last executing test programs:

4.540788123s ago: executing program 1 (id=741):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x2000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xb851}, 0x1c)
open(&(0x7f0000000180)='./file0\x00', 0x40c5, 0x24)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)
pipe2$9p(&(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYRESHEX=r5, @ANYBLOB=',msize=0x0000000000001000'])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESHEX=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000180)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r6, 0x0, 0xf7}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
socket(0x10, 0x803, 0x0)
r7 = socket$inet6(0xa, 0x800000000000002, 0x0)
close(r7)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x1e, &(0x7f0000000480)=0x400000001, 0x4)
setsockopt$inet6_tcp_int(r8, 0x6, 0x22, &(0x7f0000356000)=0x1, 0x4)
connect$inet6(r8, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d00051400000000000000000000000800120000000200c06b6e000000000006000000000000000000000000000000e00000020000000000000000000000000000000000000000000000000000000105000500008000000a0000000000000000000000000000000000000000000001000000000000000005000600ff4700000a"], 0xa0}}, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0xc040, 0x0, 0x0)

4.512644105s ago: executing program 1 (id=742):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x200, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8, 0xa, r3}, @CGW_SRC_IF={0x8, 0x9, r4}]}, 0x24}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, {0x1, 0x6}, {0xffff}, {0x1, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x8084}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @multicast1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0xc, 0xd, 0x100, 0x6, 0x100, r3})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[], 0x15)
r8 = dup(r7)
write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x53)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x17, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7000000}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])

3.489760228s ago: executing program 1 (id=753):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x38, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r6, {0xc, 0x4}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x8000fff2}]}}]}, 0x38}}, 0x20040054)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3e8, &(0x7f00000004c0)="$eJzs3M9rHFUcAPDvTH71p0k0/qj1EPFgQEyaNNYKIuYiInqyRw/G/Kilm0aSFWwIqCjeevPqQfHg3+BJwf9AEE+epRAkLehxZXZn4prspt1u1sHs5wNT3ps3y3sz333zmjfzNoC+NRkRn0TEcESsRsRovj/Jt3i1sWXH3d3dXsq2JGq1t/9I6uV3dreXoukzmdPZP2nEVBqRfh5xvkW9mze3ri9WKisbeX6muvbBzObNreevrS1eXbm6cmPu4ouz85fmLs2+cGTneuv85Zeenn/j11uvfbP0y5Xv3svaeyYvaz6PozKZXbW0ddmFo66sZGfKbgAPJPt6DkTEYL3/j8ZAPdUwGh+/U2rjAICeqNVqA/vyAMCxlxjzAaDPFH/339ndXiq2UiYiKMXOQkScaMS/eL7bKBncexI01MPne5MR8X76/US2RY+ewwIAAAD0sx8WIuJyq/m/NJ5qOu5sRDyUrw8Yi4jxiHg4Ih7psv7JffmD8z/p7S6r4BA7CxEvN63tuNsU/9zYQJ47W4/9ULJ6rbJyIf8+TMXQSJafPaSOP7euf9GurHn+L9uy+ou5wLwdtwdH/v2Z5cXqYjfnzD92Po14crBV/JO9+d8kIia6qOPH8bWv2pXdO/70Uu3riGdb9v9k75jk8PVZM/X7wUxxVzjorZ8+e7dd/eJfrqz/nzo8/mNJ83q9zc7rePzcbxvtyh70/j+cXKk3cDjf99FitboxGzGcvHlw/1znbT6uiutRXK8s/lPPtB7/iyBkF/TRiHgsi2VEPBER5zqo89vxv062K9P/y5XFf7mj/t954pWJ139uV//99f/5emOm8j3+/3dv9xugstsJAAAAAAAAwNFI62u7k3R6L52m09ON3/CeiFNpZX2z+tzq+oc3lhtrwMdiKC3e9Bpteh90Nn8vuMjP7ctfzN8Z/nLkZD0/vbReWS775AGgT51uM/5nfh8pu3UAQM+cKLsBAMB/zvgPAP3H+A8A/cf4DwD9x/gPAP3H+A8AfaWb3/WXkJA4romy70wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/b38HAAD//78JzGY=")
r7 = socket$unix(0x1, 0x5, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x8, 0x12, r7, 0x6b2f1000)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r9, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
ioctl$EXT4_IOC_MOVE_EXT(r8, 0x4030582b, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0xb, 0x2000009, 0x8506, 0x40000f})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
syz_emit_ethernet(0x76, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x40, 0x3a, 0xff, @remote, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0x8, '\x00', {0x6, 0x6, "32f5aa", 0x3, 0x33, 0x0, @mcast2, @dev={0xfe, 0x80, '\x00', 0x32}, [@hopopts={0x29}], "24a6505bfa1bf61f"}}}}}}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="a9", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)='9', 0x1}], 0x1}}], 0x2, 0x4008440)
r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000004c0), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002305e20000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r10, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)

3.104600509s ago: executing program 1 (id=756):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x18)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000020000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='ufshcd_clk_scaling\x00', r0}, 0x18)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x8, &(0x7f0000000040)=0x1)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000080)={0x11, 0x1a, r4, 0x1, 0x1, 0x6, @broadcast}, 0x14)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000380)={'gretap0\x00', &(0x7f0000000440)={'erspan0\x00', <r5=>0x0, 0x8, 0x40, 0x32, 0xfffffffa, {{0x1f, 0x4, 0x1, 0x3, 0x7c, 0x64, 0x0, 0xf0, 0x29, 0x0, @local, @local, {[@rr={0x7, 0x23, 0x89, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x12}, @local, @multicast1, @remote, @empty, @dev={0xac, 0x14, 0x14, 0x24}]}, @generic={0x88, 0x12, "28fda4f767874f110480b697d41e3e9b"}, @noop, @generic={0xc2, 0x7, "cfb1e79806"}, @end, @ssrr={0x89, 0x27, 0xae, [@rand_addr=0x64010101, @empty, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @private=0xa010102, @broadcast, @rand_addr=0x64010101, @multicast1]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'team0\x00', <r6=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000005c0)={'tunl0\x00', &(0x7f0000000500)={'gre0\x00', <r7=>0x0, 0x10, 0x700, 0x0, 0x7, {{0x28, 0x4, 0x2, 0x6, 0xa0, 0x68, 0x0, 0x4, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, {[@timestamp_prespec={0x44, 0x1c, 0xa8, 0x3, 0xf, [{@local, 0x8}, {@dev={0xac, 0x14, 0x14, 0x19}, 0x8}, {@empty, 0x8}]}, @timestamp_addr={0x44, 0xc, 0x13, 0x1, 0xe, [{@rand_addr=0x64010102, 0x5}]}, @timestamp_addr={0x44, 0x24, 0xbc, 0x1, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x80}, {@broadcast, 0x7}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x3a}, {@broadcast, 0x3}]}, @cipso={0x86, 0x36, 0xffffffffffffffff, [{0x0, 0x11, "b9ede55eab2aad0917271e7cfc2eec"}, {0x2, 0xb, "c2aa16fb49cddb8848"}, {0x0, 0xe, "0692168dca52f6287622e5db"}, {0x6, 0x4, "b937"}, {0x0, 0x2}]}, @generic={0x83, 0x8, "dc480b0f1696"}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000006c0)={'gretap0\x00', &(0x7f0000000600)={'syztnl2\x00', <r8=>0x0, 0x10, 0x40, 0x0, 0x4, {{0x1d, 0x4, 0x2, 0x2, 0x74, 0x66, 0x0, 0x8c, 0x4, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @timestamp_prespec={0x44, 0x14, 0xab, 0x3, 0xe, [{@dev={0xac, 0x14, 0x14, 0x2e}, 0x10000}, {@empty, 0x9c4}]}, @rr={0x7, 0xb, 0xf3, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}, @timestamp={0x44, 0x28, 0x8e, 0x0, 0x8, [0x8, 0x9, 0x80, 0x6, 0xfffffffa, 0x8b, 0x7fffffff, 0x9, 0x459]}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0x13, 0x8, [@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @local]}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={r0, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000700)=[0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x6, 0x4, &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xa, &(0x7f00000007c0)=[{}], 0x8, 0x10, &(0x7f0000000800), &(0x7f0000000840), 0x8, 0x83, 0x8, 0x8, &(0x7f0000000880)}}, 0x10)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000b80)={&(0x7f0000000a00)={0x17c, 0x0, 0xb00, 0x70bd27, 0x25dfdbfb, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x4}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40000)
r10 = getpid()
sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r11=>0xffffffffffffffff, <r12=>0xffffffffffffffff})
connect$unix(r11, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r12, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r11, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xffffffffffffffb6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.182048183s ago: executing program 1 (id=768):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_raw(0x1d, 0x3, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$inet_tcp(0x2, 0x1, 0x0)
pipe(&(0x7f0000000280))
memfd_secret(0x0)
r1 = syz_io_uring_setup(0x19ee, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x8, 0x241}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[@ANYRES64=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r5, 0x0})
io_uring_enter(r1, 0x2d3e, 0xfffffffe, 0x0, 0x0, 0x0)

2.181190124s ago: executing program 1 (id=769):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0}, 0x18)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x1c, 0x18, 0x1, 0x0, 0x200, {0x1d, 0x1, 0x8}, [@CGW_SRC_IF={0x8}]}, 0x1c}}, 0x0)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x1, &(0x7f0000000000)=[{0x6, 0xf}]}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4)
vmsplice(r3, &(0x7f0000000200), 0x3af, 0x2)
r5 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
write$selinux_attr(r5, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000140)={{0x12, 0x1, 0x141, 0x0, 0x0, 0x0, 0x40, 0xc45, 0x760b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xd, 0x40, 0xf7, [{{0x9, 0x4, 0x0, 0xf, 0x1, 0x3, 0x1, 0x0, 0x4, {0x9, 0x21, 0xf4fe, 0x2, 0x1, {0x22, 0xcde}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x5, 0x9, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0xc, 0xd5, 0x1}}]}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x300, 0x4, 0x5, 0x8, 0x28, 0x9}, 0x17, &(0x7f00000001c0)={0x5, 0xf, 0x17, 0x2, [@wireless={0xb, 0x10, 0x1, 0x6, 0x0, 0x70, 0xb, 0x9, 0x55}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x3, 0x0, 0x7}]}, 0x1, [{0xda, &(0x7f0000000340)=@string={0xda, 0x3, "34fa66bb12e4176e517e9c38dccdd95c4f4237e6695058a7b85f6f396a504e8f8d36fc5cc3aae1154649636041450c66dcdc924bae084a6473bc4dc34e93e132f6494857388a61e85846321b58906b7d5ea3a617e892f073245261005bf627a28138bdd5d209ec08bd03a4e3f250b224c921130ee3629f5955b3f637a1772062adc6c3af53002b900b62e4ce83f895faefac57f7865356c9d3c5d882a01dce3a716f6b71bdfae887700ecc3ba7211574ee950562494ea58a5f7f227b1c480bec4cfae7b994635b8a4af46c463fae9bf087fb31522fb5f067"}}]})

1.941241313s ago: executing program 3 (id=776):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

1.881456338s ago: executing program 3 (id=777):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r4 = syz_io_uring_setup(0x495, &(0x7f0000000a40)={0x0, 0x4661, 0x800, 0x0, 0x20e}, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000680)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r2, r3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000400)='io_uring_create\x00', r7, 0x0, 0x5}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_opts(r8, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x18)

1.798437995s ago: executing program 3 (id=778):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000080)=0x2, 0x5, 0x2)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="08000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x8b}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
syz_open_dev$evdev(&(0x7f00000008c0), 0x6, 0x600e83)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="0b90ed6fbfcfb468042241cf9a1cb591a3abe7557bb7942ef7fa0e76752a685742fa4ea04ea9d6655f497034990a5bafa0d6b6d408a7530303892309f490efff7a36a9d04512ae0b89e4c4614a33d8f3591a9f711b380739efeabf4e2b6cdf02b54dc9f8effb9e4c1370f34998ea2fa32d2ddc22c13c8809da8b4807d5eb941b7628a93deba1da05316e500cc0924e73e2a9c398b300950fe586f545d798fce627e9ceab02cd8e839b56d89b76b989f884274bc45e735ce0172745446498da1254aa"], 0x50)
r5 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="757466383d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030342c756e695f786c6174653d312c636f6465706167653d3933362c757466383d302c696f636861727365743d757466382c696f636861727365743d6d616363656e746575726f2c756e695f786c6174653d302c696f636861727365743d63703836392c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c726f6469722c004df8d47ec158caa742bb9e3d17bd455bf608b6fa6840ae8bb59b24f9df4fb9161ada86ded0d27e9092afda32de260daf207f73d6e0896e7497895c8df017ba103a1ccab84b89ab2e1bcabd85d3ab69318f7ee06a50ea5aa48f6007dc06c886903b6ba23a78b051e5bdac656b1cd2d8d6f3df982c70e11e2cab79fc87c084ed2a0d00c021e848869503"], 0x2a, 0x365, &(0x7f00000009c0)="$eJzs3T1sW9UXAPDjvtROo3//yYBUwfRgq4SqEsQAUyJopYgMUGTxtRBoWiA2lWJhKQw4WUCMIBYkWGDrAGNnxICAjYGVIlUFxEK3SK14yH7+ePEzNHw4QfD7DdbRvff4nvd8Fd9Y8vVzS7Fx/mhcuHHjeszOVmJm6eGl2K3EQhyJJHLbAQD8m+xmWfyc5W4/+p25QVSdcl0AwPT03v8vHh811EZhJeLkl88/dCh1AQDTs5///5OIxyZ2XJpmZQDAtOzG2Pv/PXu6xz7mn+nuBZKDrA8A+Ps98fQzjy6vRpxL09mI5pvtersehY/8ly/ES9GI9Tgd83ErIt8o5LuF7uPZldUzp9Ou7xei3s1o1yOanXY93yYsJ738WtwX87HQz8+G+cnZlYsR0XuCiNju9OaPZqVdPxpz/fm/nYv1WIz5uKOUH7GyemYxTdMPH8nr7ed3InZidnAR3fpPxXx8/UJcikacj27uoP7BFmc1jXpzMH+nfbnWGwcAAAAAAAAAAAAAAAAAAAAAANOQDE7fSdOF4fk3WbPTfuNcPuBUmpb6e+f75N3984F28vOBstrgdJ63kvHzgdK95+vUZ+LIoV45AAAAAAAAAAAAAAAAAAAA/HO0tqqx1misb7a2XtsoBp1CyytffPzZsRgf83IyaomZ/On2jOm3xajlWhLD9GyYniXFMYMgiRgNvnxlWHFxTG14FaX0blArdVX6Na01Gsfvvvb+pKxfRi1JlG7L3qDSn7/Q1fx/3vQ7Wb8dLN5mzNUsyyZ2dQt5r5wVlYiZ0gv3V4JqP/j8+ot33t868UCv69P+oQ8n751/8uq7H/24sdaI/q1pNKqbrVvZn540KayfSv8+b09YCb2Xu5S+M2rZ2WxtrSXf/PTUXW9/NTZXMnn9ZMWWV/d0FZZxo/HJeM3VPOjegf1c6dEJi39y8OzN4er94zfzxAdLa1de/+6H/WYV/kg4qAMAAAAAAAAAAAAAAAAAAA5E4bvi+5J/rfvBxyOiOt3KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODgjH7/vxDslFr2E9zsRLmrtr7Ziv+Vpj3Sezx2CBcMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/0q8BAAD//7u3cog=")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r6, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="84000000180001002cbd7000ffdbdf251d0107000c000b00040000a00300008015000100030000a006000000bac45f9ce14233bd0000000008000900", @ANYRES32=r1, @ANYBLOB="0c000b00000000e0020000a015000200010000a0070300007f15f0386605000b0200000008000a"], 0x84}}, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c04, &(0x7f0000000340), 0x1, 0x779, &(0x7f0000001900)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTuZ206bmWmSJjPV+XzgZs65907O+c79cc7MPdwbQN8aT//kIg5HxLtJxGhjfhIRQ/XUYMTJjfVura0W0ymJ9fWXf0nq69xcWy1G03tSBxuZ/0fEN29FHMltLre6vDJXKJdLi438ZG3+wmR1eeXo+fnCbGm2tHB8anr62ImnThzfvVh/+37l0LX3Xnj885N/vPm/q+98m8TJONRY1hzHbhmP8cZnMpR+hHd5frcL67Gk1xVgR9JDc2DjKI/DMRoD9RQA8E/2ekSsAwB9JtH+A0CfyX4HuLm2Wsym3v4i0V3Xn4uI/RvxZ9c3N5YMNq7Z7a9fBx25mdx1ZSSJiLFdKH88Ij7+8tVP0yn26DokQCtvXI6Is2Pjm8//yaYxC9v1RIdl+xqv4/fMd/6D7vkq7f883ar/l7vd/4kW/Z/hFsfuTtz3+D+wC4V0kPb/nm0a23arKf6GsYFG7l/1Pt9Qcu58uZSe2/4dERMxNJzmpzqUMXHjzxvtljX3/359/7VP0vLT1ztr5H4aHL77PTOFWuFBYm52/XLEI4Ot4k9ub/+kTf/39BbLePGZtz9qtyyNP403mzbHH43RSXtj/UrEYy23/50RbUnH8YmT9d1hMtspWvjihw9H2pXfvP3TKS0/+y7QDen2H+kc/1jSPF6zuv0yvrsy+nW7ZfePv/X+vy95pZ7O+hGXCrXa4lTEvuSlzfOP3Xlvls/WT+OfeLT18d9p/0+/E57dYvyD137+bOfx7600/pltbf/tJ67emhtoV/7Wtv90PTXRmLOV899WK/ggnx0AAAAAAAAAAAAAAAAAAAAAAAAAbFUuIg5FksvfTudy+fzGM7z/GyO5cqVaO3KusrQwE/VnZY/FUC671eVo0/1Qpxr3w8/yx+7JPxkR/4mID4YPJNl9FGd6HDsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZA62ef5/6sfhXtcOANgz+3tdAQCg67T/ANB/tP8A0H+0/wDQf7T/ANB/tP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADssdOnTqXT+u9rq8U0P3NxeWmucvHoTKk6l59fKuaLlcUL+dlKZbZcyhcr8/f7f+VK5cJ0LCxdmqyVqrXJ6vLKmfnK0kLtzPn5wmzpTGmoK1EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPZUl1fmCuVyaVFiB4n1h6MavU8MNHanh6U+XU0kD0c1djnR6ayR687JCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBv4K8AAAD//8yLIwE=")
ftruncate(0xffffffffffffffff, 0xc17a)
ioctl$FS_IOC_ENABLE_VERITY(r5, 0x40806685, &(0x7f0000000700)={0x1, 0x2, 0x1000, 0x7c, &(0x7f0000000280)="b9741b7a1cb1fd5211e54e7bc4ec26ff30494f32beb0bd5f3ea43355dd51cc6451d35c99cad385cc151550c8b71dce722803a0a937b60d2311f0a3e34567906b125f2b4b884a9dc0cb0802f6173d0b925ca0b51536b7ae42c136f89c36ac347980e986ac565c6bb4477f7d6ae404a3b0c0f7a435bde6a984b95d686b", 0x43, 0x0, &(0x7f0000000380)="446005550f56db5bc0db694e9d2f5751a437abfd49a9edc4e0d00ae299965f8b472737f37d5149b2b8664d783f8138a8d30c0bb8e8232ba8904ca9c1d5b421952dac1c"})
write$P9_RLERRORu(r1, &(0x7f0000000780)=ANY=[@ANYBLOB="110000000702000000000000"], 0x11)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=@newtaction={0x70, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ctinfo={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3f00}, @TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x1, 0xffffffffffffffff, 0x100}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xda32}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x440c0}, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDFONTOP_SET(r8, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x6, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})

