last executing test programs:

3m20.89716615s ago: executing program 3 (id=38):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1], 0x48)

3m20.764397721s ago: executing program 3 (id=33):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='block_bio_remap\x00', r3, 0x0, 0x5}, 0x18)
r4 = socket$tipc(0x1e, 0x5, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x400, &(0x7f0000000500), 0xff, 0x260, &(0x7f0000000980)="$eJzs3U9IHFccB/DfzO7Wqkux7aVQ+gdKKa0g9lboxV5aEIpIKYW2YCmllxYtWKU37SmXHJJjSIKnXCTkFpNj8CK5JARyMokHcwkkkkMkhySwYXcU/LOJxl13gvP5wDoz+ub93jDzfSPiMAEUVl9EDEVEKSL6I6ISEcnWBh9nn76NzbnupbGIWu2Hh0mjXbad2dyvNyJmI+KriFhMk/irHDG98Mvq4+XvPjs+Vfn03MLP3R09yA1rqyvfr58dOXZx+Mvp6zfvjyQxFNVtx9V+SZPvlZOIdw6j2GsiKec9AvZj9L8Lt+q5fzciPmnkvxJpZCfvxOQbi5X44syL9j354Mb7nRwr0H61WqV+D5ytAYWTRkQ1knQgIrL1NB0YyH6Hv13qSf+emPy3/8+JqfE/8p6pgHapRqx8e7nrUu+O/N8rZfkHjqjsj1IrP47O36mvrJfyHhDQER9ki/r9v/+3mc9D/qFw5B+KS/6huOQfikv+4ehp9v+mzcg/FJf8Q3HJPxSX/ENxHTj/p54d3qCAjtiafwCgWGpdB3pquP0PIgMdl/f8AwAAAAAAAAAAAAAAAAAA7DbXvTS2+WlPj+U9W1w9HbH2TdZ0d/1S433EEW82vvY8Srb1mOyrwsv9+lGLHbTofM5PX791N9/61z7Mt/7MeMTs/xExWC43rr1tF1Sycf0d3Nt7/Lzye4sFXtHOdwN8/VNn6+/0dD7f+sPLEVfq889gs/knjfcay+bzT7V+/lqs/8+TFjsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgY54HAAD//7UiauA=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x17e)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000140))
r6 = openat(0xffffffffffffff9c, 0x0, 0x141142, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x8a142, 0x40)
pwritev2(r7, &(0x7f00000001c0)=[{&(0x7f00000000c0)="ff", 0x1}], 0x1, 0x5405, 0x0, 0x0)
r8 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r8, r8, 0x0, 0x800000009)
pwrite64(r6, &(0x7f0000000000)='2', 0x1, 0x4fed0)
ioctl$EXT4_IOC_MIGRATE(r5, 0x6609)
bind$tipc(r4, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r4, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x79ca}], 0x1}, 0x0)

