length.
[   46.215091][ T4380] 8021q: adding VLAN 0 to HW filter on device bond3
[   46.229189][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.249514][ T4171] veth0_vlan: entered promiscuous mode
[   46.267214][ T4171] veth1_vlan: entered promiscuous mode
[   46.292379][ T4171] veth0_macvtap: entered promiscuous mode
[   46.307922][ T4171] veth1_macvtap: entered promiscuous mode
[   46.319135][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_0
[   46.328519][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_1
[   46.344956][ T4395] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.371442][ T1706] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   46.386588][ T4400] netlink: 20 bytes leftover after parsing attributes in process `syz.2.251'.
[   46.399433][ T1706] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   46.443965][ T1706] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   46.553573][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.559987][ T4398] set_capacity_and_notify: 5 callbacks suppressed
[   46.560025][ T4398] loop4: detected capacity change from 0 to 512
[   46.573189][ T1706] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.591119][ T4406] serio: Serial port ptm0
[   46.612909][ T4398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.682252][ T4414] FAULT_INJECTION: forcing a failure.
[   46.682252][ T4414] name failslab, interval 1, probability 0, space 0, times 0
[   46.694940][ T4414] CPU: 0 UID: 0 PID: 4414 Comm: syz.3.253 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   46.694970][ T4414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   46.695014][ T4414] Call Trace:
[   46.695021][ T4414]  <TASK>
[   46.695030][ T4414]  __dump_stack+0x1d/0x30
[   46.695057][ T4414]  dump_stack_lvl+0x95/0xd0
[   46.695132][ T4414]  dump_stack+0x15/0x1b
[   46.695193][ T4414]  should_fail_ex+0x265/0x280
[   46.695217][ T4414]  should_failslab+0x8c/0xb0
[   46.695312][ T4414]  __kmalloc_cache_noprof+0x65/0x4c0
[   46.695357][ T4414]  ? prog_array_map_alloc+0x33/0x110
[   46.695395][ T4414]  prog_array_map_alloc+0x33/0x110
[   46.695423][ T4414]  map_create+0x862/0xda0
[   46.695508][ T4414]  ? security_bpf+0x2b/0x90
[   46.695534][ T4414]  __sys_bpf+0x54e/0x7c0
[   46.695561][ T4414]  __x64_sys_bpf+0x41/0x50
[   46.695608][ T4414]  x64_sys_call+0x28e1/0x3000
[   46.695711][ T4414]  do_syscall_64+0xca/0x2b0
[   46.695747][ T4414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.695770][ T4414] RIP: 0033:0x7f5ad2eff749
[   46.695787][ T4414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   46.695863][ T4414] RSP: 002b:00007f5ad1967038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   46.695923][ T4414] RAX: ffffffffffffffda RBX: 00007f5ad3155fa0 RCX: 00007f5ad2eff749
[   46.695935][ T4414] RDX: 0000000000000050 RSI: 0000200000000700 RDI: 0000000000000000
[   46.695945][ T4414] RBP: 00007f5ad1967090 R08: 0000000000000000 R09: 0000000000000000
[   46.695956][ T4414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   46.695969][ T4414] R13: 00007f5ad3156038 R14: 00007f5ad3155fa0 R15: 00007ffdacbe6ac8
[   46.695985][ T4414]  </TASK>
[   46.890610][ T4398] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   46.913076][ T4416] loop0: detected capacity change from 0 to 1024
[   46.958457][ T4416] EXT4-fs: Ignoring removed orlov option
[   47.034911][ T4416] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.061389][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.175086][ T4431] loop4: detected capacity change from 0 to 1024
[   47.201544][ T4436] netlink: 20 bytes leftover after parsing attributes in process `syz.3.260'.
[   47.209209][ T4435] futex_wake_op: syz.2.259 tries to shift op by -3; fix this program
[   47.230335][ T4431] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.256596][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.292223][ T4435] netlink: 'syz.2.259': attribute type 1 has an invalid length.
[   47.322206][ T4444] futex_wake_op: syz.5.263 tries to shift op by -3; fix this program
[   47.360195][ T4435] 8021q: adding VLAN 0 to HW filter on device bond4
[   47.471679][ T4452] loop4: detected capacity change from 0 to 1024
[   47.495723][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.517833][ T4455] netlink: 'syz.5.263': attribute type 1 has an invalid length.
[   47.562035][ T4455] 8021q: adding VLAN 0 to HW filter on device bond1
[   47.581423][ T4452] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.684569][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.712799][ T4461] loop0: detected capacity change from 0 to 512
[   47.750102][ T4466] netlink: 4 bytes leftover after parsing attributes in process `syz.5.270'.
[   47.759283][ T4466] hsr_slave_0: left promiscuous mode
[   47.765935][ T4466] hsr_slave_1: left promiscuous mode
[   47.822749][ T4461] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.841792][ T4461] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   47.913619][ T4478] loop3: detected capacity change from 0 to 1024
[   47.920576][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.926972][ T4481] SELinux:  policydb magic number 0x13dbff8c does not match expected magic number 0xf97cff8c
[   47.946249][ T4481] SELinux: failed to load policy
[   47.958074][ T4478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.998735][ T4486] futex_wake_op: syz.4.276 tries to shift op by -3; fix this program
[   48.014828][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.069230][ T4486] netlink: 'syz.4.276': attribute type 1 has an invalid length.
[   48.080244][ T4494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.278'.
[   48.085462][ T4486] 8021q: adding VLAN 0 to HW filter on device bond3
[   48.133166][ T4487] serio: Serial port ptm0
[   48.176065][ T4504] loop4: detected capacity change from 0 to 1024
[   48.208565][ T4506] futex_wake_op: syz.2.281 tries to shift op by -3; fix this program
[   48.243368][ T4507] loop3: detected capacity change from 0 to 1024
[   48.255206][ T4507] EXT4-fs: Ignoring removed orlov option
[   48.255245][ T4504] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.295203][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.305560][ T4506] netlink: 'syz.2.281': attribute type 1 has an invalid length.
[   48.353076][ T4506] 8021q: adding VLAN 0 to HW filter on device bond5
[   48.450777][ T4523] syz.4.284: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[   48.465573][ T4523] CPU: 1 UID: 0 PID: 4523 Comm: syz.4.284 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   48.465714][ T4523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   48.465725][ T4523] Call Trace:
[   48.465732][ T4523]  <TASK>
[   48.465740][ T4523]  __dump_stack+0x1d/0x30
[   48.465768][ T4523]  dump_stack_lvl+0x95/0xd0
[   48.465792][ T4523]  dump_stack+0x15/0x1b
[   48.465814][ T4523]  warn_alloc+0x12b/0x1a0
[   48.465896][ T4523]  ? __rcu_read_unlock+0x4f/0x70
[   48.465920][ T4523]  ? bpf_trace_run4+0x134/0x1e0
[   48.466180][ T4523]  __vmalloc_node_range_noprof+0xa0/0x1310
[   48.466205][ T4523]  ? finish_task_switch+0x7a/0x2a0
[   48.466233][ T4523]  ? __schedule+0x85f/0xcd0
[   48.466309][ T4523]  ? avc_has_perm_noaudit+0xab/0x130
[   48.466338][ T4523]  ? should_fail_ex+0x30/0x280
[   48.466403][ T4523]  ? should_failslab+0x8c/0xb0
[   48.466427][ T4523]  vmalloc_user_noprof+0x7d/0xb0
[   48.466453][ T4523]  ? xskq_create+0x80/0xe0
[   48.466469][ T4523]  xskq_create+0x80/0xe0
[   48.466541][ T4523]  xsk_init_queue+0x95/0xf0
[   48.466616][ T4523]  xsk_setsockopt+0x3f5/0x640
[   48.466669][ T4523]  ? __pfx_xsk_setsockopt+0x10/0x10
[   48.466746][ T4523]  __sys_setsockopt+0x184/0x200
[   48.466784][ T4523]  __x64_sys_setsockopt+0x64/0x80
[   48.466863][ T4523]  x64_sys_call+0x21d5/0x3000
[   48.466983][ T4523]  do_syscall_64+0xca/0x2b0
[   48.467021][ T4523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.467044][ T4523] RIP: 0033:0x7f1b53b1f749
[   48.467060][ T4523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.467079][ T4523] RSP: 002b:00007f1b52587038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   48.467150][ T4523] RAX: ffffffffffffffda RBX: 00007f1b53d75fa0 RCX: 00007f1b53b1f749
[   48.467164][ T4523] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000a
[   48.467235][ T4523] RBP: 00007f1b53ba3f91 R08: 0000000000000004 R09: 0000000000000000
[   48.467247][ T4523] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   48.467258][ T4523] R13: 00007f1b53d76038 R14: 00007f1b53d75fa0 R15: 00007ffcb2fef868
[   48.467275][ T4523]  </TASK>
[   48.467294][ T4523] Mem-Info:
[   48.684010][ T4523] active_anon:7542 inactive_anon:0 isolated_anon:0
[   48.684010][ T4523]  active_file:8920 inactive_file:2282 isolated_file:0
[   48.684010][ T4523]  unevictable:0 dirty:19 writeback:8
[   48.684010][ T4523]  slab_reclaimable:3246 slab_unreclaimable:14806
[   48.684010][ T4523]  mapped:30449 shmem:342 pagetables:1224
[   48.684010][ T4523]  sec_pagetables:0 bounce:0
[   48.684010][ T4523]  kernel_misc_reclaimable:0
[   48.684010][ T4523]  free:1867839 free_pcp:37509 free_cma:0
[   48.729103][ T4523] Node 0 active_anon:30168kB inactive_anon:0kB active_file:35680kB inactive_file:9128kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:121796kB dirty:76kB writeback:32kB shmem:1368kB kernel_stack:4112kB pagetables:4896kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   48.756422][ T4523] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   48.786114][ T4523] lowmem_reserve[]: 0 2880 7859 7859
[   48.791422][ T4523] Node 0 DMA32 free:2945992kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949520kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB
[   48.822953][ T4523] lowmem_reserve[]: 0 0 4978 4978
[   48.828069][ T4523] Node 0 Normal free:4510004kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30284kB inactive_anon:0kB active_file:35680kB inactive_file:9128kB unevictable:0kB writepending:224kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:146136kB local_pcp:37132kB free_cma:0kB
[   48.850069][ T4527] loop2: detected capacity change from 0 to 512
[   48.861362][ T4523] lowmem_reserve[]: 0 0 0 0
[   48.861397][ T4523] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   48.861588][ T4523] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945992kB
[   48.861854][ T4523] Node 0 Normal: 536*4kB (UE) 339*8kB (UM) 328*16kB (UME) 330*32kB (UME) 194*64kB (UME) 136*128kB (UM) 99*256kB (UME) 90*512kB (UM) 51*1024kB (UM) 49*2048kB (UME) 1034*4096kB (UM) = 4509752kB
[   48.862186][ T4523] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   48.862204][ T4523] 11599 total pagecache pages
[   48.862212][ T4523] 0 pages in swap cache
[   48.862218][ T4523] Free swap  = 124996kB
[   48.862224][ T4523] Total swap = 124996kB
[   48.862230][ T4523] 2097051 pages RAM
[   48.862237][ T4523] 0 pages HighMem/MovableOnly
[   48.862244][ T4523] 81271 pages reserved
[   49.064885][   T10] usb 9-1: enqueue for inactive port 0
[   49.070470][   T10] usb 9-1: enqueue for inactive port 0
[   49.105807][ T4533] sd 0:0:1:0: device reset
[   49.113351][ T4531] netlink: 96 bytes leftover after parsing attributes in process `syz.4.287'.
