last executing test programs:

2.491175059s ago: executing program 2 (id=3902):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f00000000c0)=0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000006000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000500)='mm_page_alloc\x00', r3}, 0x10)
r4 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r4, &(0x7f0000000140)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e21, 0x4cfe, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}, 0x24)
sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f0093f33190b04458889b2621f162463c26d097143db9aa5b2670477e700ab1a4f11ceb230767fb4ff69c2c011259e347746067b81c4ebd0ad9d263362de352ce02bb38e4347b170b2e5e78cadbb7ab279184beec5f22681e868ccf729b8ef3487022ed0aaa1878bde3916766ab1e99b882b06cbdb4550d352e19e26c387445bd41689d79bf7d7d68a2084d42de5db2d2ef36df3b18be68b6cb2fd7e5231645e679c02ed13c8107d9f68cb2f03b596548cb3a4f6061f4f357ce5241f147d32cfc0d29708d193661b85ea3c5e2b2ece47e245918c5dce186f9bee9a9f75275a10202316d1c75d7482d91b651f3f8922c76f235684d9452e23de4e951219089115b9d12f9179e254ee874e34826ab0583dc9515d02033e73535797ed28b0f069288aceda23553c476a33f3bad93f5ed8920f35ae02e7f187b576f194e341cf58d3f08fdd7"], 0x0, 0x34}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r5, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380))
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r6, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000000bc0)={0x4, 0x1, "bbd6dab851780a90d0add47ddcdf67904b074221c442a58d4ac771aace828506884ea44b1f67e6b9f7f588c01248fc2f67f3e069e8399fe4dd09cae1a7618e751a4eef5585cdef47a39767c084bcebb2cbf375d6e47419f742a734edc0f17671bcbc75edb4d8ea4c9af20ad27fc0e906c2457cab6276067660ee58565c1e43cd392d57d77970bb15960128c08f5e6982a7bf35d0e53f60c1ed4e1b10f5b877fe83e0d93aae5ff18f6ba49fc7a437e0df34db79f37c3e9cea37e5aa761de5ec27a84fc798e90edd2411306dafec4e78f8342283194ebf513f2c891c77e5002584be29e152b30f3c02f70c43a52897c6ae3920c27b41a1e61d7438782d08678c21"})
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000300)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x2, 0x4, 0x0, 0x7ffffffffffffffe, 0x38db0863, 0x0, 0x0, 0xd, 0xffffffff})
fallocate(0xffffffffffffffff, 0x20, 0x0, 0x8000)

1.864642739s ago: executing program 2 (id=3909):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffff8}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x200000000000000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
close(0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x4810, &(0x7f00000001c0)=ANY=[], 0x1, 0x382, &(0x7f0000000b00)="$eJzs3U1rY1UYwPEnbZrcdJgmC1EUpA+60c2lra7VIDMgFhw6E3FGEO5MbzX0mpR7QyQitq7ciju/gOAwywEXA+oX6MbduHHjym4EQQcRr9yXk+blpnkxta3+fzCTJznnuefcvPGc0JwcvfXZ+7s7gb3jtGTBUsmJiDwSqciCGLnkoiAZDuT5S78+fPr6zVuvVzc3r2ypXq3eeGFDVVdWv/ngo1La7UFRDivvHIn10+Hjh08e/XXjvXqg9UAbzZY6erv5Y8u57bm6XQ92bdVrnusErtYbgesn7c2kfcdr7u111GlsX17e890gUKfR0V23o62mtvyOOu869Ybatq2Xl7Om+x9mzZBTu7u15VRnHPDOjHmYtz/CMDyh2ferzqKIXRpqqd091XkBAIBzaaD+/8LUCBVZ6BaUuXQtUIjj/mVAVP+bOK7/o8XCcf1/75nvWpfevL+S1v8PCln1/4s/JPl99X80+tzr/68Grg9XRBfe/jSd/1H9j/Nhtf8V+fPxij0V1f/Rq6G7ov/k7XtrcUD9DwAAAAAAAAAAAAAAAAAAAADARfAoDMthGJbNpfl3/BWC9Lq5dtIXjXHhjHr8i+mOAt3nQ6/cmU0Xc3b95i2x4i/u5VdEvE/btXYtuUzbTcc1Kcuf8fMhlWw4cRA3aqQi33r77dpSmrAY/18VUfHElXUpS6UvP46vvrZ5ZV0TSX48/n67lssvR/k7Uo/zN6Qsj2Xnb2TmF+S5Z3vybSnL93ekKZ5sp+9jJv/jddVX39gcyC/F/bK8fLoPCQAAAAAAc2erWunyudK//k3W77atmtUereWld30+/PlAd329lrk+z5efyp/tuQMAAAAA8H8RFD7cdTzP9YPOyKAk4/oU06MNNOVlzJGjID9Bn77gYRwsndRnsecMJz1yIf0FjUmn4QcdmXjOJvitKJl3ptnCta/Jyr5X08Ds5jpqLHP+E0zMmvYhiEaf+txdP1iN5qPTZg0G5mOjUX3k2qxHHhWY+3pc5yc+//L32YbIpX9W1dv00n1rzJnGQW7gloMxT9pfwnDsfJay3y2+nuVHZgAAAACcE6boLwXmlldGdZ3ql2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDkZt8UbdS+dMNB5sDFf/1UAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDP3dwAAAP//Hnbx/g==")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f00000007c0)='./file0\x00', 0x400c84, &(0x7f00000010c0)={[], [{@euid_eq}, {@dont_appraise}, {@fsname={'fsname', 0x3d, 'blkio.bfq.io_queued\x00'}}, {@fowner_eq}, {@seclabel}, {@smackfshat={'smackfshat', 0x3d, 'fowner>'}}, {@dont_appraise}, {@fowner_gt}]}, 0x1, 0x78e, &(0x7f0000001600)="$eJzs3c1rHOUfAPDvbJKmTfv7JYKg9WJA0EBpYmpsFRQqHkSwUNCz7bLZhppNtmQ3pQkBLSJ4EVQ8CHrpyYMv9ebVl6v+Fx7EUjUtVjxIZPal3TS76yZNdqP5fGCyzzMzm+/z3Xl7dmeYCWDPGk3/ZCIOR8S7ScRwbXwSEQOVUn/Eyep8t1ZXcumQxNray78mlXlurq7kouE9qYO1yoMR8e1bEUcyG+OWlpZns4VCfqFWnyjPXZgoLS0fPT+XncnP5OePT05NHTvx5Inj25fr7z8sH7r23guPfXHyzzcfuPrOd0mcjEO1aY15bNmz66ujMVr7TAbSj3Cd5+852O6S9LoBbEm6afYdqJYPx3D0pds7APCf9npErAEAe0zi+A8Ae0z9d4Cbqyu5+tDbXyS66/pzEbG/mn/9/GZ1Sn/tnN3+ynnQoZvJujMjSUSMbEP80Yj4+KtXP0uH2K7zkAAdeONyRJwdGd24/082XLOwWY+3mbav9jp61/g0vjPQ0B1fp/2fp5r1/zK3+z/RpP8z2GTb3Ypm2/+6EQe2IUgb1z+JeKbh2rZbDfnXjPTVav+r9PkGknPnC/l03/b/iBiLgcG0PtkmxtiNv260mtbY//vt/dc+TeOnr3fmyPzcP7j+PdPZcvZecm50/XLEQ/3N8k9uL/+kRf/3dIcxXnz67Y9aTUvzT/OtDxvzj+o1iDtk7UrEo02X/50r2pK21ydOVFaHifpK0cSXP3441Cp+4/JPhzR+/btAN6TLf6h9/iNJ4/Wapc3H+P7K8DetprXNv74JNln/9yWvVMr1fsSlbLm8MBmxL3lp4/hjd957KftwrVSdP81/7JHm23+79T/9Tni2w/z7r/3y+Zby74I0/+lNLf/NF67emu1rFX80XVRt80/3f1OV0lhtTCf7v04beC+fHQAAAAAAAAAAAAAAAAAAAAAAAAB0KhMRhyLJjN8uZzLj49VneN8fQ5lCsVQ+cq64OD8dlWdlj8RApn6ry+GG+6FO1u6HX68fu6v+RETcFxEfDB5I6vdRnO5x7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQd7DF8/9TPw0mvW4eALBT9ve6AQBA1zn+A8De4/gPAHtPZ8f/vh1vBwDQPb7/A8De4/gPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADjt96lQ6rP2xupJL69MXlxZnixePTudLs+Nzi7nxXHHhwvhMsThTyI/ninP/9P8KxeKFqZhfvDRRzpfKE6Wl5TNzxcX58pnzc9mZ/Jn8QFeyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDNKS0tz2YLhfyCwhYKa7ujGb0v9NVWp93Snq4Wkt3RjG0u9HjHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAv8XcAAAD///W2H+U=")
bpf$MAP_CREATE(0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="1e00000005000000020000000400000000020000", @ANYRES32=r2, @ANYBLOB="8000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="09000000050000000500"/28], 0x50)
socket(0x80000000000000a, 0x1, 0x0)
r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r4 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r4, 0x4000)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
r7 = socket(0x2, 0x801, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f00000012c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB="98049a08e54df9982fb480c1bf8ee62d9f"])
write$UHID_INPUT(r6, &(0x7f0000000000)={0xc, {"a2e3ad21ed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b32306d090890e0878f0e1ac6e7049b3371959b719a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
fallocate(r3, 0x0, 0x0, 0x1000f4)
io_setup(0x5ff, &(0x7f0000000400))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000001180)={{{@in6=@mcast2, @in6=@dev}}, {{@in=@loopback}, 0x0, @in6=@local}}, &(0x7f0000001280)=0xe8)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001400)={{{@in=@local, @in6=@empty}}, {{@in6=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000001500)=0xe8)

1.761301511s ago: executing program 1 (id=3910):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c0000003e000701fcfffffff6dbdf25017c0000080003804e2d"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r7, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x20, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}]}, 0x20}}, 0x24000000)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000400)={'ip6tnl0\x00', <r9=>0x0, 0x29, 0xfa, 0xd, 0x3, 0x20, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x7800, 0x74e, 0x3, 0xfffffeff}})
r10 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r11}, 0x10)
write$selinux_attr(r10, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
sendmsg$nl_route(r8, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)=@bridge_getlink={0x34, 0x12, 0x100, 0x70bd2b, 0x25dfdbfe, {0x7, 0x0, 0x0, r9, 0x8000, 0x40}, [@IFLA_VF_PORTS={0x8, 0x18, 0x0, 0x1, [{0x4}]}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000001)

1.754454301s ago: executing program 3 (id=3912):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002305e20000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x1}, 0x9)
r1 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
write$selinux_context(r1, &(0x7f0000000340)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) (fail_nth: 3)

1.734266361s ago: executing program 1 (id=3913):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(r2, &(0x7f0000000480)=[{&(0x7f0000002640)="91eb51a79143569d", 0x8}], 0x1)
r5 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0x0, 0xfffffffd}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x10, 0x0, 0x0, 0x0, 0x31713, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r5, 0x18, &(0x7f0000000000)={0x6, 0xffffffffffffffff, 0x21, {0x4, 0x1}, 0x6}, 0x1)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1}}, 0x3c)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r9, &(0x7f00000002c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@delchain={0x2c, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xe}, {0xffff, 0x3}, {0xffff, 0x1}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

1.708167642s ago: executing program 3 (id=3915):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SG_GET_TIMEOUT(0xffffffffffffffff, 0x2202, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioprio_set$pid(0x1, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a)
r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
io_setup(0x4, &(0x7f00000003c0)=<r6=>0x0)
io_submit(r6, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f0000000000), 0x1a00001a}])
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="d8000000190081054e81f783db4cb9040a1d080006007c02cdfc55a10a0017000600a42603600e12080006ba0474f701a8000100fe80ffff7f6f94007134cf6efb8000a007a290457f01890500277ce06bbaceac3c2fb14c2ee5a7a3aab62f00001fb71b14d6d930dfe1d9d322fe7c2e8771820d16a4683f5aeb4edbb5952a0f536ffd77500db798262f3d409c1f40cb9f92b74f51fad9e3bb9ad809d5e1cace0d81ed0b764434a19789bf0cffece0b4129ecbee5de6ccd4e1ffffffffc2c9b627430600007c388b0dd6e4edef3d93000020000000000000", 0xd8}], 0x1}, 0x0)
syz_io_uring_setup(0xd59, &(0x7f00000000c0)={0x0, 0x79ae, 0x3180, 0x7ffe, 0x40024e}, &(0x7f0000000300), &(0x7f0000000040))
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r10}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r11}, 0x18)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)

1.484964016s ago: executing program 1 (id=3920):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000e40), &(0x7f0000000040)}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r1, 0x0, 0x2000}, 0x18)
lstat(&(0x7f0000000200)='./file0\x00', 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f0000000580)=0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x7, &(0x7f00000006c0)={0x0, 0x0, 0xac1d})
perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x20046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffc, 0x1}, 0x116eb, 0x3, 0x9, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x400000000fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$lock(r2, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x7})
fcntl$lock(r2, 0x25, &(0x7f00000000c0)={0x0, 0x0, 0x543117df})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400e, &(0x7f0000000300), 0x1, 0x440, &(0x7f0000000cc0)="$eJzs28tvG8UfAPDv2kn66+uXUJVHH0CgIMoradJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSJy6IIxJ/ASe4IOCExBXuqFKFcmnhZLT2bmI7thunTlzqz0dad2Z33Jmvd8ee2ckG0LdG05ckYk9E/B4Rw9VsfYHR6j83V5am/15Zmk6iXH7zr6RS7sbK0nReNH/f7jwzEFH4NIlDTepduHT53FSpNHsxy48vnn9vfOHS5Wfnzk+dnT07e2Hy1KkTxyeePzn5XFfiTOO6cfDD+cMHXn376uvTp6++8/O3SR5/QxxdMtru4OPlcper6629NelkoIcNoSPFajeNwUr/H45irJ284Xjlk542DthS5XK5fF/rw8tl4C6WRK9bAPRG/kOfzn/zbZuGHneE6y9WJ0Bp3DezrXpkIApZmcGG+W03jUbE6eV/vkq32Jr7EAAAdb5Pxz/PNBv/FaL2vtD/szWUkYi4JyL2RcTJiNgfEfdGVMreHxEPdFh/4yLJ+vFP4dqmAtugdPz3Qra2VT/+y0d/MVLMcnsr8Q8mZ+ZKs8eyz+RoDO5I8xNt6vjh5d8+b3WsdvyXbmn9+Vgwa8e1gR3175mZWpy6nZhrXf844uBAs/iT1ZWAJCIORMTBTdYx99Q3h1sdu3X8bXRhnan8dcQT1fO/HA3x55L265Pj/4vS7LHx/KpY75dfr7zRqv7bir8L0vO/q+n1vxr/SFK7XrvQyf/+5ZPp65U/Pms5p9ns9T+UvFW374OpxcWLExFDyWvVRtfun2woN7lWPo3/6JHm/X9frH0ShyIivYgfjIiHIuLhrO2PRMSjEXGkzafw00uPvbv5+LdWGv9MR+d/LTEUjXuaJ4rnfvyurtKRTuJPz/+JSupotmcj338baVenVzMAAAD8VxUiYk8khbHVdKEwNlb9G/79satQml9YfPrM/PsXZqrPCIzEYCG/0zVccz90IpvW5/nJhvzx7L7xF8WdlfzY9HxpptfBQ5/b3aL/p/4s9rp1wJbzvBb0L/0f+pf+D/1L/4f+1aT/7+xFO4Dt1+z3/6MetAPYfg3937If9BHzf+hfm+n/vjPg7tC2Lw9tXzuAbbWwM279kLyExLpEFO6IZkhsUaLX30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd8W8AAAD//58P56I=")
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000004c0), 0x4000)

1.22252634s ago: executing program 1 (id=3922):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff71)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000003c0)=[@in6={0xa, 0x4e21, 0x1, @private1, 0x4}], 0x1c)
sendmsg$inet_sctp(r1, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r4 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0)
r6 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[], [], 0x6b}})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x4, 0x18, &(0x7f0000000800)=@raw=[@alu={0x4, 0x0, 0x6, 0xa, 0x3, 0x18, 0xfffffffffffffffc}, @map_idx={0x18, 0x4, 0x5, 0x0, 0x6}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @alu={0x7, 0x1, 0x7, 0xb, 0x0, 0x1, 0x4}, @exit, @cb_func={0x18, 0xb, 0x4, 0x0, 0x5}, @map_val={0x18, 0xb, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x427}, @call={0x85, 0x0, 0x0, 0x89}], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, @fallback=0x1d, r5, 0x8, &(0x7f0000000480)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0xe, 0x10, 0x1}, 0x10, 0x0, r5, 0x6, &(0x7f00000006c0)=[r2, r3, 0xffffffffffffffff, r5, r2, r5, 0xffffffffffffffff, r2, r6, r7], &(0x7f0000000ac0)=[{0x2, 0x5, 0xa, 0x9}, {0x0, 0x5, 0x5, 0x2}, {0x2, 0x2, 0xe, 0xa}, {0x2, 0x4, 0xe, 0xb4dddf13ea800493}, {0x4, 0x4, 0xc, 0x9}, {0x2, 0x5, 0xb, 0x6}], 0x10, 0x3}, 0x94)
r9 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
close(r9)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0x34000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000002000000000000001108000018110000", @ANYRES32=0x1, @ANYRES16=r8, @ANYRES16=r9, @ANYBLOB="0000000001000000850000003b00000018230000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff18270000", @ANYRES32, @ANYBLOB="000000000e0000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xd7, &(0x7f00000004c0)=""/215, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000380)={0x2, 0xf, 0x2, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r5], 0x0, 0x10, 0xd0ad}, 0x94)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x800)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[], 0x88}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00'}, 0x18)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x84d03, 0x0)
msync(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x5)

1.059060963s ago: executing program 3 (id=3924):
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket(0x10, 0x80003, 0x0)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
close_range(r1, 0xffffffffffffffff, 0x0)

1.038864133s ago: executing program 2 (id=3925):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r3, r2, 0x0, 0x578410e9)