3m20.583924495s ago: executing program 3 (id=36):
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080), 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x6, 0xe, &(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYRES16=r0], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x3, 0x8}, 0x10, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) (async)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) (async)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, 0x0) (async, rerun: 32)
connect$inet(r2, &(0x7f0000000b40)={0x2, 0x4e23, @empty}, 0x10) (async, rerun: 32)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
sendmmsg(r2, &(0x7f0000002b80)=[{{&(0x7f0000000240)=@l2={0x1f, 0x3, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1, 0x1}, 0x80, &(0x7f00000002c0)=[{&(0x7f00000005c0)="360c4e6081e8ad88305cf47db78d7b7c20a0e7f11d3a2a91e62987456b422c0c2470963324db55ac05776b05f3696c5b833aeb75c92b94e0d9a38e14c324f33c93df9d4a09f1f61a87ba767570bc34ba4257e23dce25d46d7d0eab4ba96fb2749b50e1367c04578604e935a3abe5a76995363e200fe59f9ef0996106652bf1d4512d90c079720c66df4ddd8fdabfa03fa07a14b89df8c739dc80107f25019d18fef8f66a24e78b05ee141c3af61602a483ab03d310fa213087cd0d08a86e8099b0161e8d5853ec242ba763394266325f426499600be8996d647b", 0xda}, {&(0x7f0000000380)="5662aeb56a3472f3f09959dcd7881457ea41ea84f87673b6b39751c366fa11bcf115d3cadacbd11e96d2150ab1c5890a2666c4ad06bf084e5f9189e425252b714a1cb535b4399bc893389a68dec4b63783be0fb114b5b00afae5e61ffc984c05de7e9b03493d63e3d8f80b1d439e29319abe280e6381833002059fd608cc217aea2fcec6fecc232ba781e30a45ac272ad02c3a444225d615b226c138a32c6a001f82219f3a265fdd1e46c194", 0xac}], 0x2}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000700)="3a8dda406af03f0a18a4706fbb095275e6c287e3e4daf892f454b0d6adec5660e781f1b017327cd3339cb4f66ccb23adc18eac804586a8669f481c4e48db215a3687e71f097e0ed4cdbd1e6987f0ac1615af0544bf98f3c0fc087e34a3cd752cedeb224970c8d868c7f3a1b20223d91d561d0edb6b53e281ca4dc49a66c3c69d22c3b899c94ba96cd47a2a57cdada1b541e62b64a69553e7c1ee7bd9fbf4122c933238b95e65fe0e58816e3a1d52d193", 0xb0}, {&(0x7f0000000300)="337f317bdaa45dcfa3b955", 0xb}, {&(0x7f00000007c0)="5a5a2b074676d621ec5d860c1c5ee9438f06afa2d68dfc73b639c3c21999a1f87c0e96d6c2a79c554ad2ed6adba9cb7b50cdd02e7fc08d92cd12343d7ee1b297151240f2f9e398e5718cfc469b328154e3aeaeade5f79b94c994fae1b929b7993e", 0x61}, {&(0x7f0000000840)="cdfe478f4fa21e0687aed261a6af31003611d985ef3bacb76710725d32da13330c3fc6", 0x23}, {&(0x7f0000000980)="fcd5c07383ca76d2553e745c8be56059e1fa699381cdade650cdf27b03f49af531c97a6c389a829eb7c0737ca54bd0d1a596abc0c5d2d61177b63e641ec2e8a40d44875dadfccacbed60cba7d8ac4cbe69c98e327e9bef453175c3b5e8266e2089d896dd257805deec40f9dbb1a4ef13d1a995a71f3aca114cd2b549953d1fa9e7971509219936c6cd503876bdbc282a0d19e9b88c7c18b32c836978a2bc3a3a716b0674628c5fa03f47e8e4a290ba5c34ead24b05ed72489c9bda1bc535db858fcc2e202883dfd8ae68588747f970f1", 0xd0}, {&(0x7f0000000a80)="1b5a534591ad01b5634734835d5d7d5ed58cbae6c7c12e8bc5841710dcf292d538791b82dfc8a11e1bee015bd780265c6d9b6d34cdf6a620163b09263f0c031e70ae11a5b63d467e7e753056d014ea4cdf79445491cb2bc6857057a471a31e1fdb53ba8c32b6e93d46b04100c63d71ba5882537e5757fe5fa40466df36ede966e29434e4ead56c6ea07595cab5465975a4472ea03404ca", 0x97}, {&(0x7f0000000b80)="f1a4a3c3574dc3cb109b4f4eb51861a2a446a216f583b3fd3c48a57d9fb43614e302b90faa5db22be451d08f19f9a44a38e77ff7bbbb9ffa72a77c5ac1d6513a91371436667e330795c519ffa545f73d24fef57987bb657766f8a5c7ce17b4bf22047f3fe53c2f8282de0ae0f4de2fa93456f7fdedf1815ee959f434848eb2d7fd6e4620771700ce09c87c9e83d5271acfe9fd46ce3ca1b4c9e9530e4762abaebc148f15ff070e05b17f74bff089b8fbad95", 0xb2}], 0x7}}, {{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000000c40)="c687e01cc97cb6c21dbe8af48c191740ea80653c4d09e2ffad39b25ef31a389b042ba5bebc5f0939d93376fa64789c3f94e086ab9ffb37681c4c3c", 0x3b}, {&(0x7f0000000d40)="3568db1ebda35aa129b11c4c75183a900fb3475dc267725a239be2d04ec521c32c18e9e7f5e42bb32b90", 0x2a}, {&(0x7f0000001480)="9673071a421989d8c555bdb5d3d3515520cc87a0f0a5f3f6474eef36c2a6266e453059f30f5246a9ad097ea59cb6caa5a5a37e91a887cbd953069c2349e60982889872a2b270ef6b22bb47210508639d53a89f21794dff58f0e5cc5d82bbddbc9ae61172aa87db1dfdd368787d0f21e2ba91ef1710f612e87ac2fdb6a62cb78bfddae818cf195e4214c2637527c4ca2eec15cbe49cbaa72567bfbfdb7def2d58d2ab01071ef4963c7846d79076bce137b5c17e5511aaa8b2523764d5817c5ab757e020d0edc896b608fce1df7271b53f24574e25a646ce08d07499", 0xdb}, {&(0x7f0000000e00)="c8fcec97b69b2a7dcc21b4e9c51a7798f2bab3dbc0ee5d63996d859930089510cf090f7b6a480066a943b0e9fead28190597719f7eb710f359b93386280f4cca239adb0d06c18aa97ee514be0d66df7467133c89d4050183", 0x58}, {&(0x7f0000001580)="2e001ad3d48669b5d47f1ed220cc42566bb38f0215d21fd677f63b5afb1c4b838d5633f4636d7484fa269d9815d277f6ed163b6fba9b8fe286609fa0548f9fa4654b204da92d09fad4d37e3e227c01d1dee9de40e8d013cf1d0a7afc5a473b5a8c9415e2c62a814bafa5beefc026fd3fed440d721812fb69774cbf659d6e947cd6f4fcb512a8368518078c14ebdd08045a207cfdf87a2d916affbbba70ecd0608276", 0xa2}, {&(0x7f0000000ec0)="b5956b43624978688b50af98b3c45db35c5ff97bfef161b15de8ea", 0x1b}, {&(0x7f0000001640)="383623e746cdf301d8ddc8d6bb8f7b30b5cfc32dfd29b4054c2c0c67ff10f238865b8ffffcea3bbe4bf07905582ebd912c9807cd5905436e9ca967223fb6e8be832cea804dcc99884c5e466c12fd519bfda3224c8b78009807b915b16e0a9644839bf06992de923955e3d3e1a041432a0745b98d400b9a17428b0c19c5e523d9e19629e1c03c79", 0x87}, {&(0x7f0000001700)="3da8220be7d6184ed3ad79657b0509fccf076e0133c4496a59ab41bfbdebecc56af6a2ae9a1e46637e29ead11e0cee1917e20c4bc7c94fd5ade17be9f64640ba6c67e54e710cd7f563c87530178227d458ca0110c7a9b48377077983ced519b20092c4f89dd5514aa1aa3627ff031f8ef20f6f7430b38a0c2f0afa821de6f7eed62ec1c21644196dd8a8c52304ab80901b0d1f64fdac0f861b0e1efaa1cde3e21563e1f065a93c", 0xa7}], 0x8}}, {{0x0, 0x0, 0x0}}], 0x4, 0x1)
write$binfmt_elf32(r2, 0x0, 0x46b)
sendmmsg$inet(r2, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}], 0x1}, 0x70040000}], 0x2, 0x40088c0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000940), 0x10540, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000001000000040000000000", @ANYRES32=0x0, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xf, &(0x7f0000000fc0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000037ee9500000000000000bf91000000000000b7020000000000008500000084000000b700000000000000950000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000002c0)='mm_page_alloc\x00', r5}, 0x18) (async)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
fcntl$dupfd(r6, 0x0, r6) (async)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x2855ff8a, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) (async)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00') (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 64)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) (async)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async, rerun: 64)
preadv(r7, &(0x7f0000000d80)=[{&(0x7f0000001200)=""/4112, 0x1010}, {&(0x7f0000001080)=""/194, 0xc2}], 0x2, 0x800, 0x0) (async, rerun: 64)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0xfffffffffffffffc, &(0x7f00000002c0), 0x13f}}, 0x20)