1.673617514s ago: executing program 3 (id=779):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_raw(0x1d, 0x3, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$inet_tcp(0x2, 0x1, 0x0)
pipe(&(0x7f0000000280))
memfd_secret(0x0)
r1 = syz_io_uring_setup(0x19ee, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x8, 0x241}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[@ANYRES64=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r5, 0x0})
io_uring_enter(r1, 0x2d3e, 0xfffffffe, 0x0, 0x0, 0x0)

1.654252176s ago: executing program 3 (id=780):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x200, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8, 0xa, r3}, @CGW_SRC_IF={0x8, 0x9, r4}]}, 0x24}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, {0x1, 0x6}, {0xffff}, {0x1, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x8084}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @multicast1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0xc, 0xd, 0x100, 0x6, 0x100, r3})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[], 0x15)
r8 = dup(r7)
write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r9 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x17, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7000000}, {{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])

1.60716217s ago: executing program 3 (id=781):
r0 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000fc0), &(0x7f0000001000)=0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000140)='kfree\x00', r1}, 0x18)
r2 = io_uring_setup(0x1e2b, &(0x7f0000004bc0)={0x0, 0xc411, 0x42, 0x101, 0x390})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r2, 0xb, &(0x7f0000004c40)=[@ioring_restriction_sqe_op={0x1, 0x54}], 0x1)
bpf$MAP_DELETE_BATCH(0x1b, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000e33000/0x4000)=nil, 0x4000, 0x2, 0x12, 0xffffffffffffffff, 0x1a7ec000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05d", 0x1b, 0xfffffffffffffffd)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r6 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
madvise(&(0x7f0000a5e000/0x1000)=nil, 0x1000, 0x17)
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/40, 0x28}, {&(0x7f0000000380)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/87, 0x57}], 0x1, 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000001f80)=ANY=[@ANYBLOB="18000000005aa8000000000000000000181200049ff00c95d16ef0ee3f20d9f8036c6eca19cf762e20af587c186ada1a7e3840fd9dd316db0518fe8d7b066d99d90e30f4445ed2edde0fe1ebe7d46a7e9805000000", @ANYRES32], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r7=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r7, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

1.47734155s ago: executing program 4 (id=783):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8918, &(0x7f0000000000)={'veth1_to_bridge\x00', @random="02008125d7e1"})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x37, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd65e0ffff00123c00631177fbac141416e000030a44079f03b180006000000000845013f2325f1a3921", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0xffbf)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x1fffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r3 = getpid()
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17f}, 0x94)
creat(&(0x7f00000002c0)='./file0\x00', 0xecf86c37d53049cc)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0)=[0x45c], 0x0, 0x0, 0x100000, 0x1, r3}}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='leases_conflict\x00', r6}, 0x18)
r7 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r8}, &(0x7f0000000180), &(0x7f00000001c0)=r7}, 0x20)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r9}, 0x10)

1.215936471s ago: executing program 4 (id=787):
socket(0x10, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000900000000"], 0x0}, 0x94)
clock_nanosleep(0x5, 0xca9a3b, &(0x7f0000000000), 0xfffffffffffffffe)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f0000000440)=0x1000, 0x4)
sendmsg$inet(r1, &(0x7f0000000700)={&(0x7f0000000380)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f00000000c0), 0x0, &(0x7f0000000680)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @local}}}], 0x20}, 0x0)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
fcntl$setsig(r2, 0xa, 0x13)
fcntl$setlease(r2, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x3000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000b40), 0xffffffffffffffff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0202}}}, 0x14, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x64081}, 0x4004804)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000b80)=ANY=[@ANYBLOB="03000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x44844}, 0x1)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000500)={'#! ', './file0'}, 0xb)

590.209862ms ago: executing program 0 (id=798):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x8, 0x0, 0xa, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_config_ext={0x3ff, 0x100000001}, 0x46d8, 0x10000, 0x0, 0x1, 0x8, 0x2000a, 0xb}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x0, 0x0, 0x8}, 0x50)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x0)
recvmmsg$unix(r4, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r7=>r5, @ANYBLOB="0000000000000000b70200001400000fb7030000000007008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r6}, 0x10)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0xa0142, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000dc0)={r3, 0xe0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6, &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r10=>0x0, 0x10, &(0x7f0000000900)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000940), &(0x7f0000000980), 0x8, 0xb9, 0x8, 0x8, &(0x7f0000000b40)}}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, r10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001000)={r5, 0x20, &(0x7f0000000fc0)={&(0x7f0000000e00)=""/239, 0xef, <r12=>0x0, &(0x7f0000000f00)=""/158, 0x9e}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001040)=r12, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r11}, 0x18)
r13 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd736, 0x80, 0x3, 0xbffffffa}, &(0x7f00000003c0)=<r14=>0x0, &(0x7f0000000340)=<r15=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r14, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r14, r15, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000})
io_uring_enter(r13, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)
r16 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a00)={r8, &(0x7f0000000b80)="4689eee77be370ffea82e2447c55b286e527bff4d9a6ebd7ca261e7980b4e1c29a7c5633bca38e82c3bf9c8874cdf03f6e13c536df6a79bcf46c967e492e944268b91a23e2e7fb207613feef1b55591deef9d57b3dd7eb5c8e47d8202fb07ea643f7cb099780434515327546ee585e4c752ac047c49e1842def11141f2b052c43c0fccaf96a0ffba9234af7a91990ce12db445218cdf340ba6954b924be08bf83bcf2da558208ee01adc57935c8257d59b60120bdd39ea4a741085fb6226462502d967a3c973ac3ce7a1660b9b7071b07627aac2461e58d4612984b4481340b1b0315f43839e02f606bca9e9a4cf87ee385979280746f1a604521c3e5ce8852cf2e04b3edffb85b405f106bf1322574150e40655c48149", &(0x7f0000000b00)=""/63}, 0x20)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYRESDEC=0x0, @ANYRES16=r16, @ANYRESDEC=r7], 0x20}, 0x1, 0x0, 0x0, 0x24044005}, 0x8840)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=")

441.170664ms ago: executing program 2 (id=801):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x14, &(0x7f0000000880)=ANY=[@ANYRESDEC=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kfree\x00', 0xffffffffffffffff, 0x0, 0x9}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r2)
r3 = inotify_init1(0x800)
fcntl$setstatus(r2, 0x4, 0x2c00)
r4 = gettid()
fcntl$setown(r2, 0x8, r4)
fcntl$setsig(r3, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
inotify_add_watch(r3, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001500)=ANY=[@ANYRESHEX=r3, @ANYRES32=r1], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYRES16=r0, @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a0000140000001100010000000000000000000200000a00", @ANYRES32=0x0], 0x28}}, 0x0)
timer_create(0x6, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})

425.088535ms ago: executing program 0 (id=802):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)

363.23765ms ago: executing program 0 (id=803):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r1 = syz_open_procfs(0x0, &(0x7f0000001380)='auxv\x00')
preadv(r1, &(0x7f0000000400)=[{&(0x7f0000000040)=""/236, 0xec}], 0x1, 0x3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)

362.40579ms ago: executing program 4 (id=804):
statx(0xffffffffffffffff, &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x7100, 0x7ff, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x2416, &(0x7f0000001040)=ANY=[], 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000005c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001180)=@newlink={0x94, 0x10, 0x437, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x40c89}, [@IFLA_LINKINFO={0x74, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x64, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}, @IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}, @IFLA_BATADV_ALGO_NAME={0xd, 0x1, 'BATMAN_IV'}, @IFLA_BATADV_ALGO_NAME={0xd, 0x1, 'BATMAN_IV'}, @IFLA_BATADV_ALGO_NAME={0xd, 0x1, 'BATMAN_IV'}, @IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}, @IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}]}}}]}, 0x94}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @rand_addr=0x3}}}], 0x20}}], 0x1, 0x4040880)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000000)={[{@errors_remount}, {@grpquota}]}, 0x4, 0x4f2, &(0x7f0000000c80)="$eJzs3c9vVF0ZAOD3Tjttv34DBWWhRgURRUOY/gAaggthozGExEhcuYDaDk3TGabptEgri7J0byKJK/0T3LkwYeXCnTvducGFCSrRUBMXY+6dSzu0HVqk7dDO8yR37j3nXuY9Z4ZzztzDDCeAnnUuItYiYiAi7kfESJ6f5FvcbG3pda9fPZlef/VkOolm8+4/kux8mhdtfyb1af6cQxHxg+9G/DjZHrexsjo/Va1WFvP06FJtYbSxsnp5rpDnTEyOT45dv3JtYt/qerb2m5ffmbv9w9/99ksv/rj2zZ+mxSr97ER2rr0e+6lV9WKU2vL6I+L2QQTrkv787w9HT9raPhMR57P2PxJ92bsJABxnzeZINEfa0wDAcZfe/5ciKZTzuYBSFArlcmsO70wMF6r1xtKlkfryw5nI5rBORbHwYK5aGcvnCk9FMUnT49nxZnpiS/pKRJyOiJ8PfpKly9P16kw3P/gAQA/7dMv4/+/B1vgPABxzQ+95va8IAMDR977jPwBw9Bn/AaD3vMf4b+ofAI4J9/8A0HuM/wDQe3Yd/58eTjkAgEPx/Tt30q25nv//1zOPVpa/VXp0eabSmC/XlqfL0/XFhfJsvT5brZSnm83dnq9ary+MX91INlZW79Xqyw+X7s3VpmYr9yrFA64PALC702ef/zmJiLUbn2RbtK3lYKyG463Q7QIAXdPX7QIAXeP3PNC79nCPbxoAjrkdluh9S8evCD2z+CscVRc/b/4fepX5f+hd/9/8/7f3vRzA4TP/D72r2Uys+Q8APcYcP/BB//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaqUbUmhnK0FvpY+FsrliBMRcSqKyYO5amUsIk5GxJ8Gi4NperzbhQYAPlDhb0m+/tfFkQulrWcHkv8MZvuI+Mkv7/7i8dTS0uJ4mv/PjfylZ3n+xEA3KgAAtLu5Pas1Tuf7thv516+eTL/ZDrOIL2+1FhdN467nW+tMf/Rn+6EoRsTwv5I83ZJ+Xunbh/hrTyPic5v1f9wWoZTNgbRWPt0aP4194gDib77+W+MX3opfyM6l+2L2Wnx2H8oCveb5rVY/mbe9tInl7a8Q57L9zu1/KOuhPtyb/m99W/9X2Oj/+rbFT7I2f24j/e6SvLz6++9ty2yOtM49jfhC/07xk434SYf+98Ie6/iXL375fKdzzV9FXIyd47fUsm52dKm2MNpYWb08V5uarcxWHk5MTI5Pjl2/cm1iNJujbj3+YacYf79x6WSn+Gn9hzvEH9ql/l/bY/1//d/7P/rKO+J/46s7v/9n3hE/HRO/vsf4U8M3Oy7fncaf6VD/3d7/S3uM/+KvqzN7vBQAOASNldX5qWq1srjLQfpZc7drHBzNg1iL+AiKkR8MxEdRjJ4/6HbPBBy0zUbf7ZIAAAAAAAAAAAAAAACdNFZW5wfjYH9O1O06AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHz9LwAA//9Jt84K")
ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, 0x0)
rename(0x0, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
futex_waitv(&(0x7f0000000ac0)=[{0x9, 0x0, 0x82}, {0x6, &(0x7f0000000500)=0xd8, 0x2}], 0x2, 0x0, 0x0, 0x1)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, 0x0, 0x10)
utimes(0x0, 0x0)
r4 = mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5m\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q', 0x42, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r5, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
memfd_secret(0x80000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mq_timedsend(r4, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r4, 0x0, 0x0, 0xa, 0x0)
copy_file_range(r3, 0x0, 0xffffffffffffffff, &(0x7f00000010c0)=0x5, 0x80000000, 0x0)
r7 = syz_open_dev$evdev(0x0, 0xc462, 0x10000)
ioctl$EVIOCGKEY(r7, 0x80404518, 0x0)

349.245631ms ago: executing program 2 (id=805):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pread64(r1, &(0x7f0000002280)=""/4096, 0x1000, 0xd33)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, 0x140c, 0x100, 0x70bd28, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x2040400)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)=@generic={0x0, r2}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
write$cgroup_subtree(r4, 0x0, 0x36)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

293.016196ms ago: executing program 0 (id=806):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b7040000000000008500000001000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0xf}]}}]}, 0x48}}, 0x0)

274.026577ms ago: executing program 0 (id=807):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x200000000006, 0xbc, 0x0, 0x7ffc0002}]})
timer_create(0x2, 0x0, &(0x7f0000000480))
timer_delete(0x0)

247.46636ms ago: executing program 2 (id=808):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000160000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r4 = syz_io_uring_setup(0x495, &(0x7f0000000a40)={0x0, 0x4661, 0x800, 0x0, 0x20e}, &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000680)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r2, r3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000400)='io_uring_create\x00', r7, 0x0, 0x5}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_opts(r8, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x18)

236.86255ms ago: executing program 0 (id=809):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="00010000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf250d00000054000280060002004e220000080007000000000008000400ff07000006000f00f7ff00000800070009000000080500000000000006000e004e22000006000b000a000000080003000100000008000800090000000800050001fcffff4c0003800800010000000000140002006970766c616e30000000000000000000140002006261746164765f736c6176655f30000005000800030000000600040000100000060004000100000008000600080000003c00028006000e004e22000008000600fcffffff06000f0000000000080006005e00000008000600030000000800050023fb000006000b000a000000"], 0x100}, 0x1, 0x0, 0x0, 0x4008010}, 0x4000810)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @empty}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
lsm_set_self_attr(0x69, 0x0, 0x42, 0x0)
lsm_get_self_attr(0x69, &(0x7f00000001c0)={0x0, 0x0, 0xdd, 0xbd, ""/189}, &(0x7f0000000140)=0xdd, 0x1)
r3 = semget$private(0x0, 0x20000000102, 0x200)
semop(r3, &(0x7f0000000240)=[{0x1, 0x20, 0x800}, {0x0, 0xe65b}], 0x2)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000700)=""/236)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f00000000c0)=0x2f5, 0x4)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073797a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x8801}, 0x20000000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x7d, 0x0, &(0x7f00000000c0))
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f2, &(0x7f0000000080))
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0xa, &(0x7f0000000080)=[{0x1, 0x4, 0x8, 0x2}, {0x8000, 0xa5, 0x3, 0x6}, {0x2, 0x1, 0x1, 0x101}, {0x5, 0x5b, 0x6e, 0x7ff}, {0xbc, 0x1, 0x4}, {0x3, 0x4, 0xf0, 0x3f}, {0xb, 0x9, 0x4, 0x2}, {0xd, 0x5, 0xaa, 0x6}, {0x3, 0x37, 0x8, 0x4}, {0xfbff, 0x5, 0x8}]}, 0x10)
syz_emit_ethernet(0x86, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60b8192300500000fe8000eeffffff0000000000000000aafe8000000000000000000000000000aa000800000000"], 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

169.600286ms ago: executing program 4 (id=810):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x2000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xb851}, 0x1c)
open(&(0x7f0000000180)='./file0\x00', 0x40c5, 0x24)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)
pipe2$9p(&(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfd', @ANYRESHEX=r5, @ANYBLOB=',msize=0x0000000000001000'])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRESHEX=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000180)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r6, 0x0, 0xf7}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
socket(0x10, 0x803, 0x0)
r7 = socket$inet6(0xa, 0x800000000000002, 0x0)
close(r7)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x1e, &(0x7f0000000480)=0x400000001, 0x4)
setsockopt$inet6_tcp_int(r8, 0x6, 0x22, &(0x7f0000356000)=0x1, 0x4)
connect$inet6(r8, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d00051400000000000000000000000800120000000200c06b6e000000000006000000000000000000000000000000e00000020000000000000000000000000000000000000000000000000000000105000500008000000a0000000000000000000000000000000000000000000001000000000000000005000600ff4700000a"], 0xa0}}, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0xc040, 0x0, 0x0)

152.401257ms ago: executing program 4 (id=811):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x200, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8, 0xa, r3}, @CGW_SRC_IF={0x8, 0x9, r4}]}, 0x24}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, {0x1, 0x6}, {0xffff}, {0x1, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x8084}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @multicast1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0xc, 0xd, 0x100, 0x6, 0x100, r3})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[], 0x15)
r8 = dup(r7)
write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])

1.90593ms ago: executing program 2 (id=812):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000001a00)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)

1.43217ms ago: executing program 2 (id=813):
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00'})
r0 = semget(0x2, 0x0, 0x40)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000180)=[0xf, 0x40, 0x1, 0xc, 0x5, 0x1, 0xc, 0x3, 0x6])
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x1, 0x1)

439.1µs ago: executing program 4 (id=814):
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x6c, 0x1, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'sane-20000\x00'}}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x9}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2000}, @CTA_SYNPROXY={0x34, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x70b}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xc}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x80}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xffffff51}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x8}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x44080) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000008c0)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0xffffffff, 0x8, 0x0, 0xa, 0x0, 0x18, 0x5}}, @TCA_RED_STAB={0x104, 0x2, "cb030890171319da1db2ec01d014fa61d80db9d1aae91311c2fa1fbaa1b121dbc9bcb117c6d06e02899d62bff57c457012e3ede4edd01614d35a2b4811b96355622adb97b2b5d959ad0701bd80bab191266fa9b9c7ca9fa090d8fa9aa9b6d66e507bf362e54e58a05278c77be644c2166e269cfaea59f28d065bd081bae33b1b5bf1275793ff29544807b351a156f03e898356449c8092189344a74131978e3799ac2c19339b501d38fcbc8d970ecd330863d4a6f56f2c0bf2e469dfc9c17d200edc77b7f3318b487c855b4ef49c0dd30fdaea6ac1f97860e2bedd01502759b7df9bf98fd36cd8be5045fc3c5a0aea1c48f7858aaee1d51d4137da7af9c7c689"}]}}]}, 0x148}, 0x1, 0x0, 0x0, 0x4048801}, 0x0) (async)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3) (async)
r4 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) (rerun: 64)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x64, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r5}]}}}, @IFLA_LINKINFO={0x28, 0xd, 0x0, 0x1, @veth={{0x9, 0x9e00}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}]}, 0x64}}, 0x0)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @multicast2}, 0x10) (async)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e23, 0xffffffff, @private1, 0x80000000}}, 0x0, 0x0, 0xb, 0x0, "f6a7346a1ca3caf66200f0e70b995efa20d5ddc09c0bc0c88e00bdea5e6998967d569964c8b68dae57dea91c0e3ef03a96483bcaaa5ab222d1993083e8e3619fbbff30da0288a8b78a3f921c40fdc06a"}, 0xd8) (async)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000400)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x0, 0x0, "698e86252c563a2eb894ac1de863c527984bfa5ff139aeeef086eed112e6f0ffba88c7d0888990f99dc2416c1cbccf99d18464a65c3587c97aee9217b992893cebfc606ada5e14e782e63da22a6fe97d"}, 0xd8)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) (async)
close(r2)