901.133195ms ago: executing program 3 (id=3928):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_config_ext={0x8, 0x6}, 0x80, 0x10003, 0x7fff, 0x5, 0x4, 0xf095, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f00000005c0)={0x3, {{0xa, 0x4e22, 0x2, @loopback, 0xba}}, {{0xa, 0x4e20, 0x6, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x81}}}, 0x108)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x2c0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc8, 0x110, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x320)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000007c0)={<r3=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20)
stat(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f0000fffffffffffffff000000000"], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000580)=@proc={0x10, 0x0, 0x25dfdbfd, 0x40}, 0xc, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYRES8=r2, @ANYRESDEC, @ANYRES32, @ANYRES32, @ANYBLOB="00000000000001000000", @ANYRES32, @ANYRES32, @ANYRES32=<r7=>0xffffffffffffffff, @ANYRES32, @ANYRES32=<r8=>0xffffffffffffffff, @ANYRES16, @ANYRES32, @ANYRES32], 0x50, 0x24040094}, 0x80)
r9 = getegid()
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000c00)=ANY=[@ANYRESDEC, @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES64, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="0ffe0500", @ANYRES64, @ANYRES8=r3, @ANYBLOB="02000300", @ANYRES64=<r10=>0xffffffffffffffff, @ANYRES8, @ANYRES8=r6, @ANYBLOB="7de0de6148d7d44c4d01feff92df69b773e9c6737f8fbda7576c2a151378b664926695450adc68e74593831c634553c00cb92a5f09f1c0132806000000000000005700293ee4dfd9070d460cc6774ad5cb403d22ce7bb4b14a65f01a380eda03b8428463d1ec2d77a191a3cb3e8a00ab76ce4ff7880e58ee8b72a54aed6bc3ea21649a123d5d14c83585f2d7f4b5986ed3e9d1e1bd077ecc359f2ad08384ab24b0908866", @ANYRESDEC=r4, @ANYRESDEC=r8, @ANYRES32=0x0, @ANYBLOB="080006", @ANYRES32=r5, @ANYBLOB, @ANYRES32=0xee00, @ANYBLOB="08000400", @ANYRES32=r9, @ANYBLOB="10000400000000002000000000000000"], 0x94, 0x1)
lstat(&(0x7f0000000380)='./file0/file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, <r11=>0x0, <r12=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}, 0x4000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x22400049, &(0x7f00000002c0)={[{@nombcache}, {@abort}, {@nomblk_io_submit}, {@noblock_validity}, {@nolazytime}, {@jqfmt_vfsold}, {@jqfmt_vfsv0}, {@barrier_val={'barrier', 0x3d, 0xd95a}}, {@debug}]}, 0x84, 0x480, &(0x7f00000004c0)="$eJzs3M9vFFUcAPDvTH8gP0oXxB8gyioSG9GWFlQOXjSacDEx0YMea6kEWcDQmgghUo3Bo/EvUI8m/gWe9GLUk8ar3o0JMVxED2bN7M7Att2tbbfbBefzSab73vx6782b13kzb2cDKK1q9ieJ2BERv0TEaDO6eIVq8+PG9cszf12/PJNEvf7KH0ljvT+vX54pVt2Rf27P9zmWRqQfJrHQJt25i5fOTNdqsxfy+MT82bcn5i5eevL02elTs6dmz00dP37s6OQzT089tSHlHMnyuu+98/v3nnj9k5dmYuGN77/M8j+QL28tR1Ol6zSrUY16vV5PF80dbvw91PXeby8jLeFksI8ZYU2y8z+rrqFG+x+NgbhVeaPx4gd9zRzQU9n1adeyuc2rYnooaSwH/q+0cSir4oqf3f8W0+b2QPrr2nPNG6Cs3DfyqblkMLL79qTSvGMf6FH6OyLitYW/P82maPscAgBgY32d9X+eaNf/S+PelvV25mNDlYg4HBG7I+LuiNgTEfdENNa9LyLuX2P61SXx5f2fn7auq2CrlPX/ns3Hthb3/26O2lQG8thIo/xDyZuna7NH8mMyFkNbsvjkCml888LPH3daVm3p/2VTln7RF8zz8fvglsXbnJyen+6mzK2uvR+xb7Bd+ZObIwFJROyNiH3r2H92zE4//sX+LLxz+/Ll/13+FWzAOFP984jHmvW/EEvKX0iaKXUan5y4K2qzRyaKs2K5H368+nJrfKgl3FX5N0BW/9vanv95+YtmUIzXzq09jau/ftTxnma95/9w8mojPJzPe3d6fv7CZMRwPmPR/Klb2xbxYv2s/GMH27f/3RH/fJZv90BEZCfxgxHxUEQcyPP+cEQ8EhEHVyj/d88/+tbKR6i/9X+yQ/3nZ0AlaR2vX0dg4My3X3VKf3X1f6wRGsvnrOb/32oz2N3RAwAAgDtD2hiDTtLxm+E0HR9vfod/T2xLa+fn5g9X451zJ5tj1ZUYSosnXaMtz0Mn82fDRXxqSfxoROxqfNNoayM+PnO+NtLvwkPJbe/Q/jO/9epLL8DtY03jaEnv8gFsPu9rQnlp/1Be2j+Ul/YP5dWu/V+JuNGHrACbzPUfykv7h/LS/qG8tH8opeWvxBc/t7KeN/1vBXaf6GrzEgUGutt8IiLaLorWH+3oQSDSPh66+pV6vZv9pP2v9wtzB/LAlohY7VZXelqnS8+fFXk7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCP8GwAA///IPOO2")
r14 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r14, 0x4003, 0x1)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000a00)=ANY=[@ANYBLOB="020000000100010000000000", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32=0x0, @ANYBLOB="040004000000000008000300", @ANYRES32=0x0, @ANYBLOB='\b\x00\f\x00', @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=r12, @ANYRES32=0x0, @ANYBLOB="08000600", @ANYRES32=0x0, @ANYRES16=r10, @ANYRES32=r5, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r12, @ANYRESDEC=r7, @ANYRES32, @ANYBLOB="08000600", @ANYRES32=r13, @ANYBLOB="300002000000000020f2000000001cfc"], 0x84, 0x0)
r15 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48)
r16 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r15}, &(0x7f0000000040), &(0x7f00000002c0)=r16}, 0x20)
r17 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r17}, 0x10)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
r18 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r18, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socket$nl_route(0x10, 0x3, 0x0)

784.207177ms ago: executing program 3 (id=3932):
fsopen(&(0x7f0000000240)='ramfs\x00', 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000800)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000200)='sys_enter\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300000004000085"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usbip_server_init(0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r2, 0x0, 0x5}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000a40)={0x0, 0x465d, 0x8, 0x200002, 0x80014a}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r8, 0x5522)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r9, 0x5522, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r7, 0x5522)
ioctl$USBDEVFS_SETINTERFACE(r7, 0x80045510, &(0x7f0000000000))
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r10, 0x0, 0xfffffffffffffffc}, 0x18)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_UNLINKAT={0x24, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x509, 0x966, 0x21, 0x0, 0x0)
r11 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r11, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r11, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)

701.434958ms ago: executing program 4 (id=3934):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0xf00, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="3800000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100"], 0x38}}, 0x0)

645.581029ms ago: executing program 4 (id=3935):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYRES64, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000110000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x14, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
close(r0)
socket$inet6(0xa, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac", @ANYRES16=r2, @ANYBLOB="bf4400000000000000000c0000008000058014000280080001000000000008000100090000002c0002800800020001000000080004005fbe0000080001001b00000008000200000000000800020009000000070001006962000034000280080003006400000008000400090000000800030051bd000008000300fc00000008000300a90f000008"], 0x2ac}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x2, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f1ff0000000071103300000000001d300500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa36"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000004c0), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x82e, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7205d7794690ddbe}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020027bd7000ffdbdf250200000005000600c1000000050006009f00000005000500040000001d6600000000"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0500000005000000fd0900008500000041000000", @ANYRES32, @ANYBLOB="12000000009f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r6}, 0x38)

555.119191ms ago: executing program 4 (id=3938):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e22, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0xffffff88}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000000b40)=[{{&(0x7f00000000c0)={0xa, 0x20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000240)="ad", 0x1}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000800)=',', 0x1}], 0x1, &(0x7f0000000a00)=ANY=[@ANYBLOB="180000000000000029000000360000003b000000000000001400000000000000290000000b000000000000020000000028"], 0x58}}], 0x2, 0x0) (async)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f0000000080)=[{&(0x7f0000000e40)="480000001400190d09004beafd0d36020a8447000b4e230f00000000a2bc560119d7004f19dfb7f393d7359031033f817f00000000000000000101ff05c00e030002000000ffff01", 0x48}], 0x1) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4) (async)
close(r0) (async)
write$cgroup_type(r1, &(0x7f0000000280), 0x9) (async)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000009"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x2c, 0x0, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24040090}, 0x0) (async, rerun: 32)
quotactl$Q_SYNC(0x2, 0x0, 0x0, 0x0) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r8}, 0x10) (async, rerun: 64)
r9 = socket$unix(0x1, 0x2, 0x0) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r10=>0x0})
r11 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r11, &(0x7f0000000200)={0x1d, r10}, 0x10) (async)
sendmsg$can_bcm(r11, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca7e4d5d5bdbe70000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r10, @ANYRES64=r9, @ANYBLOB="3bf81bb9e9"], 0x20000600}}, 0x0) (async)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="4401000010001307000000000000000000000000000000000000000000000001fc00000000000000000000000000000100100000008000"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8=r7], 0x144}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)

461.190433ms ago: executing program 4 (id=3940):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000001ccb140418110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)={0x34, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x34}}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000100)=@filter={'filter\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x1f8, 0xd0, 0x1f8, 0xffffffff, 0xffffffff, 0x300, 0x300, 0x300, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@ipv6={@empty, @rand_addr=' \x01\x00', [0x0, 0xffffffff, 0xffffffff, 0xff000000], [0x0, 0x0, 0xffffffff, 0xff], 'veth1_to_team\x00', 'batadv_slave_0\x00', {0xff}, {}, 0x16, 0x81, 0x4, 0x1a}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4}}}, {{@ipv6={@mcast1, @private1, [0xffffffff, 0x0, 0xffffff00, 0x1ffffff01], [0xffffff00, 0xffffffff, 0x0, 0xffffff], 'veth1\x00', 'veth1_to_team\x00', {0xff}, {}, 0x0, 0x8, 0x5, 0x2e}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}, {0x29, 0x49, 0x7, 0xc, 0xc739, 0x323, 0x8}}, @common=@icmp6={{0x28}, {0xb, "7da0"}}]}, @REJECT={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @empty, [0xff, 0xff000000, 0xff0000ff, 0xffffff00], [0xffffff00, 0xffffff00, 0x0, 0xff000000], 'caif0\x00', 'pimreg1\x00', {}, {}, 0x21, 0x83, 0x4}, 0x0, 0xd8, 0x108, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@broadcast}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x1, 0x1, 0x2}, {0x0, 0x1, 0x2}, 0x7, 0xfff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f00000000c0), 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x3}, 0x8)

460.730363ms ago: executing program 0 (id=3941):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000100)=@req3={0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x861}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) (async, rerun: 64)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c) (async, rerun: 64)
socket$inet(0x10, 0x3, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x1, 0x6}, 0x2, 0x7fffffff, 0x2, 0x7, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) (async)
socket$xdp(0x2c, 0x3, 0x0) (async)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES64, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
accept4$bt_l2cap(r2, 0x0, &(0x7f00000003c0), 0x800) (async, rerun: 64)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) (rerun: 64)
r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r4 = open(0x0, 0x14507e, 0x0) (async, rerun: 64)
fallocate(r3, 0x0, 0x0, 0x1000f4) (rerun: 64)
io_setup(0x7d, 0x0) (async)
io_submit(0x0, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r4, &(0x7f0000000000)="96", 0xfffffe10, 0x0, 0x0, 0x0, r4}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r3, 0x0, 0x0, 0xffffffffffffffff}])
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x18) (async)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) (async)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, '\x00', "07f217bd74511e465bbbd5de01000000f9044677d4d588363d63af84db44be59", "00f8ff00", "8ce63ecbc640735f"}, 0x38) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000020000bd00000009000700"/28], 0x1c}}, 0x0) (async, rerun: 64)
sendto$inet6(r0, &(0x7f0000000280)='S', 0x1, 0x8000, 0x0, 0x0) (async, rerun: 64)
close(r0) (async)
ustat(0x0, &(0x7f0000000380))

460.276833ms ago: executing program 4 (id=3942):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f0000000280)={[{@noquota}, {@noquota}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}], [{@seclabel}]}, 0x2, 0x4f0, &(0x7f0000000d40)="$eJzs3c9vG1kdAPDvOHGTtFmcBQ7LSiwVLEpXUDvZsmzEoRQJwakSpVw4hZA4URQ7jmKnbawKpeIPQEL8Epw4cUHijJBQ/wSEVAnuCCFQBW05cACMxhnTEBzHUeM4rT8f6WXevDee73ux/TxvZmQHMLIuR8SNiBiLiHciopCV57IUe/sp3e7pk/vLaUqiNXH7r0kkWVlnX0m2vJQ9bDIivvrliG8m/x+3vtvcWKpUytvZeqlR3SrVd5tX16tLa/mscOH9hfcW5k6tr9e/+KcffOdnX7r+60/f/cPiX658K23WdFZ3sB/92Otzu/2u59v/i47xiNg+SbBzbCzrT37YDQEAoC/pMf4HI+LjEfHsx8NuDQAAADAIrc9Pxz+TiBYAAADwysq174FNcsXsXoDpyOWKxf17eD8cF3OVWr3xqdXazubK/r2yM5HPra5XynPZvcIzkU/S9fl2/vn6u4fWr0XE6xHxvcJUe724XKusDPvkBwAAAIyIS4fm/38v7M//e5g4s8YBAAAAp2dm2A0AAAAABs78HwAAAF59R87/k/GzbQgAAAAwCF+5eTNNrc7vX6/c2d3ZqN25ulKubxSrO8vF5dr2VnGtVltrf2df9bj9VWq1rc/E5s69UqNcb5Tqu83Fam1ns7G4Xl1aKy+WW4Uz6RYAAABwwOsfe/j7JCL2PjfVTqkLWV3++IffGGzrgEHKnWzzpL9hAXgZjA27AcDQuMEXRpeDeSDpXf39Q+snPG0AAACcB7MfeaHr/8dMG4DzzEQeRpfr/zC6XP+H0eX6P4y4ieM3mTyq4jen3BYAAGBgptspyRWza4HTkcsVixGvtX8WIJ+srlfKcxHxgYj4XSE/ka7PD7vRAAAAAAAAAAAAAAAAAAAAAAAAAPCSabWSaAEAAACvtIjcn5Psh/xnC29PHz4/cCH5R6G9jIi7P7n9w3tLjcb2fFr+t/+WN36Ulb/bKUl9/YzPZAAAAAAdnXl6Zx4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKfp6ZP7y510lnEffyEiZrrFH4/J9nLyl4WIuPgsifEDj0siYuwU4u89iIg3usVP0mbFTNaKw/FzETE15PiXTiE+jLKH6fhzI33/5Q+9/3Jxub3s/v4bz9KLenz5qPEv1xn/2uNct/Hvtd67nuxk3nz0i9KR8R9EvDneffzpxE+6xb/Qfx+/8bVm86i61k8jZo/5/EnjlxrVrVJ9t3l1vbq0Vl4rb167Nv/ZhfcX3luYK62uV8rZ364xvvvRX/27V/8vdo2/P/4e2f+IeLvP/v/r0b0nH+oR/8onuj//b/SIn74mPpl9DqT1s5383n7+oLd+/tu3evV/5Yj+93z+I+JKn/1/59a3/9jnpgDAGajvNjeWKpXy9kAyUwPbs8xuMz0EH2Yz8tlr6Hz8N2Q6mYmDJbeyJ+nE+xnioAQAAAzE84P+wzUnuMADAAAAAAAAAAAAAAAAAAAAvJCBfxvZxP9+s8Dk8LoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDTfwIAAP//VarKxQ==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r4, &(0x7f0000003000)=@file={0x1, './file1\x00'}, 0x6e)

376.535904ms ago: executing program 4 (id=3943):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000006"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000500)='mm_page_alloc\x00', r3}, 0x10)
r4 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r4, &(0x7f0000000140)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e21, 0x4cfe, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}, 0x24)
sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f0093f33190b04458889b2621f162463c26d097143db9aa5b2670477e700ab1a4f11ceb230767fb4ff69c2c011259e347746067b81c4ebd0ad9d263362de352ce02bb38e4347b170b2e5e78cadbb7ab279184beec5f22681e868ccf729b8ef3487022ed0aaa1878bde3916766ab1e99b882b06cbdb4550d352e19e26c387445bd41689d79bf7d7d68a2084d42de5db2d2ef36df3b18be68b6cb2fd7e5231645e679c02ed13c8107d9f68cb2f03b596548cb3a4f6061f4f357ce5241f147d32cfc0d29708d193661b85ea3c5e2b2ece47e245918c5dce186f9bee9a9f75275a10202316d1c75d7482d91b651f3f8922c76f235684d9452e23de4e951219089115b9d12f9179e254ee874e34826ab0583dc9515d02033e73535797ed28b0f069288aceda23553c476a33f3bad93f5ed8920f35ae02e7f187b576f194e341cf58d3f"], 0x0, 0x34}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r5, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380))
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r6, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000000bc0)={0x4, 0x1, "bbd6dab851780a90d0add47ddcdf67904b074221c442a58d4ac771aace828506884ea44b1f67e6b9f7f588c01248fc2f67f3e069e8399fe4dd09cae1a7618e751a4eef5585cdef47a39767c084bcebb2cbf375d6e47419f742a734edc0f17671bcbc75edb4d8ea4c9af20ad27fc0e906c2457cab6276067660ee58565c1e43cd392d57d77970bb15960128c08f5e6982a7bf35d0e53f60c1ed4e1b10f5b877fe83e0d93aae5ff18f6ba49fc7a437e0df34db79f37c3e9cea37e5aa761de5ec27a84fc798e90edd2411306dafec4e78f8342283194ebf513f2c891c77e5002584be29e152b30f3c02f70c43a52897c6ae3920c27b41a1e61d7438782d08678c21"})
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000300)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x2, 0x4, 0x0, 0x7ffffffffffffffe, 0x38db0863, 0x0, 0x0, 0xd, 0xffffffff})
fallocate(0xffffffffffffffff, 0x20, 0x0, 0x8000)

309.578005ms ago: executing program 0 (id=3944):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x3000, 0x103)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r2}, 0x9)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r3)
sendmsg$NL80211_CMD_GET_WIPHY(r3, 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0x0)