[   49.121558][ T4527] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   49.144653][   T10] vhci_hcd vhci_hcd.4: vhci_device speed not set
[   49.603302][ T4544] loop2: detected capacity change from 0 to 128
[   49.714662][ T4546] futex_wake_op: syz.5.290 tries to shift op by -3; fix this program
[   49.775399][ T4533] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   49.823769][ T4546] netlink: 'syz.5.290': attribute type 1 has an invalid length.
[   49.849991][ T4533] EXT4-fs (loop0): mount failed
[   49.870713][ T4546] 8021q: adding VLAN 0 to HW filter on device bond2
[   50.283579][ T4538] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   50.299357][ T4538] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1112 with error 28
[   50.311899][ T4538] EXT4-fs (loop5): This should not happen!! Data will be lost
[   50.311899][ T4538] 
[   50.321636][ T4538] EXT4-fs (loop5): Total free blocks count 0
[   50.327655][ T4538] EXT4-fs (loop5): Free/Dirty block details
[   50.333539][ T4538] EXT4-fs (loop5): free_blocks=2415919104
[   50.339356][ T4538] EXT4-fs (loop5): dirty_blocks=1120
[   50.344653][ T4538] EXT4-fs (loop5): Block reservation details
[   50.350702][ T4538] EXT4-fs (loop5): i_reserved_data_blocks=70
[   50.473332][ T4538] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 1112 with max blocks 330 with error 28
[   50.486369][ T4538] EXT4-fs (loop5): This should not happen!! Data will be lost
[   50.486369][ T4538] 
[   50.497215][   T29] kauditd_printk_skb: 4052 callbacks suppressed
[   50.497226][   T29] audit: type=1326 audit(1768324012.556:11772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ad2e9b829 code=0x7ffc0000
[   50.666485][   T29] audit: type=1326 audit(1768324012.596:11773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ad2ef65e7 code=0x7ffc0000
[   50.689955][   T29] audit: type=1326 audit(1768324012.596:11774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ad2e9b829 code=0x7ffc0000
[   50.713484][   T29] audit: type=1326 audit(1768324012.596:11775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ad2ef65e7 code=0x7ffc0000
[   50.737074][   T29] audit: type=1326 audit(1768324012.596:11776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ad2e9b829 code=0x7ffc0000
[   50.760676][   T29] audit: type=1326 audit(1768324012.596:11777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ad2ef65e7 code=0x7ffc0000
[   50.784119][   T29] audit: type=1326 audit(1768324012.596:11778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ad2e9b829 code=0x7ffc0000
[   50.807473][   T29] audit: type=1326 audit(1768324012.596:11779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ad2ef65e7 code=0x7ffc0000
[   50.831242][   T29] audit: type=1326 audit(1768324012.596:11780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5ad2e9b829 code=0x7ffc0000
[   50.855531][   T29] audit: type=1326 audit(1768324012.596:11781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.3.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5ad2ef65e7 code=0x7ffc0000
[   50.894729][ T3495] kernel read not supported for file task/172/attr/fscreate (pid: 3495 comm: kworker/0:6)
[   50.910186][ T4573] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   51.010196][ T4582] xt_connbytes: Forcing CT accounting to be enabled
[   51.348108][ T4593] serio: Serial port ptm0
[   51.405130][ T4587] ext4 filesystem being mounted at /72/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   51.668519][ T4609] futex_wake_op: syz.0.306 tries to shift op by -3; fix this program
[   51.796882][ T4609] netlink: 'syz.0.306': attribute type 1 has an invalid length.
[   51.807039][ T4612] set_capacity_and_notify: 5 callbacks suppressed
[   51.807053][ T4612] loop3: detected capacity change from 0 to 128
[   51.863186][ T4609] 8021q: adding VLAN 0 to HW filter on device bond3
[   51.941555][ T4617] netlink: 12 bytes leftover after parsing attributes in process `syz.2.307'.
[   51.982467][ T4617] netlink: 'syz.2.307': attribute type 1 has an invalid length.
[   51.990347][ T4617] netlink: 'syz.2.307': attribute type 1 has an invalid length.
[   51.998120][ T4617] netlink: 'syz.2.307': attribute type 1 has an invalid length.
[   52.150265][ T4617] netlink: 4 bytes leftover after parsing attributes in process `syz.2.307'.
[   52.634806][ T4617] macvtap0: refused to change device tx_queue_len
[   52.681125][ T4625] futex_wake_op: syz.4.310 tries to shift op by -3; fix this program
[   52.782864][ T4627] netlink: 4 bytes leftover after parsing attributes in process `syz.2.312'.
[   52.809051][ T4625] netlink: 'syz.4.310': attribute type 1 has an invalid length.
[   52.865445][ T4625] 8021q: adding VLAN 0 to HW filter on device bond4
[   53.044885][ T4640] loop5: detected capacity change from 0 to 1024
[   53.146008][ T4640] EXT4-fs: Ignoring removed orlov option
[   53.741082][ T4649] macvtap1: entered promiscuous mode
[   53.746499][ T4649] bridge0: entered promiscuous mode
[   53.751871][ T4649] macvtap1: entered allmulticast mode
[   53.757276][ T4649] bridge0: entered allmulticast mode
[   53.763031][ T4649] bridge0: port 3(macvtap1) entered blocking state
[   53.769800][ T4649] bridge0: port 3(macvtap1) entered disabled state
[   53.777658][ T4649] bridge0: left allmulticast mode
[   53.782714][ T4649] bridge0: left promiscuous mode
[   53.787326][ T4654] netlink: 4 bytes leftover after parsing attributes in process `syz.3.316'.
[   53.800414][ T4652] loop5: detected capacity change from 0 to 1024
[   53.812644][ T4657] futex_wake_op: syz.2.318 tries to shift op by -3; fix this program
[   53.880420][ T4657] netlink: 'syz.2.318': attribute type 1 has an invalid length.
[   53.951965][ T4657] 8021q: adding VLAN 0 to HW filter on device bond6
[   54.148743][ T4676] loop3: detected capacity change from 0 to 1024
[   54.179675][ T4682] loop2: detected capacity change from 0 to 1024
[   54.618376][ T4693] netlink: 'syz.3.328': attribute type 13 has an invalid length.
[   54.658520][ T4687] loop4: detected capacity change from 0 to 1024
[   54.667648][ T4687] EXT4-fs: Ignoring removed orlov option
[   54.774117][ T4705] loop2: detected capacity change from 0 to 1024
[   55.071283][ T4712] futex_wake_op: syz.3.334 tries to shift op by -3; fix this program
[   55.277652][ T4712] netlink: 'syz.3.334': attribute type 1 has an invalid length.
[   55.296240][ T4712] 8021q: adding VLAN 0 to HW filter on device bond4
[   55.326802][ T4722] loop5: detected capacity change from 0 to 1024
[   55.333770][ T4723] loop2: detected capacity change from 0 to 1024
[   55.382159][ T4725] netlink: 'syz.3.339': attribute type 13 has an invalid length.
[   55.459254][ T4738] netlink: 12 bytes leftover after parsing attributes in process `syz.5.340'.
[   55.488050][ T4738] netlink: 'syz.5.340': attribute type 1 has an invalid length.
[   55.495859][ T4738] netlink: 'syz.5.340': attribute type 1 has an invalid length.
[   55.503651][ T4738] netlink: 'syz.5.340': attribute type 1 has an invalid length.
[   55.530449][   T29] kauditd_printk_skb: 3333 callbacks suppressed
[   55.530462][   T29] audit: type=1326 audit(1768324017.576:15115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4696 comm="syz.0.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   55.566196][ T4747] netlink: 4 bytes leftover after parsing attributes in process `syz.5.340'.
[   55.581025][ T4738] macvtap0: refused to change device tx_queue_len
[   55.593111][   T29] audit: type=1400 audit(1768324017.646:15116): avc:  denied  { write } for  pid=4748 comm="syz.4.345" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   55.616030][   T29] audit: type=1400 audit(1768324017.646:15117): avc:  denied  { open } for  pid=4748 comm="syz.4.345" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   55.665882][ T4751] netlink: 4 bytes leftover after parsing attributes in process `syz.3.348'.
[   55.681666][ T4751] bridge_slave_1: left allmulticast mode
[   55.687743][ T4751] bridge_slave_1: left promiscuous mode
[   55.693512][ T4751] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.722348][ T4751] bridge_slave_0: left allmulticast mode
[   55.728404][ T4751] bridge_slave_0: left promiscuous mode
[   55.734095][ T4751] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.753507][   T29] audit: type=1326 audit(1768324017.806:15118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4753 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   55.777068][   T29] audit: type=1326 audit(1768324017.806:15119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4753 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   55.808192][   T29] audit: type=1326 audit(1768324017.856:15120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4753 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   55.834429][   T29] audit: type=1326 audit(1768324017.866:15121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4753 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   55.858196][   T29] audit: type=1326 audit(1768324017.866:15122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4753 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   55.882927][   T29] audit: type=1326 audit(1768324017.866:15123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4753 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   55.888562][ T4759] serio: Serial port ptm0
[   55.906809][   T29] audit: type=1326 audit(1768324017.866:15124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4753 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   56.017729][ T4765] xt_hashlimit: max too large, truncated to 1048576
[   56.027598][ T4765] xt_CT: You must specify a L4 protocol and not use inversions on it
[   56.091546][ T4770] loop3: detected capacity change from 0 to 1024
[   56.107039][ T4772] netlink: 'syz.4.353': attribute type 13 has an invalid length.
[   56.351252][ T4788] netlink: 12 bytes leftover after parsing attributes in process `syz.4.357'.
[   56.475772][ T4788] netlink: 'syz.4.357': attribute type 1 has an invalid length.
[   56.483556][ T4788] netlink: 'syz.4.357': attribute type 1 has an invalid length.
[   56.491446][ T4788] netlink: 'syz.4.357': attribute type 1 has an invalid length.
[   56.509225][ T4788] netlink: 4 bytes leftover after parsing attributes in process `syz.4.357'.
[   56.706359][ T4827] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   56.716915][ T4819] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   56.731351][ T4829] xt_hashlimit: max too large, truncated to 1048576
[   56.775929][ T4827] EXT4-fs (loop2): 1 truncate cleaned up
[   56.835177][ T4829] xt_CT: You must specify a L4 protocol and not use inversions on it
[   56.873553][ T1895] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   56.882858][ T4746] syz.0.344 (4746) used greatest stack depth: 6408 bytes left
[   56.904342][ T1895] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1768 with error 28
[   56.917041][ T1895] EXT4-fs (loop3): This should not happen!! Data will be lost
[   56.917041][ T1895] 
[   56.926907][ T1895] EXT4-fs (loop3): Total free blocks count 0
[   56.932893][ T1895] EXT4-fs (loop3): Free/Dirty block details
[   56.938892][ T1895] EXT4-fs (loop3): free_blocks=2415919104
[   56.944759][ T1895] EXT4-fs (loop3): dirty_blocks=1776
[   56.950148][ T1895] EXT4-fs (loop3): Block reservation details
[   56.956564][ T1895] EXT4-fs (loop3): i_reserved_data_blocks=111
[   57.000857][ T4839] netlink: 'syz.2.366': attribute type 13 has an invalid length.