3m20.560929026s ago: executing program 3 (id=39):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f0000000dc0)=[{{&(0x7f0000000380)=@sco, 0x80, &(0x7f0000000400)=[{&(0x7f0000000580)=""/255, 0xff}, {&(0x7f0000000680)=""/147, 0x93}], 0x2}, 0x5}, {{&(0x7f00000004c0)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000740)=""/104, 0x68}, {&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/138, 0x8a}], 0x3, &(0x7f00000008c0)=""/153, 0x99}, 0x3}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000004340)=""/4096, 0x1000}, {&(0x7f0000000b80)=""/245, 0xf5}, {&(0x7f0000005340)=""/4096, 0x1000}, {&(0x7f0000000a00)=""/156, 0x9c}, {&(0x7f0000000980)=""/13, 0xd}], 0x5, &(0x7f0000000d00)=""/171, 0xab}, 0x9}], 0x3, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32], 0x50)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000006c0000006c00000003000000090000000000000902000000000000000000000300000000040000000300000000800100040000000000000800000000020000000000000802000000000000000000030000000004000000040000000a06fa00100000000000000b0200000004000000000000080200000000000000"], &(0x7f0000002340)=""/4096, 0x87, 0x1000, 0x0, 0x3, 0x10000}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000041ad008000000018110000", @ANYRES32=r2, @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x20000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x9, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffe3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
readahead(0xffffffffffffffff, 0x92e, 0x6b1)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r4}, 0x18)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYRES64=r4], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000020f2246707020000f8ffffffb7030000000000850000000100000095000000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=@getqdisc={0x24, 0x26, 0x705, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xfff1}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x4048800)
ptrace$setsig(0x4203, r6, 0x2fb, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r10 = getpid()
kcmp(r6, r10, 0x0, r4, r5)

3m19.656005718s ago: executing program 3 (id=50):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/packet\x00')
pread64(r1, &(0x7f0000002d80)=""/4143, 0x102f, 0x7fffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRESOCT=r0, @ANYRES8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r2}, &(0x7f0000000800), &(0x7f0000000840)=r3}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
rt_tgsigqueueinfo(0x0, 0x0, 0xc, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r4}, 0x10)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f00000004c0)="a5", 0x1, 0x40, &(0x7f0000000000)={0xa, 0x4e20, 0x8000, @private0, 0x2}, 0x1c)
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x0)

3m18.26871056s ago: executing program 3 (id=70):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x14, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$bpf(0x0, 0x0, 0x0, 0x40020, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0, 0x26, 0x0, 0x9}, 0x28)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r2, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1)
readv(r2, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/215, 0xd7}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0000000400", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000fdffffff00000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x569962ad4a0f961d, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_kthread_work_queue_work\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r6}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)

3m18.254657531s ago: executing program 32 (id=70):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x14, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$bpf(0x0, 0x0, 0x0, 0x40020, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0, 0x26, 0x0, 0x9}, 0x28)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r2, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1)
readv(r2, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/215, 0xd7}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0a0000000400", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000fdffffff00000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x569962ad4a0f961d, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_kthread_work_queue_work\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r6}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)

2m2.016970417s ago: executing program 2 (id=1254):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000200)={'fscrypt:', @desc3}, &(0x7f0000000340)={0x0, "560ebaafa30c3b16d9f032f4eb9720f0f377ca8225d7fe6287b9c3299eceae63cb57d4098ec125033b16a5d39cb75ac473f3ea8fa647d63eb1631511ee585981", 0x30}, 0x48, 0xfffffffffffffffc)
r3 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$unlink(0x9, r2, r3)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0xa)
connect$pppl2tp(r5, &(0x7f0000000240)=@pppol2tpv3in6={0x18, 0x1, {0x0, r6, 0x3, 0x3, 0x3, 0x4, {0xa, 0x4e24, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}}}, 0x3a)
syz_emit_ethernet(0x4e, &(0x7f0000000580)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b80423", 0x18, 0x0, 0x0, @empty, @local, {[@dstopts={0x0, 0x2, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x3, 0x9}}, @padn, @ra]}]}}}}}, 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1aca421, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

2m1.737939449s ago: executing program 2 (id=1257):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x20, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
setrlimit(0x9, &(0x7f0000000380))