274.457375ms ago: executing program 1 (id=3945):
syz_mount_image$iso9660(&(0x7f0000000cc0), &(0x7f0000000180)='./file1\x00', 0x100c085, &(0x7f0000000d00)=ANY=[@ANYRES8=0x0, @ANYBLOB="c0da5b74006e9c47add458a1bd748b7ffa5628dc52f84873cbe6a43cfd29e4198255a0610d383b0e46b2b6457282a9f3caef22979e54c145e6a0ce2850a890af7c4e1fa3628453c70aae32270b0042f1532cf08030eccdca96e2c97aae42cf5d9ec5f0afa4fcc53c8f9289677038d09ae2b1bd2271e0a76e6324df3a2b01a9ed0277d7e8d6f7d463ae62692faa55bdb43dc2bea18eea4a635951fd0a220a835fa24d0700c8f8c245d1d7638b2cae5ed3bec0d2f0415ddff7884bb34ab0cb1598e9c7b92a29005e4090ede480b3412f5c33da5e7c8672bda19fd3d989f8336d69d9e70de142973e7e1f53987b2d"], 0x10, 0x7f4, &(0x7f0000000e40)="$eJzs3U9oHOfZAPBnFMl2FD5/Id9HPmMcZ2znA5s6ymqVKBU5pJvVSJ5ktSt2V8WmlMTEcjCWk5AQ0pjS1JekLS2lpx7TXEMuubUUWuih7anQHHrpoRDIpSUtLZSWUnDZ2V1r9Wcl/5HlNP39RPadfeeZd953drLPznpnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACASKqzpdJkErW8vnQ6Ha4622wsbDG/395P1xRbrDci6fwX+/bFgW7Vgf9dnX1/5+FoHOo+OxT7OsW+uHzP/fc+8T+jI/3lt+jQzToyfNbY4JMk4uudTl08u7Ky/Mpt6Mgu+taPexP7rnuRv1/tPM5n9bzVyBcq81matxrpzPR06ZFTc610Lq9lrTOtdraQVptZpd1opserJ9LJmZmpNJs401iqz89Walm/8vGHy6XSdPr0xGJWabYa9UeenmhVT+W1Wl6fL2LKpdejE/N4Z0d8Jm+n7ayykKbnL6wsT23X1U7Q5JqavWt2nEMP3fvxax/95cJyZ4cc1kjS2zHLk5Pl8uT0YzOPPV4qjZZL5bUVpXXiWkSMRHQibstOy511zyZ1o709ZsOMiKv/vTNv3nCLRnr5P2qRRz2W4nSkkcZI8bj6NxbVmI1mNGKh8/w3Y+vmb8j////IH3+11XoH838/yx9YnX0wivx/uPvs8LD8v6EXO/A3OqzV+vvd3gzWvRpvxOW4GGdjJVZiOV65mTXuWd/qbfwb2dn25iOLeuTRikbksRCVoibt1aQxE9MxHaV4Nk7FXLQijbnIoxZZtOJMtKIdWbFHVaMZWVSiHY1oRhrHoxonIo3JmImZmIo0spiIM9GIpajHfMxGpWjlfFwotvvUun7d/7XnfvTCrz9+pzN9LWhyi4EknQ9znaA/bxG0Id3fQP7vRIz09u5dyUnskn03+Kru0Ds33LqrRf4fvdPdAAAAAG6jpPj2PYmIsXigmJrLa9mX7nS3AAAAgB1U/K75UKcY60w9EEnn+L+0SeSHu943AAAAYGckxTl2SUSMx4Pdqf7pUpt9CQAAAAD8Gyr+/f9wpxiPeLOocPwPAAAAnzHfGHaN/Y/29K6x21rcm/zkT9FsjiVXFk8/lFyqdOIql+7qLtcrvnitxfbcwWR/r5GimB69fE8SEaPV7FDSv/rlP/d2y0+Kx4OrFyAcdq3/ZJsOxNYdKJ7Ft+NIN+bIuW55rj+nu5bxubyWTVQbtScmk96XI+3XXrzwlSiG/836wv4kzl9YWZ54/qWVc0VfrnRauXKpd3n4pL9URPeEii36crW3BeKBzUc8VpyI0VvveHe9pcHx964mO7L1+JPBdb4VR7sxR8e75fja8e/rrHNy4onJqFT2j7Sz0+3Xrg6MvteLydWR7+2PNrmBV+GtONaNOXb8WLfYpBflNb14cWMvyoPb//q2xXX34p0jb57+688bSTa1XS+mbrEXAHfK+eKqP6tZ6O4iC/3jalcnoa3Lu3f3l7yRd7nzq58y+ssP5LrR2JDd05vJ7m/F8W7M8e7nidGDm+SV0ibv6C9fePkXvXf0R9/7/g++fPiXH6zL6zfQi/fiRDemV8R9PxuSYztj/s66rPpuZ4l3h663VSsnr++dGku6Nx+Kyw9fuHT2heUXll8sl6emS4+WSo+VY6z4qNArhvRU5gH4z7bdPXY++Oq10GF34Uke3eao+r5rPymYiOfjpViJc3GyONsgIh7cvNXxgZ8hnNzmqHV84A4vJ7c5tlyNLa+P3XssiSGxUwNb7P++VxR/u00vCADsgqPb5OEk7u3Of/2/ekusi7grSU5uc9y9Npef6N44t390HMNz+aDf98rP3/YtAgCffVnzk2S8/XbSbOaLz07OzExW2qeytNmoPpM289n5LM3r7axZPVWpz2fpYrPRblT7Xx3PZq20tbS42Gi207lGM11stPLTxZ3f096t31vZQqXezqutxVpWaWVptVFvV6rtdDZvVdPFpadqeetU1iwWbi1m1Xwur1baeaOethpLzWo2kaatLBsIzGezejufy7OxNK+ni818odK8EhG1pYUsnc1a1Wa+2G50G+yvK6/PNZoLRbMTG4f/h93e3gDwafDqG5cvnl1ZWX7l5iZ+ez3Bd3qMAMBasjQAAAAAAAAAAAAAAHz6bTxdr1N7QycCjsVNnz746t64lbMPP3sTn3u/+7LsRIO30s7da17TPb2d5c5vnxueeO7JJy+u1iSjg5v3qTcPnPpdFv3RbdHO5v+nbHaq69v7I/b88Lvdmi8MCU5Gd3ikH0bETSx+NdkiZvffiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgO/8KAAD//wifUTs=")
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200a5d93aa82b508e0000040000000800000001", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
tkill(0x0, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4}, 0x10)
mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x40, &(0x7f0000000840)={[{@mode={'mode', 0x3d, 0x7fffffff}}, {@gid}]})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000000008010800000000000000000a000001617ad726c2e6bd3a156025b9d1e40305000300210000000900010073797a31000000000c00048008000640000e00000600024000070000"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x24080)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3f0, 0x3d8, 0x3d8, 0x3f0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2e0, 0x4001, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4001, 0x1, 0x3, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1, 0x0, 0x4}, 0x18)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000085fde"])
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r6, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000340)={<r7=>0x0, 0x36, 0x0, [0xffffffffffffffff, 0x5, 0x7fffffffffffffff, 0x8001, 0x8], [0x100000001, 0x100000001, 0x3a78, 0x0, 0x2, 0x0, 0x5, 0x2, 0x73afd890, 0x400, 0x100000001, 0x81, 0x5, 0x3, 0x0, 0xa62f, 0x6, 0x5, 0x8, 0x1, 0xfffffffffffffffb, 0x4, 0x2, 0x81, 0xe8, 0x7f, 0x7c, 0x3, 0x9, 0x10001, 0x1, 0xffffffff00000000, 0x18, 0x5, 0x3, 0x10000, 0x2c00000000000000, 0x8001, 0x0, 0xd5ff, 0xe, 0x5ef5, 0x1, 0x81, 0x40, 0x4, 0x1, 0xfff, 0x400, 0x2, 0x1, 0x401, 0x9, 0xb, 0x7f, 0x4, 0x9, 0x3, 0x462, 0x9, 0xe7f, 0x8001, 0x9e, 0x8, 0x81, 0xd1, 0x8000000000000000, 0xb, 0x0, 0x9, 0x8e, 0x4, 0x6, 0x10000, 0x2, 0x100, 0x9, 0x7, 0x222, 0x6, 0x5, 0x4dd, 0x5, 0x3d8e, 0x2b, 0x8, 0x3, 0x7, 0x8000, 0x10001, 0x6be, 0xd939, 0x91dc, 0x1, 0x9, 0x1, 0x4e299829, 0x1, 0x100000000, 0x6, 0xc3, 0x80000001, 0x81, 0x8001, 0xfffffffffffffffa, 0x7, 0x2, 0x8, 0xe9e2, 0x7fffffffffffffff, 0x2, 0xfffffffffffffffe, 0x5e4, 0x9, 0x4, 0x2, 0xaa9, 0x4, 0x800000, 0x4, 0x3ff]})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000780)={r7, 0x1, 0x9})
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)
connect$pppl2tp(r8, &(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, r8, {0x2, 0x4e24, @private=0xa010100}, 0x1, 0x0, 0x2}}, 0x2e)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001640)=ANY=[@ANYBLOB="140100002800010004000000f8dbdf250401f2800c00180008ac0f00000000001400010000000000000000000000ffffac14142d50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e88237dd5b37f5ae655b1086cdffa3a5845bc82ef04e878c5d34e0fda00e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a9c9a8dc6de8181c9eae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d0100010000000000734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be820400e9008af02aade544cc1a54ca331c92556b4bd3c895de0bf44a76f5903d59724e61e0993301f7397af116de9b29f3b92c1cd55efa0c8a84f9faa5c463e0888adaf87ed7ee6c5c07cc45f61cfc4177ee69f1d9246973b9522431cbd14c55dd1b91a84e483ee28ce8010ced2ebb1624b1e2e7b2492297d14a38c6c623bbed"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r11}, 0x10)

259.373696ms ago: executing program 0 (id=3946):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x5, 0x4, 0x8, 0xd}, 0x50)
write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[], 0xff5f)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x4, 0x0, 0x10, "0062ba7d82e7ff00000000000000f7ffffff00"})
r2 = syz_open_pts(r1, 0xb25181)
ioctl$FIONREAD(r2, 0x541b, &(0x7f00000000c0))
r3 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18)
faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)
close(r3)
r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$binfmt_register(r5, &(0x7f0000000500)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x6, 0x3a, '@', 0x3a, '\\\x9e\xbd\x1d\r6\xea\x12+(\x03z', 0x3a, './file0', 0x3a, [0x43, 0x43, 0x50, 0x50, 0x4f, 0x50, 0x46]}, 0x3b)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="a1ab0000000000000e003200000008001701"], 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0)
shutdown(r0, 0x0)
r9 = syz_clone(0x80000400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r9)
tkill(r9, 0x12)

239.240386ms ago: executing program 0 (id=3947):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x7}, 0xf)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='cgroup\x00')
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/128, 0x80}], 0x1, 0x12e, 0x0)

194.808437ms ago: executing program 3 (id=3948):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYRES64, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000110000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x14, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
close(r0)
socket$inet6(0xa, 0x80001, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac", @ANYRES16=r2, @ANYBLOB="bf4400000000000000000c0000008000058014000280080001000000000008000100090000002c0002800800020001000000080004005fbe0000080001001b00000008000200000000000800020009000000070001006962000034000280080003006400000008000400090000000800030051bd000008000300fc00000008000300a90f000008"], 0x2ac}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x2, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f1ff0000000071103300000000001d300500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa36"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000004c0), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x82e, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7205d7794690ddbe}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020027bd7000ffdbdf250200000005000600c1000000050006009f00000005000500040000001d660000000000"], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0500000005000000fd0900008500000041000000", @ANYRES32, @ANYBLOB="12000000009f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r6}, 0x38)

194.413747ms ago: executing program 0 (id=3949):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa6}, 0x90)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20400, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x2)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x202000, 0x0)
ioctl$RTC_UIE_ON(r2, 0x7003)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000000680))

126.530218ms ago: executing program 0 (id=3950):
fsopen(&(0x7f0000000240)='ramfs\x00', 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000800)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000200)='sys_enter\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usbip_server_init(0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r2, 0x0, 0x5}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000a40)={0x0, 0x465d, 0x8, 0x200002, 0x80014a}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r8, 0x5522)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r9, 0x5522, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r7, 0x5522)
ioctl$USBDEVFS_SETINTERFACE(r7, 0x80045510, &(0x7f0000000000))
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r10, 0x0, 0xfffffffffffffffc}, 0x18)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_UNLINKAT={0x24, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x509, 0x966, 0x21, 0x0, 0x0)
r11 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r11, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r11, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)

119.288688ms ago: executing program 2 (id=3951):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x2004}, 0x18)
getpgid(0x0)

70.925569ms ago: executing program 1 (id=3952):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x67}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/vlan/vlan1\x00')
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000010000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$netlink(0x10, 0x3, 0x4)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x8, &(0x7f0000000280)={[{@usrquota}, {@data_err_ignore}, {@data_err_ignore}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
dup3(r6, r7, 0x80000)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r9 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$inet6(r9, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000a80)='kfree\x00', r8, 0x0, 0xfffffffffffffffd}, 0x18)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000ac0)='kmem_cache_free\x00', r4, 0x0, 0x1}, 0x18)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000001c0)='cdg\x00', 0x4)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r10, 0x84, 0x64, &(0x7f0000000600)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)

70.136709ms ago: executing program 2 (id=3953):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000010000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kmem_cache_free\x00', r1}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
finit_module(0xffffffffffffffff, &(0x7f0000000380)='\x00', 0x5)

0s ago: executing program 2 (id=3954):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kmem_cache_free\x00', r1}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
finit_module(0xffffffffffffffff, &(0x7f0000000380)='\x00', 0x5)

kernel console output (not intermixed with test programs):