[   57.039154][ T4834] set_capacity_and_notify: 3 callbacks suppressed
[   57.039193][ T4834] loop4: detected capacity change from 0 to 512
[   57.104628][ T4834] ext4 filesystem being mounted at /82/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   57.540177][ T4860] FAULT_INJECTION: forcing a failure.
[   57.540177][ T4860] name failslab, interval 1, probability 0, space 0, times 0
[   57.553385][ T4860] CPU: 0 UID: 0 PID: 4860 Comm: syz.5.372 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   57.553412][ T4860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   57.553428][ T4860] Call Trace:
[   57.553435][ T4860]  <TASK>
[   57.553442][ T4860]  __dump_stack+0x1d/0x30
[   57.553507][ T4860]  dump_stack_lvl+0x95/0xd0
[   57.553528][ T4860]  dump_stack+0x15/0x1b
[   57.553589][ T4860]  should_fail_ex+0x265/0x280
[   57.553615][ T4860]  should_failslab+0x8c/0xb0
[   57.553639][ T4860]  kmem_cache_alloc_noprof+0x69/0x4b0
[   57.553664][ T4860]  ? getname_flags+0x80/0x3b0
[   57.553698][ T4860]  ? should_fail_ex+0xdb/0x280
[   57.553718][ T4860]  getname_flags+0x80/0x3b0
[   57.553750][ T4860]  user_path_at+0x28/0x130
[   57.553781][ T4860]  __se_sys_mount+0x25b/0x2e0
[   57.553859][ T4860]  ? fput+0x8f/0xc0
[   57.553888][ T4860]  __x64_sys_mount+0x67/0x80
[   57.553980][ T4860]  x64_sys_call+0x2cca/0x3000
[   57.554002][ T4860]  do_syscall_64+0xca/0x2b0
[   57.554040][ T4860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.554063][ T4860] RIP: 0033:0x7f2e0934f749
[   57.554152][ T4860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.554168][ T4860] RSP: 002b:00007f2e07daf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   57.554192][ T4860] RAX: ffffffffffffffda RBX: 00007f2e095a5fa0 RCX: 00007f2e0934f749
[   57.554204][ T4860] RDX: 0000200000001400 RSI: 00002000000003c0 RDI: 0000200000000240
[   57.554216][ T4860] RBP: 00007f2e07daf090 R08: 0000200000000140 R09: 0000000000000000
[   57.554230][ T4860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.554241][ T4860] R13: 00007f2e095a6038 R14: 00007f2e095a5fa0 R15: 00007ffdf4c51d48
[   57.554292][ T4860]  </TASK>
[   58.054759][ T4887] loop0: detected capacity change from 0 to 512
[   58.085628][ T4870] infiniband !yz!: set active
[   58.090366][ T4870] infiniband !yz!: added team_slave_0
[   58.101633][ T4887] loop0: detected capacity change from 0 to 512
[   58.141978][ T4893] loop4: detected capacity change from 0 to 512
[   58.168770][ T4870] RDS/IB: !yz!: added
[   58.174291][ T4885] serio: Serial port ptm0
[   58.183704][ T4870] smc: adding ib device !yz! with port count 1
[   58.197334][ T4870] smc:    ib device !yz! port 1 has no pnetid
[   58.206046][ T4901] futex_wake_op: syz.0.380 tries to shift op by -3; fix this program
[   58.218494][ T4893] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.353296][ T4905] 8021q: adding VLAN 0 to HW filter on device bond4
[   58.519287][ T4928] FAULT_INJECTION: forcing a failure.
[   58.519287][ T4928] name failslab, interval 1, probability 0, space 0, times 0
[   58.532033][ T4928] CPU: 0 UID: 0 PID: 4928 Comm: syz.3.384 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   58.532139][ T4928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   58.532153][ T4928] Call Trace:
[   58.532159][ T4928]  <TASK>
[   58.532167][ T4928]  __dump_stack+0x1d/0x30
[   58.532193][ T4928]  dump_stack_lvl+0x95/0xd0
[   58.532257][ T4928]  dump_stack+0x15/0x1b
[   58.532333][ T4928]  should_fail_ex+0x265/0x280
[   58.532358][ T4928]  should_failslab+0x8c/0xb0
[   58.532420][ T4928]  __kmalloc_cache_noprof+0x65/0x4c0
[   58.532451][ T4928]  ? genl_start+0x117/0x390
[   58.532473][ T4928]  genl_start+0x117/0x390
[   58.532495][ T4928]  __netlink_dump_start+0x334/0x520
[   58.532549][ T4928]  genl_family_rcv_msg_dumpit+0x115/0x180
[   58.532576][ T4928]  ? __pfx_genl_start+0x10/0x10
[   58.532600][ T4928]  ? __pfx_genl_dumpit+0x10/0x10
[   58.532619][ T4928]  ? __pfx_genl_done+0x10/0x10
[   58.532675][ T4928]  genl_rcv_msg+0x3f0/0x460
[   58.532695][ T4928]  ? __pfx_nl80211_dump_scan+0x10/0x10
[   58.532716][ T4928]  netlink_rcv_skb+0x123/0x220
[   58.532803][ T4928]  ? __pfx_genl_rcv_msg+0x10/0x10
[   58.532891][ T4928]  genl_rcv+0x28/0x40
[   58.532912][ T4928]  netlink_unicast+0x5c0/0x690
[   58.532942][ T4928]  netlink_sendmsg+0x58b/0x6b0
[   58.532978][ T4928]  ? __pfx_netlink_sendmsg+0x10/0x10
[   58.533082][ T4928]  __sock_sendmsg+0x145/0x180
[   58.533100][ T4928]  ____sys_sendmsg+0x31e/0x4a0
[   58.533128][ T4928]  ___sys_sendmsg+0x17b/0x1d0
[   58.533208][ T4928]  __x64_sys_sendmsg+0xd4/0x160
[   58.533243][ T4928]  x64_sys_call+0x17ba/0x3000
[   58.533276][ T4928]  do_syscall_64+0xca/0x2b0
[   58.533308][ T4928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.533327][ T4928] RIP: 0033:0x7f5ad2eff749
[   58.533341][ T4928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.533399][ T4928] RSP: 002b:00007f5ad1967038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   58.533420][ T4928] RAX: ffffffffffffffda RBX: 00007f5ad3155fa0 RCX: 00007f5ad2eff749
[   58.533435][ T4928] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   58.533465][ T4928] RBP: 00007f5ad1967090 R08: 0000000000000000 R09: 0000000000000000
[   58.533476][ T4928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.533487][ T4928] R13: 00007f5ad3156038 R14: 00007f5ad3155fa0 R15: 00007ffdacbe6ac8
[   58.533506][ T4928]  </TASK>
[   58.800499][ T4932] loop4: detected capacity change from 0 to 1024
[   58.807764][ T4932] EXT4-fs: Ignoring removed orlov option
[   58.858921][ T4934] netlink: 4 bytes leftover after parsing attributes in process `syz.0.386'.
[   59.035403][ T3492] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   59.055494][ T3492] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   59.526763][ T4955] futex_wake_op: syz.5.392 tries to shift op by -3; fix this program
[   59.587052][ T4954] team0: Failed to send options change via netlink (err -105)
[   59.594732][ T4954] team0: Port device dummy0 added
[   59.626927][ T4954] netlink: 8 bytes leftover after parsing attributes in process `syz.0.391'.
[   59.660921][ T4957] loop3: detected capacity change from 0 to 128
[   59.741879][ T4955] 8021q: adding VLAN 0 to HW filter on device bond3
[   59.842311][ T4954] loop0: detected capacity change from 0 to 512
[   59.877329][ T4954] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   59.897130][ T4954] EXT4-fs (loop0): orphan cleanup on readonly fs
[   59.916807][ T4954] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   59.959701][ T4971] loop2: detected capacity change from 0 to 256
[   59.966682][ T4973] netlink: 12 bytes leftover after parsing attributes in process `syz.3.398'.
[   60.003580][ T4954] EXT4-fs (loop0): Cannot turn on quotas: error -117
[   60.014683][ T4973] loop3: detected capacity change from 0 to 512
[   60.015238][ T4954] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.391: bg 0: block 15: invalid block bitmap
[   60.039657][ T4954] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6689: Corrupt filesystem
[   60.068635][ T4973] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   60.079935][ T4980] xt_hashlimit: max too large, truncated to 1048576
[   60.087763][ T4954] EXT4-fs (loop0): 1 truncate cleaned up
[   60.094385][ T4980] xt_CT: You must specify a L4 protocol and not use inversions on it
[   60.104117][ T4973] EXT4-fs (loop3): 1 truncate cleaned up
[   60.155518][ T4984] netlink: 4 bytes leftover after parsing attributes in process `syz.4.401'.
[   60.191678][ T4988] loop3: detected capacity change from 0 to 512
[   60.200764][ T4988] EXT4-fs: Ignoring removed nomblk_io_submit option
[   60.224694][ T4988] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   60.343865][ T4988] EXT4-fs (loop3): 1 truncate cleaned up
[   61.194254][   T29] kauditd_printk_skb: 3351 callbacks suppressed
[   61.194269][   T29] audit: type=1326 audit(1768324023.246:18475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4983 comm="syz.4.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1b53b52005 code=0x7ffc0000
[   61.610069][   T29] audit: type=1326 audit(1768324023.586:18476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.633596][   T29] audit: type=1326 audit(1768324023.586:18477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.657134][   T29] audit: type=1326 audit(1768324023.596:18478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.680906][   T29] audit: type=1326 audit(1768324023.596:18479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.704513][   T29] audit: type=1326 audit(1768324023.596:18480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2e0934df90 code=0x7ffc0000
[   61.727934][   T29] audit: type=1326 audit(1768324023.596:18481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.752047][   T29] audit: type=1326 audit(1768324023.596:18482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.776345][   T29] audit: type=1326 audit(1768324023.596:18483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.800208][   T29] audit: type=1326 audit(1768324023.596:18484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4993 comm="syz.5.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   61.899382][ T5012] futex_wake_op: syz.0.408 tries to shift op by -3; fix this program
[   61.934669][ T5018] futex_wake_op: syz.5.414 tries to shift op by -3; fix this program
[   61.948112][ T5015] xt_hashlimit: max too large, truncated to 1048576
[   61.965644][ T5015] xt_CT: You must specify a L4 protocol and not use inversions on it
[   61.984043][ T5012] validate_nla: 5 callbacks suppressed
[   61.984057][ T5012] netlink: 'syz.0.408': attribute type 1 has an invalid length.
[   62.020313][ T5018] netlink: 'syz.5.414': attribute type 1 has an invalid length.
[   62.052665][ T5025] netlink: 20 bytes leftover after parsing attributes in process `syz.3.416'.
[   62.056626][ T5010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.412'.
[   62.072254][ T5012] 8021q: adding VLAN 0 to HW filter on device bond5
[   62.072514][ T5025] netlink: 20 bytes leftover after parsing attributes in process `syz.3.416'.