2m1.678031464s ago: executing program 2 (id=1258):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x1, 0x34f}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x1, {0x2}})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m1.650438646s ago: executing program 2 (id=1259):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000680)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@nodelalloc}, {@user_xattr}, {@grpjquota, 0x2e}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c1, &(0x7f0000001940)="$eJzs3M9vFFUcAPDvTGkpP1uQqPxQVtHYiLa0oHLwoEYTLhoTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqBc1XvVuTIjhAnowa2Z3pt2l2+3ulnbF/XyS3b4382be+76Ztzs7r7sB9KxS9pREbI2IXyNiqJqtL1Cq/rlx7dLUX9cuTSVRLr/0Z1Ipd/3apamiaLHdljwzkkak7yWxt0G9sxcunp6cmZk+n+fH5s68MTZ74eKjp85Mnpw+OX124ujRI4fHn3h84rGW4ri8wvosrut73j63b/exVz58fqocr37/Wdberfn62jiqhluqt5lSlKKcW1w6UHl+cNV7/2/ZVpNONnSxIbSlLyKyw9VfGf9D0ReLB28onnt3IfNNlxoIrJnsvWnHkqV9+d904f0L+D9KjHHoUcU7fvb5t3is5/VHt119OnuersR/I3/8+EK1b9Lss+xw9RN7eZnt72ywbHAxWR5aof6tEXF8/u+Pskc0vA/RRNJySQCABV9l1z+PNLr+S+uubbbncyjDEXEwInZGxB0RsSvShTJ3RcTdbdZfuim/9Prn501t7rIt2fXfk/ncVvGoriniShZy2yrx9yevnZqZPpT3yUj0b8zy403q+PrZXz5Ybl2p5vove2T1F9eCeTv+2LCxfpsTk3OTqwi5ztV3IvZsaBR/sjATkPXA7ojY08H+sz479fCn+7L09i1L168cfxO3YJ6p/EnEQ9XjPx83xV9IqjUtNz85Nhgz04fGirNiqR9+uvJibb6/Jl0X/2BrMQ12GmwD2fHf3PD8z+MvhkExXzvbfh1Xfnt/2c80S49/Esfna0vk5/+mxW7Lzv+B5OVKeiBf9tbk3Nz58YiBfEHd8onFvRX5onwW/8iBxuN/Z8Q/H+fb7Y2I7CS+JyLujYj9edvvi4j7I+JAk/i/e+aB15v3UIfn/y2QxX+i2fGPGE5q5+s7SPSd/vbL5epv7fXvSCU1ki9p5fWv1Qaupu8AAADgdpFW5qCTdLRI19yc2hWb05lzs3MHS/Hm2RPVuerh6E+LO11DNfdDx/N7w0V+4qb84YjYUflPo02V/OjUuZlt3QwcqHxXp278R5qOjlbX/d7X7dYBa66tebTafzr7/Itb3xhgXfm+JvQu4x96l/EPvcv4h97VaPxfjrjRhaYA68z7P/Qu4x96l/EPvcv4h5609Cvxxc+tdPJN/8XEzmOr2nzNE+WhNdnzfPtb9a1RpFH7ox3LJpKI6KyKSJuXGWih9q4l0hXLPLVSt/Sv6jcxssT+PLExIlrd6vK69WrxCpH4lUkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC29m8AAAD//2cg5YI=")
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048801}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000840)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="3500000008000000e0a190b60a28475b75a18ca9cf146e187617e529ae269b7ff539085bcfd1bb8a5ede52151466b73e0404c5448e2124fe84ce698ff1c64f06736c97bf984006023482eeb17ff98309fabd7fae32c7dd2ee6f51c729b6e5a1b7a8a8d5c8e211fb47f7826fe90956ab6d2387144b2895aa20958f15b9b41c189", @ANYRESDEC=0x0, @ANYBLOB="2dea013195361f4589c5df5fa5b7f0cff3bdeccb2dacee2521bd2320e1f5399596289331cb3664f4651b11cb654b27ed61", @ANYRES32, @ANYBLOB="00b4e68466fa10cd4db1894f9368aa19337702e4c25a612805928026ceb730a08598bf099bb88fb5edfed894a7e10e3c65f8276ec7491dca48407feb053c7e0b8ec7bc6b1b8a6d0b50bfaa45c1ca1095168d3ddb4e3e9659b21af7053a5ed3dda495ee7969839d40f366f1547a6304cad9d16214b33eb2bf5b887c3fd2149511f6f0bd20b8afe56e320dcff8cc86e0a9eb39ee660a7f", @ANYRES64=0x0], 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x1c, 0x8, &(0x7f00000009c0)=ANY=[@ANYRESOCT], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000001680)=ANY=[@ANYBLOB="30270000a7972d3c324bef099ff06ce34569b7a7174f204ba351b42f738d87505357f0e1879e5ba0dc8c7f6f2ef0b433a7603e2d31e15a8dabae7e42cd9dde71048314677059f7b6e023eb2bd922bb3c59d9c36353bee54918ea8966e42c40a6a0aeaa55a74c5eec90a877f7c56d50b043ee7666081178cbc3a4c1fc00850332fd79", @ANYRES16=0x0, @ANYBLOB="200026bd7000ffdbdf258100000008000300", @ANYRES32=r3, @ANYBLOB="040067000a000600080211000000000006006600150000000400670004006700f2063300f80b0000080211000000ffffffffffff08021100000014080802110000007a025a82ce239ed5869c44be95090abf47448ba84df76bededf379ef7640159681f65723db6a4fb72622cfeca31f9bfcb7f95a93da2092b03a932607442278cd928b2a35aef4b5b83b6cc90a64028c33b8e89714c88c4a886dff7c30e4dcbf8f5d555abba8fc1e5f4955d725274ac611393ab8b18b59720756746ca1eb2dcee8a5b7eda6e3857bd460d8cfc85ddc5ac5bf1629a913064d44e01d574a60c78ca82bd6a2ac83ece283bf4ce818234227c4d530b7044a20e7d2b3d8d6e3950f440ccb92757e2d4bd60d65cfd80e6b63055986a7ac34fa438fd6d22d78633e961f94509cbda5682fed70a15ff1e1efbfcd9d4b6410af9f69fe9439e7822c8d8778f5de03747435b4a73b639666de601c5ab32e227f18725c1ba287a56d385b45cd3c5464eab871306070b40ee788948e38d825efb4180c5b8c9742b9925358c191b20aae6bb03fba340fcc3e023c9a0a75881b76073b13e319a15039e7cdbe86fdc5dc9ad3cf0a657f4bfac205f8b66d6f157549fa93003ad420183ea626ac55775180818c43e5da9be0fb3b13af0d6a3b513fdd6c73d1ba0e0683e0a847261291cd72b1b4b8468f90fbce4ee6997a749e2f02873e1f2f812b2d9d06dfc1a6e5b2b6e4233761370522fce8a8d89889b557b6b216b325bb13cedc481d092d6723b7953387f4a94b5a8d3c59155ae8862079283820a825d83969961a8a9ab058ed85e44c22f642d02a47df956cba6e4d33e2004347522581513c908a6933745d40abcde3544f5fa5bfeb512d222c4ceb5e3303c3abf55b31e85d803a4597caf71dd5d7857a23cea9acdfb00bac45549bedeb3a54e6ac2c7481875fd04ce7f857389667e676f9d55fb2b9a03e94f77dd7c846440a684320c675526d3f74b27b39cb03f10ccc6cd6fd50f1fa42e82a4a4547512f4ada146663778ad673224258d18537cedc69131a6787734a724deb0c4ab3464ab60ac57c449018fefb4b7ecb753904fb845c43e71b4de07482742b060c6df6ebf19dd4c2bba90c7970544ac3c6589dfc6e9fbd96ab37e72fb417e66709c1e977ab5d3108af989e6e5ab15fbaaf13c9a5ffdacc2b12bbbd29e302a2bef280b25a1403274162b8fcfab86b4f507e9240ae93b9c57f71585ea15f63789ed86399317590894aa23495be7fa6856be30af384a081515d8b1e58fedf2c26878ac4ba213b962ac238a74019978ed9d2dc13e3ca3dc95be2e11bbceaf6362b4714b2ecc48a658f6b327a544045accd53c3a4059aa9f420b45126e6067c26fc460a72a329e1c1e478318ae734b4d53c820cd7f95bddb58b542198875715755edd62470e5345e4a427fe8129c4835a1aa992477922e48ad9cfe2c4dc13c100443538e54f79457ff04322f06ef9b3299ad75c84be766c7de0b99d568908b48403582d01aadddada138f51ba3d6b105d5f0c799b8f5b286015789840946dbc404ad92f4d42cb2d3efafbac3de95a2fc2c449a4a537977d4b655e4685b4e4a39003d905d548f3c546df81933f35a7bf6990e0c290f8cdb86a39d4a43070efd3d98e0b8b5d332ba448a62997f5b573897add7f750fa8074332d8faed7f87d58552fd2605bf1427118feedd331dab465429ab8888bf80d019d9c5342b1ecb826272f9b9b2f6a8c9469e4f519caea7204c14f0f464e04929a304908d24113af3e0f929d870f7114e428ae2ffd5a8f757a3fc6eb616f8aef5c93eba03d9b72267597bd7f272d98c838a27ab9f4534321b87747c7d003cd65b45b155ed9313ebb0e1dd73e01faeb3085181e44431272dfc2bf6dcd5dd65d08746eef57b16c504b0b8fb69a9c0bfe54666eedc5a09b03f8fb93b0cc0123349c728702516498cb26bce5bc8d1b69a912934510e200753fe2539ed53c931a3d1b79282dd8ab87a6feabea5d09aa2ab07a32bea72e96c429ecba033943d1f540332067173b9e4541e98762c39cf002869bc0b6a733bb2e97a3f40d5a27bb8466ea7e0d70f603592be0ba9cdc784eb22f1f560a2246869c0dc4a29e7dddcc4a57a494a97fbdb70f5ad874d739c7ab81f0185bfcec7c835652ad281b9cb06eb53c14f179d6cc31b9193ed8ecf44836802bc385b58aaec7e2ef7671326cf9a9778733577abdbfcc62b3bae4284ba87f0a365b71c2a2a86787a479f861e5f7fb7190990bedcd606dcb87e43718ad43f1cecb8156beb15f3fc4089880ad3a5fcf139e2cad03fbdbf1ee5c4018ffd7044a561ad8e4618b34807b7866595693324557510fea7150bab77905bb2aa3d4581cbdc80ac91a6112f45f6e67f471eb249363207300340620a2a01b05a0beb0cc48b62203070016d20f6cdae4e5a3b75dd7537bfe70870c9b9c167ce1dcf44aea850013933eec058a29f6b397d743aad8914e4efaa5f9a76c898d9afb024b7f3693af7d01f92f1c092d0256836012af21189602645b798c8b448bc3aaf247ee0d1c5007b"], 0x730}, 0x1, 0x0, 0x0, 0x40001}, 0x810)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0)
pwritev(r4, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x6, &(0x7f00000008c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xd2, &(0x7f0000000ac0)=""/210, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x6}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0005}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x8, &(0x7f0000000300)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x40000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
socket(0x10, 0x3, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r7}, 0x18)