d_set index 0 as target
[  288.611121][T14409] loop2: detected capacity change from 0 to 4096
[  288.620876][T14414] siw: device registration error -23
[  288.621139][T14409] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  288.639475][T14414] loop4: detected capacity change from 0 to 512
[  288.639890][T14414] EXT4-fs: Ignoring removed nomblk_io_submit option
[  288.662204][T14409] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.669725][T14414] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  288.685572][T14414] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  288.686435][T14414] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80)
[  288.705134][T14414] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features
[  288.737669][T14414] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  288.750283][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.762942][T14421] loop3: detected capacity change from 0 to 2048
[  288.808394][T14424] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3426'.
[  288.856412][T14417] loop0: detected capacity change from 0 to 512
[  288.860146][T14421]  loop3: p1 < > p4
[  288.874520][T14421] loop3: p4 size 8388608 extends beyond EOD, truncated
[  288.883910][T14417] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.897375][T14417] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  288.914170][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.923847][T14429] loop1: detected capacity change from 0 to 8192
[  288.938402][T14417] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  288.953938][T14417] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  288.967064][T14417] EXT4-fs (loop0): This should not happen!! Data will be lost
[  288.967064][T14417] 
[  288.976946][T14417] EXT4-fs (loop0): Total free blocks count 0
[  288.984503][T14417] EXT4-fs (loop0): Free/Dirty block details
[  288.991312][T14417] EXT4-fs (loop0): free_blocks=65280
[  288.992034][T14436] syz.1.3429: attempt to access beyond end of device
[  288.992034][T14436] loop1: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  288.997175][T14417] EXT4-fs (loop0): dirty_blocks=33
[  288.997195][T14417] EXT4-fs (loop0): Block reservation details
[  288.997206][T14417] EXT4-fs (loop0): i_reserved_data_blocks=33
[  289.019772][T14439] loop3: detected capacity change from 0 to 1024
[  289.023165][T14436] Buffer I/O error on dev loop1, logical block 57847, async page read
[  289.041432][T14439] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  289.067800][T14439] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.3431: Allocating blocks 481-513 which overlap fs metadata
[  289.094357][T14436] syz.1.3429: attempt to access beyond end of device
[  289.094357][T14436] loop1: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  289.109101][T14436] Buffer I/O error on dev loop1, logical block 57847, async page read
[  289.121219][T14439] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.3431: Allocating blocks 465-513 which overlap fs metadata
[  289.121673][T13360] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.156919][T14444] loop4: detected capacity change from 0 to 512
[  289.165822][T14444] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  289.183152][T14444] EXT4-fs (loop4): 1 truncate cleaned up
[  289.190719][T14444] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  289.215357][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.227582][T14451] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3436'.
[  289.231031][T14452] binfmt_misc: register: failed to install interpreter file ./file0
[  289.250741][T12654] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.306579][T14463] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  289.306983][T14460] lo speed is unknown, defaulting to 1000
[  289.313485][T14463] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  289.328483][T14463] vhci_hcd vhci_hcd.0: Device attached
[  289.374158][T14472] lo speed is unknown, defaulting to 1000
[  289.579714][ T5411] usb 7-1: new low-speed USB device number 4 using vhci_hcd
[  290.017024][T14485] loop2: detected capacity change from 0 to 512
[  290.024581][T14485] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  290.036818][T14485] EXT4-fs (loop2): 1 truncate cleaned up
[  290.043072][T14485] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  290.066379][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.120913][T14495] loop2: detected capacity change from 0 to 128
[  290.129389][T14495] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  290.144396][T14464] vhci_hcd: connection reset by peer
[  290.150592][ T4071] vhci_hcd: stop threads
[  290.150659][T14495] ext4 filesystem being mounted at /86/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  290.166837][ T4071] vhci_hcd: release socket
[  290.171892][ T4071] vhci_hcd: disconnect device
[  290.181588][T14495] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3451'.
[  290.189995][T14500] loop0: detected capacity change from 0 to 512
[  290.212055][T13150] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  290.212642][T14500] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.242507][T14506] loop2: detected capacity change from 0 to 512
[  290.245993][T14500] bond1: entered promiscuous mode
[  290.254147][T14500] bond1: entered allmulticast mode
[  290.259862][T14500] 8021q: adding VLAN 0 to HW filter on device bond1
[  290.261771][T14506] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.283739][T14500] bond1 (unregistering): Released all slaves
[  290.299555][T14510] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3453'.
[  290.315236][T14513] loop4: detected capacity change from 0 to 256
[  290.315398][T14506] bond1: entered promiscuous mode
[  290.327080][T14506] bond1: entered allmulticast mode
[  290.333385][T14506] 8021q: adding VLAN 0 to HW filter on device bond1
[  290.334703][T14513] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[  290.350173][T14514] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3454'.
[  290.362991][T14506] bond1 (unregistering): Released all slaves
[  290.417945][T14516] loop0: detected capacity change from 0 to 8192
[  290.445323][T14518] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3457'.
[  290.468682][T14520] loop2: detected capacity change from 0 to 512
[  290.475843][T14520] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  290.479120][T14521] syz.0.3456: attempt to access beyond end of device
[  290.479120][T14521] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  290.488101][T14520] EXT4-fs (loop2): 1 truncate cleaned up
[  290.500321][T14521] Buffer I/O error on dev loop0, logical block 57847, async page read
[  290.514329][T14521] syz.0.3456: attempt to access beyond end of device
[  290.514329][T14521] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  290.529367][T14521] Buffer I/O error on dev loop0, logical block 57847, async page read
[  290.560642][T14527] loop2: detected capacity change from 0 to 512
[  290.571687][T14527] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.594931][T14527] bond1: entered promiscuous mode
[  290.600471][T14527] bond1: entered allmulticast mode
[  290.606330][T14527] 8021q: adding VLAN 0 to HW filter on device bond1
[  290.616290][T14527] bond1 (unregistering): Released all slaves
[  290.640735][T14531] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3460'.
[  290.734649][T14543] loop2: detected capacity change from 0 to 512
[  290.742334][T14541] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  290.742455][T14543] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  290.748873][T14541] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  290.748941][T14541] vhci_hcd vhci_hcd.0: Device attached
[  290.771069][T14543] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.789151][T14543] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.3466: corrupted xattr block 19: overlapping e_value 
[  290.804381][T14543] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  290.932662][T14554] loop2: detected capacity change from 0 to 512
[  290.952148][T14554] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  290.966673][T14554] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  290.981490][T14554] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  290.994017][T14554] EXT4-fs (loop2): This should not happen!! Data will be lost
[  290.994017][T14554] 
[  291.003750][T14554] EXT4-fs (loop2): Total free blocks count 0
[  291.009758][T14554] EXT4-fs (loop2): Free/Dirty block details
[  291.015652][T14554] EXT4-fs (loop2): free_blocks=65280
[  291.021099][T14554] EXT4-fs (loop2): dirty_blocks=33
[  291.026322][T14554] EXT4-fs (loop2): Block reservation details
[  291.032470][T14554] EXT4-fs (loop2): i_reserved_data_blocks=33
[  291.089909][   T36] usb 3-1: new low-speed USB device number 6 using vhci_hcd
[  291.097840][T14561] loop2: detected capacity change from 0 to 512
[  291.105618][T14561] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  291.118168][T14561] EXT4-fs (loop2): 1 truncate cleaned up
[  291.560783][T14544] vhci_hcd: connection reset by peer
[  291.590791][ T4071] vhci_hcd: stop threads
[  291.595125][ T4071] vhci_hcd: release socket
[  291.599734][ T4071] vhci_hcd: disconnect device
[  291.876132][T14573] loop0: detected capacity change from 0 to 512
[  291.891209][T14573] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  291.905092][T14573] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  291.919902][T14573] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  291.932339][T14573] EXT4-fs (loop0): This should not happen!! Data will be lost
[  291.932339][T14573] 
[  291.933261][T14583] loop2: detected capacity change from 0 to 2048
[  291.942073][T14573] EXT4-fs (loop0): Total free blocks count 0
[  291.954566][T14573] EXT4-fs (loop0): Free/Dirty block details
[  291.960620][T14573] EXT4-fs (loop0): free_blocks=65280
[  291.966047][T14573] EXT4-fs (loop0): dirty_blocks=33
[  291.971413][T14573] EXT4-fs (loop0): Block reservation details
[  291.977748][T14573] EXT4-fs (loop0): i_reserved_data_blocks=33
[  292.021217][T14583] Alternate GPT is invalid, using primary GPT.
[  292.027977][T14583]  loop2: p1 p2 p3
[  292.111019][T14591] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  292.118320][T14591] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  292.126681][T14591] vhci_hcd vhci_hcd.0: Device attached
[  292.143696][T14597] siw: device registration error -23
[  292.149274][T14592] vhci_hcd: connection closed
[  292.159381][   T12] vhci_hcd: stop threads
[  292.168630][   T12] vhci_hcd: release socket
[  292.173091][   T12] vhci_hcd: disconnect device
[  292.182416][T14597] loop0: detected capacity change from 0 to 512
[  292.188811][T14596] loop4: detected capacity change from 0 to 512
[  292.189072][T14597] EXT4-fs: Ignoring removed nomblk_io_submit option
[  292.195677][T14596] EXT4-fs: Ignoring removed bh option
[  292.203556][T14597] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  292.215459][T14597] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  292.216095][T14596] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  292.232110][T14597] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (80)
[  292.241666][T14597] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features
[  292.271117][T14596] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  292.339969][T14606] loop0: detected capacity change from 0 to 512
[  292.361064][T14610] __nla_validate_parse: 1 callbacks suppressed
[  292.361083][T14610] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3487'.
[  292.361517][T14606] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  292.367712][T14610] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3487'.
[  292.400981][T14606] bond1: entered promiscuous mode
[  292.406454][T14606] bond1: entered allmulticast mode
[  292.412184][T14606] 8021q: adding VLAN 0 to HW filter on device bond1
[  292.421816][T14606] bond1 (unregistering): Released all slaves
[  292.446622][T14616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3485'.
[  292.521678][T14623] loop0: detected capacity change from 0 to 1024
[  292.528890][T14623] ext4: Unknown parameter 'obj_type'
[  292.545606][T14623] 9pnet: Could not find request transport: 0xffffffffffffffff
[  292.571727][T14626] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  292.578445][T14626] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  292.586178][T14626] vhci_hcd vhci_hcd.0: Device attached
[  292.721430][T14633] FAULT_INJECTION: forcing a failure.
[  292.721430][T14633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  292.734910][T14633] CPU: 1 UID: 0 PID: 14633 Comm: syz.1.3493 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  292.734930][T14633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  292.734939][T14633] Call Trace:
[  292.734943][T14633]  <TASK>
[  292.734948][T14633]  __dump_stack+0x1d/0x30
[  292.734965][T14633]  dump_stack_lvl+0xe8/0x140
[  292.734988][T14633]  dump_stack+0x15/0x1b
[  292.734998][T14633]  should_fail_ex+0x265/0x280
[  292.735028][T14633]  should_fail+0xb/0x20
[  292.735109][T14633]  should_fail_usercopy+0x1a/0x20
[  292.735166][T14633]  strncpy_from_user+0x25/0x230
[  292.735181][T14633]  path_setxattrat+0xeb/0x310
[  292.735204][T14633]  __x64_sys_setxattr+0x6e/0x90
[  292.735224][T14633]  x64_sys_call+0x28a7/0x2fb0
[  292.735257][T14633]  do_syscall_64+0xd2/0x200
[  292.735270][T14633]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  292.735287][T14633]  ? clear_bhb_loop+0x40/0x90
[  292.735319][T14633]  ? clear_bhb_loop+0x40/0x90
[  292.735331][T14633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.735344][T14633] RIP: 0033:0x7f7da3b8e9a9
[  292.735355][T14633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  292.735367][T14633] RSP: 002b:00007f7da21f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  292.735396][T14633] RAX: ffffffffffffffda RBX: 00007f7da3db5fa0 RCX: 00007f7da3b8e9a9
[  292.735404][T14633] RDX: 0000000000000000 RSI: 0000200000000880 RDI: 0000000000000000
[  292.735411][T14633] RBP: 00007f7da21f7090 R08: 0000000000000000 R09: 0000000000000000
[  292.735418][T14633] R10: 0000000000000835 R11: 0000000000000246 R12: 0000000000000001
[  292.735426][T14633] R13: 0000000000000000 R14: 00007f7da3db5fa0 R15: 00007ffcb8fa4b08
[  292.735437][T14633]  </TASK>
[  293.012249][   T23] usb 1-1: new low-speed USB device number 6 using vhci_hcd
[  293.026028][T14635] loop1: detected capacity change from 0 to 512
[  293.041808][T14635] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  293.055036][T14635] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  293.069782][T14635] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  293.082263][T14635] EXT4-fs (loop1): This should not happen!! Data will be lost
[  293.082263][T14635] 
[  293.091989][T14635] EXT4-fs (loop1): Total free blocks count 0
[  293.098049][T14635] EXT4-fs (loop1): Free/Dirty block details
[  293.104233][T14635] EXT4-fs (loop1): free_blocks=65280
[  293.109644][T14635] EXT4-fs (loop1): dirty_blocks=33
[  293.114788][T14635] EXT4-fs (loop1): Block reservation details
[  293.120780][T14635] EXT4-fs (loop1): i_reserved_data_blocks=33
[  293.183420][T14643] siw: device registration error -23
[  293.192309][T14643] loop2: detected capacity change from 0 to 512
[  293.199298][T14643] EXT4-fs: Ignoring removed nomblk_io_submit option
[  293.207512][T14643] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  293.215608][T14643] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  293.224014][T14643] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80)
[  293.233909][T14643] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features
[  293.324235][T14653] loop4: detected capacity change from 0 to 512
[  293.342129][T14653] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  293.365253][T14653] bond1: entered promiscuous mode
[  293.370474][T14653] bond1: entered allmulticast mode
[  293.371786][   T29] kauditd_printk_skb: 267 callbacks suppressed
[  293.371798][   T29] audit: type=1326 audit(1753566989.992:10062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.375924][T14653] 8021q: adding VLAN 0 to HW filter on device bond1
[  293.396255][   T29] audit: type=1326 audit(1753566990.002:10063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.436645][   T29] audit: type=1326 audit(1753566990.002:10064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.460474][   T29] audit: type=1326 audit(1753566990.002:10065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.461401][T14661] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3500'.
[  293.484177][   T29] audit: type=1326 audit(1753566990.002:10066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.517413][   T29] audit: type=1326 audit(1753566990.002:10067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.518214][T14627] vhci_hcd: connection reset by peer
[  293.541876][   T29] audit: type=1326 audit(1753566990.002:10068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.559933][ T4071] vhci_hcd: stop threads
[  293.570994][   T29] audit: type=1326 audit(1753566990.002:10069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.575367][ T4071] vhci_hcd: release socket
[  293.575391][ T4071] vhci_hcd: disconnect device
[  293.600352][   T29] audit: type=1326 audit(1753566990.002:10070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.607859][T14664] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  293.609701][   T29] audit: type=1326 audit(1753566990.002:10071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14659 comm="syz.1.3502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  293.635286][T14664] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  293.635474][T14664] vhci_hcd vhci_hcd.0: Device attached
[  293.680338][T14653] bond1 (unregistering): Released all slaves
[  293.697993][T14665] vhci_hcd: connection closed
[  293.698209][ T3842] vhci_hcd: stop threads
[  293.707351][ T3842] vhci_hcd: release socket
[  293.711791][ T3842] vhci_hcd: disconnect device
[  293.765451][T14669] loop4: detected capacity change from 0 to 8192
[  293.775450][T14669] syz.4.3504: attempt to access beyond end of device
[  293.775450][T14669] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  293.789104][T14669] Buffer I/O error on dev loop4, logical block 57847, async page read
[  293.797698][T14669] syz.4.3504: attempt to access beyond end of device
[  293.797698][T14669] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  293.811134][T14669] Buffer I/O error on dev loop4, logical block 57847, async page read
[  293.858243][T14673] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3506'.
[  293.888052][T14676] loop2: detected capacity change from 0 to 512
[  293.895923][T14676] EXT4-fs: Ignoring removed bh option
[  293.902134][T14676] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  293.951053][T14671] loop4: detected capacity change from 0 to 512
[  293.961336][T14671] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  293.974527][T14671] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  293.989263][T14671] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  293.989453][T14681] loop2: detected capacity change from 0 to 512
[  294.001994][T14671] EXT4-fs (loop4): This should not happen!! Data will be lost
[  294.001994][T14671] 
[  294.002015][T14671] EXT4-fs (loop4): Total free blocks count 0
[  294.009571][T14681] EXT4-fs: Ignoring removed oldalloc option
[  294.017933][T14671] EXT4-fs (loop4): Free/Dirty block details
[  294.026334][T14681] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.3508: Parent and EA inode have the same ino 15
[  294.030310][T14671] EXT4-fs (loop4): free_blocks=65280
[  294.036752][T14681] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.3508: Parent and EA inode have the same ino 15
[  294.048636][T14671] EXT4-fs (loop4): dirty_blocks=33
[  294.048699][T14671] EXT4-fs (loop4): Block reservation details
[  294.048710][T14671] EXT4-fs (loop4): i_reserved_data_blocks=33
[  294.055006][T14681] EXT4-fs (loop2): 1 orphan inode deleted
[  294.124840][T14687] siw: device registration error -23
[  294.134407][T14687] loop2: detected capacity change from 0 to 512
[  294.136416][T14684] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  294.141685][T14687] EXT4-fs: Ignoring removed nomblk_io_submit option
[  294.147879][T14684] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  294.147973][T14684] vhci_hcd vhci_hcd.0: Device attached
[  294.171507][T14687] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  294.179706][T14687] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  294.185637][T14685] vhci_hcd: connection closed
[  294.190299][T14687] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80)
[  294.204601][T14687] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features
[  294.209760][ T3842] vhci_hcd: stop threads
[  294.218241][ T3842] vhci_hcd: release socket
[  294.222955][ T3842] vhci_hcd: disconnect device
[  294.320269][T14697] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3513'.
[  294.422110][T14701] loop2: detected capacity change from 0 to 8192
[  294.432298][T14701] syz.2.3515: attempt to access beyond end of device
[  294.432298][T14701] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  294.446611][T14701] Buffer I/O error on dev loop2, logical block 57847, async page read
[  294.622319][T14709] loop1: detected capacity change from 0 to 512
[  294.629640][T14709] EXT4-fs: Ignoring removed bh option
[  294.636575][T14709] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  294.641647][ T5411] usb 7-1: enqueue for inactive port 0
[  294.653897][ T5411] usb 7-1: enqueue for inactive port 0
[  294.729745][ T5411] vhci_hcd: vhci_device speed not set
[  294.984666][T14716] loop1: detected capacity change from 0 to 512
[  295.018208][T14716] EXT4-fs: Ignoring removed mblk_io_submit option
[  295.066513][T14716] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  295.087658][T14716] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3521: bg 0: block 346: padding at end of block bitmap is not set
[  295.109259][T14716] EXT4-fs (loop1): 1 truncate cleaned up
[  295.151327][T14735] loop1: detected capacity change from 0 to 512