[   62.102639][ T5018] 8021q: adding VLAN 0 to HW filter on device bond4
[   62.120027][ T5010] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   62.128052][ T5010] batman_adv: batadv0: Removing interface: batadv_slave_0
[   62.139404][ T5030] set_capacity_and_notify: 1 callbacks suppressed
[   62.139425][ T5030] loop2: detected capacity change from 0 to 512
[   62.161325][ T5029] loop4: detected capacity change from 0 to 1024
[   62.223691][ T5010] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   62.231652][ T5010] batman_adv: batadv0: Removing interface: batadv_slave_1
[   62.260092][ T5030] EXT4-fs: Ignoring removed nomblk_io_submit option
[   62.308582][ T5029] EXT4-fs: Ignoring removed orlov option
[   62.316959][ T5030] EXT4-fs: old and new quota format mixing
[   62.343182][ T5032] loop0: detected capacity change from 0 to 2048
[   62.378274][ T5037] loop5: detected capacity change from 0 to 128
[   62.829305][  T837] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   62.939261][  T837] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1022 with error 28
[   62.952281][  T837] EXT4-fs (loop0): This should not happen!! Data will be lost
[   62.952281][  T837] 
[   62.961934][  T837] EXT4-fs (loop0): Total free blocks count 0
[   62.968294][  T837] EXT4-fs (loop0): Free/Dirty block details
[   62.974174][  T837] EXT4-fs (loop0): free_blocks=2415919104
[   62.979907][  T837] EXT4-fs (loop0): dirty_blocks=1024
[   62.985227][  T837] EXT4-fs (loop0): Block reservation details
[   62.991301][  T837] EXT4-fs (loop0): i_reserved_data_blocks=64
[   63.410058][  T837] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 1022 with max blocks 566 with error 28
[   63.422961][  T837] EXT4-fs (loop0): This should not happen!! Data will be lost
[   63.422961][  T837] 
[   63.747627][ T5055] netlink: 12 bytes leftover after parsing attributes in process `syz.3.429'.
[   63.765794][ T5054] netlink: 12 bytes leftover after parsing attributes in process `syz.5.419'.
[   63.807232][ T5055] netlink: 'syz.3.429': attribute type 1 has an invalid length.
[   63.815055][ T5055] netlink: 'syz.3.429': attribute type 1 has an invalid length.
[   63.822721][ T5055] netlink: 'syz.3.429': attribute type 1 has an invalid length.
[   63.854648][ T5054] loop5: detected capacity change from 0 to 512
[   63.884299][ T5058] netlink: 4 bytes leftover after parsing attributes in process `syz.3.429'.
[   63.900590][ T5054] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   63.954767][ T5054] EXT4-fs (loop5): 1 truncate cleaned up
[   63.955714][ T5059] macvtap0: refused to change device tx_queue_len
[   64.125485][ T5069] xt_hashlimit: max too large, truncated to 1048576
[   64.154982][ T5069] xt_CT: You must specify a L4 protocol and not use inversions on it
[   64.323237][ T5075] futex_wake_op: syz.4.426 tries to shift op by -3; fix this program
[   64.376179][ T5072] loop3: detected capacity change from 0 to 1024
[   64.434112][ T5074] netlink: 'syz.4.426': attribute type 1 has an invalid length.
[   64.521308][ T5074] 8021q: adding VLAN 0 to HW filter on device bond5
[   64.622140][ T5082] futex_wake_op: syz.5.428 tries to shift op by -3; fix this program
[   64.719833][ T5088] loop4: detected capacity change from 0 to 1024
[   64.733789][ T5089] loop3: detected capacity change from 0 to 128
[   64.829452][ T5082] netlink: 'syz.5.428': attribute type 1 has an invalid length.
[   64.860774][ T5082] 8021q: adding VLAN 0 to HW filter on device bond5
[   65.082232][ T5101] netlink: 12 bytes leftover after parsing attributes in process `syz.2.436'.
[   65.135147][ T5101] netlink: 'syz.2.436': attribute type 1 has an invalid length.
[   65.142822][ T5101] netlink: 'syz.2.436': attribute type 1 has an invalid length.
[   65.150559][ T5101] netlink: 'syz.2.436': attribute type 1 has an invalid length.
[   65.194883][ T5106] netlink: 4 bytes leftover after parsing attributes in process `syz.2.436'.
[   65.226773][ T5101] macvtap0: refused to change device tx_queue_len
[   65.456724][ T5108] loop5: detected capacity change from 0 to 1024
[   65.498875][ T5108] EXT4-fs: Ignoring removed orlov option
[   66.089322][ T5113] loop2: detected capacity change from 0 to 512
[   66.143774][ T5113] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   66.205175][   T29] kauditd_printk_skb: 2412 callbacks suppressed
[   66.205188][   T29] audit: type=1326 audit(1768324028.266:20897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5104 comm="syz.5.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e092eb829 code=0x7ffc0000
[   66.234953][ T5113] EXT4-fs (loop2): orphan cleanup on readonly fs
[   66.242849][ T5113] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.440: corrupted inode contents
[   66.255835][ T5113] EXT4-fs (loop2): Remounting filesystem read-only
[   66.262512][ T5113] EXT4-fs (loop2): 1 truncate cleaned up
[   66.268466][ T4236] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   66.279316][ T4236] Quota error (device loop2): write_blk: dquota write failed
[   66.286713][ T4236] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries
[   66.288144][ T3316] EXT4-fs unmount: 58 callbacks suppressed
[   66.303304][ T4236] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   66.313889][ T4236] Quota error (device loop2): write_blk: dquota write failed
[   66.321421][ T4236] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list
[   66.337178][ T4236] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[   66.347432][ T4236] Quota error (device loop2): v2_write_file_info: Can't write info structure
[   66.356929][ T4236] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[   66.367637][ T5113] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   66.375029][   T29] audit: type=1326 audit(1768324028.296:20898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5104 comm="syz.5.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2e093465e7 code=0x7ffc0000
[   66.403302][   T29] audit: type=1326 audit(1768324028.296:20899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5104 comm="syz.5.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2e092eb829 code=0x7ffc0000
[   66.426631][   T29] audit: type=1326 audit(1768324028.296:20900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5104 comm="syz.5.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2e093465e7 code=0x7ffc0000
[   66.435761][ T5112] bond_slave_0: entered promiscuous mode
[   66.455617][ T5112] bond_slave_1: entered promiscuous mode
[   66.511755][ T4171] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.541519][ T5112] macvtap1: entered allmulticast mode
[   66.547082][ T5112] bond0: entered allmulticast mode
[   66.552382][ T5112] bond_slave_0: entered allmulticast mode
[   66.558265][ T5112] bond_slave_1: entered allmulticast mode
[   66.566376][ T5112] 8021q: adding VLAN 0 to HW filter on device macvtap1
[   66.576138][ T5112] bond0: left allmulticast mode
[   66.581131][ T5112] bond_slave_0: left allmulticast mode
[   66.586682][ T5112] bond_slave_1: left allmulticast mode
[   66.592191][ T5112] bond_slave_0: left promiscuous mode
[   66.597643][ T5112] bond_slave_1: left promiscuous mode
[   66.720006][ T5155] futex_wake_op: syz.5.451 tries to shift op by -3; fix this program
[   66.728529][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.823808][ T5155] 8021q: adding VLAN 0 to HW filter on device bond6
[   66.874555][ T5169] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   66.917843][ T5176] netlink: 4 bytes leftover after parsing attributes in process `syz.5.456'.
[   67.000276][ T5185] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   67.102584][ T5185] EXT4-fs (loop3): 1 truncate cleaned up
[   67.118998][ T5185] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.136067][ T5186] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.161623][ T4565] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   67.176850][ T4565] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1880 with error 28
[   67.189511][ T4565] EXT4-fs (loop4): This should not happen!! Data will be lost
[   67.189511][ T4565] 
[   67.199351][ T4565] EXT4-fs (loop4): Total free blocks count 0
[   67.205480][ T4565] EXT4-fs (loop4): Free/Dirty block details
[   67.211833][ T4565] EXT4-fs (loop4): free_blocks=2415919104
[   67.217666][ T4565] EXT4-fs (loop4): dirty_blocks=2016
[   67.222945][ T4565] EXT4-fs (loop4): Block reservation details
[   67.229028][ T4565] EXT4-fs (loop4): i_reserved_data_blocks=127
[   67.242459][ T4565] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 1880 with max blocks 180 with error 28
[   67.256479][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.286854][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.390363][ T5189] set_capacity_and_notify: 3 callbacks suppressed
[   67.390378][ T5189] loop2: detected capacity change from 0 to 1024
[   67.432326][ T5202] netlink: 36 bytes leftover after parsing attributes in process `syz.3.464'.
[   67.467721][ T5202] netlink: 36 bytes leftover after parsing attributes in process `syz.3.464'.
[   67.486524][ T5189] EXT4-fs: Ignoring removed orlov option
[   67.539488][ T5189] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.587457][ T5202] netlink: 36 bytes leftover after parsing attributes in process `syz.3.464'.
[   67.711821][ T5214] futex_wake_op: syz.3.468 tries to shift op by -3; fix this program
[   67.831020][ T5214] validate_nla: 2 callbacks suppressed
[   67.831032][ T5214] netlink: 'syz.3.468': attribute type 1 has an invalid length.
[   67.955965][ T5214] 8021q: adding VLAN 0 to HW filter on device bond5
[   68.082523][ T5221] netlink: 'syz.5.469': attribute type 13 has an invalid length.
[   68.225256][ T5232] loop3: detected capacity change from 0 to 1024
[   68.255546][ T5232] EXT4-fs: Ignoring removed orlov option
[   68.411550][ T5232] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.498069][ T5232] netlink: 4 bytes leftover after parsing attributes in process `syz.3.472'.
[   68.510057][ T5244] futex_wake_op: syz.5.474 tries to shift op by -3; fix this program
[   68.525334][ T5241] loop4: detected capacity change from 0 to 1024
[   68.558254][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.576811][ T5241] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.601559][ T5244] netlink: 'syz.5.474': attribute type 1 has an invalid length.
[   68.612840][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.635424][ T5244] 8021q: adding VLAN 0 to HW filter on device bond7
[   68.648164][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.685652][ T5255] SELinux:  policydb magic number 0x304cff8c does not match expected magic number 0xf97cff8c
[   68.705496][ T5260] futex_wake_op: syz.3.480 tries to shift op by -3; fix this program
[   68.724939][ T5255] SELinux: failed to load policy
[   68.779344][ T5260] netlink: 'syz.3.480': attribute type 1 has an invalid length.
[   68.841862][ T5260] 8021q: adding VLAN 0 to HW filter on device bond6
[   68.907944][ T5268] netlink: 16 bytes leftover after parsing attributes in process `syz.5.482'.
[   68.925933][ T5276] loop4: detected capacity change from 0 to 128
[   69.015978][ T5283] netlink: 'syz.5.485': attribute type 13 has an invalid length.
[   69.044693][ T5280] loop3: detected capacity change from 0 to 2048
[   69.109685][ T5280] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   69.367276][ T5290] loop0: detected capacity change from 0 to 1024
[   69.491179][ T5290] EXT4-fs: Ignoring removed orlov option
[   69.545429][ T5049] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   69.627265][ T5290] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.688210][ T5302] netlink: 12 bytes leftover after parsing attributes in process `syz.5.487'.