0s ago: executing program 2 (id=815):
socket(0x10, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000900000000"], 0x0}, 0x94)
clock_nanosleep(0x5, 0xca9a3b, &(0x7f0000000000), 0xfffffffffffffffe)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f0000000440)=0x1000, 0x4)
sendmsg$inet(r1, &(0x7f0000000700)={&(0x7f0000000380)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f00000000c0), 0x0, &(0x7f0000000680)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @local}}}], 0x20}, 0x0)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14)
fcntl$setsig(r2, 0xa, 0x13)
fcntl$setlease(r2, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x3000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000b40), 0xffffffffffffffff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0202}}}, 0x14, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x64081}, 0x4004804)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000b80)=ANY=[@ANYBLOB="03000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fcdbdf251c000000"], 0x14}, 0x1, 0x0, 0x0, 0x44844}, 0x1)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000500)={'#! ', './file0'}, 0xb)

kernel console output (not intermixed with test programs):

yz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa378ebe9 code=0x7ffc0000
[   49.584746][ T4511] loop4: detected capacity change from 0 to 128
[   49.597162][ T4514] loop2: detected capacity change from 0 to 512
[   49.607582][ T4514] EXT4-fs: Ignoring removed oldalloc option
[   49.619423][ T4514] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.341: Parent and EA inode have the same ino 15
[   49.632588][ T4514] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.341: Parent and EA inode have the same ino 15
[   49.645424][ T4514] EXT4-fs (loop2): 1 orphan inode deleted
[   49.651875][ T4514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.680231][ T4520] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4520 comm=syz.4.343
[   49.693470][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.745426][ T4523] netlink: 'syz.4.343': attribute type 10 has an invalid length.
[   49.753987][ T4523] siw: device registration error -23
[   50.633678][ T4539] loop4: detected capacity change from 0 to 512
[   50.640438][ T4539] EXT4-fs: Ignoring removed orlov option
[   50.646209][ T4539] EXT4-fs: Ignoring removed i_version option
[   50.740990][ T4539] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.347: corrupted in-inode xattr: invalid ea_ino
[   50.754676][ T4539] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.347: couldn't read orphan inode 15 (err -117)
[   50.768268][ T4539] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.913920][   T36] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0
[   50.921384][   T36] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0
[   50.928784][   T36] hid-generic 0000:0004:0000.0001: unknown main item tag 0x0
[   50.955849][   T36] hid-generic 0000:0004:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   51.169066][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   51.221246][ T4556] loop3: detected capacity change from 0 to 512
[   51.242579][ T4556] EXT4-fs: Ignoring removed oldalloc option
[   51.340051][ T4556] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.354: Parent and EA inode have the same ino 15
[   51.387768][ T4558] netlink: 'syz.1.355': attribute type 21 has an invalid length.
[   51.417106][ T4558] netlink: 132 bytes leftover after parsing attributes in process `syz.1.355'.
[   51.426143][ T4558] netlink: 'syz.1.355': attribute type 1 has an invalid length.
[   51.440825][ T4556] EXT4-fs error (device loop3): ext4_xattr_inode_iget:433: comm syz.3.354: Parent and EA inode have the same ino 15
[   51.469622][ T4556] EXT4-fs (loop3): 1 orphan inode deleted
[   51.488373][ T4556] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.579635][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.706859][ T4562] lo speed is unknown, defaulting to 1000
[   51.823549][ T4569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4569 comm=syz.1.359
[   51.880696][ T4572] loop2: detected capacity change from 0 to 512
[   51.890107][ T4572] EXT4-fs (loop2): orphan cleanup on readonly fs
[   51.904333][ T4574] netlink: 'syz.1.359': attribute type 10 has an invalid length.
[   51.913145][ T4572] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.360: bg 0: block 248: padding at end of block bitmap is not set
[   51.933852][ T4574] siw: device registration error -23
[   51.953779][ T4572] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.360: Failed to acquire dquot type 1
[   51.971104][ T4572] EXT4-fs (loop2): 1 truncate cleaned up
[   52.151132][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.154368][ T4572] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   52.176245][ T4577] 9pnet_fd: Insufficient options for proto=fd
[   52.189226][ T4579] loop0: detected capacity change from 0 to 2048
[   52.209289][ T4579] SELinux: security_context_str_to_sid (root) failed with errno=-22
[   52.222159][ T4579] netlink: 76 bytes leftover after parsing attributes in process `syz.0.362'.
[   52.239599][ T4583] RDS: rds_bind could not find a transport for fe88::104, load rds_tcp or rds_rdma?
[   52.259222][ T4579] netlink: 20 bytes leftover after parsing attributes in process `syz.0.362'.
[   52.274851][ T4579] bond0: entered promiscuous mode
[   52.279962][ T4579] bond0: entered allmulticast mode
[   52.288787][ T4586] openvswitch: netlink: Message has 6 unknown bytes.
[   52.291517][ T4579] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.305932][ T4579] bond0 (unregistering): Released all slaves
[   52.321738][ T4588] netlink: 36 bytes leftover after parsing attributes in process `syz.0.362'.
[   52.346406][ T4594] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4594 comm=syz.4.367
[   52.372417][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.424584][ T4600] loop2: detected capacity change from 0 to 256
[   52.432111][ T4601] netlink: 'syz.4.367': attribute type 10 has an invalid length.
[   52.443199][ T4601] siw: device registration error -23
[   52.449738][ T4600] FAT-fs (loop2): codepage cp936 not found
[   52.459786][ T4600] netlink: 24 bytes leftover after parsing attributes in process `syz.2.368'.
[   52.477766][ T4600] loop2: detected capacity change from 0 to 2048
[   52.501410][ T4600] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.520062][ T4600] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.539436][ T4600] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=519 sclass=netlink_route_socket pid=4600 comm=syz.2.368
[   52.589761][ T4614] FAULT_INJECTION: forcing a failure.
[   52.589761][ T4614] name failslab, interval 1, probability 0, space 0, times 0
[   52.602435][ T4614] CPU: 1 UID: 0 PID: 4614 Comm: syz.2.373 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   52.602512][ T4614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   52.602522][ T4614] Call Trace:
[   52.602576][ T4614]  <TASK>
[   52.602582][ T4614]  __dump_stack+0x1d/0x30
[   52.602618][ T4614]  dump_stack_lvl+0xe8/0x140
[   52.602636][ T4614]  dump_stack+0x15/0x1b
[   52.602706][ T4614]  should_fail_ex+0x265/0x280
[   52.602740][ T4614]  should_failslab+0x8c/0xb0
[   52.602790][ T4614]  kmem_cache_alloc_node_noprof+0x57/0x320
[   52.602819][ T4614]  ? __alloc_skb+0x101/0x320
[   52.602851][ T4614]  __alloc_skb+0x101/0x320
[   52.602885][ T4614]  ? audit_log_start+0x365/0x6c0
[   52.602908][ T4614]  audit_log_start+0x380/0x6c0
[   52.603052][ T4614]  audit_seccomp+0x48/0x100
[   52.603109][ T4614]  ? __seccomp_filter+0x68c/0x10d0
[   52.603128][ T4614]  __seccomp_filter+0x69d/0x10d0
[   52.603147][ T4614]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   52.603176][ T4614]  ? vfs_write+0x7e8/0x960
[   52.603195][ T4614]  ? __rcu_read_unlock+0x4f/0x70
[   52.603296][ T4614]  ? __fget_files+0x184/0x1c0
[   52.603319][ T4614]  __secure_computing+0x82/0x150
[   52.603337][ T4614]  syscall_trace_enter+0xcf/0x1e0
[   52.603358][ T4614]  do_syscall_64+0xac/0x200
[   52.603430][ T4614]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   52.603464][ T4614]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   52.603563][ T4614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.603584][ T4614] RIP: 0033:0x7fdfa378ebe9
[   52.603600][ T4614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.603669][ T4614] RSP: 002b:00007fdfa21ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7
[   52.603689][ T4614] RAX: ffffffffffffffda RBX: 00007fdfa39b5fa0 RCX: 00007fdfa378ebe9
[   52.603701][ T4614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[   52.603719][ T4614] RBP: 00007fdfa21ef090 R08: 0000000000000000 R09: 0000000000000000
[   52.603742][ T4614] R10: 0000000000001200 R11: 0000000000000246 R12: 0000000000000001
[   52.603752][ T4614] R13: 00007fdfa39b6038 R14: 00007fdfa39b5fa0 R15: 00007ffc7fdf4cf8
[   52.603769][ T4614]  </TASK>
[   52.936436][ T4633] netlink: 32 bytes leftover after parsing attributes in process `syz.3.380'.
[   52.996440][ T4638] loop0: detected capacity change from 0 to 128
[   53.028438][ T4638] FAT-fs (loop0): Directory bread(block 32) failed
[   53.036284][ T4638] FAT-fs (loop0): Directory bread(block 33) failed
[   53.044186][ T4638] FAT-fs (loop0): Directory bread(block 34) failed
[   53.053211][ T4638] FAT-fs (loop0): Directory bread(block 35) failed
[   53.060171][ T4638] FAT-fs (loop0): Directory bread(block 36) failed
[   53.066823][ T4638] FAT-fs (loop0): Directory bread(block 37) failed
[   53.074724][ T4638] FAT-fs (loop0): Directory bread(block 38) failed
[   53.081364][ T4638] FAT-fs (loop0): Directory bread(block 39) failed
[   53.103824][ T4641] loop3: detected capacity change from 0 to 512
[   53.110579][ T4641] EXT4-fs: Ignoring removed bh option
[   53.115169][ T4638] FAT-fs (loop0): Directory bread(block 40) failed
[   53.132093][ T4638] FAT-fs (loop0): Directory bread(block 41) failed
[   53.147424][ T4641] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.383: corrupted inode contents
[   53.169157][ T4641] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #16: comm syz.3.383: mark_inode_dirty error
[   53.202493][ T4641] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.383: corrupted inode contents
[   53.251102][ T4641] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.383: mark_inode_dirty error
[   53.281696][ T4638] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF
[   53.284883][ T4641] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.383: corrupted inode contents
[   53.290337][ T4638] FAT-fs (loop0): Filesystem has been set read-only
[   53.359135][ T4641] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[   53.382528][ T4641] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.383: corrupted inode contents
[   53.395631][ T4641] EXT4-fs error (device loop3): ext4_truncate:4666: inode #16: comm syz.3.383: mark_inode_dirty error
[   53.408124][ T4641] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[   53.424462][ T4641] EXT4-fs (loop3): 1 truncate cleaned up
[   53.430663][ T4638] FAT-fs (loop0): error, corrupted directory (invalid entries)
[   53.434841][ T4641] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.454791][ T4638] syz.0.382: attempt to access beyond end of device
[   53.454791][ T4638] loop0: rw=2049, sector=4180, nr_sectors = 24 limit=128
[   53.455316][   T51] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1
[   53.474022][ T4666] netlink: 32 bytes leftover after parsing attributes in process `syz.4.393'.
[   53.481923][ T4641] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.503640][ T4638] syz.0.382: attempt to access beyond end of device
[   53.503640][ T4638] loop0: rw=2049, sector=4212, nr_sectors = 4 limit=128
[   53.517075][ T4638] Buffer I/O error on dev loop0, logical block 1053, lost async page write
[   53.526351][ T4638] syz.0.382: attempt to access beyond end of device
[   53.526351][ T4638] loop0: rw=2049, sector=4220, nr_sectors = 4 limit=128
[   53.539854][ T4638] Buffer I/O error on dev loop0, logical block 1055, lost async page write
[   53.559743][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.563249][ T4638] syz.0.382: attempt to access beyond end of device
[   53.563249][ T4638] loop0: rw=2049, sector=4224, nr_sectors = 4 limit=128
[   53.613432][ T4672] veth0_vlan: left promiscuous mode
[   53.620983][ T4673] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4673 comm=syz.3.394
[   53.633418][ T4673] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4673 comm=syz.3.394
[   53.687933][ T4671] loop4: detected capacity change from 0 to 8192
[   53.779180][ T4671] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   53.826040][ T4681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.398'.
[   53.878235][ T4701] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=4701 comm=syz.4.404
[   53.914977][ T4689] 9pnet_fd: Insufficient options for proto=fd
[   53.934916][ T4698] loop1: detected capacity change from 0 to 1764
[   54.035262][ T4710] loop2: detected capacity change from 0 to 128
[   54.046448][ T4710] FAT-fs (loop2): Directory bread(block 32) failed
[   54.062093][ T4710] FAT-fs (loop2): Directory bread(block 33) failed
[   54.099671][ T4710] FAT-fs (loop2): Directory bread(block 34) failed
[   54.125897][ T4710] FAT-fs (loop2): Directory bread(block 35) failed
[   54.132658][ T4714] loop4: detected capacity change from 0 to 2048
[   54.132627][ T4710] FAT-fs (loop2): Directory bread(block 36) failed
[   54.146006][ T4710] FAT-fs (loop2): Directory bread(block 37) failed
[   54.158820][ T4710] FAT-fs (loop2): Directory bread(block 38) failed
[   54.165635][ T4710] FAT-fs (loop2): Directory bread(block 39) failed
[   54.167353][ T4714] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.172592][ T4710] FAT-fs (loop2): Directory bread(block 40) failed
[   54.191198][ T4710] FAT-fs (loop2): Directory bread(block 41) failed
[   54.218525][ T4714] FAULT_INJECTION: forcing a failure.
[   54.218525][ T4714] name failslab, interval 1, probability 0, space 0, times 0
[   54.231205][ T4714] CPU: 1 UID: 0 PID: 4714 Comm: syz.4.409 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   54.231314][ T4714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.231324][ T4714] Call Trace:
[   54.231331][ T4714]  <TASK>
[   54.231338][ T4714]  __dump_stack+0x1d/0x30
[   54.231356][ T4714]  dump_stack_lvl+0xe8/0x140
[   54.231372][ T4714]  dump_stack+0x15/0x1b
[   54.231385][ T4714]  should_fail_ex+0x265/0x280
[   54.231425][ T4714]  should_failslab+0x8c/0xb0
[   54.231444][ T4714]  kmem_cache_alloc_noprof+0x50/0x310
[   54.231498][ T4714]  ? __es_insert_extent+0x508/0xee0
[   54.231527][ T4714]  __es_insert_extent+0x508/0xee0
[   54.231600][ T4714]  ? ___slab_alloc+0x270/0x900
[   54.231623][ T4714]  ? loop_queue_rq+0x5e3/0x680
[   54.231672][ T4714]  ? ext4_find_extent+0x16b/0x7a0
[   54.231690][ T4714]  ? should_fail_ex+0xdb/0x280
[   54.231706][ T4714]  ext4_es_insert_extent+0x435/0x1c10
[   54.231775][ T4714]  ? ext4_find_extent+0x16b/0x7a0
[   54.231799][ T4714]  ext4_ext_map_blocks+0x172b/0x38a0
[   54.231823][ T4714]  ? __blk_flush_plug+0x262/0x2a0
[   54.231939][ T4714]  ? __submit_bio+0x304/0x4d0
[   54.231965][ T4714]  ext4_map_query_blocks+0xa8/0x480
[   54.231990][ T4714]  ext4_map_blocks+0x330/0xd00
[   54.232011][ T4714]  ? ext4_get_group_desc+0x16b/0x190
[   54.232073][ T4714]  ? __ext4_journal_start_sb+0x131/0x300
[   54.232116][ T4714]  ext4_iomap_begin+0x88d/0xe00
[   54.232146][ T4714]  ? __pfx_ext4_iomap_begin+0x10/0x10
[   54.232169][ T4714]  iomap_iter+0x332/0x730
[   54.232252][ T4714]  ? should_failslab+0x8c/0xb0
[   54.232272][ T4714]  __iomap_dio_rw+0x708/0x1250
[   54.232303][ T4714]  ? ext4_journal_check_start+0x11a/0x1b0
[   54.232326][ T4714]  iomap_dio_rw+0x40/0x90
[   54.232378][ T4714]  ext4_file_write_iter+0xad9/0xf00
[   54.232407][ T4714]  do_iter_readv_writev+0x49c/0x540
[   54.232441][ T4714]  vfs_writev+0x2df/0x8b0
[   54.232529][ T4714]  ? bpf_trace_run2+0xf5/0x1c0
[   54.232626][ T4714]  __se_sys_pwritev2+0xfc/0x1c0
[   54.232653][ T4714]  __x64_sys_pwritev2+0x67/0x80
[   54.232687][ T4714]  x64_sys_call+0x2c55/0x2ff0
[   54.232707][ T4714]  do_syscall_64+0xd2/0x200
[   54.232775][ T4714]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.232794][ T4714]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.232813][ T4714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.232834][ T4714] RIP: 0033:0x7fb24dfcebe9
[   54.232848][ T4714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.232914][ T4714] RSP: 002b:00007fb24ca37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   54.232976][ T4714] RAX: ffffffffffffffda RBX: 00007fb24e1f5fa0 RCX: 00007fb24dfcebe9
[   54.233053][ T4714] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
[   54.233064][ T4714] RBP: 00007fb24ca37090 R08: 0000000000003000 R09: 0000000000000003
[   54.233074][ T4714] R10: 0000000000007c00 R11: 0000000000000246 R12: 0000000000000001
[   54.233085][ T4714] R13: 00007fb24e1f6038 R14: 00007fb24e1f5fa0 R15: 00007ffcebd29fc8
[   54.233104][ T4714]  </TASK>
[   54.566008][ T4710] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[   54.566027][ T4710] FAT-fs (loop2): Filesystem has been set read-only
[   54.589125][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.616593][ T4723] siw: device registration error -23
[   54.647321][   T29] kauditd_printk_skb: 288 callbacks suppressed
[   54.647350][   T29] audit: type=1400 audit(1755096458.599:1937): avc:  denied  { write } for  pid=4728 comm="syz.2.412" lport=17 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   54.651223][ T4723] FAULT_INJECTION: forcing a failure.
[   54.651223][ T4723] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.686907][ T4723] CPU: 0 UID: 0 PID: 4723 Comm: syz.4.411 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   54.686935][ T4723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.686945][ T4723] Call Trace:
[   54.686968][ T4723]  <TASK>
[   54.687023][ T4723]  __dump_stack+0x1d/0x30
[   54.687041][ T4723]  dump_stack_lvl+0xe8/0x140
[   54.687057][ T4723]  dump_stack+0x15/0x1b
[   54.687069][ T4723]  should_fail_ex+0x265/0x280
[   54.687087][ T4723]  should_fail+0xb/0x20
[   54.687100][ T4723]  should_fail_usercopy+0x1a/0x20
[   54.687196][ T4723]  _copy_from_user+0x1c/0xb0
[   54.687216][ T4723]  kstrtouint_from_user+0x69/0xf0
[   54.687262][ T4723]  ? 0xffffffff81000000
[   54.687314][ T4723]  ? selinux_file_permission+0x1e4/0x320
[   54.687332][ T4723]  proc_fail_nth_write+0x50/0x160
[   54.687353][ T4723]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   54.687428][ T4723]  vfs_write+0x269/0x960
[   54.687445][ T4723]  ? __rcu_read_unlock+0x4f/0x70
[   54.687462][ T4723]  ? __fget_files+0x184/0x1c0
[   54.687537][ T4723]  ksys_write+0xda/0x1a0
[   54.687555][ T4723]  __x64_sys_write+0x40/0x50
[   54.687572][ T4723]  x64_sys_call+0x27fe/0x2ff0
[   54.687588][ T4723]  do_syscall_64+0xd2/0x200
[   54.687675][ T4723]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.687760][ T4723]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.687858][ T4723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.687878][ T4723] RIP: 0033:0x7fb24dfcd69f