2m1.35465692s ago: executing program 2 (id=1263):
r0 = open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x10001}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0xa2980, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2, 0x0, 0x1}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fgetxattr(r0, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
ioctl$PIO_UNIMAPCLR(r5, 0x4b68, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9a4850000000400000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0x1000000000000}, 0x18)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
close(r9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1, 0x0, 0x0, 0x8040}], 0x1, 0x0)
sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0, 0x300}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000180)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000b0000000000000000000000000000000000000003f0b571be4b285837898cc65dba", @ANYRES32=0x0], 0x30}], 0x1, 0x0)

2m1.199583452s ago: executing program 2 (id=1267):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_ADD_RULE(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x420}, 0x1, 0x0, 0x0, 0x404c850}, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = dup(r3)
fsetxattr$security_selinux(r4, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r6, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r6, 0x6612)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB], 0x0, 0x4, 0x1000, &(0x7f0000000300)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
setsockopt$sock_attach_bpf(r5, 0x29, 0x17, &(0x7f0000000100)=r7, 0x120)
sendmsg$kcm(r5, &(0x7f0000000200)={&(0x7f0000002880)=@in6={0xa, 0x4e20, 0x0, @mcast2}, 0x80, 0x0}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@empty, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e20, 0x26e, 0x4e21, 0xfff9, 0x2, 0x0, 0x80, 0x3a}, {0x2, 0x4, 0x4, 0x0, 0x8000000000000001, 0x342646d9, 0x0, 0x8}, {0x4, 0x8, 0xfff, 0xfffffffffffffffb}, 0x7ff, 0x6e6bb4, 0x2, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x4d5}, 0xa, @in=@local, 0x3501, 0x2, 0x2, 0x6, 0xfffffff9, 0x7fffffff, 0xfffffffd}}, 0xe8)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x0)