[  295.172483][T14735] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  295.198223][T14735] bond1: entered promiscuous mode
[  295.204745][T14735] bond1: entered allmulticast mode
[  295.215545][T14735] 8021q: adding VLAN 0 to HW filter on device bond1
[  295.241122][T14735] bond1 (unregistering): Released all slaves
[  295.253509][T14748] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3523'.
[  295.302890][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.312491][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.319895][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.327045][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.334656][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.342521][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.350098][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.357036][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.364128][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.371156][T14747] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  295.379122][T14733] loop4: detected capacity change from 0 to 512
[  295.464433][T14733] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  295.488388][T14733] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  295.520751][T14733] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  295.534488][T14733] EXT4-fs (loop4): This should not happen!! Data will be lost
[  295.534488][T14733] 
[  295.545290][T14733] EXT4-fs (loop4): Total free blocks count 0
[  295.551514][T14733] EXT4-fs (loop4): Free/Dirty block details
[  295.560439][T14733] EXT4-fs (loop4): free_blocks=65280
[  295.566726][T14733] EXT4-fs (loop4): dirty_blocks=33
[  295.573206][T14733] EXT4-fs (loop4): Block reservation details
[  295.580104][T14733] EXT4-fs (loop4): i_reserved_data_blocks=33
[  295.608629][T14760] siw: device registration error -23
[  295.618725][T14760] loop2: detected capacity change from 0 to 512
[  295.641760][T14760] EXT4-fs: Ignoring removed nomblk_io_submit option
[  295.651409][T14760] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  295.659449][T14760] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  295.668326][T14760] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80)
[  295.678059][T14760] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features
[  295.782647][T14777] loop2: detected capacity change from 0 to 512
[  295.791266][T14777] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  295.810922][T14777] EXT4-fs (loop2): 1 truncate cleaned up
[  295.818237][T14783] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3540'.
[  295.849478][T14785] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3541'.
[  295.921517][T14771] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3536'.
[  295.972560][T14805] 9pnet: Unknown protocol version 9p
[  296.095353][T14816] loop3: detected capacity change from 0 to 512
[  296.103482][T14816] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  296.132014][T14816] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  296.143107][T14818] loop2: detected capacity change from 0 to 8192
[  296.151148][T14816] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.3554: corrupted xattr block 19: overlapping e_value 
[  296.165446][   T36] usb 3-1: enqueue for inactive port 0
[  296.165691][T14816] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[  296.171206][   T36] usb 3-1: enqueue for inactive port 0
[  296.203878][T14824] syz.2.3555: attempt to access beyond end of device
[  296.203878][T14824] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  296.217548][T14824] Buffer I/O error on dev loop2, logical block 57847, async page read
[  296.249785][   T36] vhci_hcd: vhci_device speed not set
[  296.292717][T14829] random: crng reseeded on system resumption
[  296.372247][T14835] FAULT_INJECTION: forcing a failure.
[  296.372247][T14835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.385471][T14835] CPU: 1 UID: 0 PID: 14835 Comm: syz.3.3561 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  296.385502][T14835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  296.385517][T14835] Call Trace:
[  296.385523][T14835]  <TASK>
[  296.385529][T14835]  __dump_stack+0x1d/0x30
[  296.385550][T14835]  dump_stack_lvl+0xe8/0x140
[  296.385571][T14835]  dump_stack+0x15/0x1b
[  296.385609][T14835]  should_fail_ex+0x265/0x280
[  296.385642][T14835]  should_fail+0xb/0x20
[  296.385680][T14835]  should_fail_usercopy+0x1a/0x20
[  296.385790][T14835]  _copy_to_user+0x20/0xa0
[  296.385828][T14835]  simple_read_from_buffer+0xb5/0x130
[  296.385933][T14835]  proc_fail_nth_read+0x100/0x140
[  296.386030][T14835]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  296.386064][T14835]  vfs_read+0x1a0/0x6f0
[  296.386094][T14835]  ? __rcu_read_unlock+0x4f/0x70
[  296.386117][T14835]  ? __rcu_read_unlock+0x4f/0x70
[  296.386192][T14835]  ? __fget_files+0x184/0x1c0
[  296.386213][T14835]  ksys_read+0xda/0x1a0
[  296.386255][T14835]  __x64_sys_read+0x40/0x50
[  296.386295][T14835]  x64_sys_call+0x2d77/0x2fb0
[  296.386319][T14835]  do_syscall_64+0xd2/0x200
[  296.386340][T14835]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  296.386366][T14835]  ? clear_bhb_loop+0x40/0x90
[  296.386468][T14835]  ? clear_bhb_loop+0x40/0x90
[  296.386498][T14835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.386562][T14835] RIP: 0033:0x7fa7112ed3bc
[  296.386578][T14835] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  296.386597][T14835] RSP: 002b:00007fa70f957030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  296.386618][T14835] RAX: ffffffffffffffda RBX: 00007fa711515fa0 RCX: 00007fa7112ed3bc
[  296.386631][T14835] RDX: 000000000000000f RSI: 00007fa70f9570a0 RDI: 0000000000000003
[  296.386645][T14835] RBP: 00007fa70f957090 R08: 0000000000000000 R09: 0000000000000000
[  296.386657][T14835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.386687][T14835] R13: 0000000000000001 R14: 00007fa711515fa0 R15: 00007fff09122d48
[  296.386705][T14835]  </TASK>
[  296.657227][T14841] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  296.664387][T14841] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  296.672335][T14841] vhci_hcd vhci_hcd.0: Device attached
[  296.759399][T14851] loop4: detected capacity change from 0 to 8192
[  296.770629][T14851] syz.4.3568: attempt to access beyond end of device
[  296.770629][T14851] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  296.784560][T14851] Buffer I/O error on dev loop4, logical block 57847, async page read
[  296.794903][T14851] syz.4.3568: attempt to access beyond end of device
[  296.794903][T14851] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  296.808395][T14851] Buffer I/O error on dev loop4, logical block 57847, async page read
[  296.816318][T14855] loop3: detected capacity change from 0 to 512
[  296.826408][T14855] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  296.838958][T14855] EXT4-fs (loop3): orphan cleanup on readonly fs
[  296.846030][T14855] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.3569: Block bitmap for bg 0 marked uninitialized
[  296.861761][T14855] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  296.875727][T14855] EXT4-fs (loop3): 1 orphan inode deleted
[  296.885369][T14855] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  296.896046][T14855] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  297.068208][T14872] loop2: detected capacity change from 0 to 2048
[  297.093146][T14865] loop3: detected capacity change from 0 to 512
[  297.111648][T14865] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  297.132708][T14865] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  297.150005][T14865] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  297.163093][T14865] EXT4-fs (loop3): This should not happen!! Data will be lost
[  297.163093][T14865] 
[  297.172816][T14865] EXT4-fs (loop3): Total free blocks count 0
[  297.179099][T14865] EXT4-fs (loop3): Free/Dirty block details
[  297.185156][T14865] EXT4-fs (loop3): free_blocks=65280
[  297.190797][T14865] EXT4-fs (loop3): dirty_blocks=33
[  297.195991][T14865] EXT4-fs (loop3): Block reservation details
[  297.202202][T14865] EXT4-fs (loop3): i_reserved_data_blocks=33
[  297.202369][T14881] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  297.215093][T14881] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  297.222851][T14881] vhci_hcd vhci_hcd.0: Device attached
[  297.261559][T14882] vhci_hcd: connection closed
[  297.262082][  T559] vhci_hcd: stop threads
[  297.271259][  T559] vhci_hcd: release socket
[  297.275687][  T559] vhci_hcd: disconnect device
[  297.294459][T14887] loop2: detected capacity change from 0 to 512
[  297.302065][T14887] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  297.314060][T14887] EXT4-fs (loop2): orphan cleanup on readonly fs
[  297.321860][T14887] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.3579: Block bitmap for bg 0 marked uninitialized
[  297.336869][T14887] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  297.346552][T14887] EXT4-fs (loop2): 1 orphan inode deleted
[  297.356179][T14887] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  297.366291][T14887] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  297.374349][T14890] loop3: detected capacity change from 0 to 8192
[  297.385860][T14890] syz.3.3580: attempt to access beyond end of device
[  297.385860][T14890] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  297.399355][T14890] Buffer I/O error on dev loop3, logical block 57847, async page read
[  297.407819][T14890] syz.3.3580: attempt to access beyond end of device
[  297.407819][T14890] loop3: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  297.421263][T14890] Buffer I/O error on dev loop3, logical block 57847, async page read
[  297.461198][T14892] loop2: detected capacity change from 0 to 512
[  297.468271][T14892] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  297.479352][T14892] EXT4-fs (loop2): orphan cleanup on readonly fs
[  297.486724][T14892] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.3581: Block bitmap for bg 0 marked uninitialized
[  297.500786][T14892] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  297.510346][T14892] EXT4-fs (loop2): 1 orphan inode deleted
[  297.513356][T14842] vhci_hcd: connection reset by peer
[  297.521967][ T4071] vhci_hcd: stop threads
[  297.523297][T14892] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  297.526308][ T4071] vhci_hcd: release socket
[  297.526327][ T4071] vhci_hcd: disconnect device
[  297.536789][T14892] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  297.600161][T14899] loop3: detected capacity change from 0 to 512
[  297.611592][T14899] ext4 filesystem being mounted at /132/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  297.632807][T14899] bond1: entered promiscuous mode
[  297.637890][T14899] bond1: entered allmulticast mode
[  297.641913][T14904] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  297.643291][T14899] 8021q: adding VLAN 0 to HW filter on device bond1
[  297.649545][T14904] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  297.664017][T14904] vhci_hcd vhci_hcd.0: Device attached
[  297.670924][T14899] bond1 (unregistering): Released all slaves
[  297.690787][T14905] vhci_hcd: connection closed
[  297.690894][  T559] vhci_hcd: stop threads
[  297.699932][  T559] vhci_hcd: release socket
[  297.704374][  T559] vhci_hcd: disconnect device
[  297.773911][T14915] FAULT_INJECTION: forcing a failure.
[  297.773911][T14915] name failslab, interval 1, probability 0, space 0, times 0
[  297.786745][T14915] CPU: 0 UID: 0 PID: 14915 Comm: syz.3.3589 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  297.786775][T14915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  297.786789][T14915] Call Trace:
[  297.786797][T14915]  <TASK>
[  297.786805][T14915]  __dump_stack+0x1d/0x30
[  297.786843][T14915]  dump_stack_lvl+0xe8/0x140
[  297.786896][T14915]  dump_stack+0x15/0x1b
[  297.786956][T14915]  should_fail_ex+0x265/0x280
[  297.786989][T14915]  ? do_kimage_alloc_init+0x2f/0x170
[  297.787069][T14915]  should_failslab+0x8c/0xb0
[  297.787092][T14915]  __kmalloc_cache_noprof+0x4c/0x320
[  297.787120][T14915]  do_kimage_alloc_init+0x2f/0x170
[  297.787169][T14915]  do_kexec_load+0x8c/0x510
[  297.787261][T14915]  ? _copy_from_user+0x89/0xb0
[  297.787318][T14915]  __se_sys_kexec_load+0x134/0x160
[  297.787354][T14915]  __x64_sys_kexec_load+0x55/0x70
[  297.787384][T14915]  x64_sys_call+0xa36/0x2fb0
[  297.787460][T14915]  do_syscall_64+0xd2/0x200
[  297.787540][T14915]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  297.787601][T14915]  ? clear_bhb_loop+0x40/0x90
[  297.787629][T14915]  ? clear_bhb_loop+0x40/0x90
[  297.787653][T14915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.787674][T14915] RIP: 0033:0x7fa7112ee9a9
[  297.787690][T14915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.787766][T14915] RSP: 002b:00007fa70f957038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  297.787786][T14915] RAX: ffffffffffffffda RBX: 00007fa711515fa0 RCX: 00007fa7112ee9a9
[  297.787800][T14915] RDX: 0000200000000140 RSI: 0000000000000001 RDI: 0000000000000000
[  297.787815][T14915] RBP: 00007fa70f957090 R08: 0000000000000000 R09: 0000000000000000
[  297.787876][T14915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.787890][T14915] R13: 0000000000000000 R14: 00007fa711515fa0 R15: 00007fff09122d48
[  297.787914][T14915]  </TASK>
[  298.020106][T14923] loop4: detected capacity change from 0 to 512
[  298.020343][T14922] FAULT_INJECTION: forcing a failure.
[  298.020343][T14922] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  298.039605][T14922] CPU: 1 UID: 0 PID: 14922 Comm: syz.3.3592 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  298.039637][T14922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.039649][T14922] Call Trace:
[  298.039699][T14922]  <TASK>
[  298.039706][T14922]  __dump_stack+0x1d/0x30
[  298.039727][T14922]  dump_stack_lvl+0xe8/0x140
[  298.039745][T14922]  dump_stack+0x15/0x1b
[  298.039814][T14922]  should_fail_ex+0x265/0x280
[  298.039901][T14922]  should_fail+0xb/0x20
[  298.040011][T14923] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  298.040005][T14922]  should_fail_usercopy+0x1a/0x20
[  298.040039][T14922]  _copy_to_user+0x20/0xa0
[  298.040057][T14922]  simple_read_from_buffer+0xb5/0x130
[  298.040109][T14922]  proc_fail_nth_read+0x100/0x140
[  298.040144][T14922]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  298.040201][T14922]  vfs_read+0x1a0/0x6f0
[  298.040231][T14922]  ? __rcu_read_unlock+0x4f/0x70
[  298.040253][T14922]  ? __fget_files+0x184/0x1c0
[  298.040273][T14922]  ksys_read+0xda/0x1a0
[  298.040353][T14922]  __x64_sys_read+0x40/0x50
[  298.040480][T14922]  x64_sys_call+0x2d77/0x2fb0
[  298.040502][T14922]  do_syscall_64+0xd2/0x200
[  298.040522][T14922]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  298.040549][T14922]  ? clear_bhb_loop+0x40/0x90
[  298.040571][T14922]  ? clear_bhb_loop+0x40/0x90
[  298.040610][T14922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.040632][T14922] RIP: 0033:0x7fa7112ed3bc
[  298.040648][T14922] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  298.040667][T14922] RSP: 002b:00007fa70f957030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  298.040686][T14922] RAX: ffffffffffffffda RBX: 00007fa711515fa0 RCX: 00007fa7112ed3bc
[  298.040738][T14922] RDX: 000000000000000f RSI: 00007fa70f9570a0 RDI: 0000000000000004
[  298.040764][T14922] RBP: 00007fa70f957090 R08: 0000000000000000 R09: 0000000000000000
[  298.040776][T14922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.040788][T14922] R13: 0000000000000000 R14: 00007fa711515fa0 R15: 00007fff09122d48
[  298.040805][T14922]  </TASK>
[  298.071187][T14926] loop3: detected capacity change from 0 to 512
[  298.171484][T14919] loop0: detected capacity change from 0 to 512
[  298.175272][   T23] usb 1-1: enqueue for inactive port 0
[  298.277165][T14923] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  298.297041][T14926] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  298.304431][   T23] usb 1-1: enqueue for inactive port 0
[  298.312871][T14926] EXT4-fs (loop3): orphan cleanup on readonly fs
[  298.314228][T14919] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  298.330947][T14926] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.3594: Block bitmap for bg 0 marked uninitialized
[  298.346230][T14926] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  298.356769][T14926] EXT4-fs (loop3): 1 orphan inode deleted
[  298.364450][T14926] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  298.374971][T14926] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  298.383477][T14919] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  298.398501][   T23] vhci_hcd: vhci_device speed not set
[  298.402240][   T29] kauditd_printk_skb: 263 callbacks suppressed
[  298.402256][   T29] audit: type=1326 audit(1753566995.022:10335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.404268][T14919] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  298.446110][T14919] EXT4-fs (loop0): This should not happen!! Data will be lost
[  298.446110][T14919] 
[  298.446132][   T29] audit: type=1326 audit(1753566995.032:10336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.446163][   T29] audit: type=1326 audit(1753566995.032:10337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.446243][   T29] audit: type=1326 audit(1753566995.032:10338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.456497][T14919] EXT4-fs (loop0): Total free blocks count 0
[  298.456513][T14919] EXT4-fs (loop0): Free/Dirty block details
[  298.456525][T14919] EXT4-fs (loop0): free_blocks=65280
[  298.480771][   T29] audit: type=1326 audit(1753566995.032:10339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.480801][   T29] audit: type=1326 audit(1753566995.032:10340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.480823][   T29] audit: type=1326 audit(1753566995.032:10341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.505056][T14919] EXT4-fs (loop0): dirty_blocks=33
[  298.530070][   T29] audit: type=1326 audit(1753566995.032:10342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.530110][   T29] audit: type=1326 audit(1753566995.032:10343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.536102][T14919] EXT4-fs (loop0): Block reservation details
[  298.674738][T14940] loop2: detected capacity change from 0 to 512
[  298.676672][T14919] EXT4-fs (loop0): i_reserved_data_blocks=33
[  298.693317][T14940] EXT4-fs: Ignoring removed orlov option
[  298.701440][T14940] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  298.715391][   T29] audit: type=1326 audit(1753566995.312:10344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14933 comm="syz.1.3596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  298.751453][T14940] EXT4-fs (loop2): orphan cleanup on readonly fs
[  298.770189][T14940] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3599: bg 0: block 248: padding at end of block bitmap is not set
[  298.810775][T14940] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.3599: Failed to acquire dquot type 1
[  298.823031][T14940] EXT4-fs (loop2): 1 truncate cleaned up
[  298.842462][T14953] loop3: detected capacity change from 0 to 512
[  298.852029][T14951] xt_CT: You must specify a L4 protocol and not use inversions on it
[  298.852668][T14953] EXT4-fs: Ignoring removed orlov option
[  298.869937][T14953] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  298.883690][T14953] EXT4-fs (loop3): orphan cleanup on readonly fs
[  298.898511][T14953] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3604: bg 0: block 248: padding at end of block bitmap is not set
[  298.913205][T14953] EXT4-fs (loop3): Remounting filesystem read-only
[  298.920148][T14953] EXT4-fs (loop3): 1 truncate cleaned up
[  298.960631][T14968] loop1: detected capacity change from 0 to 512
[  298.967832][T14968] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  298.981024][T14968] EXT4-fs (loop1): orphan cleanup on readonly fs
[  298.987669][T14968] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:517: comm syz.1.3609: Block bitmap for bg 0 marked uninitialized
[  299.007174][T14953] syz.3.3604 (14953) used greatest stack depth: 9304 bytes left
[  299.007490][T14968] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  299.024114][T14968] EXT4-fs (loop1): 1 orphan inode deleted
[  299.034565][T14968] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  299.044540][T14968] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  299.356094][T14980] 9pnet_fd: Insufficient options for proto=fd
[  299.740455][T14987] __nla_validate_parse: 10 callbacks suppressed
[  299.740483][T14987] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3614'.
[  299.840550][T14993] loop2: detected capacity change from 0 to 8192
[  299.848746][T14993] vfat: Unknown parameter 'GPL'
[  300.133612][T15004] loop0: detected capacity change from 0 to 512
[  300.156162][T15004] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  300.171212][T15004] EXT4-fs (loop0): 1 truncate cleaned up
[  300.320068][T15019] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3626'.
[  300.394994][T15022] netlink: 'syz.1.3627': attribute type 4 has an invalid length.
[  300.404215][T15022] netlink: 'syz.1.3627': attribute type 4 has an invalid length.
[  300.415047][T15022] FAULT_INJECTION: forcing a failure.
[  300.415047][T15022] name failslab, interval 1, probability 0, space 0, times 0
[  300.427786][T15022] CPU: 1 UID: 0 PID: 15022 Comm: syz.1.3627 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  300.427838][T15022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  300.427851][T15022] Call Trace:
[  300.427858][T15022]  <TASK>
[  300.427867][T15022]  __dump_stack+0x1d/0x30
[  300.427899][T15022]  dump_stack_lvl+0xe8/0x140
[  300.427919][T15022]  dump_stack+0x15/0x1b
[  300.427953][T15022]  should_fail_ex+0x265/0x280
[  300.427986][T15022]  ? sf_setstate+0x188/0x300
[  300.428017][T15022]  should_failslab+0x8c/0xb0
[  300.428040][T15022]  __kmalloc_cache_noprof+0x4c/0x320
[  300.428134][T15022]  ? __ip_dev_find+0x1ec/0x240
[  300.428162][T15022]  sf_setstate+0x188/0x300
[  300.428193][T15022]  ip_mc_del_src+0x31b/0x480
[  300.428230][T15022]  ip_mc_leave_group+0x2be/0x370