[   69.729468][ T5049] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 768 with error 28
[   69.741917][ T5049] EXT4-fs (loop3): This should not happen!! Data will be lost
[   69.741917][ T5049] 
[   69.751774][ T5049] EXT4-fs (loop3): Total free blocks count 0
[   69.757777][ T5049] EXT4-fs (loop3): Free/Dirty block details
[   69.763763][ T5049] EXT4-fs (loop3): free_blocks=2415919104
[   69.769573][ T5049] EXT4-fs (loop3): dirty_blocks=768
[   69.774855][ T5049] EXT4-fs (loop3): Block reservation details
[   69.780819][ T5049] EXT4-fs (loop3): i_reserved_data_blocks=48
[   70.006699][ T5309] netlink: 12 bytes leftover after parsing attributes in process `syz.2.488'.
[   70.082545][ T5313] FAULT_INJECTION: forcing a failure.
[   70.082545][ T5313] name failslab, interval 1, probability 0, space 0, times 0
[   70.095815][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.5.489 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.095843][ T5313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   70.095854][ T5313] Call Trace:
[   70.095861][ T5313]  <TASK>
[   70.095868][ T5313]  __dump_stack+0x1d/0x30
[   70.095895][ T5313]  dump_stack_lvl+0x95/0xd0
[   70.095984][ T5313]  dump_stack+0x15/0x1b
[   70.096005][ T5313]  should_fail_ex+0x265/0x280
[   70.096030][ T5313]  should_failslab+0x8c/0xb0
[   70.096054][ T5313]  __kvmalloc_node_noprof+0x149/0x6b0
[   70.096129][ T5313]  ? alloc_fdtable+0xc2/0x1d0
[   70.096153][ T5313]  alloc_fdtable+0xc2/0x1d0
[   70.096207][ T5313]  dup_fd+0x492/0x510
[   70.096229][ T5313]  copy_files+0x98/0xf0
[   70.096251][ T5313]  copy_process+0xc17/0x1ef0
[   70.096280][ T5313]  kernel_clone+0x16c/0x5c0
[   70.096380][ T5313]  ? ktime_get+0x1eb/0x210
[   70.096417][ T5313]  __x64_sys_clone+0xe6/0x120
[   70.096493][ T5313]  x64_sys_call+0x12d0/0x3000
[   70.096589][ T5313]  do_syscall_64+0xca/0x2b0
[   70.096625][ T5313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.096646][ T5313] RIP: 0033:0x7f2e0934f749
[   70.096699][ T5313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.096717][ T5313] RSP: 002b:00007f2e07daefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   70.096739][ T5313] RAX: ffffffffffffffda RBX: 00007f2e095a5fa0 RCX: 00007f2e0934f749
[   70.096753][ T5313] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000026801000
[   70.096765][ T5313] RBP: 00007f2e07daf090 R08: 0000000000000000 R09: 0000000000000000
[   70.096776][ T5313] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   70.096788][ T5313] R13: 00007f2e095a6038 R14: 00007f2e095a5fa0 R15: 00007ffdf4c51d48
[   70.096807][ T5313]  </TASK>
[   70.100791][ T5049] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 768 with max blocks 384 with error 28
[   70.298926][ T5309] netlink: 4 bytes leftover after parsing attributes in process `syz.2.488'.
[   70.333682][ T5309] macvtap0: refused to change device tx_queue_len
[   70.345689][ T5318] futex_wake_op: syz.4.490 tries to shift op by -3; fix this program
[   70.479758][ T5318] netlink: 'syz.4.490': attribute type 1 has an invalid length.
[   70.537701][ T5318] 8021q: adding VLAN 0 to HW filter on device bond6
[   70.816168][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.817061][ T5344] loop4: detected capacity change from 0 to 512
[   70.985650][ T5353] netlink: 12 bytes leftover after parsing attributes in process `syz.0.503'.
[   71.048461][ T5359] netlink: 'syz.0.503': attribute type 1 has an invalid length.
[   71.056256][ T5359] netlink: 'syz.0.503': attribute type 1 has an invalid length.
[   71.063997][ T5359] netlink: 'syz.0.503': attribute type 1 has an invalid length.
[   71.112500][ T5353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.503'.
[   71.174638][ T5366] macvtap0: refused to change device tx_queue_len
[   71.287217][ T5372] futex_wake_op: syz.0.509 tries to shift op by -3; fix this program
[   71.296559][   T29] kauditd_printk_skb: 3046 callbacks suppressed
[   71.296573][   T29] audit: type=1400 audit(1768324033.356:23947): avc:  denied  { connect } for  pid=5369 comm="syz.2.506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   71.394756][   T29] audit: type=1326 audit(1768324033.396:23948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.418528][   T29] audit: type=1326 audit(1768324033.396:23949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.423140][ T5372] netlink: 'syz.0.509': attribute type 1 has an invalid length.
[   71.442130][   T29] audit: type=1326 audit(1768324033.406:23950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.442160][   T29] audit: type=1326 audit(1768324033.406:23951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.497351][   T29] audit: type=1326 audit(1768324033.406:23952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.520975][   T29] audit: type=1326 audit(1768324033.406:23953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.544512][   T29] audit: type=1326 audit(1768324033.406:23954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.568013][   T29] audit: type=1326 audit(1768324033.406:23955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.591864][   T29] audit: type=1326 audit(1768324033.406:23956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5371 comm="syz.0.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434cebf749 code=0x7ffc0000
[   71.706897][ T5372] 8021q: adding VLAN 0 to HW filter on device bond6
[   71.726225][ T5387] loop2: detected capacity change from 0 to 1024
[   71.733012][ T5387] EXT4-fs: Ignoring removed orlov option
[   71.882128][ T5387] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.903649][ T5404] loop0: detected capacity change from 0 to 512
[   71.921335][ T5280] syz.3.484 (5280) used greatest stack depth: 6120 bytes left
[   71.970415][ T5404] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.057158][ T5404] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   72.103215][ T5404] Cannot find add_set index 0 as target
[   72.169864][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.254773][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.057292][ T5423] loop3: detected capacity change from 0 to 128
[   74.907215][ T5431] FAULT_INJECTION: forcing a failure.
[   74.907215][ T5431] name failslab, interval 1, probability 0, space 0, times 0
[   74.912980][ T5434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.523'.
[   74.920136][ T5431] CPU: 0 UID: 0 PID: 5431 Comm: syz.3.522 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   74.920163][ T5431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   74.920241][ T5431] Call Trace:
[   74.920249][ T5431]  <TASK>
[   74.920257][ T5431]  __dump_stack+0x1d/0x30
[   74.920347][ T5431]  dump_stack_lvl+0x95/0xd0
[   74.920368][ T5431]  dump_stack+0x15/0x1b
[   74.920511][ T5431]  should_fail_ex+0x265/0x280
[   74.920534][ T5431]  should_failslab+0x8c/0xb0
[   74.920583][ T5431]  kmem_cache_alloc_noprof+0x69/0x4b0
[   74.920681][ T5431]  ? security_file_alloc+0x32/0x100
[   74.920731][ T5431]  security_file_alloc+0x32/0x100
[   74.920756][ T5431]  init_file+0x5c/0x1c0
[   74.920783][ T5431]  alloc_empty_file+0x8b/0x200
[   74.920862][ T5431]  alloc_file_pseudo+0xc6/0x160
[   74.920891][ T5431]  anon_inode_getfile+0xa0/0x120
[   74.920921][ T5431]  do_epoll_create+0x1b5/0x280
[   74.921016][ T5431]  __x64_sys_epoll_create+0x35/0x60
[   74.921042][ T5431]  x64_sys_call+0x2f11/0x3000
[   74.921083][ T5431]  do_syscall_64+0xca/0x2b0
[   74.921132][ T5431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.921155][ T5431] RIP: 0033:0x7f5ad2eff749
[   74.921171][ T5431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.921188][ T5431] RSP: 002b:00007f5ad1967038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5
[   74.921207][ T5431] RAX: ffffffffffffffda RBX: 00007f5ad3155fa0 RCX: 00007f5ad2eff749
[   74.921264][ T5431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[   74.921277][ T5431] RBP: 00007f5ad1967090 R08: 0000000000000000 R09: 0000000000000000
[   74.921332][ T5431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.921344][ T5431] R13: 00007f5ad3156038 R14: 00007f5ad3155fa0 R15: 00007ffdacbe6ac8
[   74.921363][ T5431]  </TASK>
[   74.954332][ T5435] futex_wake_op: syz.2.524 tries to shift op by -3; fix this program
[   75.000566][ T5079] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   75.131097][ T5442] loop4: detected capacity change from 0 to 2048
[   75.151525][ T5440] geneve1: Caught tx_queue_len zero misconfig
[   75.162240][ T5079] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   75.165339][ T5447] netlink: 'syz.3.529': attribute type 33 has an invalid length.
[   75.175651][ T5435] netlink: 'syz.2.524': attribute type 1 has an invalid length.
[   75.179975][ T5447] netlink: 152 bytes leftover after parsing attributes in process `syz.3.529'.
[   75.213915][ T5435] 8021q: adding VLAN 0 to HW filter on device bond7
[   75.216178][ T5453] openvswitch: netlink: Missing key (keys=40, expected=200000)
[   75.230235][ T5447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.529'.
[   75.242194][ T5442] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.283384][ T5461] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[   75.283428][ T5458] IPVS: stopping master sync thread 5461 ...
[   75.317462][ T5463] netlink: 12 bytes leftover after parsing attributes in process `syz.2.532'.
[   75.328137][ T5463] netlink: 128 bytes leftover after parsing attributes in process `+}[@'.
[   75.381582][ T5468] syzkaller0: entered allmulticast mode
[   75.399645][ T5468] syzkaller0: entered promiscuous mode
[   75.406513][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.430823][ T5471] netlink: 12 bytes leftover after parsing attributes in process `syz.4.535'.
[   75.447085][ T5471] netlink: 'syz.4.535': attribute type 1 has an invalid length.
[   75.454956][ T5471] netlink: 'syz.4.535': attribute type 1 has an invalid length.
[   75.462702][ T5471] netlink: 'syz.4.535': attribute type 1 has an invalid length.
[   75.471353][ T5471] netlink: 4 bytes leftover after parsing attributes in process `syz.4.535'.
[   75.700929][ T5481] FAULT_INJECTION: forcing a failure.