2m1.198902722s ago: executing program 33 (id=1267):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_ADD_RULE(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x420}, 0x1, 0x0, 0x0, 0x404c850}, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = dup(r3)
fsetxattr$security_selinux(r4, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r6, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r6, 0x6612)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB], 0x0, 0x4, 0x1000, &(0x7f0000000300)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
setsockopt$sock_attach_bpf(r5, 0x29, 0x17, &(0x7f0000000100)=r7, 0x120)
sendmsg$kcm(r5, &(0x7f0000000200)={&(0x7f0000002880)=@in6={0xa, 0x4e20, 0x0, @mcast2}, 0x80, 0x0}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@empty, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e20, 0x26e, 0x4e21, 0xfff9, 0x2, 0x0, 0x80, 0x3a}, {0x2, 0x4, 0x4, 0x0, 0x8000000000000001, 0x342646d9, 0x0, 0x8}, {0x4, 0x8, 0xfff, 0xfffffffffffffffb}, 0x7ff, 0x6e6bb4, 0x2, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x4d5}, 0xa, @in=@local, 0x3501, 0x2, 0x2, 0x6, 0xfffffff9, 0x7fffffff, 0xfffffffd}}, 0xe8)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x0)

3.677794165s ago: executing program 1 (id=3161):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r0, 0x0, 0x80000}, 0x18)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x6580, 0x0)

3.615750469s ago: executing program 1 (id=3162):
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x2}}, 0x10, 0x0}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r5, 0x0, 0x5}, 0x18)

2.799634945s ago: executing program 1 (id=3171):
prctl$PR_SET_NAME(0xf, &(0x7f0000000700)=',&#^%\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000e40)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000)

2.73598677s ago: executing program 1 (id=3172):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
creat(&(0x7f00000002c0)='./file0\x00', 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
syz_usb_connect$uac1(0x4, 0x92, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x80, 0x3, 0x1, 0x8, 0x20, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xaa}, [@extension_unit={0xd, 0x24, 0x8, 0x5, 0x3, 0x4, "67c05dd06dce"}, @selector_unit={0x5, 0x24, 0x5, 0x3, 0xe}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x4, 0xb, 0x1001}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xa, 0xb, 0x0, {0x7, 0x25, 0x1, 0x0, 0xc, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x2, 0x0, 0xff}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x6, 0x8, 0x0, {0x7, 0x25, 0x1, 0x1, 0x5, 0x5}}}}}}}]}}, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x9}, 0x1c)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)

2.407968427s ago: executing program 4 (id=3173):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x2}}, 0x10, 0x0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0, r3, 0x0, 0x5}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

2.24248935s ago: executing program 1 (id=3177):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x1d, 0x2, 0x6)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r5, 0x29, 0xcf, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r6=>0x0})
bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r6, 0x8000000000000003}, 0x18)
r7 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r4, &(0x7f0000000080))
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20000020}, 0x4000011)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r8, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)

1.979979931s ago: executing program 6 (id=3181):
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000005c00000000de181100005bf41e", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x90ef}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)

1.893626398s ago: executing program 6 (id=3183):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2040}, 0xc, &(0x7f0000000180)={&(0x7f0000001b00)={0x24, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_ID={0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004005}, 0x2000c800)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x5c, r4, 0x917, 0x1000, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @loopback={0xffff0000}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44}, 0x0)

1.759910759s ago: executing program 1 (id=3184):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000400000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x3b, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x23)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sock_rcvqueue_full\x00', r2, 0x0, 0x80}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc1ffb}]})
ustat(0xd, &(0x7f0000000680))
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48c8}, 0x20004804)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x8000001c)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
r5 = io_uring_setup(0x4e4d, &(0x7f0000000080)={0x0, 0x5275, 0x80, 0x9, 0x200000})
pause()
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000400))
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)

1.693061044s ago: executing program 5 (id=3155):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRES64, @ANYRES16], 0x5, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
sendfile(r0, r0, 0x0, 0x800000009)

1.636825979s ago: executing program 5 (id=3186):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='kfree\x00', r2, 0x0, 0x95ac}, 0x18)
socket(0x40000000015, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7ffc}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)={0x14, 0x15, 0xa, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)

1.577550683s ago: executing program 5 (id=3187):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x11, 0x1afd)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f00000001c0)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32], 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0xc2, 0x1)
pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x42)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='H\b'], 0x3}}, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r3, &(0x7f00000003c0)='@', 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)

1.547965056s ago: executing program 4 (id=3189):
prctl$PR_SET_NAME(0xf, &(0x7f0000000700)=',&#^%\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000e40)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000)

1.48785346s ago: executing program 4 (id=3191):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[], 0x0, 0x9, 0x0, 0x0, 0x0, 0xa}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0x9}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}]}}}]}, 0x54}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001d000100000000325979870007000000", @ANYRES32=r3, @ANYBLOB="00000a050a000200bbbbbbbbbbbb00000600050005000000"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
socket(0x10, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8808}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xfffffffffffffe96, 0x1, {0x40, 0x6}}]}]}}}, @IFLA_MASTER={0x8}, @IFLA_LINK={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x1}]}, 0x64}, 0x1, 0xba01, 0x0, 0x20004401}, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0xfffffffffffffffe, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a0b72174}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r7, 0x0, 0x1}, 0x18)
r8 = socket$inet6(0x10, 0x2, 0x0)
write(r8, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0xfc)

1.473491402s ago: executing program 4 (id=3193):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd28, 0x6000000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x5c, 0x2, [@TCA_FW_ACT={0x58, 0x4, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xfffffc00, 0x8, 0x10000000, 0x200000b, 0xff}, @broadcast, @local, 0xff, 0x7ffffffe}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x11, 0x8}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x4000800)