[   54.687890][ T4723] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   54.687949][ T4723] RSP: 002b:00007fb24ca37030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   54.687993][ T4723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb24dfcd69f
[   54.688003][ T4723] RDX: 0000000000000001 RSI: 00007fb24ca370a0 RDI: 0000000000000007
[   54.688013][ T4723] RBP: 00007fb24ca37090 R08: 0000000000000000 R09: 0000000000000000
[   54.688023][ T4723] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   54.688107][ T4723] R13: 00007fb24e1f6038 R14: 00007fb24e1f5fa0 R15: 00007ffcebd29fc8
[   54.688122][ T4723]  </TASK>
[   54.926800][ T4735] netlink: 'syz.0.416': attribute type 11 has an invalid length.
[   54.934893][ T4735] netlink: 140 bytes leftover after parsing attributes in process `syz.0.416'.
[   54.952712][ T4739] openvswitch: netlink: Message has 6 unknown bytes.
[   54.975085][ T4737] netlink: 4 bytes leftover after parsing attributes in process `syz.1.417'.
[   54.980539][ T4743] loop3: detected capacity change from 0 to 128
[   55.014305][ T4743] FAT-fs (loop3): Directory bread(block 32) failed
[   55.029270][ T4743] FAT-fs (loop3): Directory bread(block 33) failed
[   55.033722][ T4752] loop2: detected capacity change from 0 to 1024
[   55.035808][ T4743] FAT-fs (loop3): Directory bread(block 34) failed
[   55.046523][ T4752] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   55.059539][ T4752] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[   55.070726][ T4743] FAT-fs (loop3): Directory bread(block 35) failed
[   55.077314][ T4743] FAT-fs (loop3): Directory bread(block 36) failed
[   55.077894][ T4753] loop1: detected capacity change from 0 to 2048
[   55.092241][ T4752] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   55.102960][ T4752] EXT4-fs (loop2): invalid journal inode
[   55.108809][ T4743] FAT-fs (loop3): Directory bread(block 37) failed
[   55.119039][ T4743] FAT-fs (loop3): Directory bread(block 38) failed
[   55.125734][ T4743] FAT-fs (loop3): Directory bread(block 39) failed
[   55.126387][ T4753] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   55.147625][ T4743] FAT-fs (loop3): Directory bread(block 40) failed
[   55.154600][ T4743] FAT-fs (loop3): Directory bread(block 41) failed
[   55.155053][   T29] audit: type=1326 audit(1755096459.109:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4756 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   55.184475][   T29] audit: type=1326 audit(1755096459.109:1939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4756 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   55.207801][   T29] audit: type=1326 audit(1755096459.109:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4756 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   55.231110][   T29] audit: type=1326 audit(1755096459.109:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4756 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   55.254505][   T29] audit: type=1326 audit(1755096459.109:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4756 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   55.277803][   T29] audit: type=1326 audit(1755096459.109:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4756 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   55.306779][ T4743] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   55.315365][ T4743] FAT-fs (loop3): Filesystem has been set read-only
[   55.348650][ T4743] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   55.358290][ T4743] syz.3.418: attempt to access beyond end of device
[   55.358290][ T4743] loop3: rw=2049, sector=4180, nr_sectors = 24 limit=128
[   55.373045][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.393426][ T4743] syz.3.418: attempt to access beyond end of device
[   55.393426][ T4743] loop3: rw=2049, sector=4212, nr_sectors = 4 limit=128
[   55.406864][ T4743] Buffer I/O error on dev loop3, logical block 1053, lost async page write
[   55.411598][ T4765] loop1: detected capacity change from 0 to 128
[   55.421836][ T4743] syz.3.418: attempt to access beyond end of device
[   55.421836][ T4743] loop3: rw=2049, sector=4220, nr_sectors = 4 limit=128
[   55.435491][ T4743] Buffer I/O error on dev loop3, logical block 1055, lost async page write
[   55.439462][ T4765] FAT-fs (loop1): Directory bread(block 32) failed
[   55.450657][ T4743] syz.3.418: attempt to access beyond end of device
[   55.450657][ T4743] loop3: rw=2049, sector=4224, nr_sectors = 4 limit=128
[   55.465579][ T4765] FAT-fs (loop1): Directory bread(block 33) failed
[   55.473326][ T4765] FAT-fs (loop1): Directory bread(block 34) failed
[   55.480577][ T4765] FAT-fs (loop1): Directory bread(block 35) failed
[   55.487124][ T4765] FAT-fs (loop1): Directory bread(block 36) failed
[   55.495670][ T4765] FAT-fs (loop1): Directory bread(block 37) failed
[   55.503056][ T4765] FAT-fs (loop1): Directory bread(block 38) failed
[   55.510071][ T4765] FAT-fs (loop1): Directory bread(block 39) failed
[   55.523597][ T4765] FAT-fs (loop1): Directory bread(block 40) failed
[   55.524649][ T4763] loop2: detected capacity change from 0 to 1024
[   55.532425][ T4765] FAT-fs (loop1): Directory bread(block 41) failed
[   55.566446][ T4763] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   55.585544][ T4765] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[   55.590588][ T4763] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.425: bg 0: block 10: padding at end of block bitmap is not set
[   55.594173][ T4765] FAT-fs (loop1): Filesystem has been set read-only
[   55.627100][ T4763] Quota error (device loop2): write_blk: dquota write failed
[   55.634543][ T4763] Quota error (device loop2): find_free_dqentry: Can't write quota data block 2
[   55.659807][ T4763] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   55.672225][ T4765] syz.1.427: attempt to access beyond end of device
[   55.672225][ T4765] loop1: rw=2049, sector=4184, nr_sectors = 8 limit=128
[   55.676437][ T4763] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.425: Failed to acquire dquot type 0
[   55.686420][ T4765] syz.1.427: attempt to access beyond end of device
[   55.686420][ T4765] loop1: rw=2049, sector=4200, nr_sectors = 4 limit=128
[   55.697371][ T4763] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.425: Failed to acquire dquot type 0
[   55.710275][ T4765] Buffer I/O error on dev loop1, logical block 1050, lost async page write
[   55.730608][ T4763] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.425: Freeing blocks not in datazone - block = 0, count = 4096
[   55.732019][ T4765] Buffer I/O error on dev loop1, logical block 1052, lost async page write
[   55.747483][ T4763] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.425: Failed to acquire dquot type 0
[   55.754445][ T4765] Buffer I/O error on dev loop1, logical block 1055, lost async page write
[   55.764301][ T4763] EXT4-fs (loop2): 1 orphan inode deleted
[   55.778412][ T4765] Buffer I/O error on dev loop1, logical block 1057, lost async page write
[   55.787065][ T4763] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.787895][ T4765] Buffer I/O error on dev loop1, logical block 1060, lost async page write
[   55.825520][ T4776] loop3: detected capacity change from 0 to 128
[   55.836756][ T4776] FAT-fs (loop3): Directory bread(block 32) failed
[   55.843666][ T4776] FAT-fs (loop3): Directory bread(block 33) failed
[   55.844262][ T4765] Buffer I/O error on dev loop1, logical block 1062, lost async page write
[   55.861323][ T4776] FAT-fs (loop3): Directory bread(block 34) failed
[   55.868817][ T4776] FAT-fs (loop3): Directory bread(block 35) failed
[   55.877080][ T4776] FAT-fs (loop3): Directory bread(block 36) failed
[   55.884078][ T4776] FAT-fs (loop3): Directory bread(block 37) failed
[   55.891386][ T4776] FAT-fs (loop3): Directory bread(block 38) failed
[   55.894502][ T4778] netlink: 'syz.0.431': attribute type 10 has an invalid length.
[   55.903438][ T4776] FAT-fs (loop3): Directory bread(block 39) failed
[   55.912310][ T4776] FAT-fs (loop3): Directory bread(block 40) failed
[   55.918856][ T4776] FAT-fs (loop3): Directory bread(block 41) failed
[   55.952182][ T4776] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   55.960711][ T4776] FAT-fs (loop3): Filesystem has been set read-only
[   56.042173][ T4789] openvswitch: netlink: Message has 6 unknown bytes.
[   56.212397][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.230360][ T4799] loop0: detected capacity change from 0 to 128
[   56.254683][ T4799] FAULT_INJECTION: forcing a failure.
[   56.254683][ T4799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   56.267830][ T4799] CPU: 0 UID: 0 PID: 4799 Comm: syz.0.436 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   56.267850][ T4799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   56.267889][ T4799] Call Trace:
[   56.267893][ T4799]  <TASK>
[   56.267899][ T4799]  __dump_stack+0x1d/0x30
[   56.267912][ T4799]  dump_stack_lvl+0xe8/0x140
[   56.267923][ T4799]  dump_stack+0x15/0x1b
[   56.267932][ T4799]  should_fail_ex+0x265/0x280
[   56.267995][ T4799]  should_fail+0xb/0x20
[   56.268012][ T4799]  should_fail_usercopy+0x1a/0x20
[   56.268027][ T4799]  strncpy_from_user+0x25/0x230
[   56.268042][ T4799]  ? kmem_cache_alloc_noprof+0x186/0x310
[   56.268123][ T4799]  ? getname_flags+0x80/0x3b0
[   56.268139][ T4799]  getname_flags+0xae/0x3b0
[   56.268153][ T4799]  __x64_sys_renameat2+0x6c/0x90
[   56.268167][ T4799]  x64_sys_call+0x3f9/0x2ff0
[   56.268221][ T4799]  do_syscall_64+0xd2/0x200
[   56.268236][ T4799]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   56.268327][ T4799]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   56.268341][ T4799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.268353][ T4799] RIP: 0033:0x7fd28d78ebe9
[   56.268401][ T4799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.268410][ T4799] RSP: 002b:00007fd28c1ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[   56.268422][ T4799] RAX: ffffffffffffffda RBX: 00007fd28d9b5fa0 RCX: 00007fd28d78ebe9
[   56.268429][ T4799] RDX: ffffffffffffff9c RSI: 0000200000000780 RDI: ffffffffffffff9c
[   56.268436][ T4799] RBP: 00007fd28c1ef090 R08: 0000000000000000 R09: 0000000000000000
[   56.268491][ T4799] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.268498][ T4799] R13: 00007fd28d9b6038 R14: 00007fd28d9b5fa0 R15: 00007fff4fc174b8
[   56.268555][ T4799]  </TASK>
[   56.509568][ T4809] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4809 comm=syz.2.440
[   56.578876][ T4810] netlink: 'syz.2.440': attribute type 10 has an invalid length.
[   56.974764][ T4816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.983549][ T4816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   57.025941][ T4816] __nla_validate_parse: 4 callbacks suppressed
[   57.025955][ T4816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'.
[   57.044715][ T4816] loop3: detected capacity change from 0 to 1024
[   57.055562][ T4816] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   57.065623][ T4816] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   57.076006][ T4816] EXT4-fs error (device loop3): ext4_get_journal_inode:5796: comm syz.3.442: inode #100663328: comm syz.3.442: iget: illegal inode #
[   57.090049][ T4816] EXT4-fs (loop3): Remounting filesystem read-only
[   57.096539][ T4816] EXT4-fs (loop3): no journal found
[   57.101781][ T4816] EXT4-fs (loop3): can't get journal size
[   57.107736][ T4816] EXT4-fs (loop3): failed to initialize system zone (-22)
[   57.115136][ T4816] EXT4-fs (loop3): mount failed
[   57.368136][ T4827] rdma_op ffff888103135180 conn xmit_rdma 0000000000000000
[   57.376012][ T4827] 9pnet_fd: Insufficient options for proto=fd
[   57.462110][ T4834] loop0: detected capacity change from 0 to 2048
[   57.477757][ T1036] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4
[   57.485550][ T1036] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2
[   57.493576][ T1036] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x3
[   57.499292][ T4834] loop0: detected capacity change from 0 to 512
[   57.502427][ T1036] hid-generic 0000:3000000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   57.528831][ T4834] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   57.551331][ T4834] EXT4-fs (loop0): orphan cleanup on readonly fs
[   57.558472][ T4834] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.447: bg 0: block 248: padding at end of block bitmap is not set
[   57.573878][ T4834] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.447: Failed to acquire dquot type 1
[   57.586415][ T4834] EXT4-fs (loop0): 1 truncate cleaned up
[   57.594874][ T4834] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   57.650784][ T4847] bond0: Removing last ns target with arp_interval on
[   57.680139][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.691698][   T36] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4
[   57.699568][   T36] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2
[   57.722001][   T36] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x3
[   57.751240][   T36] hid-generic 0000:3000000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   57.752953][ T4858] openvswitch: netlink: Message has 6 unknown bytes.
[   57.810658][ T4859] fido_id[4859]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   57.835879][ T4863] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4863 comm=syz.3.455
[   57.836710][ T4865] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4865 comm=syz.2.456
[   57.880271][ T4867] netlink: 28 bytes leftover after parsing attributes in process `syz.1.458'.
[   57.889457][ T4867] netlink: 16 bytes leftover after parsing attributes in process `syz.1.458'.
[   57.899002][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   57.911233][ T4869] netlink: 'syz.3.455': attribute type 10 has an invalid length.
[   57.919308][ T4867] loop1: detected capacity change from 0 to 512
[   57.926743][ T4867] EXT4-fs: Ignoring removed oldalloc option
[   57.926908][ T4870] netlink: 'syz.2.456': attribute type 10 has an invalid length.
[   57.945504][ T4869] siw: device registration error -23
[   57.951091][ T4870] netlink: 'syz.2.456': attribute type 10 has an invalid length.
[   57.967524][ T4867] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.458: Parent and EA inode have the same ino 15
[   57.990466][ T4867] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.458: Parent and EA inode have the same ino 15
[   58.008490][ T4867] EXT4-fs (loop1): 1 orphan inode deleted
[   58.020102][ T4879] netlink: 14 bytes leftover after parsing attributes in process `syz.4.461'.
[   58.031113][ T4879] hsr_slave_0: left promiscuous mode
[   58.037336][ T4867] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   58.049512][ T4879] hsr_slave_1: left promiscuous mode
[   58.060988][ T4881] FAULT_INJECTION: forcing a failure.
[   58.060988][ T4881] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.074196][ T4881] CPU: 1 UID: 0 PID: 4881 Comm: syz.0.462 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   58.074224][ T4881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.074324][ T4881] Call Trace:
[   58.074328][ T4881]  <TASK>
[   58.074333][ T4881]  __dump_stack+0x1d/0x30
[   58.074346][ T4881]  dump_stack_lvl+0xe8/0x140
[   58.074357][ T4881]  dump_stack+0x15/0x1b
[   58.074366][ T4881]  should_fail_ex+0x265/0x280
[   58.074377][ T4881]  ? __pfx_ppp_ioctl+0x10/0x10
[   58.074447][ T4881]  should_fail+0xb/0x20
[   58.074456][ T4881]  should_fail_usercopy+0x1a/0x20
[   58.074528][ T4881]  _copy_from_user+0x1c/0xb0
[   58.074544][ T4881]  memdup_user+0x5e/0xd0
[   58.074557][ T4881]  ppp_get_filter+0xdb/0x160
[   58.074575][ T4881]  ppp_ioctl+0xb93/0x11c0
[   58.074670][ T4881]  ? __fget_files+0x184/0x1c0
[   58.074684][ T4881]  ? __pfx_ppp_ioctl+0x10/0x10
[   58.074700][ T4881]  __se_sys_ioctl+0xcb/0x140
[   58.074776][ T4881]  __x64_sys_ioctl+0x43/0x50
[   58.074797][ T4881]  x64_sys_call+0x1816/0x2ff0
[   58.074837][ T4881]  do_syscall_64+0xd2/0x200
[   58.074922][ T4881]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.074936][ T4881]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.074950][ T4881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.074961][ T4881] RIP: 0033:0x7fd28d78ebe9
[   58.074970][ T4881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.074993][ T4881] RSP: 002b:00007fd28c1ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   58.075004][ T4881] RAX: ffffffffffffffda RBX: 00007fd28d9b5fa0 RCX: 00007fd28d78ebe9
[   58.075011][ T4881] RDX: 0000200000000100 RSI: 0000000040107447 RDI: 0000000000000006
[   58.075019][ T4881] RBP: 00007fd28c1ef090 R08: 0000000000000000 R09: 0000000000000000
[   58.075025][ T4881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.075032][ T4881] R13: 00007fd28d9b6038 R14: 00007fd28d9b5fa0 R15: 00007fff4fc174b8
[   58.075078][ T4881]  </TASK>
[   58.075773][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   58.308218][ T4886] loop4: detected capacity change from 0 to 128
[   58.647725][ T4894] netlink: 12 bytes leftover after parsing attributes in process `syz.1.466'.
[   58.840227][ T4911] FAULT_INJECTION: forcing a failure.
[   58.840227][ T4911] name failslab, interval 1, probability 0, space 0, times 0
[   58.852958][ T4911] CPU: 0 UID: 0 PID: 4911 Comm: syz.2.473 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   58.852982][ T4911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   58.852993][ T4911] Call Trace:
[   58.853001][ T4911]  <TASK>
[   58.853009][ T4911]  __dump_stack+0x1d/0x30
[   58.853031][ T4911]  dump_stack_lvl+0xe8/0x140
[   58.853111][ T4911]  dump_stack+0x15/0x1b
[   58.853128][ T4911]  should_fail_ex+0x265/0x280
[   58.853150][ T4911]  should_failslab+0x8c/0xb0
[   58.853232][ T4911]  __kvmalloc_node_noprof+0x123/0x4e0
[   58.853258][ T4911]  ? alloc_fdtable+0xbd/0x1d0
[   58.853276][ T4911]  ? __kmalloc_cache_noprof+0x22e/0x320
[   58.853371][ T4911]  alloc_fdtable+0xbd/0x1d0
[   58.853389][ T4911]  dup_fd+0x4c7/0x540
[   58.853408][ T4911]  ksys_unshare+0x346/0x6d0
[   58.853431][ T4911]  ? trace_sys_enter+0xd0/0xf0
[   58.853520][ T4911]  __x64_sys_unshare+0x1f/0x30
[   58.853543][ T4911]  x64_sys_call+0x2911/0x2ff0
[   58.853564][ T4911]  do_syscall_64+0xd2/0x200
[   58.853590][ T4911]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.853649][ T4911]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   58.853800][ T4911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.853817][ T4911] RIP: 0033:0x7fdfa378ebe9
[   58.853831][ T4911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.853844][ T4911] RSP: 002b:00007fdfa21ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   58.853891][ T4911] RAX: ffffffffffffffda RBX: 00007fdfa39b5fa0 RCX: 00007fdfa378ebe9
[   58.853904][ T4911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[   58.853916][ T4911] RBP: 00007fdfa21ef090 R08: 0000000000000000 R09: 0000000000000000
[   58.853940][ T4911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.853953][ T4911] R13: 00007fdfa39b6038 R14: 00007fdfa39b5fa0 R15: 00007ffc7fdf4cf8
[   58.853972][ T4911]  </TASK>
[   59.116852][ T4914] syz.3.467 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   59.127651][ T4914] netlink: 24 bytes leftover after parsing attributes in process `syz.3.467'.
[   59.169030][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   59.207583][ T4917] loop2: detected capacity change from 0 to 128