[  300.428259][T15022]  do_ip_setsockopt+0x1e98/0x2240
[  300.428366][T15022]  ip_setsockopt+0x58/0x110
[  300.428458][T15022]  udp_setsockopt+0x99/0xb0
[  300.428486][T15022]  sock_common_setsockopt+0x66/0x80
[  300.428516][T15022]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  300.428547][T15022]  __sys_setsockopt+0x181/0x200
[  300.428602][T15022]  __x64_sys_setsockopt+0x64/0x80
[  300.428678][T15022]  x64_sys_call+0x2bd5/0x2fb0
[  300.428702][T15022]  do_syscall_64+0xd2/0x200
[  300.428722][T15022]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  300.428749][T15022]  ? clear_bhb_loop+0x40/0x90
[  300.428809][T15022]  ? clear_bhb_loop+0x40/0x90
[  300.428832][T15022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.428855][T15022] RIP: 0033:0x7f7da3b8e9a9
[  300.428871][T15022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.428967][T15022] RSP: 002b:00007f7da21f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  300.428987][T15022] RAX: ffffffffffffffda RBX: 00007f7da3db5fa0 RCX: 00007f7da3b8e9a9
[  300.429001][T15022] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000005
[  300.429016][T15022] RBP: 00007f7da21f7090 R08: 000000000000000c R09: 0000000000000000
[  300.429053][T15022] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001
[  300.429066][T15022] R13: 0000000000000000 R14: 00007f7da3db5fa0 R15: 00007ffcb8fa4b08
[  300.429092][T15022]  </TASK>
[  300.747817][T15032] siw: device registration error -23
[  300.756783][T15032] loop4: detected capacity change from 0 to 512
[  300.763614][T15032] EXT4-fs: Ignoring removed nomblk_io_submit option
[  300.773412][T15032] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  300.781423][T15032] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  300.790515][T15032] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80)
[  300.797005][T15037] bond1: entered promiscuous mode
[  300.800081][T15032] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features
[  300.814186][T15037] bond1: entered allmulticast mode
[  300.820165][T15037] 8021q: adding VLAN 0 to HW filter on device bond1
[  300.834636][T15037] bond1 (unregistering): Released all slaves
[  300.846093][T15042] netlink: 'syz.0.3636': attribute type 4 has an invalid length.
[  300.859098][T15042] netlink: 'syz.0.3636': attribute type 4 has an invalid length.
[  300.864368][T15044] loop4: detected capacity change from 0 to 512
[  300.882424][T15044] EXT4-fs (loop4): 1 orphan inode deleted
[  300.888884][T15044] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  300.900350][   T41] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1
[  300.931120][T15050] loop1: detected capacity change from 0 to 512
[  300.938297][T15050] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  300.941606][T15052] loop0: detected capacity change from 0 to 512
[  300.951386][T15050] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  300.964331][T15052] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  300.982999][T15052] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  301.027810][   T23] IPVS: starting estimator thread 0...
[  301.078140][T15070] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3645'.
[  301.094586][T15068] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  301.101409][T15068] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  301.109484][T15068] vhci_hcd vhci_hcd.0: Device attached
[  301.120144][T15062] IPVS: using max 2928 ests per chain, 146400 per kthread
[  301.128852][T15078] loop4: detected capacity change from 0 to 512
[  301.137964][T15078] EXT4-fs: Ignoring removed orlov option
[  301.151102][T15076] loop3: detected capacity change from 0 to 512
[  301.157823][T15072] vhci_hcd: connection closed
[  301.158633][T15076] EXT4-fs: Ignoring removed nomblk_io_submit option
[  301.170248][ T3842] vhci_hcd: stop threads
[  301.174650][ T3842] vhci_hcd: release socket
[  301.179136][ T3842] vhci_hcd: disconnect device
[  301.184082][T15078] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  301.194029][T15076] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  301.194188][T15078] EXT4-fs (loop4): orphan cleanup on readonly fs
[  301.202123][T15076] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  301.202286][T15076] EXT4-fs (loop3): couldn't mount RDWR because of unsupported optional features (80)
[  301.217713][T15078] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3648: bg 0: block 248: padding at end of block bitmap is not set
[  301.226116][T15076] EXT4-fs (loop3): Skipping orphan cleanup due to unknown ROCOMPAT features
[  301.242559][T15078] EXT4-fs (loop4): Remounting filesystem read-only
[  301.256788][T15078] EXT4-fs (loop4): 1 truncate cleaned up
[  301.302895][T15087] loop1: detected capacity change from 0 to 1024
[  301.317489][T15087] EXT4-fs: Ignoring removed orlov option
[  301.323989][T15087] EXT4-fs: Ignoring removed nomblk_io_submit option
[  301.330239][T15091] loop4: detected capacity change from 0 to 512
[  301.354027][T15087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3652'.
[  301.364723][T15091] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  301.402127][T15091] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  301.531231][T15095] loop3: detected capacity change from 0 to 512
[  301.541734][T15095] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  301.556210][T15095] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  301.570767][T15095] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  301.583540][T15095] EXT4-fs (loop3): This should not happen!! Data will be lost
[  301.583540][T15095] 
[  301.593253][T15095] EXT4-fs (loop3): Total free blocks count 0
[  301.599332][T15095] EXT4-fs (loop3): Free/Dirty block details
[  301.605506][T15095] EXT4-fs (loop3): free_blocks=65280
[  301.610988][T15095] EXT4-fs (loop3): dirty_blocks=33
[  301.616104][T15095] EXT4-fs (loop3): Block reservation details
[  301.622160][T15095] EXT4-fs (loop3): i_reserved_data_blocks=33
[  301.763405][T15127] loop2: detected capacity change from 0 to 512
[  301.775935][T15127] EXT4-fs: Ignoring removed orlov option
[  301.783986][T15127] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  301.793159][T15127] EXT4-fs (loop2): orphan cleanup on readonly fs
[  301.801132][T15127] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3663: bg 0: block 248: padding at end of block bitmap is not set
[  301.816232][T15127] EXT4-fs (loop2): Remounting filesystem read-only
[  301.823238][T15127] EXT4-fs (loop2): 1 truncate cleaned up
[  301.830087][T15131] netlink: 'syz.0.3664': attribute type 1 has an invalid length.
[  301.838204][T15131] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3664'.
[  301.935616][T15134] netlink: 'syz.2.3665': attribute type 4 has an invalid length.
[  301.950941][T15133] loop2: detected capacity change from 0 to 512
[  301.957729][T15133] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  301.967178][T15133] EXT4-fs (loop2): orphan cleanup on readonly fs
[  301.973861][T15133] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.3665: iget: bad i_size value: 360287970189639680
[  301.987219][T15133] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.3665: couldn't read orphan inode 15 (err -117)
[  302.031054][T15140] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3667'.
[  302.053224][T15142] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3668'.
[  302.091299][T15146] bond1: entered promiscuous mode
[  302.096394][T15146] bond1: entered allmulticast mode
[  302.101831][T15146] 8021q: adding VLAN 0 to HW filter on device bond1
[  302.111104][T15146] bond1 (unregistering): Released all slaves
[  302.139348][T15149] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3671'.
[  302.162471][T15151] loop1: detected capacity change from 0 to 512
[  302.169495][T15151] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  302.181577][T15151] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  302.183833][T15155] loop2: detected capacity change from 0 to 164
[  302.195425][T15151] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.3672: corrupted xattr block 19: overlapping e_value 
[  302.212531][T15151] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  302.212589][T15155] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  302.237458][T15155] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  302.249754][   T36] usb 3-1: enqueue for inactive port 0
[  302.255956][   T36] usb 3-1: enqueue for inactive port 0
[  302.295792][T15161] siw: device registration error -23
[  302.303969][T15161] loop2: detected capacity change from 0 to 512
[  302.311126][T15161] EXT4-fs: Ignoring removed nomblk_io_submit option
[  302.319199][T15161] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  302.327295][T15161] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102]
[  302.336871][T15161] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80)
[  302.346460][T15161] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features
[  302.355394][   T36] vhci_hcd: vhci_device speed not set
[  302.370524][T15165] random: crng reseeded on system resumption
[  302.430057][T15166] loop4: detected capacity change from 0 to 512
[  302.437020][T15166] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  302.446093][T15166] EXT4-fs (loop4): orphan cleanup on readonly fs
[  302.452801][T15166] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.3677: iget: bad i_size value: 360287970189639680
[  302.466511][T15166] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.3677: couldn't read orphan inode 15 (err -117)
[  302.495908][T15170] loop2: detected capacity change from 0 to 512
[  302.503832][T15170] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  302.513954][T15172] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3679'.
[  302.517453][T15170] EXT4-fs (loop2): 1 truncate cleaned up
[  302.577498][T15175] loop4: detected capacity change from 0 to 512
[  302.593134][T15177] loop3: detected capacity change from 0 to 1024
[  302.631090][T15175] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  302.660304][T15187] loop2: detected capacity change from 0 to 512
[  302.667262][T15187] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  302.678508][T15177] netlink: 8 bytes leftover after parsing attributes in process `+}[@'.
[  302.694287][T15175] bond1: entered promiscuous mode
[  302.699394][T15175] bond1: entered allmulticast mode
[  302.705556][T15175] 8021q: adding VLAN 0 to HW filter on device bond1
[  302.714012][T15187] EXT4-fs (loop2): orphan cleanup on readonly fs
[  302.721431][T15187] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.3684: Block bitmap for bg 0 marked uninitialized
[  302.726579][T15175] bond1 (unregistering): Released all slaves
[  302.747470][T15187] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  302.756601][T15187] EXT4-fs (loop2): 1 orphan inode deleted
[  302.763944][T15187] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  302.773907][T15187] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  303.234214][T15213] loop2: detected capacity change from 0 to 512
[  303.254575][T15213] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  303.283889][T15211] loop4: detected capacity change from 0 to 512
[  303.294832][T15213] EXT4-fs (loop2): orphan cleanup on readonly fs
[  303.301299][T15211] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  303.301846][T15211] EXT4-fs (loop4): orphan cleanup on readonly fs
[  303.317082][T15202] loop1: detected capacity change from 0 to 512
[  303.319841][T15211] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.3691: iget: bad i_size value: 360287970189639680
[  303.336910][T15213] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.3692: Block bitmap for bg 0 marked uninitialized
[  303.337043][T15211] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.3691: couldn't read orphan inode 15 (err -117)
[  303.363194][T15213] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  303.377972][T15202] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.398851][T15213] EXT4-fs (loop2): 1 orphan inode deleted
[  303.415925][T15202] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  303.430488][T15213] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  303.431527][T15202] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  303.452500][T15202] EXT4-fs (loop1): This should not happen!! Data will be lost
[  303.452500][T15202] 
[  303.462354][T15202] EXT4-fs (loop1): Total free blocks count 0
[  303.468627][T15202] EXT4-fs (loop1): Free/Dirty block details
[  303.474670][T15202] EXT4-fs (loop1): free_blocks=65280
[  303.480815][T15202] EXT4-fs (loop1): dirty_blocks=33
[  303.485953][T15202] EXT4-fs (loop1): Block reservation details
[  303.491997][T15202] EXT4-fs (loop1): i_reserved_data_blocks=33
[  303.530616][T15213] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  303.549509][T15229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  303.558176][T15229] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  303.601433][T15231] loop0: detected capacity change from 0 to 512
[  303.620276][T15231] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  303.651144][T15231] EXT4-fs (loop0): orphan cleanup on readonly fs
[  303.658225][T15231] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.3697: Block bitmap for bg 0 marked uninitialized
[  303.676728][T15231] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  303.691824][T15231] EXT4-fs (loop0): 1 orphan inode deleted
[  303.700548][T15231] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  303.710976][T15231] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  303.781437][T15248] loop2: detected capacity change from 0 to 8192
[  303.796545][T15244] xt_CT: You must specify a L4 protocol and not use inversions on it
[  303.856675][T15260] syz.2.3705: attempt to access beyond end of device
[  303.856675][T15260] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  303.870280][T15260] Buffer I/O error on dev loop2, logical block 57847, async page read
[  303.896160][T15264] bond1: entered promiscuous mode
[  303.901319][T15264] bond1: entered allmulticast mode
[  303.907704][T15264] 8021q: adding VLAN 0 to HW filter on device bond1
[  303.916604][T15264] bond1 (unregistering): Released all slaves
[  304.034221][T15271] loop0: detected capacity change from 0 to 512
[  304.041472][T15271] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  304.061970][T15271] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  304.076586][T15271] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.3710: corrupted xattr block 19: overlapping e_value 
[  304.091005][T15271] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[  304.100311][T15268] loop1: detected capacity change from 0 to 512
[  304.121501][T15268] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  304.134331][T15268] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  304.150195][T15268] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  304.162664][T15268] EXT4-fs (loop1): This should not happen!! Data will be lost
[  304.162664][T15268] 
[  304.172363][T15268] EXT4-fs (loop1): Total free blocks count 0
[  304.178447][T15268] EXT4-fs (loop1): Free/Dirty block details
[  304.184391][T15268] EXT4-fs (loop1): free_blocks=65280
[  304.189795][T15268] EXT4-fs (loop1): dirty_blocks=33
[  304.195033][T15268] EXT4-fs (loop1): Block reservation details
[  304.201066][T15268] EXT4-fs (loop1): i_reserved_data_blocks=33
[  304.331919][T15291] loop0: detected capacity change from 0 to 512
[  304.339161][T15291] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  304.349500][T15291] EXT4-fs (loop0): orphan cleanup on readonly fs
[  304.356416][T15291] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.3714: Block bitmap for bg 0 marked uninitialized
[  304.370185][T15291] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  304.379361][T15291] EXT4-fs (loop0): 1 orphan inode deleted
[  304.386846][T15291] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  304.396879][T15291] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  304.472280][T15298] loop0: detected capacity change from 0 to 1024
[  304.479509][T15298] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  304.546858][T15306] loop0: detected capacity change from 0 to 4096
[  304.552148][T15312] loop1: detected capacity change from 0 to 164
[  304.560723][T15312] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  304.569264][T15306] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  304.571341][T15312] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  304.633804][   T29] kauditd_printk_skb: 856 callbacks suppressed
[  304.633819][   T29] audit: type=1326 audit(1753567001.252:11190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  304.664523][T15306] FAULT_INJECTION: forcing a failure.
[  304.664523][T15306] name failslab, interval 1, probability 0, space 0, times 0
[  304.677208][T15306] CPU: 0 UID: 0 PID: 15306 Comm: syz.0.3720 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  304.677313][T15306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  304.677326][T15306] Call Trace:
[  304.677333][T15306]  <TASK>
[  304.677340][T15306]  __dump_stack+0x1d/0x30
[  304.677362][T15306]  dump_stack_lvl+0xe8/0x140
[  304.677383][T15306]  dump_stack+0x15/0x1b
[  304.677400][T15306]  should_fail_ex+0x265/0x280
[  304.677466][T15306]  should_failslab+0x8c/0xb0
[  304.677490][T15306]  __kmalloc_noprof+0xa5/0x3e0
[  304.677573][T15306]  ? ext4_find_extent+0x16b/0x7a0
[  304.677650][T15306]  ext4_find_extent+0x16b/0x7a0
[  304.677681][T15306]  ext4_ext_map_blocks+0x11f/0x38a0
[  304.677716][T15306]  ? folio_mark_accessed+0x240/0x3d0
[  304.677748][T15306]  ? __queue_work+0x786/0xb60
[  304.677769][T15306]  ? xas_load+0x413/0x430
[  304.677828][T15306]  ? __rcu_read_unlock+0x4f/0x70
[  304.677935][T15306]  ? filemap_get_entry+0x34b/0x390
[  304.678037][T15306]  ? __filemap_get_folio+0x47f/0x6b0
[  304.678069][T15306]  ? folio_unlock+0xd9/0x120
[  304.678173][T15306]  ext4_map_query_blocks+0xa8/0x480
[  304.678196][T15306]  ext4_map_blocks+0x3a1/0xd70
[  304.678231][T15306]  ? __ext4_journal_start_sb+0x131/0x300
[  304.678283][T15306]  ext4_iomap_begin+0x93a/0xe00
[  304.678305][T15306]  ? __pfx_ext4_iomap_begin+0x10/0x10
[  304.678339][T15306]  iomap_iter+0x335/0x730
[  304.678361][T15306]  ? should_failslab+0x8c/0xb0
[  304.678418][T15306]  __iomap_dio_rw+0x708/0x1250
[  304.678514][T15306]  ? ext4_journal_check_start+0x11a/0x1b0
[  304.678592][T15306]  iomap_dio_rw+0x40/0x90
[  304.678693][T15306]  ext4_file_write_iter+0xad9/0xf00
[  304.678720][T15306]  iter_file_splice_write+0x5ef/0x970
[  304.678756][T15306]  ? __pfx_iter_file_splice_write+0x10/0x10
[  304.678826][T15306]  do_splice+0x974/0x10b0
[  304.678855][T15306]  ? __rcu_read_unlock+0x4f/0x70
[  304.678876][T15306]  ? __fget_files+0x184/0x1c0
[  304.678895][T15306]  __se_sys_splice+0x26c/0x3a0
[  304.678993][T15306]  __x64_sys_splice+0x78/0x90
[  304.679023][T15306]  x64_sys_call+0xb0a/0x2fb0
[  304.679070][T15306]  do_syscall_64+0xd2/0x200
[  304.679136][T15306]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  304.679175][T15306]  ? clear_bhb_loop+0x40/0x90
[  304.679193][T15306]  ? clear_bhb_loop+0x40/0x90
[  304.679212][T15306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.679230][T15306] RIP: 0033:0x7f789048e9a9
[  304.679243][T15306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.679269][T15306] RSP: 002b:00007f788eaf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  304.679285][T15306] RAX: ffffffffffffffda RBX: 00007f78906b5fa0 RCX: 00007f789048e9a9
[  304.679296][T15306] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000006
[  304.679307][T15306] RBP: 00007f788eaf7090 R08: 00000000088000cc R09: 0000000000000000
[  304.679318][T15306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  304.679328][T15306] R13: 0000000000000000 R14: 00007f78906b5fa0 R15: 00007ffe56f751c8
[  304.679374][T15306]  </TASK>
[  304.992943][   T29] audit: type=1400 audit(1753567001.302:11191): avc:  denied  { map } for  pid=15329 comm="syz.3.3730" path="socket:[42433]" dev="sockfs" ino=42433 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  305.002725][T15330] bond1: entered promiscuous mode
[  305.016386][   T29] audit: type=1400 audit(1753567001.302:11192): avc:  denied  { read } for  pid=15329 comm="syz.3.3730" path="socket:[42433]" dev="sockfs" ino=42433 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  305.021394][T15330] bond1: entered allmulticast mode
[  305.044643][   T29] audit: type=1326 audit(1753567001.302:11193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  305.050026][T15330] 8021q: adding VLAN 0 to HW filter on device bond1
[  305.073436][   T29] audit: type=1326 audit(1753567001.302:11194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  305.103798][   T29] audit: type=1326 audit(1753567001.302:11195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  305.104114][T15322] loop1: detected capacity change from 0 to 512
[  305.127441][   T29] audit: type=1326 audit(1753567001.302:11196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  305.135706][T15322] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  305.157869][   T29] audit: type=1326 audit(1753567001.302:11197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  305.157908][   T29] audit: type=1326 audit(1753567001.302:11198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  305.176959][T15322] EXT4-fs (loop1): 1 truncate cleaned up
[  305.191820][   T29] audit: type=1326 audit(1753567001.302:11199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15321 comm="syz.1.3727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  305.251768][T15330] bond1 (unregistering): Released all slaves
[  305.305897][T15336] loop2: detected capacity change from 0 to 1024
[  305.314391][T15336] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  305.351160][T15339] __nla_validate_parse: 4 callbacks suppressed
[  305.351178][T15339] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3733'.
[  305.389874][T15344] loop0: detected capacity change from 0 to 512
[  305.397494][T15344] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  305.413637][T15344] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  305.429128][T15344] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.3735: corrupted xattr block 19: overlapping e_value 