[   75.700929][ T5481] name failslab, interval 1, probability 0, space 0, times 0
[   75.713784][ T5481] CPU: 1 UID: 0 PID: 5481 Comm: syz.4.538 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   75.713811][ T5481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   75.713895][ T5481] Call Trace:
[   75.713903][ T5481]  <TASK>
[   75.713911][ T5481]  __dump_stack+0x1d/0x30
[   75.713934][ T5481]  dump_stack_lvl+0x95/0xd0
[   75.713983][ T5481]  dump_stack+0x15/0x1b
[   75.714000][ T5481]  should_fail_ex+0x265/0x280
[   75.714020][ T5481]  should_failslab+0x8c/0xb0
[   75.714092][ T5481]  kmem_cache_alloc_noprof+0x69/0x4b0
[   75.714114][ T5481]  ? alloc_empty_file+0x76/0x200
[   75.714190][ T5481]  alloc_empty_file+0x76/0x200
[   75.714261][ T5481]  alloc_file_pseudo+0xc6/0x160
[   75.714286][ T5481]  __shmem_file_setup+0x1de/0x210
[   75.714379][ T5481]  shmem_file_setup+0x3b/0x50
[   75.714402][ T5481]  __se_sys_memfd_create+0x2f7/0x6b0
[   75.714436][ T5481]  __x64_sys_memfd_create+0x31/0x40
[   75.714475][ T5481]  x64_sys_call+0x28cb/0x3000
[   75.714514][ T5481]  do_syscall_64+0xca/0x2b0
[   75.714546][ T5481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.714572][ T5481] RIP: 0033:0x7f1b53b1f749
[   75.714586][ T5481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.714602][ T5481] RSP: 002b:00007f1b52586e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   75.714619][ T5481] RAX: ffffffffffffffda RBX: 0000000000000512 RCX: 00007f1b53b1f749
[   75.714631][ T5481] RDX: 00007f1b52586ef0 RSI: 0000000000000000 RDI: 00007f1b53ba4960
[   75.714645][ T5481] RBP: 0000200000000380 R08: 00007f1b52586bb7 R09: 00007f1b52586e40
[   75.714704][ T5481] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080
[   75.714718][ T5481] R13: 00007f1b52586ef0 R14: 00007f1b52586eb0 R15: 0000200000000340
[   75.714735][ T5481]  </TASK>
[   76.007884][ T5492] loop4: detected capacity change from 0 to 512
[   76.031336][ T5491] futex_wake_op: syz.2.542 tries to shift op by -3; fix this program
[   76.040686][ T5492] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   76.049759][ T5492] EXT4-fs (loop4): orphan cleanup on readonly fs
[   76.057056][ T5451] syzkaller0: left promiscuous mode
[   76.065700][ T5492] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.540: corrupted inode contents
[   76.078656][ T5451] syzkaller0: left allmulticast mode
[   76.085954][ T5495] loop0: detected capacity change from 0 to 1024
[   76.088972][ T5492] EXT4-fs (loop4): Remounting filesystem read-only
[   76.105871][ T5495] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.130228][ T5492] EXT4-fs (loop4): 1 truncate cleaned up
[   76.136237][ T4565] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   76.146885][ T4565] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   76.162846][ T5491] netlink: 'syz.2.542': attribute type 1 has an invalid length.
[   76.178459][ T4565] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   76.190783][ T5492] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   76.191278][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.204130][ T5492] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.240164][ T5508] netlink: 12 bytes leftover after parsing attributes in process `syz.5.547'.
[   76.242701][ T5491] 8021q: adding VLAN 0 to HW filter on device bond8
[   76.281103][ T5508] netlink: 'syz.5.547': attribute type 1 has an invalid length.
[   76.288794][ T5508] netlink: 'syz.5.547': attribute type 1 has an invalid length.
[   76.296471][ T5508] netlink: 'syz.5.547': attribute type 1 has an invalid length.
[   76.305575][ T5508] netlink: 4 bytes leftover after parsing attributes in process `syz.5.547'.
[   76.321719][ T5508] macvtap0: refused to change device tx_queue_len
[   76.335092][ T5511] hub 3-0:1.0: USB hub found
[   76.344550][ T5511] hub 3-0:1.0: 8 ports detected
[   76.367720][   T29] kauditd_printk_skb: 554 callbacks suppressed
[   76.367734][   T29] audit: type=1326 audit(1768324038.426:24505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.385978][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.550'.
[   76.413858][   T29] audit: type=1326 audit(1768324038.426:24506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437594][   T29] audit: type=1326 audit(1768324038.426:24507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437675][   T29] audit: type=1326 audit(1768324038.426:24508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437707][   T29] audit: type=1326 audit(1768324038.426:24509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437739][   T29] audit: type=1326 audit(1768324038.426:24510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437766][   T29] audit: type=1326 audit(1768324038.426:24511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437860][   T29] audit: type=1326 audit(1768324038.426:24512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437890][   T29] audit: type=1326 audit(1768324038.426:24513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.437920][   T29] audit: type=1326 audit(1768324038.426:24514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5517 comm="syz.2.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   76.733983][ T5539] x_tables: duplicate underflow at hook 3
[   76.784580][ T5539] loop0: detected capacity change from 0 to 1024
[   76.806167][ T5539] EXT4-fs: Ignoring removed i_version option
[   76.815094][ T5539] EXT4-fs: Mount option(s) incompatible with ext2
[   76.959423][ T5548] futex_wake_op: syz.3.560 tries to shift op by -3; fix this program
[   76.986596][ T5545] loop4: detected capacity change from 0 to 1024
[   77.021032][ T5545] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.067073][ T5548] netlink: 'syz.3.560': attribute type 1 has an invalid length.
[   77.075771][ T5559] macvtap0: refused to change device tx_queue_len
[   77.099183][ T5548] 8021q: adding VLAN 0 to HW filter on device bond7
[   77.107429][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.210235][ T5576] loop3: detected capacity change from 0 to 512
[   77.210286][ T5577] xt_hashlimit: max too large, truncated to 1048576
[   77.225184][ T5577] xt_CT: You must specify a L4 protocol and not use inversions on it
[   77.234596][ T5576] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.569: inode has both inline data and extents flags
[   77.258952][ T5572] loop0: detected capacity change from 0 to 512
[   77.265819][ T5576] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.569: couldn't read orphan inode 15 (err -117)
[   77.287081][ T5572] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   77.309707][ T5576] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.336740][ T5572] EXT4-fs (loop0): 1 truncate cleaned up
[   77.343079][ T5572] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.461349][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.514724][ T5597] macvtap0: refused to change device tx_queue_len
[   77.927605][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.952786][ T5598] loop5: detected capacity change from 0 to 1024
[   77.963761][ T5598] EXT4-fs: Ignoring removed orlov option
[   77.971646][ T5598] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.169806][ T5622] futex_wake_op: syz.0.577 tries to shift op by -3; fix this program
[   79.179920][ T5606] loop3: detected capacity change from 0 to 128
[   79.374102][ T5622] 8021q: adding VLAN 0 to HW filter on device bond7
[   79.470575][ T5633] loop4: detected capacity change from 0 to 128
[   79.509049][ T5635] futex_wake_op: syz.3.587 tries to shift op by -3; fix this program
[   79.543055][ T4171] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.569216][ T5637] futex_wake_op: syz.0.598 tries to shift op by -3; fix this program
[   79.616960][ T5635] 8021q: adding VLAN 0 to HW filter on device bond8
[   79.654289][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   79.680349][ T5642] 8021q: adding VLAN 0 to HW filter on device bond8
[   79.786850][ T5651] macvtap0: refused to change device tx_queue_len
[   80.315397][ T5671] loop3: detected capacity change from 0 to 128
[   80.324575][ T5670] __nla_validate_parse: 12 callbacks suppressed
[   80.324588][ T5670] netlink: 4 bytes leftover after parsing attributes in process `syz.2.597'.
[   80.548457][ T5674] loop4: detected capacity change from 0 to 1024
[   80.580084][ T5674] EXT4-fs: Ignoring removed orlov option
[   80.646586][ T5674] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.374557][   T29] kauditd_printk_skb: 3177 callbacks suppressed
[   81.374572][   T29] audit: type=1326 audit(1768324043.426:27692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   81.404697][   T29] audit: type=1326 audit(1768324043.436:27693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   81.428252][   T29] audit: type=1326 audit(1768324043.436:27694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   81.451639][   T29] audit: type=1326 audit(1768324043.436:27695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   81.485396][   T29] audit: type=1326 audit(1768324043.536:27696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   81.508767][   T29] audit: type=1326 audit(1768324043.536:27697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   81.532325][   T29] audit: type=1326 audit(1768324043.536:27698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   81.555808][   T29] audit: type=1326 audit(1768324043.536:27699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   81.579156][   T29] audit: type=1326 audit(1768324043.536:27700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   81.602458][   T29] audit: type=1326 audit(1768324043.536:27701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5668 comm="syz.4.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   81.636711][ T5685] futex_wake_op: syz.0.602 tries to shift op by -3; fix this program
[   81.768054][ T5689] loop3: detected capacity change from 0 to 128
[   81.778303][ T5689] msdos: Bad value for 'gid'
[   81.783038][ T5689] msdos: Bad value for 'gid'
[   81.807488][ T5685] validate_nla: 12 callbacks suppressed
[   81.807500][ T5685] netlink: 'syz.0.602': attribute type 1 has an invalid length.
[   81.824740][ T5695] loop5: detected capacity change from 0 to 2048
[   81.839503][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.870793][ T5685] 8021q: adding VLAN 0 to HW filter on device bond9
[   81.886301][ T5695] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   82.223936][ T4140] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   82.253668][ T4140] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 658 with error 28
[   82.266225][ T4140] EXT4-fs (loop5): This should not happen!! Data will be lost
[   82.266225][ T4140] 
[   82.273352][ T5705] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   82.276061][ T4140] EXT4-fs (loop5): Total free blocks count 0
[   82.291569][ T4140] EXT4-fs (loop5): Free/Dirty block details
[   82.297580][ T4140] EXT4-fs (loop5): free_blocks=2415919104
[   82.303374][ T4140] EXT4-fs (loop5): dirty_blocks=672
[   82.308614][ T4140] EXT4-fs (loop5): Block reservation details
[   82.314993][ T4140] EXT4-fs (loop5): i_reserved_data_blocks=44
[   82.322973][ T5714] netlink: 12 bytes leftover after parsing attributes in process `syz.3.610'.
[   82.333356][ T5708] ip6gre0: Caught tx_queue_len zero misconfig
[   82.341681][ T5708] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   82.376342][ T5714] netlink: 'syz.3.610': attribute type 1 has an invalid length.
[   82.384355][ T5714] netlink: 'syz.3.610': attribute type 1 has an invalid length.
[   82.391985][ T5714] netlink: 'syz.3.610': attribute type 1 has an invalid length.
[   82.396062][ T4140] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 658 with max blocks 38 with error 28
[   82.440713][ T5717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.610'.
[   82.492183][ T5722] netlink: 'syz.4.612': attribute type 13 has an invalid length.
[   82.510310][ T5720] loop0: detected capacity change from 0 to 1024
[   82.570502][ T5714] macvtap0: refused to change device tx_queue_len
[   82.589809][ T5720] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.630379][ T5726] loop2: detected capacity change from 0 to 1024
[   82.677348][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.706513][ T5726] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.707842][ T5732] xt_hashlimit: max too large, truncated to 1048576
[   82.745863][ T5732] xt_CT: You must specify a L4 protocol and not use inversions on it
[   82.805240][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.878514][ T5742] netlink: 12 bytes leftover after parsing attributes in process `syz.5.619'.
[   82.900536][ T5742] netlink: 'syz.5.619': attribute type 1 has an invalid length.
[   82.908446][ T5742] netlink: 'syz.5.619': attribute type 1 has an invalid length.
[   82.916451][ T5742] netlink: 'syz.5.619': attribute type 1 has an invalid length.
[   82.924980][ T5742] netlink: 4 bytes leftover after parsing attributes in process `syz.5.619'.