[   59.314538][ T4917] FAT-fs (loop2): Directory bread(block 32) failed
[   59.323420][ T4917] FAT-fs (loop2): Directory bread(block 33) failed
[   59.331504][ T4917] FAT-fs (loop2): Directory bread(block 34) failed
[   59.352312][ T4917] FAT-fs (loop2): Directory bread(block 35) failed
[   59.365740][ T4917] FAT-fs (loop2): Directory bread(block 36) failed
[   59.381080][ T4917] FAT-fs (loop2): Directory bread(block 37) failed
[   59.395203][ T4917] FAT-fs (loop2): Directory bread(block 38) failed
[   59.408135][ T4917] FAT-fs (loop2): Directory bread(block 39) failed
[   59.422474][ T4917] FAT-fs (loop2): Directory bread(block 40) failed
[   59.436640][ T4917] FAT-fs (loop2): Directory bread(block 41) failed
[   59.522918][ T4917] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[   59.531517][ T4917] FAT-fs (loop2): Filesystem has been set read-only
[   59.621280][ T4917] FAT-fs (loop2): error, corrupted directory (invalid entries)
[   59.631132][ T4917] bio_check_eod: 14 callbacks suppressed
[   59.631148][ T4917] syz.2.475: attempt to access beyond end of device
[   59.631148][ T4917] loop2: rw=2049, sector=4180, nr_sectors = 24 limit=128
[   59.652227][ T4917] syz.2.475: attempt to access beyond end of device
[   59.652227][ T4917] loop2: rw=2049, sector=4212, nr_sectors = 4 limit=128
[   59.665644][ T4917] buffer_io_error: 6 callbacks suppressed
[   59.665666][ T4917] Buffer I/O error on dev loop2, logical block 1053, lost async page write
[   59.709058][ T4917] syz.2.475: attempt to access beyond end of device
[   59.709058][ T4917] loop2: rw=2049, sector=4220, nr_sectors = 4 limit=128
[   59.722529][ T4917] Buffer I/O error on dev loop2, logical block 1055, lost async page write
[   59.767962][ T4917] syz.2.475: attempt to access beyond end of device
[   59.767962][ T4917] loop2: rw=2049, sector=4224, nr_sectors = 4 limit=128
[   59.785942][ T4924] loop1: detected capacity change from 0 to 128
[   59.796568][ T4926] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4926 comm=syz.0.478
[   59.812806][ T4924] FAT-fs (loop1): Directory bread(block 32) failed
[   59.822997][   T29] kauditd_printk_skb: 253 callbacks suppressed
[   59.823020][   T29] audit: type=1326 audit(1755096463.779:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   59.829125][ T4924] FAT-fs (loop1): Directory bread(block 33) failed
[   59.829355][   T29] audit: type=1326 audit(1755096463.779:2190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   59.869336][ T4924] FAT-fs (loop1): Directory bread(block 34) failed
[   59.882405][   T29] audit: type=1326 audit(1755096463.779:2191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   59.910876][ T4924] FAT-fs (loop1): Directory bread(block 35) failed
[   59.912183][   T29] audit: type=1326 audit(1755096463.779:2192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   59.932319][ T4924] FAT-fs (loop1): Directory bread(block 36) failed
[   59.941944][   T29] audit: type=1326 audit(1755096463.779:2193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   59.971854][   T29] audit: type=1326 audit(1755096463.779:2194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   59.978849][ T4924] FAT-fs (loop1): Directory bread(block 37) failed
[   59.995092][   T29] audit: type=1326 audit(1755096463.779:2195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   60.024894][   T29] audit: type=1326 audit(1755096463.779:2196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4925 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7fd28d78ebe9 code=0x7ffc0000
[   60.048479][ T4924] FAT-fs (loop1): Directory bread(block 38) failed
[   60.049544][ T4927] netlink: 'syz.0.478': attribute type 10 has an invalid length.
[   60.055058][ T4924] FAT-fs (loop1): Directory bread(block 39) failed
[   60.069321][ T4924] FAT-fs (loop1): Directory bread(block 40) failed
[   60.075818][ T4924] FAT-fs (loop1): Directory bread(block 41) failed
[   60.138982][   T29] audit: type=1400 audit(1755096464.069:2197): avc:  denied  { unmount } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   60.162362][ T4924] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[   60.170952][ T4924] FAT-fs (loop1): Filesystem has been set read-only
[   60.182385][ T4924] syz.1.477: attempt to access beyond end of device
[   60.182385][ T4924] loop1: rw=2049, sector=4184, nr_sectors = 8 limit=128
[   60.196469][ T4924] syz.1.477: attempt to access beyond end of device
[   60.196469][ T4924] loop1: rw=2049, sector=4200, nr_sectors = 4 limit=128
[   60.209891][ T4924] Buffer I/O error on dev loop1, logical block 1050, lost async page write
[   60.218959][ T4924] syz.1.477: attempt to access beyond end of device
[   60.218959][ T4924] loop1: rw=2049, sector=4208, nr_sectors = 4 limit=128
[   60.232385][ T4924] Buffer I/O error on dev loop1, logical block 1052, lost async page write
[   60.259034][ T4924] syz.1.477: attempt to access beyond end of device
[   60.259034][ T4924] loop1: rw=2049, sector=4220, nr_sectors = 4 limit=128
[   60.272593][ T4924] Buffer I/O error on dev loop1, logical block 1055, lost async page write
[   60.289125][ T4924] syz.1.477: attempt to access beyond end of device
[   60.289125][ T4924] loop1: rw=2049, sector=4228, nr_sectors = 4 limit=128
[   60.302623][ T4924] Buffer I/O error on dev loop1, logical block 1057, lost async page write
[   60.319052][ T4924] syz.1.477: attempt to access beyond end of device
[   60.319052][ T4924] loop1: rw=2049, sector=4240, nr_sectors = 4 limit=128
[   60.332579][ T4924] Buffer I/O error on dev loop1, logical block 1060, lost async page write
[   60.360586][ T4924] Buffer I/O error on dev loop1, logical block 1062, lost async page write
[   60.384726][ T4933] loop2: detected capacity change from 0 to 128
[   60.411120][ T4933] FAT-fs (loop2): Directory bread(block 32) failed
[   60.420672][ T4933] FAT-fs (loop2): Directory bread(block 33) failed
[   60.427281][ T4933] FAT-fs (loop2): Directory bread(block 34) failed
[   60.467272][ T4933] FAT-fs (loop2): Directory bread(block 35) failed
[   60.491442][ T4933] FAT-fs (loop2): Directory bread(block 36) failed
[   60.503873][ T4933] FAT-fs (loop2): Directory bread(block 37) failed
[   60.507068][ T4935] netlink: 28 bytes leftover after parsing attributes in process `syz.1.481'.
[   60.517937][ T4933] FAT-fs (loop2): Directory bread(block 38) failed
[   60.526687][ T4933] FAT-fs (loop2): Directory bread(block 39) failed
[   60.556760][ T4933] FAT-fs (loop2): Directory bread(block 40) failed
[   60.564872][ T4933] FAT-fs (loop2): Directory bread(block 41) failed
[   60.614321][ T4933] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[   60.622920][ T4933] FAT-fs (loop2): Filesystem has been set read-only
[   60.641794][ T4933] Buffer I/O error on dev loop2, logical block 1050, lost async page write
[   60.670926][   T29] audit: type=1326 audit(1755096464.619:2198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4940 comm="syz.1.484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   60.704393][ T4933] Buffer I/O error on dev loop2, logical block 1052, lost async page write
[   60.758481][ T4945] openvswitch: netlink: Message has 6 unknown bytes.
[   60.780158][ T4947] netlink: 28 bytes leftover after parsing attributes in process `syz.1.485'.
[   60.789099][ T4947] netlink: 8 bytes leftover after parsing attributes in process `syz.1.485'.
[   60.820006][ T4947] loop1: detected capacity change from 0 to 512
[   60.852933][ T4947] EXT4-fs: Ignoring removed oldalloc option
[   60.877711][ T4947] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.485: Parent and EA inode have the same ino 15
[   60.953111][ T4947] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.485: Parent and EA inode have the same ino 15
[   61.008546][ T4947] EXT4-fs (loop1): 1 orphan inode deleted
[   61.034298][ T4947] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   61.084852][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.184087][ T4966] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4966 comm=syz.1.494
[   61.198910][ T4967] netlink: 28 bytes leftover after parsing attributes in process `syz.2.493'.
[   61.292804][ T4972] netlink: 'syz.1.494': attribute type 10 has an invalid length.
[   61.301132][ T4972] siw: device registration error -23
[   61.424894][ T4983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   61.433591][ T4983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.475660][ T4987] netdevsim netdevsim3: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   61.549520][ T4995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   61.558024][ T4995] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.598255][ T4995] loop2: detected capacity change from 0 to 1024
[   61.607246][ T4995] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   61.620622][ T4995] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   61.633156][ T4995] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: comm syz.2.506: inode #100663328: comm syz.2.506: iget: illegal inode #
[   61.647049][ T4995] EXT4-fs (loop2): Remounting filesystem read-only
[   61.653618][ T4995] EXT4-fs (loop2): no journal found
[   61.658873][ T4995] EXT4-fs (loop2): can't get journal size
[   61.664858][ T4995] EXT4-fs (loop2): failed to initialize system zone (-22)
[   61.679006][ T4995] EXT4-fs (loop2): mount failed
[   61.701589][ T3411] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0
[   61.709081][ T3411] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0
[   61.716530][ T3411] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0
[   61.724850][ T3411] hid-generic 0000:0004:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   62.143439][ T5014] loop1: detected capacity change from 0 to 128
[   62.157001][ T5014] FAT-fs (loop1): Directory bread(block 32) failed
[   62.164075][ T5014] FAT-fs (loop1): Directory bread(block 33) failed
[   62.170681][ T5014] FAT-fs (loop1): Directory bread(block 34) failed
[   62.177354][ T5014] FAT-fs (loop1): Directory bread(block 35) failed
[   62.184008][ T5014] FAT-fs (loop1): Directory bread(block 36) failed
[   62.190760][ T5014] FAT-fs (loop1): Directory bread(block 37) failed
[   62.197348][ T5014] FAT-fs (loop1): Directory bread(block 38) failed
[   62.205592][ T5014] FAT-fs (loop1): Directory bread(block 39) failed
[   62.212287][ T5014] FAT-fs (loop1): Directory bread(block 40) failed
[   62.212338][ T5014] FAT-fs (loop1): Directory bread(block 41) failed
[   62.232275][ T5014] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[   62.240894][ T5014] FAT-fs (loop1): Filesystem has been set read-only
[   62.242495][ T5014] FAT-fs (loop1): error, corrupted directory (invalid entries)
[   62.393858][ T5027] loop3: detected capacity change from 0 to 256
[   62.592668][ T5045] netdevsim netdevsim0: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   62.592855][ T5047] __nla_validate_parse: 1 callbacks suppressed
[   62.592868][ T5047] netlink: 4 bytes leftover after parsing attributes in process `syz.2.521'.
[   62.835911][ T5054] loop0: detected capacity change from 0 to 256
[   62.845175][ T5054] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   62.855319][ T5054] FAT-fs (loop0): Filesystem has been set read-only
[   63.318616][ T5056] netlink: 28 bytes leftover after parsing attributes in process `syz.1.524'.
[   63.341210][ T5058] openvswitch: netlink: Message has 6 unknown bytes.
[   63.362667][ T5060] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.378075][ T5060] 9pnet_fd: Insufficient options for proto=fd
[   63.387618][ T5060] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   63.401495][ T5060] batman_adv: batadv0: Removing interface: batadv_slave_1
[   63.440751][   T10] hid-generic 0000:0004:0000.0005: unknown main item tag 0x0
[   63.448205][   T10] hid-generic 0000:0004:0000.0005: unknown main item tag 0x0
[   63.455649][   T10] hid-generic 0000:0004:0000.0005: unknown main item tag 0x0
[   63.463679][   T10] hid-generic 0000:0004:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   63.733758][ T5083] netlink: 28 bytes leftover after parsing attributes in process `syz.0.536'.
[   63.781171][ T5085] loop0: detected capacity change from 0 to 8192
[   63.791117][ T5085] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   63.856433][ T5093] netlink: 28 bytes leftover after parsing attributes in process `syz.0.539'.
[   63.865408][ T5093] netlink: 8 bytes leftover after parsing attributes in process `syz.0.539'.
[   63.882554][ T5093] loop0: detected capacity change from 0 to 512
[   63.889969][ T5093] EXT4-fs: Ignoring removed oldalloc option
[   63.900737][ T5093] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.539: Parent and EA inode have the same ino 15
[   63.913603][ T5093] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.539: Parent and EA inode have the same ino 15
[   63.926540][ T5093] EXT4-fs (loop0): 1 orphan inode deleted
[   63.932699][ T5093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   63.954390][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.027068][ T5098] loop0: detected capacity change from 0 to 128
[   64.038084][ T5098] FAT-fs (loop0): Directory bread(block 32) failed
[   64.044705][ T5098] FAT-fs (loop0): Directory bread(block 33) failed
[   64.051444][ T5098] FAT-fs (loop0): Directory bread(block 34) failed
[   64.057979][ T5098] FAT-fs (loop0): Directory bread(block 35) failed
[   64.064933][ T5098] FAT-fs (loop0): Directory bread(block 36) failed
[   64.071878][ T5098] FAT-fs (loop0): Directory bread(block 37) failed
[   64.078571][ T5098] FAT-fs (loop0): Directory bread(block 38) failed
[   64.085211][ T5098] FAT-fs (loop0): Directory bread(block 39) failed
[   64.091826][ T5098] FAT-fs (loop0): Directory bread(block 40) failed
[   64.098375][ T5098] FAT-fs (loop0): Directory bread(block 41) failed
[   64.117143][ T5098] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF
[   64.125711][ T5098] FAT-fs (loop0): Filesystem has been set read-only
[   64.134256][ T5098] FAT-fs (loop0): error, corrupted directory (invalid entries)
[   64.264397][ T5102] openvswitch: netlink: Message has 6 unknown bytes.
[   64.349725][ T5108] FAULT_INJECTION: forcing a failure.
[   64.349725][ T5108] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   64.362878][ T5108] CPU: 1 UID: 0 PID: 5108 Comm: syz.1.546 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   64.362902][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   64.362912][ T5108] Call Trace:
[   64.362918][ T5108]  <TASK>
[   64.362924][ T5108]  __dump_stack+0x1d/0x30
[   64.362970][ T5108]  dump_stack_lvl+0xe8/0x140
[   64.362986][ T5108]  dump_stack+0x15/0x1b
[   64.363000][ T5108]  should_fail_ex+0x265/0x280
[   64.363018][ T5108]  should_fail+0xb/0x20
[   64.363064][ T5108]  should_fail_usercopy+0x1a/0x20
[   64.363082][ T5108]  _copy_from_user+0x1c/0xb0
[   64.363105][ T5108]  ___sys_recvmsg+0xaa/0x370
[   64.363123][ T5108]  ? trace_event_buffer_commit+0x196/0x5d0
[   64.363150][ T5108]  do_recvmmsg+0x1ef/0x540
[   64.363197][ T5108]  __x64_sys_recvmmsg+0xe5/0x170
[   64.363217][ T5108]  x64_sys_call+0x27a6/0x2ff0
[   64.363277][ T5108]  do_syscall_64+0xd2/0x200
[   64.363364][ T5108]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   64.363385][ T5108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.363473][ T5108] RIP: 0033:0x7f869acfebe9
[   64.363486][ T5108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.363500][ T5108] RSP: 002b:00007f8699767038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   64.363517][ T5108] RAX: ffffffffffffffda RBX: 00007f869af25fa0 RCX: 00007f869acfebe9
[   64.363557][ T5108] RDX: 0000000000000001 RSI: 0000200000004a40 RDI: 0000000000000007
[   64.363572][ T5108] RBP: 00007f8699767090 R08: 0000000000000000 R09: 0000000000000000
[   64.363583][ T5108] R10: 0000000040000001 R11: 0000000000000246 R12: 0000000000000001
[   64.363593][ T5108] R13: 00007f869af26038 R14: 00007f869af25fa0 R15: 00007fffb583ba08
[   64.363609][ T5108]  </TASK>
[   64.628771][ T5120] netlink: 96 bytes leftover after parsing attributes in process `syz.4.547'.
[   64.661734][ T5125] loop3: detected capacity change from 0 to 128
[   64.707577][ T5125] FAT-fs (loop3): Directory bread(block 32) failed
[   64.744296][ T5125] FAT-fs (loop3): Directory bread(block 33) failed
[   64.773176][ T5125] FAT-fs (loop3): Directory bread(block 34) failed
[   64.796975][ T5141] netlink: 48 bytes leftover after parsing attributes in process `syz.2.560'.
[   64.802460][ T5125] FAT-fs (loop3): Directory bread(block 35) failed
[   64.821858][ T5145] netlink: 28 bytes leftover after parsing attributes in process `syz.1.561'.
[   64.827083][ T5125] FAT-fs (loop3): Directory bread(block 36) failed
[   64.830785][ T5145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.561'.
[   64.837394][ T5125] FAT-fs (loop3): Directory bread(block 37) failed
[   64.855251][ T5125] FAT-fs (loop3): Directory bread(block 38) failed
[   64.864389][ T5125] FAT-fs (loop3): Directory bread(block 39) failed
[   64.874078][   T29] kauditd_printk_skb: 451 callbacks suppressed
[   64.874091][   T29] audit: type=1326 audit(1755096468.829:2650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   64.911671][ T5145] loop1: detected capacity change from 0 to 512
[   64.918048][ T5125] FAT-fs (loop3): Directory bread(block 40) failed
[   64.925530][ T5145] EXT4-fs: Ignoring removed oldalloc option
[   64.933686][ T5125] FAT-fs (loop3): Directory bread(block 41) failed
[   64.942929][ T5145] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.561: Parent and EA inode have the same ino 15
[   64.956345][   T29] audit: type=1326 audit(1755096468.859:2651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   64.979757][   T29] audit: type=1326 audit(1755096468.859:2652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   64.981756][ T5145] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.561: Parent and EA inode have the same ino 15
[   65.003047][   T29] audit: type=1326 audit(1755096468.859:2653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   65.003075][   T29] audit: type=1326 audit(1755096468.859:2654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   65.061858][   T29] audit: type=1326 audit(1755096468.859:2655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   65.068458][ T5125] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   65.085234][   T29] audit: type=1326 audit(1755096468.859:2656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   65.093787][ T5125] FAT-fs (loop3): Filesystem has been set read-only
[   65.117034][   T29] audit: type=1326 audit(1755096468.859:2657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   65.117063][   T29] audit: type=1326 audit(1755096468.859:2658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   65.131539][ T5125] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   65.146994][   T29] audit: type=1326 audit(1755096468.859:2659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.1.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   65.170957][ T5145] EXT4-fs (loop1): 1 orphan inode deleted
[   65.185124][ T5125] bio_check_eod: 18 callbacks suppressed
[   65.185140][ T5125] syz.3.553: attempt to access beyond end of device
[   65.185140][ T5125] loop3: rw=2049, sector=4180, nr_sectors = 24 limit=128
[   65.201692][ T5145] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   65.207721][ T5125] syz.3.553: attempt to access beyond end of device