1.414716386s ago: executing program 4 (id=3194):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1aca421, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

1.283371907s ago: executing program 0 (id=3196):
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
prctl$PR_SET_NAME(0xf, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0)
modify_ldt$read(0x0, 0x0, 0x0)

1.087337583s ago: executing program 0 (id=3197):
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000005c00000000de181100005bf41e", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x90ef}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)

1.087147593s ago: executing program 6 (id=3198):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRES64, @ANYRES16], 0x5, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
sendfile(r0, r0, 0x0, 0x800000009)

988.49928ms ago: executing program 6 (id=3199):
socket(0x3, 0x5, 0x7f)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x5}, 0x18)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r5, &(0x7f0000001840)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0x1a, 0x67, 0x0, 0xb, 0x6c, 0x0, @rand_addr=0x64010120, @broadcast}, "3297e3ba0fa8"}}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000e80)=@newtaction={0x8c, 0x30, 0x1, 0x2000000, 0x25dfdbfe, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x6}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8810}, 0xc0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="020000000400000007000000020000000010"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
r10 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r10, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
sendmmsg$inet6(r10, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000)
munlock(&(0x7f0000fed000/0x11000)=nil, 0x11000)
setsockopt$PNPIPE_INITSTATE(r0, 0x113, 0x4, &(0x7f00000002c0)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000080)="7800000018002507b9409b14ffff0b7a0204be04020714056406200c5c0009003f0006180a0000000d0085a168d0bf46d32345653610648d270005000a06024e49935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000400160008030a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=@getneigh={0x14, 0x1e, 0x100, 0x70bd2b, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004085}, 0x0)

923.285136ms ago: executing program 0 (id=3200):
socket$packet(0x11, 0x3, 0x300) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20) (async)
signalfd(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @random, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x23}, {[@cipso={0x86, 0x6}]}}, {{0x4, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}}}}}}, 0x0) (async, rerun: 32)
r2 = socket$nl_route(0x10, 0x3, 0x0)
fstat(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}) (async)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = dup(0xffffffffffffffff) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @random="caac808b3db3", @multicast2, @link_local, @empty}}}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r5, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f00000007c0)={0x1d0, 0x0, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0x5}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x6}, {0xc, 0x90, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xfffffffffffffff9}, {0xc, 0x90, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0xc356}, {0xc, 0x90, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x6}, {0xc, 0x90, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x40}, {0xc, 0x90, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0x3}}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x40000}, 0x800) (async, rerun: 64)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f0000000200)='(-.{\'\x00', 0x0, r4) (rerun: 64)
socket$nl_generic(0x11, 0x3, 0x10) (async)
socket$key(0xf, 0x3, 0x2) (async)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r7, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) (async)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in=@private=0xa010102, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7, 0x7}, {0x40000, 0x0, 0xae8}, 0x4, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)
r9 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR(r9, 0x114, 0x2, 0x0, 0x0) (async)
setgid(r3) (async)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c01000013000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x000\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a00", @ANYRES32=0x0, @ANYBLOB="e8001a"], 0x15c}}, 0x4c0a0)

908.898467ms ago: executing program 4 (id=3201):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x2}}, 0x10, 0x0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0, r3, 0x0, 0x5}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)

832.039943ms ago: executing program 0 (id=3203):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x100002, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x25, &(0x7f0000000080))

799.026646ms ago: executing program 0 (id=3205):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[], 0x0, 0x9, 0x0, 0x0, 0x0, 0xa}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0x9}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}]}}}]}, 0x54}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001d000100000000325979870007000000", @ANYRES32=r3, @ANYBLOB="00000a050a000200bbbbbbbbbbbb00000600050005000000"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
socket(0x10, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_rdma(0x10, 0x3, 0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8808}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xfffffffffffffe96, 0x1, {0x40, 0x6}}]}]}}}, @IFLA_MASTER={0x8}, @IFLA_LINK={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x1}]}, 0x64}, 0x1, 0xba01, 0x0, 0x20004401}, 0x0)
unshare(0x64000600)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r6, 0x0, 0x1}, 0x18)
r7 = socket$inet6(0x10, 0x2, 0x0)
write(r7, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0xfc)

739.282981ms ago: executing program 6 (id=3206):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000001d00)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}, @ETHTOOL_A_BITSET_MASK={0x4}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

714.894763ms ago: executing program 5 (id=3207):
r0 = syz_open_dev$usbfs(0x0, 0x74, 0x101301)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)

691.371485ms ago: executing program 0 (id=3208):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
r2 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r2, 0x0, 0xa00, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000300)={0x28, 0x0, 0xffffffff, @local}, 0x10, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
r5 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000080)='vlan0\x00', 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$inet(r5, &(0x7f0000000c40)=[{{&(0x7f0000000200)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000140)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}], 0x1, 0xc8804)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)

641.540969ms ago: executing program 5 (id=3209):
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x2}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0)
modify_ldt$read(0x0, 0x0, 0x0)

640.918449ms ago: executing program 6 (id=3210):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000008000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
faccessat2(r2, &(0x7f0000000040)='\x00', 0x1, 0x1300)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
ptrace$ARCH_MAP_VDSO_64(0x1e, r3, 0x4, 0x2003)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = socket(0x11, 0x80a, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r1}, 0x8)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b0000000000000000000000ff7f000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000042f04367694e5429bf157b36ffe5b612cafddd25be5381413782f0f5df46bd5e89633856a0997d38aea02273b9c594a249f1125e319c192d5ee40736ce0a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000feffffff00000000000000001811a6030000002d9510fa109c95faa87725852ec15c7d8c97caae09da2e00"/60, @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d)
r9 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = fsmount(r9, 0x0, 0x6)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', r10, &(0x7f0000000080)='./file0\x00')
readlinkat(r10, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000780)=""/198, 0xc6)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r11}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)