[   82.934872][ T5742] macvtap0: refused to change device tx_queue_len
[   82.943034][ T5738] loop0: detected capacity change from 0 to 512
[   82.968765][ T5745] loop2: detected capacity change from 0 to 1024
[   82.972742][ T5748] futex_wake_op: syz.5.620 tries to shift op by -3; fix this program
[   82.983850][ T5738] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.000183][ T5738] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   83.007201][ T5745] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.027806][ T5735] serio: Serial port ptm0
[   83.047043][ T5748] netlink: 'syz.5.620': attribute type 1 has an invalid length.
[   83.055967][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.072161][ T5748] 8021q: adding VLAN 0 to HW filter on device bond8
[   83.474667][ T5772] xt_hashlimit: max too large, truncated to 1048576
[   83.505019][ T5772] xt_CT: You must specify a L4 protocol and not use inversions on it
[   83.733081][ T5781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.736006][ T5782] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.767618][ T5783] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.792112][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.802956][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.816471][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.835448][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.848522][ T5793] futex_wake_op: syz.0.633 tries to shift op by -3; fix this program
[   83.915019][ T5793] netlink: 'syz.0.633': attribute type 1 has an invalid length.
[   84.000569][ T5793] 8021q: adding VLAN 0 to HW filter on device bond10
[   84.001767][ T5807] xt_hashlimit: max too large, truncated to 1048576
[   84.039171][ T5807] xt_CT: You must specify a L4 protocol and not use inversions on it
[   84.090892][ T5792] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.107286][ T5792] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   84.123160][ T5815] netlink: 4 bytes leftover after parsing attributes in process `syz.4.642'.
[   84.186114][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.225434][ T5822] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.238637][ T5823] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.267219][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.281717][ T4171] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.435620][ T5833] set_capacity_and_notify: 6 callbacks suppressed
[   84.435634][ T5833] loop3: detected capacity change from 0 to 1024
[   84.471833][ T5833] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.531451][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.559038][ T5840] loop0: detected capacity change from 0 to 1024
[   84.732242][ T5852] xt_hashlimit: max too large, truncated to 1048576
[   84.739815][ T5852] xt_CT: You must specify a L4 protocol and not use inversions on it
[   84.779430][ T5859] futex_wake_op: syz.0.654 tries to shift op by -3; fix this program
[   84.857452][ T5864] loop4: detected capacity change from 0 to 512
[   84.868528][ T5859] 8021q: adding VLAN 0 to HW filter on device bond11
[   84.889672][ T5870] loop5: detected capacity change from 0 to 1024
[   84.921992][ T5864] ext4 filesystem being mounted at /139/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   85.055922][ T5883] loop2: detected capacity change from 0 to 1024
[   85.066426][ T5884] loop0: detected capacity change from 0 to 1024
[   85.097064][ T5887] netlink: 4 bytes leftover after parsing attributes in process `syz.4.664'.
[   85.146242][ T5886] loop5: detected capacity change from 0 to 1024
[   85.155299][ T5886] EXT4-fs: Ignoring removed orlov option
[   85.226644][ T5900] xt_hashlimit: max too large, truncated to 1048576
[   85.235863][ T5900] xt_CT: You must specify a L4 protocol and not use inversions on it
[   85.300678][ T5906] netlink: 12 bytes leftover after parsing attributes in process `syz.2.669'.
[   85.324829][ T5910] loop0: detected capacity change from 0 to 1024
[   85.347025][ T5906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.669'.
[   85.371267][ T5906] macvtap0: refused to change device tx_queue_len
[   85.479457][ T5922] loop3: detected capacity change from 0 to 1024
[   85.480327][ T5914] loop0: detected capacity change from 0 to 512
[   85.533115][ T5914] ext4 filesystem being mounted at /113/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   85.720218][ T5951] netlink: 12 bytes leftover after parsing attributes in process `syz.5.686'.
[   85.788823][ T5957] netlink: 4 bytes leftover after parsing attributes in process `syz.5.686'.
[   85.816917][ T5951] macvtap0: refused to change device tx_queue_len
[   85.927214][ T5959] EXT4-fs: Ignoring removed orlov option
[   85.973158][ T5956] EXT4-fs: Ignoring removed orlov option
[   86.142523][ T5964] serio: Serial port ptm0
[   86.254906][ T5962] EXT4-fs: Ignoring removed orlov option
[   86.507285][ T5975] ext4 filesystem being mounted at /85/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   86.665413][   T29] kauditd_printk_skb: 3776 callbacks suppressed
[   86.665426][   T29] audit: type=1326 audit(1768324048.726:31478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   86.695458][   T29] audit: type=1326 audit(1768324048.726:31479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   86.971731][   T29] audit: type=1326 audit(1768324048.726:31480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   86.995790][   T29] audit: type=1326 audit(1768324048.726:31481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   87.019855][   T29] audit: type=1326 audit(1768324048.726:31482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   87.043410][   T29] audit: type=1326 audit(1768324048.776:31483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   87.066906][   T29] audit: type=1326 audit(1768324048.786:31484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   87.090506][   T29] audit: type=1326 audit(1768324048.786:31485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   87.114154][   T29] audit: type=1326 audit(1768324048.786:31486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   87.137863][   T29] audit: type=1326 audit(1768324048.786:31487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5988 comm="syz.5.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   87.207882][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.5.696'.
[   87.652911][ T6009] netlink: 12 bytes leftover after parsing attributes in process `syz.4.700'.
[   87.701626][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.700'.
[   87.931001][ T6018] validate_nla: 4 callbacks suppressed
[   87.931065][ T6018] netlink: 'syz.4.703': attribute type 13 has an invalid length.
[   88.220837][ T5047] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   88.382073][ T5047] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 482 with error 28
[   88.394604][ T5047] EXT4-fs (loop0): This should not happen!! Data will be lost
[   88.394604][ T5047] 
[   88.404451][ T5047] EXT4-fs (loop0): Total free blocks count 0
[   88.410557][ T5047] EXT4-fs (loop0): Free/Dirty block details
[   88.416779][ T5047] EXT4-fs (loop0): free_blocks=2415919104
[   88.422862][ T5047] EXT4-fs (loop0): dirty_blocks=496
[   88.428115][ T5047] EXT4-fs (loop0): Block reservation details
[   88.434158][ T5047] EXT4-fs (loop0): i_reserved_data_blocks=31
[   88.727172][ T5047] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 482 with max blocks 654 with error 28
[   88.739963][ T5047] EXT4-fs (loop0): This should not happen!! Data will be lost
[   88.739963][ T5047] 
[   88.899352][ T6047] futex_wake_op: syz.2.711 tries to shift op by -3; fix this program
[   89.133479][ T6047] netlink: 'syz.2.711': attribute type 1 has an invalid length.
[   89.314611][ T6047] 8021q: adding VLAN 0 to HW filter on device bond9
[   89.443451][ T6055] EXT4-fs: Ignoring removed orlov option
[   89.512642][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.713'.
[   89.947062][ T6074] serio: Serial port ptm0
[   90.063448][ T6088] set_capacity_and_notify: 14 callbacks suppressed
[   90.063464][ T6088] loop0: detected capacity change from 0 to 1024
[   90.115787][ T6087] futex_wake_op: syz.2.723 tries to shift op by -3; fix this program
[   90.182310][ T6093] futex_wake_op: syz.3.724 tries to shift op by -3; fix this program
[   90.235594][ T6087] netlink: 'syz.2.723': attribute type 1 has an invalid length.
[   90.358321][ T6087] 8021q: adding VLAN 0 to HW filter on device bond10
[   90.371482][ T6096] netlink: 'syz.3.724': attribute type 1 has an invalid length.
[   90.407295][ T6096] 8021q: adding VLAN 0 to HW filter on device bond9
[   90.594123][ T6106] loop2: detected capacity change from 0 to 2048
[   90.617394][ T6107] loop3: detected capacity change from 0 to 1024
[   90.631276][ T6109] loop0: detected capacity change from 0 to 1024
[   90.691041][ T6122] xt_hashlimit: max too large, truncated to 1048576
[   90.728195][ T6122] xt_CT: You must specify a L4 protocol and not use inversions on it
[   90.832308][ T4236] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   90.874645][ T4236] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   90.887254][ T4236] EXT4-fs (loop2): This should not happen!! Data will be lost
[   90.887254][ T4236] 
[   90.897085][ T4236] EXT4-fs (loop2): Total free blocks count 0
[   90.903175][ T4236] EXT4-fs (loop2): Free/Dirty block details
[   90.909285][ T4236] EXT4-fs (loop2): free_blocks=2415919104
[   90.915146][ T4236] EXT4-fs (loop2): dirty_blocks=2784
[   90.920426][ T4236] EXT4-fs (loop2): Block reservation details
[   90.926620][ T4236] EXT4-fs (loop2): i_reserved_data_blocks=174
[   90.953134][ T6129] netlink: 4 bytes leftover after parsing attributes in process `syz.3.735'.
[   91.004817][ T6137] serio: Serial port ptm0
[   91.012254][ T6138] futex_wake_op: syz.5.738 tries to shift op by -3; fix this program
[   91.029605][ T6140] loop4: detected capacity change from 0 to 1024
[   91.071866][ T4236] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 724 with error 28
[   91.084873][ T4236] EXT4-fs (loop2): This should not happen!! Data will be lost
[   91.084873][ T4236] 
[   91.104103][ T6138] netlink: 'syz.5.738': attribute type 1 has an invalid length.
[   91.145417][ T6145] futex_wake_op: syz.4.739 tries to shift op by -3; fix this program
[   91.159383][ T6138] 8021q: adding VLAN 0 to HW filter on device bond9
[   91.243971][ T6145] netlink: 'syz.4.739': attribute type 1 has an invalid length.
[   91.322782][ T6145] 8021q: adding VLAN 0 to HW filter on device bond7
[   91.423156][ T6161] netlink: 'syz.5.745': attribute type 13 has an invalid length.
[   91.455154][ T6164] loop0: detected capacity change from 0 to 1024
[   91.551482][ T6176] futex_wake_op: syz.0.751 tries to shift op by -3; fix this program
[   91.573481][ T6177] loop4: detected capacity change from 0 to 1024
[   91.614879][ T5682] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   91.626368][ T6183] loop3: detected capacity change from 0 to 1024
[   91.645164][ T6167] syzkaller0: Caught tx_queue_len zero misconfig
[   91.652511][ T6184] netlink: 'syz.0.751': attribute type 1 has an invalid length.