[   65.207721][ T5125] loop3: rw=2049, sector=4212, nr_sectors = 4 limit=128
[   65.251282][ T5125] buffer_io_error: 8 callbacks suppressed
[   65.251296][ T5125] Buffer I/O error on dev loop3, logical block 1053, lost async page write
[   65.266722][ T5125] syz.3.553: attempt to access beyond end of device
[   65.266722][ T5125] loop3: rw=2049, sector=4220, nr_sectors = 4 limit=128
[   65.280178][ T5125] Buffer I/O error on dev loop3, logical block 1055, lost async page write
[   65.288901][ T5125] syz.3.553: attempt to access beyond end of device
[   65.288901][ T5125] loop3: rw=2049, sector=4224, nr_sectors = 4 limit=128
[   65.325580][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.355168][ T5158] netlink: 28 bytes leftover after parsing attributes in process `syz.2.566'.
[   65.413464][ T5158] loop2: detected capacity change from 0 to 512
[   65.429313][ T5168] openvswitch: netlink: Message has 6 unknown bytes.
[   65.446779][ T5158] EXT4-fs: Ignoring removed oldalloc option
[   65.460200][ T5158] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.566: Parent and EA inode have the same ino 15
[   65.482246][ T5158] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.566: Parent and EA inode have the same ino 15
[   65.509022][ T5176] netdevsim netdevsim4: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   65.529717][ T5158] EXT4-fs (loop2): 1 orphan inode deleted
[   65.535781][ T5158] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   65.562270][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.621499][ T5183] loop2: detected capacity change from 0 to 512
[   65.643939][ T5183] EXT4-fs: Ignoring removed oldalloc option
[   65.654620][ T5183] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.576: Parent and EA inode have the same ino 15
[   65.670256][ T5190] loop0: detected capacity change from 0 to 128
[   65.684843][ T5183] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.576: Parent and EA inode have the same ino 15
[   65.716404][ T5183] EXT4-fs (loop2): 1 orphan inode deleted
[   65.727767][ T5190] FAT-fs (loop0): Directory bread(block 32) failed
[   65.734755][ T5190] FAT-fs (loop0): Directory bread(block 33) failed
[   65.752382][ T5190] FAT-fs (loop0): Directory bread(block 34) failed
[   65.766851][ T5190] FAT-fs (loop0): Directory bread(block 35) failed
[   65.785567][ T5190] FAT-fs (loop0): Directory bread(block 36) failed
[   65.800679][ T5190] FAT-fs (loop0): Directory bread(block 37) failed
[   65.817112][ T5190] FAT-fs (loop0): Directory bread(block 38) failed
[   65.824132][ T5190] FAT-fs (loop0): Directory bread(block 39) failed
[   65.832137][ T5190] FAT-fs (loop0): Directory bread(block 40) failed
[   65.842571][ T5190] FAT-fs (loop0): Directory bread(block 41) failed
[   65.865413][ T5210] netdevsim netdevsim4: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   65.899067][ T5190] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF
[   65.907622][ T5190] FAT-fs (loop0): Filesystem has been set read-only
[   65.927207][ T5190] FAT-fs (loop0): error, corrupted directory (invalid entries)
[   65.937060][ T5190] syz.0.579: attempt to access beyond end of device
[   65.937060][ T5190] loop0: rw=2049, sector=4180, nr_sectors = 24 limit=128
[   65.951699][ T5190] syz.0.579: attempt to access beyond end of device
[   65.951699][ T5190] loop0: rw=2049, sector=4212, nr_sectors = 4 limit=128
[   65.965260][ T5190] Buffer I/O error on dev loop0, logical block 1053, lost async page write
[   65.979846][ T5218] loop4: detected capacity change from 0 to 128
[   65.987567][ T5190] syz.0.579: attempt to access beyond end of device
[   65.987567][ T5190] loop0: rw=2049, sector=4220, nr_sectors = 4 limit=128
[   66.001034][ T5190] Buffer I/O error on dev loop0, logical block 1055, lost async page write
[   66.012062][ T5190] syz.0.579: attempt to access beyond end of device
[   66.012062][ T5190] loop0: rw=2049, sector=4224, nr_sectors = 4 limit=128
[   66.027802][ T5218] FAT-fs (loop4): Directory bread(block 32) failed
[   66.039137][ T5218] FAT-fs (loop4): Directory bread(block 33) failed
[   66.045678][ T5218] FAT-fs (loop4): Directory bread(block 34) failed
[   66.057278][ T5218] FAT-fs (loop4): Directory bread(block 35) failed
[   66.064085][ T5218] FAT-fs (loop4): Directory bread(block 36) failed
[   66.071766][ T5218] FAT-fs (loop4): Directory bread(block 37) failed
[   66.078386][ T5218] FAT-fs (loop4): Directory bread(block 38) failed
[   66.084995][ T5218] FAT-fs (loop4): Directory bread(block 39) failed
[   66.091925][ T5218] FAT-fs (loop4): Directory bread(block 40) failed
[   66.098462][ T5218] FAT-fs (loop4): Directory bread(block 41) failed
[   66.130612][ T5218] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF
[   66.139260][ T5218] FAT-fs (loop4): Filesystem has been set read-only
[   66.157395][ T5218] FAT-fs (loop4): error, corrupted directory (invalid entries)
[   66.178605][ T5218] syz.4.588: attempt to access beyond end of device
[   66.178605][ T5218] loop4: rw=2049, sector=4180, nr_sectors = 24 limit=128
[   66.201007][ T5218] syz.4.588: attempt to access beyond end of device
[   66.201007][ T5218] loop4: rw=2049, sector=4212, nr_sectors = 4 limit=128
[   66.214490][ T5218] Buffer I/O error on dev loop4, logical block 1053, lost async page write
[   66.224891][ T5218] Buffer I/O error on dev loop4, logical block 1055, lost async page write
[   66.233838][ T5223] loop0: detected capacity change from 0 to 2048
[   66.252835][ T5223] EXT4-fs mount: 2 callbacks suppressed
[   66.252850][ T5223] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   66.301687][ T5223] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   66.332000][ T5223] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 17 with error 28
[   66.344435][ T5223] EXT4-fs (loop0): This should not happen!! Data will be lost
[   66.344435][ T5223] 
[   66.354227][ T5223] EXT4-fs (loop0): Total free blocks count 0
[   66.360232][ T5223] EXT4-fs (loop0): Free/Dirty block details
[   66.366114][ T5223] EXT4-fs (loop0): free_blocks=2415919104
[   66.371862][ T5223] EXT4-fs (loop0): dirty_blocks=32
[   66.377021][ T5223] EXT4-fs (loop0): Block reservation details
[   66.383020][ T5223] EXT4-fs (loop0): i_reserved_data_blocks=2
[   66.452324][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.595964][ T3411] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4
[   66.603743][ T3411] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2
[   66.612391][ T3411] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x3
[   66.625871][ T5248] loop3: detected capacity change from 0 to 512
[   66.646134][ T3411] hid-generic 0000:3000000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   66.658534][ T5248] EXT4-fs (loop3): orphan cleanup on readonly fs
[   66.692705][ T5257] fido_id[5257]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   66.694850][ T5248] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.601: bg 0: block 248: padding at end of block bitmap is not set
[   66.729674][ T3411] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x4
[   66.737432][ T3411] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x2
[   66.751666][ T5248] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.601: Failed to acquire dquot type 1
[   66.752554][ T5252] FAULT_INJECTION: forcing a failure.
[   66.752554][ T5252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   66.763365][ T3411] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x3
[   66.775877][ T5252] CPU: 0 UID: 0 PID: 5252 Comm: syz.1.602 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   66.775902][ T5252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   66.775913][ T5252] Call Trace:
[   66.775920][ T5252]  <TASK>
[   66.775928][ T5252]  __dump_stack+0x1d/0x30
[   66.775972][ T5252]  dump_stack_lvl+0xe8/0x140
[   66.775991][ T5252]  dump_stack+0x15/0x1b
[   66.776008][ T5252]  should_fail_ex+0x265/0x280
[   66.776058][ T5252]  should_fail+0xb/0x20
[   66.776075][ T5252]  should_fail_usercopy+0x1a/0x20
[   66.776097][ T5252]  _copy_from_user+0x1c/0xb0
[   66.776205][ T5252]  uhid_char_write+0xef/0x650
[   66.776245][ T5252]  ? __pfx_uhid_char_write+0x10/0x10
[   66.776264][ T5252]  vfs_write+0x269/0x960
[   66.776337][ T5252]  ? __rcu_read_unlock+0x4f/0x70
[   66.776358][ T5252]  ? __fget_files+0x184/0x1c0
[   66.776427][ T5252]  ksys_write+0xda/0x1a0
[   66.776449][ T5252]  __x64_sys_write+0x40/0x50
[   66.776542][ T5252]  x64_sys_call+0x27fe/0x2ff0
[   66.776562][ T5252]  do_syscall_64+0xd2/0x200
[   66.776587][ T5252]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   66.776688][ T5252]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   66.776712][ T5252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.776733][ T5252] RIP: 0033:0x7f869acfebe9
[   66.776747][ T5252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.776764][ T5252] RSP: 002b:00007f8699767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   66.776783][ T5252] RAX: ffffffffffffffda RBX: 00007f869af25fa0 RCX: 00007f869acfebe9
[   66.776798][ T5252] RDX: 0000000000000004 RSI: 0000200000000340 RDI: 0000000000000003
[   66.776811][ T5252] RBP: 00007f8699767090 R08: 0000000000000000 R09: 0000000000000000
[   66.776823][ T5252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.776835][ T5252] R13: 00007f869af26038 R14: 00007f869af25fa0 R15: 00007fffb583ba08
[   66.776854][ T5252]  </TASK>
[   66.799467][ T5248] EXT4-fs (loop3): 1 truncate cleaned up
[   66.833343][ T3411] hid-generic 0000:3000000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   66.844494][ T5248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   66.896371][ T5270] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5270 comm=syz.2.607
[   67.021349][ T5248] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[   67.036626][ T5248] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 0
[   67.049408][ T5270] netlink: 'syz.2.607': attribute type 10 has an invalid length.
[   67.057595][ T5270] netlink: 'syz.2.607': attribute type 10 has an invalid length.
[   67.065881][ T5282] loop0: detected capacity change from 0 to 512
[   67.086667][ T5282] EXT4-fs: Ignoring removed oldalloc option
[   67.099811][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.116861][ T5282] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.609: Parent and EA inode have the same ino 15
[   67.138154][ T5282] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.609: Parent and EA inode have the same ino 15
[   67.154234][ T5282] EXT4-fs (loop0): 1 orphan inode deleted
[   67.166369][ T5282] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.227964][ T5301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   67.246294][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.261092][ T5301] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   67.316903][ T5311] loop3: detected capacity change from 0 to 128
[   67.350624][ T5311] FAT-fs (loop3): Directory bread(block 32) failed
[   67.357275][ T5311] FAT-fs (loop3): Directory bread(block 33) failed
[   67.365680][ T5301] loop1: detected capacity change from 0 to 1024
[   67.372918][ T5301] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   67.388023][ T5311] FAT-fs (loop3): Directory bread(block 34) failed
[   67.395012][ T5301] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   67.404734][ T5311] FAT-fs (loop3): Directory bread(block 35) failed
[   67.405369][ T5301] EXT4-fs error (device loop1): ext4_get_journal_inode:5796: comm syz.1.615: inode #100663328: comm syz.1.615: iget: illegal inode #
[   67.425314][ T5311] FAT-fs (loop3): Directory bread(block 36) failed
[   67.432468][ T5311] FAT-fs (loop3): Directory bread(block 37) failed
[   67.433074][ T5301] EXT4-fs (loop1): Remounting filesystem read-only
[   67.439036][ T5311] FAT-fs (loop3): Directory bread(block 38) failed
[   67.445525][ T5301] EXT4-fs (loop1): no journal found
[   67.445538][ T5301] EXT4-fs (loop1): can't get journal size
[   67.464092][ T5311] FAT-fs (loop3): Directory bread(block 39) failed
[   67.465280][ T5301] EXT4-fs (loop1): failed to initialize system zone (-22)
[   67.470677][ T5311] FAT-fs (loop3): Directory bread(block 40) failed
[   67.484671][ T5311] FAT-fs (loop3): Directory bread(block 41) failed
[   67.488069][ T5301] EXT4-fs (loop1): mount failed
[   67.533403][ T5311] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   67.542021][ T5311] FAT-fs (loop3): Filesystem has been set read-only
[   67.550319][ T5311] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   67.559517][ T5311] Buffer I/O error on dev loop3, logical block 1053, lost async page write
[   67.568117][ T5311] Buffer I/O error on dev loop3, logical block 1055, lost async page write
[   67.865905][ T5335] loop2: detected capacity change from 0 to 512
[   67.874832][ T5335] __nla_validate_parse: 13 callbacks suppressed
[   67.874845][ T5335] netlink: 7 bytes leftover after parsing attributes in process `syz.2.626'.
[   67.879156][ T5336] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.625'.
[   67.882058][ T5335] netlink: 60 bytes leftover after parsing attributes in process `syz.2.626'.
[   67.907916][ T5335] netlink: 60 bytes leftover after parsing attributes in process `syz.2.626'.
[   67.909471][ T5331] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.625'.
[   67.934343][ T5335] netlink: 7 bytes leftover after parsing attributes in process `syz.2.626'.
[   67.943910][ T5335] netlink: 60 bytes leftover after parsing attributes in process `syz.2.626'.
[   67.952815][ T5335] netlink: 60 bytes leftover after parsing attributes in process `syz.2.626'.
[   67.969614][ T5331] FAULT_INJECTION: forcing a failure.
[   67.969614][ T5331] name failslab, interval 1, probability 0, space 0, times 0
[   67.982277][ T5331] CPU: 1 UID: 0 PID: 5331 Comm: syz.3.625 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   67.982307][ T5331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   67.982320][ T5331] Call Trace:
[   67.982328][ T5331]  <TASK>
[   67.982336][ T5331]  __dump_stack+0x1d/0x30
[   67.982367][ T5331]  dump_stack_lvl+0xe8/0x140
[   67.982450][ T5331]  dump_stack+0x15/0x1b
[   67.982471][ T5331]  should_fail_ex+0x265/0x280
[   67.982493][ T5331]  should_failslab+0x8c/0xb0
[   67.982517][ T5331]  kmem_cache_alloc_noprof+0x50/0x310
[   67.982543][ T5331]  ? skb_clone+0x151/0x1f0
[   67.982709][ T5331]  skb_clone+0x151/0x1f0
[   67.982731][ T5331]  __netlink_deliver_tap+0x2c9/0x500
[   67.982757][ T5331]  netlink_dump+0x836/0x8a0
[   67.982782][ T5331]  netlink_recvmsg+0x420/0x550
[   67.982804][ T5331]  ? __pfx_netlink_recvmsg+0x10/0x10
[   67.982885][ T5331]  sock_recvmsg+0x139/0x170
[   67.982912][ T5331]  ____sys_recvmsg+0xf5/0x280
[   67.982973][ T5331]  ___sys_recvmsg+0x11f/0x370
[   67.983002][ T5331]  __x64_sys_recvmsg+0xd1/0x160
[   67.983028][ T5331]  x64_sys_call+0x2b42/0x2ff0
[   67.983050][ T5331]  do_syscall_64+0xd2/0x200
[   67.983132][ T5331]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   67.983156][ T5331]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   67.983181][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.983248][ T5331] RIP: 0033:0x7f33a9baebe9
[   67.983261][ T5331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.983284][ T5331] RSP: 002b:00007f33a8617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   67.983305][ T5331] RAX: ffffffffffffffda RBX: 00007f33a9dd5fa0 RCX: 00007f33a9baebe9
[   67.983318][ T5331] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[   67.983331][ T5331] RBP: 00007f33a8617090 R08: 0000000000000000 R09: 0000000000000000
[   67.983343][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.983405][ T5331] R13: 00007f33a9dd6038 R14: 00007f33a9dd5fa0 R15: 00007ffdfc36a0c8
[   67.983448][ T5331]  </TASK>
[   68.009123][ T5335] netlink: 7 bytes leftover after parsing attributes in process `syz.2.626'.
[   68.204569][ T5335] netlink: 60 bytes leftover after parsing attributes in process `syz.2.626'.
[   68.258097][ T5349] netdevsim netdevsim1: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   68.258444][ T5345] loop0: detected capacity change from 0 to 1024
[   68.294577][ T5345] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869)
[   68.335681][ T5345] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[   68.369291][ T5345] EXT4-fs (loop0): failed to initialize system zone (-117)
[   68.376693][ T5345] EXT4-fs (loop0): mount failed
[   68.385513][ T5361] capability: warning: `syz.1.636' uses 32-bit capabilities (legacy support in use)
[   68.441006][ T5364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.459287][ T5364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.580997][ T5364] loop4: detected capacity change from 0 to 1024
[   68.604460][ T5364] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   68.629587][ T5381] netdevsim netdevsim1: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   68.653765][ T5364] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   68.679959][ T5364] EXT4-fs error (device loop4): ext4_get_journal_inode:5796: comm syz.4.637: inode #100663328: comm syz.4.637: iget: illegal inode #
[   68.706544][ T5364] EXT4-fs (loop4): Remounting filesystem read-only
[   68.713221][ T5364] EXT4-fs (loop4): no journal found
[   68.718421][ T5364] EXT4-fs (loop4): can't get journal size
[   68.734909][ T5364] EXT4-fs (loop4): failed to initialize system zone (-22)
[   68.744141][ T5364] EXT4-fs (loop4): mount failed
[   68.961552][ T5399] loop3: detected capacity change from 0 to 8192
[   69.178639][ T5414] openvswitch: netlink: Message has 6 unknown bytes.
[   69.343050][ T5422] loop3: detected capacity change from 0 to 128
[   69.376247][ T5426] netdevsim netdevsim4: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   69.403770][ T5422] FAT-fs (loop3): Directory bread(block 32) failed
[   69.414373][ T5422] FAT-fs (loop3): Directory bread(block 33) failed
[   69.440327][ T5422] FAT-fs (loop3): Directory bread(block 34) failed
[   69.468580][ T5422] FAT-fs (loop3): Directory bread(block 35) failed
[   69.495525][ T5422] FAT-fs (loop3): Directory bread(block 36) failed
[   69.511478][ T5422] FAT-fs (loop3): Directory bread(block 37) failed
[   69.524914][ T5438] FAULT_INJECTION: forcing a failure.
[   69.524914][ T5438] name failslab, interval 1, probability 0, space 0, times 0
[   69.537606][ T5438] CPU: 1 UID: 0 PID: 5438 Comm: syz.2.659 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   69.537648][ T5438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   69.537694][ T5438] Call Trace:
[   69.537699][ T5438]  <TASK>
[   69.537705][ T5438]  __dump_stack+0x1d/0x30
[   69.537723][ T5438]  dump_stack_lvl+0xe8/0x140
[   69.537852][ T5438]  dump_stack+0x15/0x1b
[   69.537866][ T5438]  should_fail_ex+0x265/0x280
[   69.537886][ T5438]  should_failslab+0x8c/0xb0
[   69.537914][ T5438]  kmem_cache_alloc_node_noprof+0x57/0x320
[   69.537984][ T5438]  ? __alloc_skb+0x101/0x320
[   69.538007][ T5438]  ? avc_has_perm+0xf7/0x180
[   69.538029][ T5438]  __alloc_skb+0x101/0x320
[   69.538108][ T5438]  sock_wmalloc+0x7e/0xc0
[   69.538128][ T5438]  pppol2tp_sendmsg+0xfb/0x440
[   69.538148][ T5438]  ? __pfx_pppol2tp_sendmsg+0x10/0x10
[   69.538167][ T5438]  __sock_sendmsg+0x145/0x180
[   69.538264][ T5438]  sock_write_iter+0x165/0x1b0
[   69.538369][ T5438]  do_iter_readv_writev+0x49c/0x540