[  305.446131][T15344] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=15
[  305.447894][T15348] SELinux: failed to load policy
[  305.476320][T15350] netlink: 'syz.2.3736': attribute type 4 has an invalid length.
[  305.492554][T15342] loop2: detected capacity change from 0 to 512
[  305.500109][T15342] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  305.506890][T15348] loop1: detected capacity change from 0 to 4096
[  305.512197][T15342] EXT4-fs (loop2): orphan cleanup on readonly fs
[  305.521950][T15348] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  305.532800][T15342] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.3736: iget: bad i_size value: 360287970189639680
[  305.546781][T15342] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.3736: couldn't read orphan inode 15 (err -117)
[  305.593507][T15366] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  305.600085][T15366] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  305.608239][T15366] vhci_hcd vhci_hcd.0: Device attached
[  305.625914][T15367] loop0: detected capacity change from 0 to 8192
[  305.632401][T15368] vhci_hcd: connection closed
[  305.632664][   T41] vhci_hcd: stop threads
[  305.641685][   T41] vhci_hcd: release socket
[  305.646116][   T41] vhci_hcd: disconnect device
[  305.651684][T15363] loop1: detected capacity change from 0 to 512
[  305.658717][T15363] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  305.667722][T15363] EXT4-fs (loop1): orphan cleanup on readonly fs
[  305.674501][T15363] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.3740: iget: bad i_size value: 360287970189639680
[  305.687721][T15363] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.3740: couldn't read orphan inode 15 (err -117)
[  305.699946][T15372] syz.0.3741: attempt to access beyond end of device
[  305.699946][T15372] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  305.713509][T15372] Buffer I/O error on dev loop0, logical block 57847, async page read
[  305.747026][T15374] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  305.753763][T15374] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  305.761445][T15374] vhci_hcd vhci_hcd.0: Device attached
[  305.779568][T15375] vhci_hcd: connection closed
[  305.780012][   T41] vhci_hcd: stop threads
[  305.789900][   T41] vhci_hcd: release socket
[  305.794407][   T41] vhci_hcd: disconnect device
[  306.167326][T15378] bond1: entered promiscuous mode
[  306.172645][T15378] bond1: entered allmulticast mode
[  306.178085][T15378] 8021q: adding VLAN 0 to HW filter on device bond1
[  306.188921][T15378] bond1 (unregistering): Released all slaves
[  306.284270][T15385] loop2: detected capacity change from 0 to 512
[  306.319331][T15385] ext4 filesystem being mounted at /163/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  306.334249][T15385] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  306.349102][T15385] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.3747: Failed to acquire dquot type 0
[  306.387496][T15391] loop1: detected capacity change from 0 to 1024
[  306.398838][T15391] siw: device registration error -23
[  306.822266][T15404] loop4: detected capacity change from 0 to 1024
[  306.851874][T15407] syzkaller1: entered promiscuous mode
[  306.857382][T15407] syzkaller1: entered allmulticast mode
[  306.877116][T15404] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  307.042335][T15413] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3756'.
[  307.357595][T15419] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  307.364214][T15419] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  307.371943][T15419] vhci_hcd vhci_hcd.0: Device attached
[  307.393269][T15421] vhci_hcd: connection closed
[  307.393488][   T12] vhci_hcd: stop threads
[  307.402953][   T12] vhci_hcd: release socket
[  307.407802][   T12] vhci_hcd: disconnect device
[  307.417892][T15424] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  307.424796][T15424] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  307.432388][T15424] vhci_hcd vhci_hcd.0: Device attached
[  307.509137][T15425] vhci_hcd: connection closed
[  307.509393][ T1460] vhci_hcd: stop threads
[  307.518553][ T1460] vhci_hcd: release socket
[  307.523123][ T1460] vhci_hcd: disconnect device
[  307.748487][T15438] random: crng reseeded on system resumption
[  307.840150][T15443] bond1: entered promiscuous mode
[  307.845300][T15443] bond1: entered allmulticast mode
[  307.851003][T15443] 8021q: adding VLAN 0 to HW filter on device bond1
[  307.859846][T15443] bond1 (unregistering): Released all slaves
[  307.947868][T15449] loop0: detected capacity change from 0 to 512
[  307.955149][T15449] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  307.965702][T15449] EXT4-fs (loop0): orphan cleanup on readonly fs
[  307.972293][T15449] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.3767: Block bitmap for bg 0 marked uninitialized
[  307.985719][T15449] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  307.994829][T15449] EXT4-fs (loop0): 1 orphan inode deleted
[  308.003228][T15449] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  308.012798][T15449] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  308.054541][T15453] loop1: detected capacity change from 0 to 4096
[  308.062519][T15453] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  308.101321][T15460] netlink: 'syz.4.3771': attribute type 13 has an invalid length.
[  308.186379][T15453] bridge0: entered allmulticast mode
[  308.230176][T15465] netlink: 'syz.4.3772': attribute type 4 has an invalid length.
[  308.242560][T15464] loop4: detected capacity change from 0 to 512
[  308.249588][T15464] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  308.258721][T15464] EXT4-fs (loop4): orphan cleanup on readonly fs
[  308.265298][T15464] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.3772: iget: bad i_size value: 360287970189639680
[  308.278493][T15464] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.3772: couldn't read orphan inode 15 (err -117)
[  308.533749][T15478] loop2: detected capacity change from 0 to 512
[  308.541752][T15478] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  308.552685][T15478] EXT4-fs (loop2): orphan cleanup on readonly fs
[  308.559558][T15478] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.3776: Block bitmap for bg 0 marked uninitialized
[  308.575315][T15478] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  308.584527][T15478] EXT4-fs (loop2): 1 orphan inode deleted
[  308.591662][T15478] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  308.601369][T15478] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  308.676954][T15481] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  308.683553][T15481] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  308.691109][T15481] vhci_hcd vhci_hcd.0: Device attached
[  308.709407][T15482] vhci_hcd: connection closed
[  308.709599][   T12] vhci_hcd: stop threads
[  308.718722][   T12] vhci_hcd: release socket
[  308.723190][   T12] vhci_hcd: disconnect device
[  308.923780][T15487] loop1: detected capacity change from 0 to 1024
[  308.930906][T15487] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  308.942261][T15487] EXT4-fs error (device loop1): ext4_quota_enable:7124: comm syz.1.3779: inode #2304: comm syz.1.3779: iget: illegal inode #
[  308.942401][T15487] EXT4-fs error (device loop1): ext4_quota_enable:7127: comm syz.1.3779: Bad quota inode: 2304, type: 2
[  308.966926][T15487] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix.
[  308.967077][T15487] EXT4-fs (loop1): mount failed
[  309.016116][T15494] netlink: 'syz.1.3781': attribute type 10 has an invalid length.
[  309.025860][T15494] team0: Port device dummy0 added
[  309.082543][T15489] loop0: detected capacity change from 0 to 512
[  309.101479][T15489] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  309.148718][T15489] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  309.164530][T15489] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  309.176983][T15489] EXT4-fs (loop0): This should not happen!! Data will be lost
[  309.176983][T15489] 
[  309.186686][T15489] EXT4-fs (loop0): Total free blocks count 0
[  309.192772][T15489] EXT4-fs (loop0): Free/Dirty block details
[  309.198690][T15489] EXT4-fs (loop0): free_blocks=65280
[  309.204062][T15489] EXT4-fs (loop0): dirty_blocks=33
[  309.209167][T15489] EXT4-fs (loop0): Block reservation details
[  309.215181][T15489] EXT4-fs (loop0): i_reserved_data_blocks=33
[  309.279744][T15509] random: crng reseeded on system resumption
[  309.296091][T15511] loop2: detected capacity change from 0 to 512
[  309.306759][T15512] xt_CT: You must specify a L4 protocol and not use inversions on it
[  309.317583][T15511] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  309.332365][T13360] EXT4-fs unmount: 145 callbacks suppressed
[  309.332381][T13360] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.350465][T15511] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.364106][T15511] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  309.379460][T15511] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.3786: corrupted xattr block 19: overlapping e_value 
[  309.393616][T15511] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[  309.410525][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.427696][T15522] loop2: detected capacity change from 0 to 512
[  309.443062][T15522] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.456320][T15522] ext4 filesystem being mounted at /171/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  309.478932][T15522] bond1: entered promiscuous mode
[  309.484075][T15522] bond1: entered allmulticast mode
[  309.489511][T15522] 8021q: adding VLAN 0 to HW filter on device bond1
[  309.499800][T15522] bond1 (unregistering): Released all slaves
[  309.524873][T15535] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3791'.
[  309.571455][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.612925][T15540] netlink: 'syz.2.3795': attribute type 5 has an invalid length.
[  309.907839][T15543] loop2: detected capacity change from 0 to 512
[  309.917368][T15543] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  309.988134][T15543] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  310.001082][T15543] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  310.017881][T15547] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  310.024572][T15547] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  310.032215][T15547] vhci_hcd vhci_hcd.0: Device attached
[  310.062205][T15548] vhci_hcd: connection closed
[  310.062447][ T4071] vhci_hcd: stop threads
[  310.071511][ T4071] vhci_hcd: release socket
[  310.075941][ T4071] vhci_hcd: disconnect device
[  310.082816][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.133625][   T29] kauditd_printk_skb: 101 callbacks suppressed
[  310.133638][   T29] audit: type=1326 audit(1753567006.752:11299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.163563][   T29] audit: type=1326 audit(1753567006.752:11300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.187658][   T29] audit: type=1326 audit(1753567006.752:11301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.211480][   T29] audit: type=1326 audit(1753567006.752:11302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.236032][   T29] audit: type=1326 audit(1753567006.752:11303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.259709][   T29] audit: type=1326 audit(1753567006.752:11304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.261413][T15556] loop2: detected capacity change from 0 to 512
[  310.283292][   T29] audit: type=1326 audit(1753567006.752:11305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.293265][T15556] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  310.313517][   T29] audit: type=1326 audit(1753567006.752:11306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.347400][   T29] audit: type=1326 audit(1753567006.752:11307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.371069][   T29] audit: type=1326 audit(1753567006.752:11308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15555 comm="syz.2.3799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666408e9a9 code=0x7ffc0000
[  310.372195][T15556] EXT4-fs (loop2): 1 truncate cleaned up
[  310.448564][T15556] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.503956][T15569] netlink: 'syz.3.3804': attribute type 1 has an invalid length.
[  310.646758][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.717538][T15588] loop0: detected capacity change from 0 to 512
[  310.725530][T15588] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  310.776230][T15588] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:169: inode #17: comm syz.0.3811: inline data xattr refers to an external xattr inode
[  310.805619][T15588] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.3811: couldn't read orphan inode 17 (err -117)
[  310.818580][T15588] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.846320][T15603] loop2: detected capacity change from 0 to 512
[  310.856006][T15588] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  310.873648][T15605] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3815'.
[  310.893736][T15603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  310.919123][T13360] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  310.929007][T15603] ext4 filesystem being mounted at /177/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  310.948163][T15603] vlan2: entered promiscuous mode
[  310.953542][T15603] vlan2: entered allmulticast mode
[  310.958823][T15603] hsr_slave_1: entered allmulticast mode
[  311.011909][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.024236][T15595] netlink: 'syz.1.3812': attribute type 4 has an invalid length.
[  311.044577][T15627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3819'.
[  311.062284][T15595] loop1: detected capacity change from 0 to 512
[  311.079908][T15595] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  311.090972][T15595] EXT4-fs (loop1): orphan cleanup on readonly fs
[  311.095130][T15638] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3822'.
[  311.109727][T15595] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.3812: iget: bad i_size value: 360287970189639680
[  311.142106][T15595] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.3812: couldn't read orphan inode 15 (err -117)
[  311.173549][T15595] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  311.186889][T15595] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.219449][T15650] loop2: detected capacity change from 0 to 164
[  311.232007][T15650] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  311.241791][T15650] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  311.278815][T15652] loop2: detected capacity change from 0 to 512
[  311.286844][T15652] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  311.300080][T15652] EXT4-fs (loop2): 1 truncate cleaned up
[  311.306303][T15652] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.402515][T15661] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3830'.
[  311.467527][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.616780][T15681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3839'.
[  311.631402][T15687] loop0: detected capacity change from 0 to 512
[  311.657670][T15687] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  311.660883][T15686] netlink: 'syz.1.3836': attribute type 4 has an invalid length.
[  311.683073][T15686] loop1: detected capacity change from 0 to 512
[  311.691863][T15686] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  311.702859][T15686] EXT4-fs (loop1): orphan cleanup on readonly fs
[  311.704594][T15687] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.718292][T15686] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.3836: iget: bad i_size value: 360287970189639680
[  311.730035][T15687] ext4 filesystem being mounted at /161/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  311.736123][T15686] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.3836: couldn't read orphan inode 15 (err -117)
[  311.761691][T15686] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  311.775338][T15686] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.870418][T13360] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.968913][T15710] loop2: detected capacity change from 0 to 512
[  312.008268][T15710] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.050832][T15710] ext4 filesystem being mounted at /187/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.062731][T15700] loop4: detected capacity change from 0 to 512
[  312.065224][T15715] random: crng reseeded on system resumption
[  312.085787][T15700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.092908][T15710] bond1: entered promiscuous mode
[  312.099267][T15700] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.103322][T15710] bond1: entered allmulticast mode
[  312.119180][T15710] 8021q: adding VLAN 0 to HW filter on device bond1
[  312.131366][T15710] bond1 (unregistering): Released all slaves
[  312.133379][T15700] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  312.141717][T15719] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3846'.
[  312.152796][T15700] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  312.173346][T15700] EXT4-fs (loop4): This should not happen!! Data will be lost
[  312.173346][T15700] 
[  312.183173][T15700] EXT4-fs (loop4): Total free blocks count 0
[  312.189157][T15700] EXT4-fs (loop4): Free/Dirty block details
[  312.195097][T15700] EXT4-fs (loop4): free_blocks=65280
[  312.200518][T15700] EXT4-fs (loop4): dirty_blocks=33
[  312.205785][T15700] EXT4-fs (loop4): Block reservation details
[  312.211805][T15700] EXT4-fs (loop4): i_reserved_data_blocks=33
[  312.229073][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.274299][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.290654][T15723] loop4: detected capacity change from 0 to 512
[  312.297766][T15723] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  312.311587][T15723] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.324471][T15723] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.365412][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.437092][T15729] loop2: detected capacity change from 0 to 512
[  312.452715][T15729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.465298][T15729] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.479012][T15729] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  312.493607][T15729] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  312.505891][T15729] EXT4-fs (loop2): This should not happen!! Data will be lost
[  312.505891][T15729] 
[  312.515584][T15729] EXT4-fs (loop2): Total free blocks count 0
[  312.521659][T15729] EXT4-fs (loop2): Free/Dirty block details
[  312.527581][T15729] EXT4-fs (loop2): free_blocks=65280
[  312.532914][T15729] EXT4-fs (loop2): dirty_blocks=33
[  312.538090][T15729] EXT4-fs (loop2): Block reservation details
[  312.544224][T15729] EXT4-fs (loop2): i_reserved_data_blocks=33
[  312.597015][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.618117][T15745] loop2: detected capacity change from 0 to 512
[  312.625202][T15745] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  312.648461][T15743] loop4: detected capacity change from 0 to 8192
[  312.657750][T15745] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.671416][T15745] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.684453][T15749] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3856'.
[  312.735509][T15754] FAULT_INJECTION: forcing a failure.
[  312.735509][T15754] name failslab, interval 1, probability 0, space 0, times 0
[  312.748505][T15754] CPU: 1 UID: 0 PID: 15754 Comm: syz.1.3857 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  312.748534][T15754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  312.748547][T15754] Call Trace:
[  312.748554][T15754]  <TASK>
[  312.748561][T15754]  __dump_stack+0x1d/0x30
[  312.748597][T15754]  dump_stack_lvl+0xe8/0x140
[  312.748616][T15754]  dump_stack+0x15/0x1b
[  312.748632][T15754]  should_fail_ex+0x265/0x280
[  312.748662][T15754]  ? __se_sys_mount+0xef/0x2e0
[  312.748801][T15754]  should_failslab+0x8c/0xb0
[  312.748822][T15754]  __kmalloc_cache_noprof+0x4c/0x320
[  312.748919][T15754]  ? memdup_user+0x99/0xd0
[  312.748987][T15754]  __se_sys_mount+0xef/0x2e0
[  312.749019][T15754]  ? fput+0x8f/0xc0
[  312.749042][T15754]  ? ksys_write+0x192/0x1a0
[  312.749138][T15754]  __x64_sys_mount+0x67/0x80
[  312.749167][T15754]  x64_sys_call+0xd36/0x2fb0
[  312.749258][T15754]  do_syscall_64+0xd2/0x200
[  312.749276][T15754]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  312.749339][T15754]  ? clear_bhb_loop+0x40/0x90
[  312.749359][T15754]  ? clear_bhb_loop+0x40/0x90
[  312.749391][T15754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.749471][T15754] RIP: 0033:0x7f7da3b8e9a9
[  312.749487][T15754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.749505][T15754] RSP: 002b:00007f7da21f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  312.749525][T15754] RAX: ffffffffffffffda RBX: 00007f7da3db5fa0 RCX: 00007f7da3b8e9a9
[  312.749570][T15754] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000000
[  312.749585][T15754] RBP: 00007f7da21f7090 R08: 0000200000000340 R09: 0000000000000000
[  312.749599][T15754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  312.749611][T15754] R13: 0000000000000000 R14: 00007f7da3db5fa0 R15: 00007ffcb8fa4b08
[  312.749638][T15754]  </TASK>
[  312.757061][T15757] syz.4.3855: attempt to access beyond end of device
[  312.757061][T15757] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  312.782739][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.784619][T15757] Buffer I/O error on dev loop4, logical block 57847, async page read
[  313.019976][T15774] loop0: detected capacity change from 0 to 512
[  313.020362][T15769] syzkaller0: entered promiscuous mode
[  313.032116][T15769] syzkaller0: entered allmulticast mode