[   91.676231][ T6181] loop2: detected capacity change from 0 to 512
[   91.679988][ T6184] 8021q: adding VLAN 0 to HW filter on device bond12
[   91.690639][   T29] kauditd_printk_skb: 7785 callbacks suppressed
[   91.690653][   T29] audit: type=1326 audit(1768324053.746:39273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.3.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f5ad2eff749 code=0x7ffc0000
[   91.757102][   T29] audit: type=1326 audit(1768324053.786:39274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6174 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f434cef2005 code=0x7ffc0000
[   91.780643][   T29] audit: type=1326 audit(1768324053.786:39275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6174 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f434cef2005 code=0x7ffc0000
[   91.804306][   T29] audit: type=1326 audit(1768324053.786:39276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.3.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ad2eff749 code=0x7ffc0000
[   91.828010][   T29] audit: type=1326 audit(1768324053.786:39277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.3.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ad2eff749 code=0x7ffc0000
[   91.851777][   T29] audit: type=1326 audit(1768324053.786:39278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.3.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f5ad2eff749 code=0x7ffc0000
[   91.875544][   T29] audit: type=1326 audit(1768324053.786:39279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6174 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f434cef2005 code=0x7ffc0000
[   91.887051][ T6181] ext4 filesystem being mounted at /163/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   91.899094][   T29] audit: type=1326 audit(1768324053.786:39280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.3.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5ad2eff749 code=0x7ffc0000
[   91.899124][   T29] audit: type=1326 audit(1768324053.786:39281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6189 comm="syz.5.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   91.899217][   T29] audit: type=1326 audit(1768324053.786:39282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6189 comm="syz.5.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2e0934f749 code=0x7ffc0000
[   91.944159][ T6192] serio: Serial port ptm0
[   92.026519][ T6204] futex_wake_op: syz.2.756 tries to shift op by -3; fix this program
[   92.066722][ T6208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.759'.
[   92.090917][ T6210] loop3: detected capacity change from 0 to 2048
[   92.102614][ T6216] netlink: 'syz.5.763': attribute type 13 has an invalid length.
[   92.115837][ T6204] netlink: 'syz.2.756': attribute type 1 has an invalid length.
[   92.213338][ T6204] 8021q: adding VLAN 0 to HW filter on device bond11
[   92.214340][ T3367] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   92.412022][ T4623] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   92.463880][ T6233] ext4 filesystem being mounted at /165/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   92.464453][ T4623] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   92.485855][ T6245] futex_wake_op: syz.4.769 tries to shift op by -3; fix this program
[   92.487011][ T4623] EXT4-fs (loop3): This should not happen!! Data will be lost
[   92.487011][ T4623] 
[   92.504961][ T4623] EXT4-fs (loop3): Total free blocks count 0
[   92.511040][ T4623] EXT4-fs (loop3): Free/Dirty block details
[   92.517025][ T4623] EXT4-fs (loop3): free_blocks=2415919104
[   92.522749][ T4623] EXT4-fs (loop3): dirty_blocks=5072
[   92.528074][ T4623] EXT4-fs (loop3): Block reservation details
[   92.534119][ T4623] EXT4-fs (loop3): i_reserved_data_blocks=317
[   92.557177][ T4623] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2048 with max blocks 2048 with error 28
[   92.570211][ T4623] EXT4-fs (loop3): This should not happen!! Data will be lost
[   92.570211][ T4623] 
[   92.636106][ T6245] 8021q: adding VLAN 0 to HW filter on device bond8
[   92.664266][ T3367] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   92.713189][ T6248] serio: Serial port ptm0
[   92.796232][ T6263] futex_wake_op: syz.0.776 tries to shift op by -3; fix this program
[   93.071872][ T6263] 8021q: adding VLAN 0 to HW filter on device bond13
[   93.357079][ T6296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.785'.
[   93.636809][ T6288] ext4 filesystem being mounted at /111/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   93.819710][ T6316] futex_wake_op: syz.3.792 tries to shift op by -3; fix this program
[   93.872574][ T6318] serio: Serial port ptm0
[   93.885499][ T6316] validate_nla: 3 callbacks suppressed
[   93.885579][ T6316] netlink: 'syz.3.792': attribute type 1 has an invalid length.
[   93.906241][ T6316] 8021q: adding VLAN 0 to HW filter on device bond10
[   93.953699][ T6327] netlink: 'syz.3.795': attribute type 13 has an invalid length.
[   93.995569][ T6333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.797'.
[   94.009336][ T6333] netlink: 'syz.2.797': attribute type 1 has an invalid length.
[   94.017226][ T6333] netlink: 'syz.2.797': attribute type 1 has an invalid length.
[   94.025049][ T6333] netlink: 'syz.2.797': attribute type 1 has an invalid length.
[   94.033440][ T6333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.797'.
[   94.044024][ T6333] macvtap0: refused to change device tx_queue_len
[   94.220203][ T6348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.805'.
[   94.244167][ T6354] futex_wake_op: syz.4.806 tries to shift op by -3; fix this program
[   94.262536][ T6340] ext4 filesystem being mounted at /113/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   94.312657][ T6354] netlink: 'syz.4.806': attribute type 1 has an invalid length.
[   94.351236][ T6354] 8021q: adding VLAN 0 to HW filter on device bond9
[   94.378659][ T6369] netlink: 'syz.2.808': attribute type 13 has an invalid length.
[   94.401558][ T6372] netlink: 12 bytes leftover after parsing attributes in process `syz.4.811'.
[   94.451904][ T6373] serio: Serial port ptm0
[   94.457422][ T6372] netlink: 'syz.4.811': attribute type 1 has an invalid length.
[   94.465112][ T6372] netlink: 'syz.4.811': attribute type 1 has an invalid length.
[   94.472858][ T6372] netlink: 'syz.4.811': attribute type 1 has an invalid length.
[   94.481805][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.4.811'.
[   95.067652][ T6392] set_capacity_and_notify: 11 callbacks suppressed
[   95.067669][ T6392] loop5: detected capacity change from 0 to 1024
[   95.084936][ T6392] EXT4-fs: Ignoring removed orlov option
[   95.108292][ T6401] futex_wake_op: syz.3.821 tries to shift op by -3; fix this program
[   95.134140][ T6389] ext4 filesystem being mounted at /181/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   95.177021][ T6404] loop0: detected capacity change from 0 to 1024
[   95.309633][ T6401] 8021q: adding VLAN 0 to HW filter on device bond11
[   95.363575][ T6416] netlink: 12 bytes leftover after parsing attributes in process `syz.0.824'.
[   95.451900][ T6416] netlink: 4 bytes leftover after parsing attributes in process `syz.0.824'.
[   95.495990][ T6416] macvtap0: refused to change device tx_queue_len
[   95.580000][ T6427] serio: Serial port ptm0
[   95.642581][ T6441] loop2: detected capacity change from 0 to 512
[   95.707786][ T6447] futex_wake_op: syz.4.835 tries to shift op by -3; fix this program
[   95.743823][ T6441] ext4 filesystem being mounted at /185/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   95.793523][ T6447] 8021q: adding VLAN 0 to HW filter on device bond10
[   96.318191][ T6469] xt_hashlimit: max too large, truncated to 1048576
[   96.343554][ T6467] __nla_validate_parse: 2 callbacks suppressed
[   96.343568][ T6467] netlink: 4 bytes leftover after parsing attributes in process `syz.0.842'.
[   96.350703][ T6469] xt_CT: You must specify a L4 protocol and not use inversions on it
[   96.500714][ T6475] serio: Serial port ptm0
[   96.553239][ T6477] loop4: detected capacity change from 0 to 1024
[   96.567329][ T6482] loop3: detected capacity change from 0 to 512
[   96.578099][ T6477] EXT4-fs: Ignoring removed orlov option
[   96.630817][ T6490] loop0: detected capacity change from 0 to 1024
[   96.717972][   T29] kauditd_printk_skb: 3595 callbacks suppressed
[   96.717986][   T29] audit: type=1326 audit(1768324058.776:42878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6454 comm="syz.2.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   96.814974][ T6490] EXT4-fs mount: 94 callbacks suppressed
[   96.814988][ T6490] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.851711][ T6477] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.860321][ T6482] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.909766][   T29] audit: type=1326 audit(1768324058.806:42879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6454 comm="syz.2.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fef281cf749 code=0x7ffc0000
[   96.942306][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.954674][ T6482] ext4 filesystem being mounted at /165/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   97.097238][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.115091][ T3005] ==================================================================
[   97.123200][ T3005] BUG: KCSAN: data-race in block_uevent / inc_diskseq
[   97.129973][ T3005] 
[   97.132388][ T3005] write to 0xffff8881020eb218 of 8 bytes by task 3314 on cpu 1:
[   97.140021][ T3005]  inc_diskseq+0x2d/0x40
[   97.144273][ T3005]  disk_force_media_change+0x9e/0xe0
[   97.149637][ T3005]  lo_release+0x2cb/0x400
[   97.153954][ T3005]  bdev_release+0x373/0x3d0
[   97.158442][ T3005]  blkdev_release+0x15/0x20
[   97.162933][ T3005]  __fput+0x29b/0x650
[   97.166916][ T3005]  fput_close_sync+0xad/0x190
[   97.171680][ T3005]  __x64_sys_close+0x56/0xf0
[   97.176273][ T3005]  x64_sys_call+0x2c25/0x3000
[   97.181035][ T3005]  do_syscall_64+0xca/0x2b0
[   97.185545][ T3005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.191454][ T3005] 
[   97.193770][ T3005] read to 0xffff8881020eb218 of 8 bytes by task 3005 on cpu 0:
[   97.201294][ T3005]  block_uevent+0x31/0x50
[   97.205623][ T3005]  dev_uevent+0x375/0x400
[   97.209939][ T3005]  uevent_show+0x11a/0x200
[   97.214384][ T3005]  dev_attr_show+0x3f/0xa0
[   97.218793][ T3005]  sysfs_kf_seq_show+0x1a3/0x280
[   97.223716][ T3005]  kernfs_seq_show+0x82/0xa0
[   97.228304][ T3005]  seq_read_iter+0x31e/0x950
[   97.232887][ T3005]  kernfs_fop_read_iter+0xc1/0x330
[   97.237994][ T3005]  vfs_read+0x64c/0x770
[   97.242137][ T3005]  ksys_read+0xda/0x1a0
[   97.246384][ T3005]  __x64_sys_read+0x40/0x50
[   97.250885][ T3005]  x64_sys_call+0x2889/0x3000
[   97.255579][ T3005]  do_syscall_64+0xca/0x2b0
[   97.260085][ T3005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.265965][ T3005] 
[   97.268270][ T3005] value changed: 0x00000000000001a6 -> 0x00000000000001a9
[   97.275888][ T3005] 
[   97.278209][ T3005] Reported by Kernel Concurrency Sanitizer on:
[   97.284339][ T3005] CPU: 0 UID: 0 PID: 3005 Comm: udevd Not tainted syzkaller #0 PREEMPT(voluntary) 
[   97.293614][ T3005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   97.303685][ T3005] ==================================================================
[   97.383974][   T29] audit: type=1326 audit(1768324059.426:42880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   97.408004][   T29] audit: type=1326 audit(1768324059.426:42881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   97.431627][   T29] audit: type=1326 audit(1768324059.426:42882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b53b1f749 code=0x7ffc0000
[   97.455315][   T29] audit: type=1326 audit(1768324059.426:42883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   97.478791][   T29] audit: type=1326 audit(1768324059.426:42884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   97.502527][   T29] audit: type=1326 audit(1768324059.426:42885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   97.508598][ T6514] loop3: detected capacity change from 0 to 1024
[   97.526138][   T29] audit: type=1326 audit(1768324059.436:42886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1b53abb829 code=0x7ffc0000
[   97.555918][   T29] audit: type=1326 audit(1768324059.436:42887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6464 comm="syz.4.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1b53b165e7 code=0x7ffc0000
[   97.609228][ T6514] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   97.650498][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.710911][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.