[   69.538397][ T5438]  vfs_writev+0x2df/0x8b0
[   69.538423][ T5438]  ? bpf_trace_run2+0xf5/0x1c0
[   69.538519][ T5438]  do_writev+0xe7/0x210
[   69.538603][ T5438]  __x64_sys_writev+0x45/0x50
[   69.538622][ T5438]  x64_sys_call+0x1e9a/0x2ff0
[   69.538639][ T5438]  do_syscall_64+0xd2/0x200
[   69.538662][ T5438]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   69.538803][ T5438]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   69.538828][ T5438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.538860][ T5438] RIP: 0033:0x7fdfa378ebe9
[   69.538873][ T5438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.538900][ T5438] RSP: 002b:00007fdfa21ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   69.538921][ T5438] RAX: ffffffffffffffda RBX: 00007fdfa39b5fa0 RCX: 00007fdfa378ebe9
[   69.538932][ T5438] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000006
[   69.538944][ T5438] RBP: 00007fdfa21ef090 R08: 0000000000000000 R09: 0000000000000000
[   69.538956][ T5438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   69.538985][ T5438] R13: 00007fdfa39b6038 R14: 00007fdfa39b5fa0 R15: 00007ffc7fdf4cf8
[   69.539011][ T5438]  </TASK>
[   69.761023][ T5441] openvswitch: netlink: Message has 6 unknown bytes.
[   69.770164][ T5422] FAT-fs (loop3): Directory bread(block 38) failed
[   69.788974][ T5422] FAT-fs (loop3): Directory bread(block 39) failed
[   69.795903][ T5422] FAT-fs (loop3): Directory bread(block 40) failed
[   69.802649][ T5422] FAT-fs (loop3): Directory bread(block 41) failed
[   69.833597][ T5422] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   69.842245][ T5422] FAT-fs (loop3): Filesystem has been set read-only
[   69.861818][ T5422] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   69.869483][ T5447] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[   69.882784][ T5422] Buffer I/O error on dev loop3, logical block 1053, lost async page write
[   69.893308][ T5422] Buffer I/O error on dev loop3, logical block 1055, lost async page write
[   69.903487][ T5444] IPVS: stopping master sync thread 5447 ...
[   69.936579][ T5451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.945365][ T5451] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   70.003968][ T5457] loop3: detected capacity change from 0 to 128
[   70.007208][ T5451] loop4: detected capacity change from 0 to 1024
[   70.024288][ T5451] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   70.042427][ T5451] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   70.044973][ T5457] FAT-fs (loop3): Directory bread(block 32) failed
[   70.054484][ T5451] EXT4-fs error (device loop4): ext4_get_journal_inode:5796: comm syz.4.663: inode #100663328: comm syz.4.663: iget: illegal inode #
[   70.089102][ T5451] EXT4-fs (loop4): Remounting filesystem read-only
[   70.095654][ T5451] EXT4-fs (loop4): no journal found
[   70.096464][ T5457] FAT-fs (loop3): Directory bread(block 33) failed
[   70.100887][ T5451] EXT4-fs (loop4): can't get journal size
[   70.113418][ T5451] EXT4-fs (loop4): failed to initialize system zone (-22)
[   70.113923][ T5457] FAT-fs (loop3): Directory bread(block 34) failed
[   70.128859][ T5457] FAT-fs (loop3): Directory bread(block 35) failed
[   70.129027][ T5451] EXT4-fs (loop4): mount failed
[   70.135738][ T5457] FAT-fs (loop3): Directory bread(block 36) failed
[   70.147042][ T5457] FAT-fs (loop3): Directory bread(block 37) failed
[   70.153961][ T5457] FAT-fs (loop3): Directory bread(block 38) failed
[   70.160927][ T5457] FAT-fs (loop3): Directory bread(block 39) failed
[   70.167578][ T5457] FAT-fs (loop3): Directory bread(block 40) failed
[   70.174716][ T5457] FAT-fs (loop3): Directory bread(block 41) failed
[   70.211873][ T5457] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   70.220542][ T5457] FAT-fs (loop3): Filesystem has been set read-only
[   70.230936][ T5457] bio_check_eod: 10 callbacks suppressed
[   70.230997][ T5457] syz.3.664: attempt to access beyond end of device
[   70.230997][ T5457] loop3: rw=2049, sector=4184, nr_sectors = 8 limit=128
[   70.250149][ T5457] syz.3.664: attempt to access beyond end of device
[   70.250149][ T5457] loop3: rw=2049, sector=4200, nr_sectors = 4 limit=128
[   70.263563][ T5457] Buffer I/O error on dev loop3, logical block 1050, lost async page write
[   70.272254][ T5457] syz.3.664: attempt to access beyond end of device
[   70.272254][ T5457] loop3: rw=2049, sector=4208, nr_sectors = 4 limit=128
[   70.285702][ T5457] Buffer I/O error on dev loop3, logical block 1052, lost async page write
[   70.294812][ T5457] syz.3.664: attempt to access beyond end of device
[   70.294812][ T5457] loop3: rw=2049, sector=4220, nr_sectors = 4 limit=128
[   70.308206][ T5457] Buffer I/O error on dev loop3, logical block 1055, lost async page write
[   70.317050][ T5457] syz.3.664: attempt to access beyond end of device
[   70.317050][ T5457] loop3: rw=2049, sector=4228, nr_sectors = 4 limit=128
[   70.330476][ T5457] Buffer I/O error on dev loop3, logical block 1057, lost async page write
[   70.339440][ T5457] syz.3.664: attempt to access beyond end of device
[   70.339440][ T5457] loop3: rw=2049, sector=4240, nr_sectors = 4 limit=128
[   70.353080][ T5457] Buffer I/O error on dev loop3, logical block 1060, lost async page write
[   70.361840][ T5457] syz.3.664: attempt to access beyond end of device
[   70.361840][ T5457] loop3: rw=2049, sector=4248, nr_sectors = 4 limit=128
[   70.375264][ T5457] Buffer I/O error on dev loop3, logical block 1062, lost async page write
[   70.384210][ T5457] syz.3.664: attempt to access beyond end of device
[   70.384210][ T5457] loop3: rw=2049, sector=4252, nr_sectors = 4 limit=128
[   70.566234][ T5469] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[   70.566669][ T5468] IPVS: stopping master sync thread 5469 ...
[   70.736853][ T5475] loop4: detected capacity change from 0 to 128
[   70.749890][   T29] kauditd_printk_skb: 369 callbacks suppressed
[   70.749903][   T29] audit: type=1400 audit(1755096474.709:3027): avc:  denied  { bind } for  pid=5472 comm="syz.2.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   70.781418][ T5475] FAT-fs (loop4): Directory bread(block 32) failed
[   70.788095][ T5475] FAT-fs (loop4): Directory bread(block 33) failed
[   70.859137][ T5475] FAT-fs (loop4): Directory bread(block 34) failed
[   70.865715][ T5475] FAT-fs (loop4): Directory bread(block 35) failed
[   70.872545][ T5475] FAT-fs (loop4): Directory bread(block 36) failed
[   70.890297][ T5475] FAT-fs (loop4): Directory bread(block 37) failed
[   70.903597][ T5475] FAT-fs (loop4): Directory bread(block 38) failed
[   70.920050][ T5475] FAT-fs (loop4): Directory bread(block 39) failed
[   70.933240][ T5475] FAT-fs (loop4): Directory bread(block 40) failed
[   70.948627][ T5475] FAT-fs (loop4): Directory bread(block 41) failed
[   70.996736][ T5475] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF
[   71.005336][ T5475] FAT-fs (loop4): Filesystem has been set read-only
[   71.037252][ T5475] FAT-fs (loop4): error, corrupted directory (invalid entries)
[   71.059202][ T5475] syz.4.669: attempt to access beyond end of device
[   71.059202][ T5475] loop4: rw=2049, sector=4180, nr_sectors = 24 limit=128
[   71.094819][ T5475] syz.4.669: attempt to access beyond end of device
[   71.094819][ T5475] loop4: rw=2049, sector=4212, nr_sectors = 4 limit=128
[   71.108250][ T5475] Buffer I/O error on dev loop4, logical block 1053, lost async page write
[   71.131444][ T5475] Buffer I/O error on dev loop4, logical block 1055, lost async page write
[   71.307422][   T29] audit: type=1400 audit(1755096475.259:3028): avc:  denied  { create } for  pid=5490 comm="syz.4.676" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=atmpvc_socket permissive=1
[   71.344247][ T5491] loop4: detected capacity change from 0 to 2364
[   71.357160][   T29] audit: type=1400 audit(1755096475.259:3029): avc:  denied  { create } for  pid=5490 comm="syz.4.676" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_netfilter_socket permissive=1
[   71.378655][   T29] audit: type=1400 audit(1755096475.269:3030): avc:  denied  { write } for  pid=5490 comm="syz.4.676" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_netfilter_socket permissive=1
[   71.399711][   T29] audit: type=1400 audit(1755096475.289:3031): avc:  denied  { mount } for  pid=5490 comm="syz.4.676" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   71.421554][   T29] audit: type=1400 audit(1755096475.289:3032): avc:  denied  { ioctl } for  pid=5490 comm="syz.4.676" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   71.446636][   T29] audit: type=1400 audit(1755096475.309:3033): avc:  denied  { mounton } for  pid=5490 comm="syz.4.676" path="/140/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[   71.521018][   T29] audit: type=1400 audit(1755096475.469:3034): avc:  denied  { unmount } for  pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   71.556470][ T5504] openvswitch: netlink: Message has 6 unknown bytes.
[   71.625276][   T29] audit: type=1326 audit(1755096475.579:3035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5511 comm="syz.1.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   71.648977][   T29] audit: type=1326 audit(1755096475.579:3036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5511 comm="syz.1.683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f869acfebe9 code=0x7ffc0000
[   71.688413][ T5512] loop1: detected capacity change from 0 to 512
[   71.697379][ T5512] EXT4-fs: Ignoring removed oldalloc option
[   71.714280][ T5512] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.683: Parent and EA inode have the same ino 15
[   71.779657][ T5512] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.683: Parent and EA inode have the same ino 15
[   71.819613][ T5512] EXT4-fs (loop1): 1 orphan inode deleted
[   71.838883][ T5527] loop3: detected capacity change from 0 to 128
[   71.849495][ T5512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.873662][ T5527] FAT-fs (loop3): Directory bread(block 32) failed
[   71.890365][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.905844][ T5527] FAT-fs (loop3): Directory bread(block 33) failed
[   71.941582][ T5527] FAT-fs (loop3): Directory bread(block 34) failed
[   71.956771][ T5527] FAT-fs (loop3): Directory bread(block 35) failed
[   71.982253][ T5527] FAT-fs (loop3): Directory bread(block 36) failed
[   71.997669][ T5527] FAT-fs (loop3): Directory bread(block 37) failed
[   72.005085][ T5527] FAT-fs (loop3): Directory bread(block 38) failed
[   72.012859][ T5527] FAT-fs (loop3): Directory bread(block 39) failed
[   72.022816][ T5527] FAT-fs (loop3): Directory bread(block 40) failed
[   72.030387][ T5527] FAT-fs (loop3): Directory bread(block 41) failed
[   72.030576][ T5538] SELinux:  policydb magic number 0x64697262 does not match expected magic number 0xf97cff8c
[   72.068009][ T5538] SELinux: failed to load policy
[   72.099041][ T5527] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF
[   72.107617][ T5527] FAT-fs (loop3): Filesystem has been set read-only
[   72.155726][ T5527] Buffer I/O error on dev loop3, logical block 1050, lost async page write
[   72.179194][ T5527] Buffer I/O error on dev loop3, logical block 1052, lost async page write
[   72.206868][ T5545] loop0: detected capacity change from 0 to 512
[   72.214619][ T5545] EXT4-fs: Ignoring removed mblk_io_submit option
[   72.223326][ T5545] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   72.234570][ T5547] SELinux: failed to load policy
[   72.241064][ T5545] EXT4-fs (loop0): 1 truncate cleaned up
[   72.247391][ T5545] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.307454][ T5552] loop2: detected capacity change from 0 to 512
[   72.314852][ T5552] EXT4-fs: Ignoring removed oldalloc option
[   72.325622][ T5552] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.698: Parent and EA inode have the same ino 15
[   72.350692][ T5552] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.698: Parent and EA inode have the same ino 15
[   72.419422][ T5552] EXT4-fs (loop2): 1 orphan inode deleted
[   72.436670][ T5552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.513966][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.539912][ T5566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   72.572179][ T5566] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   72.660176][ T5572] mmap: syz.3.706 (5572) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   72.713040][ T5566] loop2: detected capacity change from 0 to 1024
[   72.720333][ T5566] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   72.730592][ T5566] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   72.764769][ T5566] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: comm syz.2.703: inode #100663328: comm syz.2.703: iget: illegal inode #
[   72.786376][ T5581] 9pnet_fd: Insufficient options for proto=fd
[   72.809492][ T5566] EXT4-fs (loop2): Remounting filesystem read-only
[   72.816031][ T5566] EXT4-fs (loop2): no journal found
[   72.821321][ T5566] EXT4-fs (loop2): can't get journal size
[   72.858010][ T5566] EXT4-fs (loop2): failed to initialize system zone (-22)
[   72.872635][ T5566] EXT4-fs (loop2): mount failed
[   72.928630][ T5595] netdevsim netdevsim3: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   72.989581][ T5599] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5599 comm=syz.4.714
[   73.058619][ T5603] netlink: 'syz.4.714': attribute type 10 has an invalid length.
[   73.079769][ T5603] netlink: 'syz.4.714': attribute type 10 has an invalid length.
[   73.089590][ T5603] siw: device registration error -23
[   73.174378][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.187818][ T5611] loop1: detected capacity change from 0 to 256
[   73.206819][ T5615] FAULT_INJECTION: forcing a failure.
[   73.206819][ T5615] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.216383][ T5614] __nla_validate_parse: 12 callbacks suppressed
[   73.216398][ T5614] netlink: 28 bytes leftover after parsing attributes in process `syz.3.720'.
[   73.219956][ T5615] CPU: 0 UID: 0 PID: 5615 Comm: syz.0.719 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   73.219986][ T5615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   73.219998][ T5615] Call Trace:
[   73.220005][ T5615]  <TASK>
[   73.220014][ T5615]  __dump_stack+0x1d/0x30
[   73.220036][ T5615]  dump_stack_lvl+0xe8/0x140
[   73.220127][ T5615]  dump_stack+0x15/0x1b
[   73.220143][ T5615]  should_fail_ex+0x265/0x280
[   73.220164][ T5615]  should_fail+0xb/0x20
[   73.220181][ T5615]  should_fail_usercopy+0x1a/0x20
[   73.220265][ T5615]  _copy_from_user+0x1c/0xb0
[   73.220292][ T5615]  memdup_user+0x5e/0xd0
[   73.220316][ T5615]  strndup_user+0x68/0xb0
[   73.220410][ T5615]  __se_sys_mount+0x4d/0x2e0
[   73.220432][ T5615]  ? __bpf_trace_sys_enter+0x10/0x30
[   73.220455][ T5615]  ? trace_sys_enter+0xd0/0xf0
[   73.220477][ T5615]  __x64_sys_mount+0x67/0x80
[   73.220542][ T5615]  x64_sys_call+0x2b4d/0x2ff0
[   73.220562][ T5615]  do_syscall_64+0xd2/0x200
[   73.220604][ T5615]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.220626][ T5615]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   73.220649][ T5615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.220725][ T5615] RIP: 0033:0x7fd28d78ebe9
[   73.220785][ T5615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.220808][ T5615] RSP: 002b:00007fd28c1ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   73.220828][ T5615] RAX: ffffffffffffffda RBX: 00007fd28d9b5fa0 RCX: 00007fd28d78ebe9
[   73.220840][ T5615] RDX: 0000200000000100 RSI: 0000200000000500 RDI: 0000000000000000
[   73.220853][ T5615] RBP: 00007fd28c1ef090 R08: 0000200000000a40 R09: 0000000000000000
[   73.220865][ T5615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.220880][ T5615] R13: 00007fd28d9b6038 R14: 00007fd28d9b5fa0 R15: 00007fff4fc174b8
[   73.220898][ T5615]  </TASK>
[   73.277975][ T5611] FAT-fs (loop1): codepage cp936 not found
[   73.290986][ T5617] loop0: detected capacity change from 0 to 256
[   73.316759][ T5617] FAT-fs (loop0): codepage cp936 not found
[   73.399546][ T5623] netlink: 8 bytes leftover after parsing attributes in process `syz.3.723'.
[   73.427168][ T5617] netlink: 24 bytes leftover after parsing attributes in process `syz.0.721'.
[   73.431856][ T5623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.723'.
[   73.458885][ T5617] loop0: detected capacity change from 0 to 2048
[   73.479317][ T5611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.718'.
[   73.504808][ T5611] loop1: detected capacity change from 0 to 2048
[   73.520592][ T5611] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.533617][ T5611] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.533966][ T5617] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.566412][ T5633] FAULT_INJECTION: forcing a failure.
[   73.566412][ T5633] name failslab, interval 1, probability 0, space 0, times 0
[   73.579212][ T5633] CPU: 0 UID: 0 PID: 5633 Comm: syz.3.726 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   73.579292][ T5633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   73.579302][ T5633] Call Trace:
[   73.579309][ T5633]  <TASK>
[   73.579317][ T5633]  __dump_stack+0x1d/0x30
[   73.579338][ T5633]  dump_stack_lvl+0xe8/0x140
[   73.579395][ T5633]  dump_stack+0x15/0x1b
[   73.579458][ T5633]  should_fail_ex+0x265/0x280
[   73.579481][ T5633]  should_failslab+0x8c/0xb0
[   73.579504][ T5633]  kmem_cache_alloc_node_noprof+0x57/0x320
[   73.579535][ T5633]  ? __alloc_skb+0x101/0x320
[   73.579567][ T5633]  __alloc_skb+0x101/0x320
[   73.579596][ T5633]  netlink_alloc_large_skb+0xba/0xf0
[   73.579670][ T5633]  netlink_sendmsg+0x3cf/0x6b0
[   73.579689][ T5633]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.579709][ T5633]  __sock_sendmsg+0x145/0x180
[   73.579804][ T5633]  ____sys_sendmsg+0x31e/0x4e0
[   73.579881][ T5633]  ___sys_sendmsg+0x17b/0x1d0
[   73.579915][ T5633]  __x64_sys_sendmsg+0xd4/0x160
[   73.579941][ T5633]  x64_sys_call+0x191e/0x2ff0
[   73.579959][ T5633]  do_syscall_64+0xd2/0x200
[   73.579982][ T5633]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.580083][ T5633]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   73.580131][ T5633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.580152][ T5633] RIP: 0033:0x7f33a9baebe9
[   73.580168][ T5633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.580185][ T5633] RSP: 002b:00007f33a8617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.580247][ T5633] RAX: ffffffffffffffda RBX: 00007f33a9dd5fa0 RCX: 00007f33a9baebe9
[   73.580261][ T5633] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000003
[   73.580275][ T5633] RBP: 00007f33a8617090 R08: 0000000000000000 R09: 0000000000000000
[   73.580287][ T5633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.580300][ T5633] R13: 00007f33a9dd6038 R14: 00007f33a9dd5fa0 R15: 00007ffdfc36a0c8
[   73.580320][ T5633]  </TASK>
[   73.596157][ T5617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.670136][ T5611] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=519 sclass=netlink_route_socket pid=5611 comm=syz.1.718
[   73.822283][ T5617] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=519 sclass=netlink_route_socket pid=5617 comm=syz.0.721