[  313.046992][T15774] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  313.068118][T15774] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  313.083052][T15774] EXT4-fs (loop0): 1 truncate cleaned up
[  313.089603][T15774] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.126263][T13360] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.207408][T15784] loop2: detected capacity change from 0 to 512
[  313.228728][T15784] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.241456][T15784] ext4 filesystem being mounted at /193/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  313.255370][T15784] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  313.270112][T15784] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  313.282651][T15784] EXT4-fs (loop2): This should not happen!! Data will be lost
[  313.282651][T15784] 
[  313.292834][T15784] EXT4-fs (loop2): Total free blocks count 0
[  313.298909][T15784] EXT4-fs (loop2): Free/Dirty block details
[  313.305569][T15784] EXT4-fs (loop2): free_blocks=65280
[  313.310946][T15784] EXT4-fs (loop2): dirty_blocks=33
[  313.317255][T15784] EXT4-fs (loop2): Block reservation details
[  313.324694][T15784] EXT4-fs (loop2): i_reserved_data_blocks=33
[  313.353586][T15796] lo speed is unknown, defaulting to 1000
[  313.374857][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.420668][T15799] loop2: detected capacity change from 0 to 512
[  313.433266][T15799] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  313.461675][T15799] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.474398][T15799] ext4 filesystem being mounted at /194/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  313.535113][T15806] loop0: detected capacity change from 0 to 512
[  313.547962][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.560293][T15806] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  313.580256][T15806] EXT4-fs (loop0): orphan cleanup on readonly fs
[  313.596033][T15806] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.3871: Block bitmap for bg 0 marked uninitialized
[  313.610133][T15806] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  313.637560][T15816] loop2: detected capacity change from 0 to 512
[  313.644679][T15806] EXT4-fs (loop0): 1 orphan inode deleted
[  313.651979][T15816] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  313.662661][T15806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  313.678799][T15816] EXT4-fs (loop2): 1 truncate cleaned up
[  313.687528][T15816] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  313.709916][T15806] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  313.722888][T15806] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  313.740969][T15820] loop1: detected capacity change from 0 to 512
[  313.753643][T15820] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  313.783891][T15823] random: crng reseeded on system resumption
[  313.787505][T15820] EXT4-fs (loop1): 1 truncate cleaned up
[  313.796054][T15820] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  313.812147][T13360] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.841097][T15826] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3877'.
[  313.929934][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.064648][T15839] random: crng reseeded on system resumption
[  314.127076][T12888] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.174219][T15845] loop1: detected capacity change from 0 to 8192
[  314.185294][T15850] netlink: 'syz.3.3885': attribute type 21 has an invalid length.
[  314.193208][T15850] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3885'.
[  314.202540][T15850] netlink: 'syz.3.3885': attribute type 4 has an invalid length.
[  314.210478][T15850] netlink: 'syz.3.3885': attribute type 3 has an invalid length.
[  314.218219][T15850] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3885'.
[  314.238702][T15851] syz.1.3883: attempt to access beyond end of device
[  314.238702][T15851] loop1: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  314.252188][T15851] Buffer I/O error on dev loop1, logical block 57847, async page read
[  314.275416][T15853] bond2: entered promiscuous mode
[  314.280516][T15853] bond2: entered allmulticast mode
[  314.285948][T15853] 8021q: adding VLAN 0 to HW filter on device bond2
[  314.295364][T15853] bond2 (unregistering): Released all slaves
[  314.473363][T15864] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  314.479985][T15864] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  314.487533][T15864] vhci_hcd vhci_hcd.0: Device attached
[  314.511030][T15865] vhci_hcd: connection closed
[  314.511154][   T12] vhci_hcd: stop threads
[  314.520149][   T12] vhci_hcd: release socket
[  314.524637][   T12] vhci_hcd: disconnect device
[  314.852949][T15870] loop2: detected capacity change from 0 to 512
[  314.859827][T15870] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  314.882010][T15870] EXT4-fs (loop2): orphan cleanup on readonly fs
[  314.882179][T15870] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.3892: Block bitmap for bg 0 marked uninitialized
[  314.888618][T15870] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[  314.901960][T15870] EXT4-fs (loop2): 1 orphan inode deleted
[  314.902386][T15870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  314.904277][T15870] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  314.913028][T15870] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  314.922709][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.086708][T15872] loop0: detected capacity change from 0 to 512
[  315.120930][T15872] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  315.153188][T15886] loop4: detected capacity change from 0 to 512
[  315.178985][T15872] ext4 filesystem being mounted at /171/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  315.202165][T15886] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  315.215168][T15872] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  315.236557][T15872] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  315.248889][T15872] EXT4-fs (loop0): This should not happen!! Data will be lost
[  315.248889][T15872] 
[  315.249017][   T29] kauditd_printk_skb: 479 callbacks suppressed
[  315.249029][   T29] audit: type=1326 audit(1753567011.852:11788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15880 comm="syz.4.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f6a2725e9a9 code=0x7ffc0000
[  315.258600][T15872] EXT4-fs (loop0): Total free blocks count 0
[  315.258677][T15872] EXT4-fs (loop0): Free/Dirty block details
[  315.258689][T15872] EXT4-fs (loop0): free_blocks=65280
[  315.265305][T15886] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  315.288307][T15872] EXT4-fs (loop0): dirty_blocks=33
[  315.288325][T15872] EXT4-fs (loop0): Block reservation details
[  315.288335][T15872] EXT4-fs (loop0): i_reserved_data_blocks=33
[  315.403132][T15886] bond1: entered promiscuous mode
[  315.408240][T15886] bond1: entered allmulticast mode
[  315.413989][T15886] 8021q: adding VLAN 0 to HW filter on device bond1
[  315.441036][T15886] bond1 (unregistering): Released all slaves
[  315.472755][T15892] loop1: detected capacity change from 0 to 512
[  315.488684][T15892] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  315.499254][T13360] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.503856][T15892] EXT4-fs (loop1): orphan cleanup on readonly fs
[  315.515609][T15892] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.3897: iget: bad i_size value: 360287970189639680
[  315.532246][T15892] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.3897: couldn't read orphan inode 15 (err -117)
[  315.552258][T15892] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  315.566067][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.570529][T15892] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.584078][   T29] audit: type=1326 audit(1753567012.192:11789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15896 comm="syz.3.3899" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7112ee9a9 code=0x0
[  315.674117][T15910] loop1: detected capacity change from 0 to 1024
[  315.674637][T15910] EXT4-fs: Ignoring removed orlov option
[  315.690024][T15910] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  315.740485][T15910] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  315.775597][T12888] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.783561][   T29] audit: type=1400 audit(1753567012.372:11790): avc:  denied  { mount } for  pid=15909 comm="syz.1.3903" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  315.816249][T15917] FAULT_INJECTION: forcing a failure.
[  315.816249][T15917] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.829739][T15917] CPU: 1 UID: 0 PID: 15917 Comm: syz.1.3904 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  315.829772][T15917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.829826][T15917] Call Trace:
[  315.829847][T15917]  <TASK>
[  315.829856][T15917]  __dump_stack+0x1d/0x30
[  315.829879][T15917]  dump_stack_lvl+0xe8/0x140
[  315.829951][T15917]  dump_stack+0x15/0x1b
[  315.829970][T15917]  should_fail_ex+0x265/0x280
[  315.830060][T15917]  should_fail+0xb/0x20
[  315.830137][T15917]  should_fail_usercopy+0x1a/0x20
[  315.830171][T15917]  _copy_to_user+0x20/0xa0
[  315.830193][T15917]  simple_read_from_buffer+0xb5/0x130
[  315.830280][T15917]  proc_fail_nth_read+0x100/0x140
[  315.830375][T15917]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  315.830419][T15917]  vfs_read+0x1a0/0x6f0
[  315.830448][T15917]  ? __rcu_read_unlock+0x4f/0x70
[  315.830537][T15917]  ? __fget_files+0x184/0x1c0
[  315.830598][T15917]  ksys_read+0xda/0x1a0
[  315.830632][T15917]  __x64_sys_read+0x40/0x50
[  315.830739][T15917]  x64_sys_call+0x2d77/0x2fb0
[  315.830763][T15917]  do_syscall_64+0xd2/0x200
[  315.830784][T15917]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  315.830813][T15917]  ? clear_bhb_loop+0x40/0x90
[  315.830836][T15917]  ? clear_bhb_loop+0x40/0x90
[  315.830992][T15917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.831016][T15917] RIP: 0033:0x7f7da3b8d3bc
[  315.831077][T15917] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  315.831097][T15917] RSP: 002b:00007f7da21f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  315.831119][T15917] RAX: ffffffffffffffda RBX: 00007f7da3db5fa0 RCX: 00007f7da3b8d3bc
[  315.831174][T15917] RDX: 000000000000000f RSI: 00007f7da21f70a0 RDI: 0000000000000003
[  315.831188][T15917] RBP: 00007f7da21f7090 R08: 0000000000000000 R09: 0000000000000000
[  315.831201][T15917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.831214][T15917] R13: 0000000000000000 R14: 00007f7da3db5fa0 R15: 00007ffcb8fa4b08
[  315.831234][T15917]  </TASK>
[  316.044498][T15908] loop2: detected capacity change from 0 to 512
[  316.062046][T15908] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.074874][T15908] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.089536][T15908] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  316.104072][T15908] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  316.116536][T15908] EXT4-fs (loop2): This should not happen!! Data will be lost
[  316.116536][T15908] 
[  316.116553][T15908] EXT4-fs (loop2): Total free blocks count 0
[  316.116564][T15908] EXT4-fs (loop2): Free/Dirty block details
[  316.116576][T15908] EXT4-fs (loop2): free_blocks=65280
[  316.116588][T15908] EXT4-fs (loop2): dirty_blocks=33
[  316.116602][T15908] EXT4-fs (loop2): Block reservation details
[  316.116615][T15908] EXT4-fs (loop2): i_reserved_data_blocks=33
[  316.137397][   T29] audit: type=1326 audit(1753567012.752:11791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.1.3907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  316.187098][   T29] audit: type=1326 audit(1753567012.752:11792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.1.3907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  316.187122][   T29] audit: type=1326 audit(1753567012.752:11793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.1.3907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  316.187152][   T29] audit: type=1326 audit(1753567012.752:11794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.1.3907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  316.187183][   T29] audit: type=1326 audit(1753567012.752:11795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.1.3907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  316.187210][   T29] audit: type=1326 audit(1753567012.752:11796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.1.3907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  316.187324][   T29] audit: type=1326 audit(1753567012.752:11797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15924 comm="syz.1.3907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7da3b8e9a9 code=0x7ffc0000
[  316.266686][T13150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.382530][T15934] __nla_validate_parse: 3 callbacks suppressed
[  316.382545][T15934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3910'.
[  316.405005][T15934] IPVS: Error joining to the multicast group
[  316.460876][T15949] bond1: entered promiscuous mode
[  316.465966][T15949] bond1: entered allmulticast mode
[  316.471504][T15949] 8021q: adding VLAN 0 to HW filter on device bond1
[  316.482437][T15949] bond1 (unregistering): Released all slaves
[  316.510842][T15943] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3913'.
[  316.522265][T15930] loop4: detected capacity change from 0 to 512
[  316.541719][T15943] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3913'.
[  316.568996][T15930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.593519][T15930] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.676385][T15962] loop1: detected capacity change from 0 to 512
[  316.711739][T15951] loop2: detected capacity change from 0 to 128
[  316.713397][T15962] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  316.740974][T15967] netlink: 'syz.3.3915': attribute type 23 has an invalid length.
[  316.869086][T15962] EXT4-fs (loop1): 1 truncate cleaned up
[  316.875546][T15962] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  316.877682][T15923] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  316.934684][T12888] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.936006][T15923] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  316.958003][T15923] EXT4-fs (loop4): This should not happen!! Data will be lost
[  316.958003][T15923] 
[  316.970696][T15923] EXT4-fs (loop4): Total free blocks count 0
[  316.977336][T15923] EXT4-fs (loop4): Free/Dirty block details
[  316.985508][T15923] EXT4-fs (loop4): free_blocks=65280
[  316.991635][T15923] EXT4-fs (loop4): dirty_blocks=33
[  316.997717][T15923] EXT4-fs (loop4): Block reservation details
[  317.004207][T15923] EXT4-fs (loop4): i_reserved_data_blocks=33
[  317.071798][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.133746][T15978] x_tables: duplicate underflow at hook 3
[  317.165076][T15978] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=15978 comm=syz.4.3926
[  317.178101][T15980] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=15980 comm=syz.4.3926
[  317.192827][T15986] random: crng reseeded on system resumption
[  317.215059][T15990] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3927'.
[  317.278299][T15996] loop4: detected capacity change from 0 to 512
[  317.286163][T15996] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  317.302206][T15996] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  317.315211][T15996] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  317.329307][T15996] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.3930: corrupted xattr block 19: overlapping e_value 
[  317.343899][T15996] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  317.363502][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.438124][T16004] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3933'.
[  317.613552][T16016] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16016 comm=syz.4.3938
[  317.678233][T16021] x_tables: duplicate underflow at hook 2
[  317.701856][T16025] loop4: detected capacity change from 0 to 512
[  317.709425][T16025] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  317.721171][T16025] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  317.734130][T16025] ext4 filesystem being mounted at /182/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  317.748965][T16025] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.3942: corrupted xattr block 19: overlapping e_value 
[  317.763154][T16025] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  317.779857][T12331] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.816352][T16034] bond1: entered promiscuous mode
[  317.821632][T16034] bond1: entered allmulticast mode
[  317.827314][T16034] 8021q: adding VLAN 0 to HW filter on device bond1
[  317.837818][T16034] bond1 (unregistering): Released all slaves
[  317.903523][T16038] loop1: detected capacity change from 0 to 764
[  317.932508][T16038] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  317.967640][T16038] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3945'.
[  318.011976][T16038] netlink: 'syz.1.3945': attribute type 1 has an invalid length.
[  318.019994][T16038] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3945'.
[  318.029382][T16032] loop4: detected capacity change from 0 to 512
[  318.055066][T16032] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  318.070407][T12888] Symlink component flag not implemented
[  318.078177][T16032] ext4 filesystem being mounted at /183/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  318.088865][T16053] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  318.095450][T16053] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  318.095702][T16032] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, 
[  318.103191][T16053] vhci_hcd vhci_hcd.0: Device attached
[  318.103198][T16032] block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  318.103345][T16053] ==================================================================
[  318.111506][T16053] BUG: KCSAN: data-race in _prb_read_valid / prb_reserve
[  318.111551][T16053] 
[  318.111558][T16053] write to 0xffffffff868c5bb0 of 88 bytes by task 16032 on cpu 1:
[  318.111574][T16053]  prb_reserve+0x696/0xaf0
[  318.111606][T16053]  vprintk_store+0x56d/0x860
[  318.111623][T16053]  vprintk_emit+0x178/0x650
[  318.111639][T16053]  vprintk_default+0x26/0x30
[  318.111657][T16053]  vprintk+0x1d/0x30
[  318.111680][T16053]  _printk+0x79/0xa0
[  318.111708][T16053]  __ext4_grp_locked_error+0x599/0x780
[  318.111731][T16053]  ext4_mb_generate_buddy+0x243/0x2c0
[  318.111752][T16053]  ext4_mb_init_cache+0x82b/0xb70
[  318.111771][T16053]  ext4_mb_init_group+0x25b/0x3f0
[  318.111801][T16053]  ext4_mb_load_buddy_gfp+0x72a/0x790
[  318.111819][T16053]  ext4_mb_find_by_goal+0x10b/0x720
[  318.111840][T16053]  ext4_mb_regular_allocator+0x135/0x2300
[  318.111864][T16053]  ext4_mb_new_blocks+0x800/0x2050
[  318.111884][T16053]  ext4_ext_map_blocks+0xff5/0x38a0
[  318.111912][T16053]  ext4_map_blocks+0x61c/0xd70
[  318.111946][T16053]  ext4_do_writepages+0x12d5/0x21c0
[  318.111965][T16053]  ext4_writepages+0x176/0x300
[  318.111988][T16053]  do_writepages+0x1c6/0x310
[  318.112025][T16053]  file_write_and_wait_range+0x156/0x2c0
[  318.112062][T16053]  generic_buffers_fsync_noflush+0x45/0x120
[  318.112099][T16053]  ext4_sync_file+0x1ab/0x690
[  318.112121][T16053]  vfs_fsync_range+0x10a/0x130
[  318.112152][T16053]  ext4_buffered_write_iter+0x34f/0x3c0
[  318.112179][T16053]  ext4_file_write_iter+0x383/0xf00
[  318.112202][T16053]  do_iter_readv_writev+0x421/0x4c0
[  318.112235][T16053]  vfs_writev+0x2df/0x8b0
[  318.112259][T16053]  __se_sys_pwritev2+0xfc/0x1c0
[  318.112279][T16053]  __x64_sys_pwritev2+0x67/0x80
[  318.112300][T16053]  x64_sys_call+0x1cea/0x2fb0
[  318.112322][T16053]  do_syscall_64+0xd2/0x200
[  318.112342][T16053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.112364][T16053] 
[  318.112371][T16053] read to 0xffffffff868c5bb0 of 8 bytes by task 16053 on cpu 0:
[  318.112380][T16032] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28
[  318.112390][T16053]  _prb_read_valid+0x383/0x920
[  318.112409][T16032] EXT4-fs (loop4): This should not happen!! Data will be lost
[  318.112409][T16032] 
[  318.112423][T16053]  desc_make_final+0xe2/0x190
[  318.112452][T16053]  prb_reserve+0x7c4/0xaf0
[  318.112480][T16053]  vprintk_store+0x56d/0x860
[  318.112497][T16053]  vprintk_emit+0x178/0x650
[  318.112504][T16032] EXT4-fs (loop4): Total free blocks count 0
[  318.112518][T16032] EXT4-fs (loop4): Free/Dirty block details
[  318.112518][T16053]  dev_vprintk_emit+0x242/0x2a0
[  318.112542][T16053]  dev_printk_emit+0x84/0xb0
[  318.112562][T16053]  __dev_printk+0xf3/0x110
[  318.112585][T16053]  _dev_info+0x9b/0xd0
[  318.112609][T16032] EXT4-fs (loop4): free_blocks=65280
[  318.112604][T16053]  attach_store+0x5f8/0x680
[  318.112626][T16032] EXT4-fs (loop4): dirty_blocks=33
[  318.112632][T16053]  dev_attr_store+0x4a/0x70
[  318.112642][T16032] EXT4-fs (loop4): Block reservation details
[  318.112663][T16053]  sysfs_kf_write+0xfb/0x120
[  318.112688][T16053]  kernfs_fop_write_iter+0x1be/0x2d0
[  318.112667][T16032] EXT4-fs (loop4): i_reserved_data_blocks=33
[  318.112711][T16053]  vfs_write+0x4a0/0x8e0
[  318.112740][T16053]  ksys_write+0xda/0x1a0
[  318.112773][T16053]  __x64_sys_write+0x40/0x50
[  318.112805][T16053]  x64_sys_call+0x2cdd/0x2fb0
[  318.112826][T16053]  do_syscall_64+0xd2/0x200
[  318.112850][T16053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.112869][T16053] 
[  318.112875][T16053] value changed: 0x0000000000002816 -> 0x0000000000004816
[  318.112886][T16053] 
[  318.112891][T16053] Reported by Kernel Concurrency Sanitizer on:
[  318.112904][T16053] CPU: 0 UID: 0 PID: 16053 Comm: syz.0.3950 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(voluntary) 
[  318.112933][T16053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  318.112948][T16053] ==================================================================
[  318.565847][T16054] vhci_hcd: connection closed
[  318.565973][ T3842] vhci_hcd: stop threads
[  318.575014][ T3842] vhci_hcd: release socket
[  318.579484][ T3842] vhci_hcd: disconnect device