[   73.845429][ T5640] sctp: [Deprecated]: syz.4.728 (pid 5640) Use of int in max_burst socket option deprecated.
[   73.845429][ T5640] Use struct sctp_assoc_value instead
[   73.880450][ T5640] netlink: 8 bytes leftover after parsing attributes in process `syz.4.728'.
[   73.889321][ T5640] netlink: 4 bytes leftover after parsing attributes in process `syz.4.728'.
[   73.943969][ T5651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   73.952838][ T5651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   74.003250][ T5651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.734'.
[   74.005178][ T5660] macvlan1: entered promiscuous mode
[   74.018236][ T5660] ipvlan0: entered promiscuous mode
[   74.024198][ T5660] ipvlan0: left promiscuous mode
[   74.029494][ T5660] macvlan1: left promiscuous mode
[   74.039747][ T5651] loop2: detected capacity change from 0 to 1024
[   74.047254][ T5651] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   74.057104][ T5651] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   74.067754][ T5651] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: comm syz.2.734: inode #100663328: comm syz.2.734: iget: illegal inode #
[   74.071470][ T5663] loop0: detected capacity change from 0 to 2048
[   74.084020][ T5651] EXT4-fs (loop2): Remounting filesystem read-only
[   74.094346][ T5651] EXT4-fs (loop2): no journal found
[   74.099550][ T5651] EXT4-fs (loop2): can't get journal size
[   74.105593][ T5651] EXT4-fs (loop2): failed to initialize system zone (-22)
[   74.112748][ T5651] EXT4-fs (loop2): mount failed
[   74.140965][ T4158] Alternate GPT is invalid, using primary GPT.
[   74.147233][ T4158]  loop0: p2 p3 p7
[   74.156420][ T5663] Alternate GPT is invalid, using primary GPT.
[   74.162756][ T5663]  loop0: p2 p3 p7
[   74.242343][ T5666] netdevsim netdevsim0: Direct firmware load for ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa failed with error -2
[   74.257985][ T3381] udevd[3381]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[   74.264053][ T3993] udevd[3993]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory
[   74.271577][ T4158] udevd[4158]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[   74.348658][ T5670] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5670 comm=syz.0.738
[   74.414797][ T5671] netlink: 'syz.0.738': attribute type 10 has an invalid length.
[   74.423005][ T5671] netlink: 'syz.0.738': attribute type 10 has an invalid length.
[   74.539001][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   74.615379][ T5674] netlink: 4 bytes leftover after parsing attributes in process `syz.3.739'.
[   74.653502][ T5680] loop2: detected capacity change from 0 to 256
[   74.680776][ T5680] FAT-fs (loop2): codepage cp936 not found
[   74.694849][ T5680] netlink: 24 bytes leftover after parsing attributes in process `syz.2.740'.
[   74.726280][ T5680] loop2: detected capacity change from 0 to 2048
[   74.751499][ T5680] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.769760][ T5680] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.785057][ T5686] 9pnet_fd: Insufficient options for proto=fd
[   74.827777][ T5680] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=519 sclass=netlink_route_socket pid=5680 comm=syz.2.740
[   74.909038][ T5695] loop2: detected capacity change from 0 to 512
[   74.952061][ T5695] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.744: bg 0: block 131: padding at end of block bitmap is not set
[   74.983921][ T5695] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   75.002852][ T5695] EXT4-fs (loop2): 1 truncate cleaned up
[   75.015677][ T5695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.516541][ T5714] loop3: detected capacity change from 0 to 512
[   75.525811][ T5716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.539737][ T5714] EXT4-fs: Ignoring removed i_version option
[   75.547631][ T5716] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.557304][ T5714] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   75.568687][ T5714] EXT4-fs (loop3): 1 truncate cleaned up
[   75.575633][ T5714] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.653887][ T5716] loop0: detected capacity change from 0 to 1024
[   75.662007][ T5716] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869)
[   75.689233][ T5716] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   75.709265][ T5716] EXT4-fs error (device loop0): ext4_get_journal_inode:5796: comm syz.0.751: inode #100663328: comm syz.0.751: iget: illegal inode #
[   75.757554][ T5716] EXT4-fs (loop0): Remounting filesystem read-only
[   75.764157][ T5716] EXT4-fs (loop0): no journal found
[   75.764974][   T29] kauditd_printk_skb: 623 callbacks suppressed
[   75.765022][   T29] audit: type=1326 audit(1755096479.729:3660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdfa3785ba7 code=0x7ffc0000
[   75.769512][ T5716] EXT4-fs (loop0): can't get journal size
[   75.775907][   T29] audit: type=1326 audit(1755096479.729:3661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfa372add9 code=0x7ffc0000
[   75.808989][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   75.829786][   T29] audit: type=1326 audit(1755096479.789:3662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdfa3785ba7 code=0x7ffc0000
[   75.858479][   T29] audit: type=1326 audit(1755096479.789:3663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfa372add9 code=0x7ffc0000
[   75.859468][ T5716] EXT4-fs (loop0): failed to initialize system zone (-22)
[   75.881702][   T29] audit: type=1326 audit(1755096479.789:3664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa378ebe9 code=0x7ffc0000
[   75.882181][   T29] audit: type=1326 audit(1755096479.819:3665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdfa3785ba7 code=0x7ffc0000
[   75.935306][   T29] audit: type=1326 audit(1755096479.819:3666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfa372add9 code=0x7ffc0000
[   75.945252][ T5725] loop1: detected capacity change from 0 to 512
[   75.958612][   T29] audit: type=1326 audit(1755096479.819:3667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa378ebe9 code=0x7ffc0000
[   75.958690][   T29] audit: type=1326 audit(1755096479.869:3668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdfa3785ba7 code=0x7ffc0000
[   76.011404][   T29] audit: type=1326 audit(1755096479.869:3669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5693 comm="syz.2.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfa372add9 code=0x7ffc0000
[   76.028054][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.044075][ T5716] EXT4-fs (loop0): mount failed
[   76.054801][ T5727] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5727 comm=syz.4.755
[   76.055593][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.091193][ T5729] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5729 comm=syz.2.754
[   76.162691][ T5732] netlink: 'syz.4.755': attribute type 10 has an invalid length.
[   76.171282][ T5732] netlink: 'syz.4.755': attribute type 10 has an invalid length.
[   76.179949][ T5732] siw: device registration error -23
[   76.185622][ T5733] netlink: 'syz.2.754': attribute type 10 has an invalid length.
[   76.610977][ T5742] FAULT_INJECTION: forcing a failure.
[   76.610977][ T5742] name failslab, interval 1, probability 0, space 0, times 0
[   76.623650][ T5742] CPU: 1 UID: 0 PID: 5742 Comm: syz.0.757 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   76.623673][ T5742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   76.623683][ T5742] Call Trace:
[   76.623736][ T5742]  <TASK>
[   76.623745][ T5742]  __dump_stack+0x1d/0x30
[   76.623786][ T5742]  dump_stack_lvl+0xe8/0x140
[   76.623803][ T5742]  dump_stack+0x15/0x1b
[   76.623817][ T5742]  should_fail_ex+0x265/0x280
[   76.623834][ T5742]  should_failslab+0x8c/0xb0
[   76.623858][ T5742]  kmem_cache_alloc_node_noprof+0x57/0x320
[   76.623910][ T5742]  ? __alloc_skb+0x101/0x320
[   76.623935][ T5742]  __alloc_skb+0x101/0x320
[   76.623998][ T5742]  netlink_alloc_large_skb+0xba/0xf0
[   76.624050][ T5742]  netlink_sendmsg+0x3cf/0x6b0
[   76.624072][ T5742]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.624094][ T5742]  __sock_sendmsg+0x145/0x180
[   76.624121][ T5742]  ____sys_sendmsg+0x31e/0x4e0
[   76.624208][ T5742]  ___sys_sendmsg+0x17b/0x1d0
[   76.624239][ T5742]  __x64_sys_sendmsg+0xd4/0x160
[   76.624283][ T5742]  x64_sys_call+0x191e/0x2ff0
[   76.624300][ T5742]  do_syscall_64+0xd2/0x200
[   76.624322][ T5742]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   76.624421][ T5742]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   76.624446][ T5742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.624468][ T5742] RIP: 0033:0x7fd28d78ebe9
[   76.624488][ T5742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.624503][ T5742] RSP: 002b:00007fd28c1ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.624582][ T5742] RAX: ffffffffffffffda RBX: 00007fd28d9b5fa0 RCX: 00007fd28d78ebe9
[   76.624594][ T5742] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[   76.624608][ T5742] RBP: 00007fd28c1ef090 R08: 0000000000000000 R09: 0000000000000000
[   76.624621][ T5742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.624634][ T5742] R13: 00007fd28d9b6038 R14: 00007fd28d9b5fa0 R15: 00007fff4fc174b8
[   76.624708][ T5742]  </TASK>
[   76.911145][ T5755] sctp: [Deprecated]: syz.4.762 (pid 5755) Use of int in max_burst socket option deprecated.
[   76.911145][ T5755] Use struct sctp_assoc_value instead
[   76.991318][ T3357] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0
[   76.998753][ T3357] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0
[   77.006229][ T3357] hid-generic 0000:0004:0000.0008: unknown main item tag 0x0
[   77.020446][ T3357] hid-generic 0000:0004:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   77.051566][ T5769] loop0: detected capacity change from 0 to 1024
[   77.070673][ T5769] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   77.112355][ T5769] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.167705][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.220556][ T5785] lo speed is unknown, defaulting to 1000
[   77.234277][ T5787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   77.248455][ T5787] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   77.253508][ T5785] lo speed is unknown, defaulting to 1000
[   77.262354][ T5785] lo speed is unknown, defaulting to 1000
[   77.269126][ T5785] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   77.279232][ T5791] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5791 comm=syz.0.774
[   77.284087][ T5785] lo speed is unknown, defaulting to 1000
[   77.297620][ T5785] lo speed is unknown, defaulting to 1000
[   77.303678][ T5785] lo speed is unknown, defaulting to 1000
[   77.310147][ T5785] lo speed is unknown, defaulting to 1000
[   77.316377][ T5785] lo speed is unknown, defaulting to 1000
[   77.345746][ T5793] netlink: 'syz.0.774': attribute type 10 has an invalid length.
[   77.383894][ T5798] netlink: 'syz.3.776': attribute type 4 has an invalid length.
[   77.394679][ T3384] lo speed is unknown, defaulting to 1000
[   77.397300][ T5798] netlink: 'syz.3.776': attribute type 4 has an invalid length.
[   77.400505][ T3384] syz0: Port: 1 Link DOWN
[   77.416400][ T3357] lo speed is unknown, defaulting to 1000
[   77.422159][ T3357] syz0: Port: 1 Link ACTIVE
[   77.533279][ T5803] loop3: detected capacity change from 0 to 256
[   77.555138][ T5803] FAT-fs (loop3): codepage cp936 not found
[   77.573171][ T5803] loop3: detected capacity change from 0 to 2048
[   77.591769][ T5803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.604593][ T5803] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.622369][ T5803] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=519 sclass=netlink_route_socket pid=5803 comm=syz.3.778
[   77.769356][ T5816] loop3: detected capacity change from 0 to 128
[   77.781509][ T5816] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   77.789391][ T5816] FAT-fs (loop3): Filesystem has been set read-only
[   77.796321][ T5816] bio_check_eod: 10 callbacks suppressed
[   77.796334][ T5816] syz.3.781: attempt to access beyond end of device
[   77.796334][ T5816] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   77.819874][ T5816] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   77.827720][ T5816] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[   77.849199][ T5816] syz.3.781: attempt to access beyond end of device
[   77.849199][ T5816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.874501][ T5820] syz.3.781: attempt to access beyond end of device
[   77.874501][ T5820] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.888032][ T5816] syz.3.781: attempt to access beyond end of device
[   77.888032][ T5816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.902065][ T5820] syz.3.781: attempt to access beyond end of device
[   77.902065][ T5820] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.915477][ T5816] syz.3.781: attempt to access beyond end of device
[   77.915477][ T5816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.928909][ T5820] syz.3.781: attempt to access beyond end of device
[   77.928909][ T5820] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.942108][ T5826] syz.3.781: attempt to access beyond end of device
[   77.942108][ T5826] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.965949][ T5816] syz.3.781: attempt to access beyond end of device
[   77.965949][ T5816] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.979194][ T5820] syz.3.781: attempt to access beyond end of device
[   77.979194][ T5820] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   78.164618][ T5841] 9pnet_fd: Insufficient options for proto=fd
[   78.216671][ T5846] loop2: detected capacity change from 0 to 128
[   78.246228][ T5846] FAT-fs (loop2): Directory bread(block 32) failed
[   78.253164][ T5846] FAT-fs (loop2): Directory bread(block 33) failed
[   78.266096][ T5846] FAT-fs (loop2): Directory bread(block 34) failed
[   78.281126][ T5846] FAT-fs (loop2): Directory bread(block 35) failed
[   78.287758][ T5846] FAT-fs (loop2): Directory bread(block 36) failed
[   78.290045][ T5848] loop0: detected capacity change from 0 to 512
[   78.302283][ T5846] FAT-fs (loop2): Directory bread(block 37) failed
[   78.309862][ T5846] FAT-fs (loop2): Directory bread(block 38) failed
[   78.317263][ T5846] FAT-fs (loop2): Directory bread(block 39) failed
[   78.337209][ T5846] FAT-fs (loop2): Directory bread(block 40) failed
[   78.344074][ T5846] FAT-fs (loop2): Directory bread(block 41) failed
[   78.351153][ T5848] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   78.376147][ T5846] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[   78.384785][ T5846] FAT-fs (loop2): Filesystem has been set read-only
[   78.394680][ T5848] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.791: invalid indirect mapped block 4294967295 (level 1)
[   78.396226][ T5846] FAT-fs (loop2): error, corrupted directory (invalid entries)
[   78.431594][ T5848] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.791: invalid indirect mapped block 4294967295 (level 1)
[   78.432800][ T5846] buffer_io_error: 4 callbacks suppressed
[   78.432813][ T5846] Buffer I/O error on dev loop2, logical block 1053, lost async page write
[   78.446130][ T5848] EXT4-fs (loop0): 2 truncates cleaned up
[   78.466169][ T5848] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.466549][ T5846] Buffer I/O error on dev loop2, logical block 1055, lost async page write
[   78.510957][ T5848] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1314: inode #12: block 7: comm syz.0.791: path /143/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0
[   78.535331][ T5848] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1314: inode #12: block 7: comm syz.0.791: path /143/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0
[   78.623421][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.755232][ T5862] loop0: detected capacity change from 0 to 512
[   78.770515][ T5862] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   78.778619][ T5862] EXT4-fs (loop0): orphan cleanup on readonly fs
[   78.792006][ T5862] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.798: corrupted inode contents
[   78.819111][ T5862] EXT4-fs (loop0): Remounting filesystem read-only
[   78.825750][ T5862] EXT4-fs (loop0): 1 truncate cleaned up
[   78.832367][ T2723] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   78.842922][ T2723] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   78.853641][ T2723] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   78.864365][ T5862] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   78.893994][ T3299] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.982240][ T5878] loop4: detected capacity change from 0 to 512
[   79.030635][ T5878] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.058583][ T5878] ext4 filesystem being mounted at /159/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.092424][ T5890] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5890 comm=syz.0.809
[   79.105315][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.143373][ T5892] 9pnet_fd: Insufficient options for proto=fd
[   79.176354][ T5895] netlink: 'syz.0.809': attribute type 10 has an invalid length.
[   79.251023][ T5896] __nla_validate_parse: 6 callbacks suppressed
[   79.251045][ T5896] netlink: 4 bytes leftover after parsing attributes in process `syz.4.811'.
[   79.325681][ T5910] ==================================================================
[   79.333784][ T5910] BUG: KCSAN: data-race in mas_state_walk / mas_wmb_replace
[   79.341073][ T5910] 
[   79.343389][ T5910] write to 0xffff888103764200 of 8 bytes by task 5909 on cpu 0:
[   79.351011][ T5910]  mas_wmb_replace+0xe45/0x14a0
[   79.355874][ T5910]  mas_wr_store_entry+0x1773/0x2b50
[   79.361073][ T5910]  mas_store_prealloc+0x74d/0x9e0
[   79.366100][ T5910]  vma_iter_store_new+0x1c5/0x200
[   79.371120][ T5910]  vma_complete+0x125/0x580
[   79.375618][ T5910]  __split_vma+0x5d9/0x650
[   79.380036][ T5910]  vma_modify+0x3f2/0xc80
[   79.384365][ T5910]  vma_modify_flags+0x101/0x130
[   79.389209][ T5910]  mprotect_fixup+0x2cc/0x570
[   79.393882][ T5910]  do_mprotect_pkey+0x6d6/0x980
[   79.398742][ T5910]  __x64_sys_mprotect+0x48/0x60
[   79.403592][ T5910]  x64_sys_call+0x274e/0x2ff0
[   79.408265][ T5910]  do_syscall_64+0xd2/0x200
[   79.412767][ T5910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.418659][ T5910] 
[   79.420982][ T5910] read to 0xffff888103764200 of 8 bytes by task 5910 on cpu 1:
[   79.428512][ T5910]  mas_state_walk+0x485/0x650
[   79.433184][ T5910]  mas_walk+0x60/0x150
[   79.437261][ T5910]  lock_vma_under_rcu+0x8d/0x160
[   79.442267][ T5910]  do_user_addr_fault+0x233/0x1090
[   79.447384][ T5910]  exc_page_fault+0x62/0xa0
[   79.451877][ T5910]  asm_exc_page_fault+0x26/0x30
[   79.456718][ T5910] 
[   79.459031][ T5910] value changed: 0xffff888103764a0e -> 0xffff888103764200
[   79.466132][ T5910] 
[   79.468445][ T5910] Reported by Kernel Concurrency Sanitizer on:
[   79.474589][ T5910] CPU: 1 UID: 0 PID: 5910 Comm: syz.4.814 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
[   79.486901][ T5910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   79.496948][ T5910] ==================================================================