0s ago: executing program 5 (id=3211):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='kfree\x00', r2, 0x0, 0x95ac}, 0x18)
socket(0x40000000015, 0x5, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7ffc}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)={0x14, 0x15, 0xa, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)

kernel console output (not intermixed with test programs):

BDEVFS_URB_ZERO_PACKET.
[  204.500188][T11349] vhci_hcd: invalid port number 253
[  204.505518][T11349] vhci_hcd: invalid port number 253
[  204.559269][T11361] syz_tun: entered promiscuous mode
[  204.573812][T11361] syz_tun: left promiscuous mode
[  204.718203][T11367] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2653'.
[  204.730618][T11367] loop6: detected capacity change from 0 to 512
[  204.738030][T11367] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  204.749447][T11367] EXT4-fs error (device loop6): ext4_orphan_get:1419: comm syz.6.2653: bad orphan inode 16
[  204.759804][T11367] ext4_test_bit(bit=15, block=4) = 0
[  204.765546][T11367] EXT4-fs (loop6): 1 orphan inode deleted
[  204.771930][T11367] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.796497][ T7278] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.819656][ T1038] kernel write not supported for file /709/net/sockstat6 (pid: 1038 comm: kworker/0:2)
[  204.832113][T11370] pimreg: entered allmulticast mode
[  205.140497][T11379] loop6: detected capacity change from 0 to 128
[  205.320475][T11390] veth1_to_bond: entered allmulticast mode
[  205.326960][T11390] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2662'.
[  205.341525][T11390] veth1_to_bond (unregistering): left allmulticast mode
[  206.386656][T11418] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2672'.
[  206.479500][T11416] loop6: detected capacity change from 0 to 128
[  206.728074][T11435] loop6: detected capacity change from 0 to 128
[  206.737739][T11435] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  206.750362][T11435] ext4 filesystem being mounted at /293/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  206.780119][ T7278] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  206.851756][T11447] loop6: detected capacity change from 0 to 128
[  206.860581][T11447] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  206.873738][T11447] ext4 filesystem being mounted at /297/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  206.912233][T11450] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2683'.
[  206.927039][T11450] loop5: detected capacity change from 0 to 512
[  206.935019][T11450] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  206.936350][ T7278] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  206.948443][T11450] EXT4-fs error (device loop5): ext4_orphan_get:1419: comm syz.5.2683: bad orphan inode 16
[  206.965121][T11450] ext4_test_bit(bit=15, block=4) = 0
[  206.970657][T11450] EXT4-fs (loop5): 1 orphan inode deleted
[  206.977335][T11450] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.986108][T11453] loop6: detected capacity change from 0 to 1024
[  206.997299][T11453] EXT4-fs: Ignoring removed bh option
[  207.002761][T11453] EXT4-fs: inline encryption not supported
[  207.009515][T11453] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  207.021275][T11453] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  207.030577][ T3694] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.030809][T11453] EXT4-fs error (device loop6): ext4_map_blocks:780: inode #3: block 2: comm syz.6.2684: lblock 2 mapped to illegal pblock 2 (length 1)
[  207.054030][T11453] EXT4-fs error (device loop6): ext4_map_blocks:780: inode #3: block 48: comm syz.6.2684: lblock 0 mapped to illegal pblock 48 (length 1)
[  207.068521][T11453] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.2684: Failed to acquire dquot type 0
[  207.080210][T11453] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  207.089925][T11453] EXT4-fs error (device loop6): ext4_evict_inode:254: inode #11: comm syz.6.2684: mark_inode_dirty error
[  207.102104][T11453] EXT4-fs warning (device loop6): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  207.112538][T11453] EXT4-fs (loop6): 1 orphan inode deleted
[  207.119728][T11453] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.132544][ T7026] EXT4-fs error (device loop6): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:13: lblock 1 mapped to illegal pblock 1 (length 1)
[  207.151374][ T7026] __quota_error: 546 callbacks suppressed
[  207.151396][ T7026] Quota error (device loop6): remove_tree: Can't read quota data block 1
[  207.165624][ T7026] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u8:13: Failed to release dquot type 0
[  207.178352][T11453] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  207.200656][ T7278] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.210265][   T29] audit: type=1326 audit(1754914267.615:16337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  207.233580][   T29] audit: type=1326 audit(1754914267.615:16338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  207.256693][   T29] audit: type=1326 audit(1754914267.615:16339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  207.279950][   T29] audit: type=1326 audit(1754914267.615:16340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  207.280500][T11456] loop5: detected capacity change from 0 to 128
[  207.303288][   T29] audit: type=1326 audit(1754914267.665:16341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  207.332689][   T29] audit: type=1326 audit(1754914267.665:16342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  207.355952][   T29] audit: type=1326 audit(1754914267.685:16343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  207.379114][   T29] audit: type=1326 audit(1754914267.685:16344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f319ee0e9e3 code=0x7ffc0000
[  207.402147][   T29] audit: type=1326 audit(1754914267.685:16345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f319ee0d45f code=0x7ffc0000
[  207.608224][T11480] loop1: detected capacity change from 0 to 128
[  207.618719][T11480] ext4 filesystem being mounted at /493/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  207.629448][T11482] loop5: detected capacity change from 0 to 1024
[  207.636549][T11482] EXT4-fs: quotafile must be on filesystem root
[  207.714624][T11489] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2697'.
[  207.854787][T11502] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2702'.
[  207.863880][T11502] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2702'.
[  207.892426][T11502] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2702'.
[  207.910525][T11502] FAULT_INJECTION: forcing a failure.
[  207.910525][T11502] name failslab, interval 1, probability 0, space 0, times 0
[  207.923317][T11502] CPU: 1 UID: 0 PID: 11502 Comm: syz.4.2702 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  207.923354][T11502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  207.923370][T11502] Call Trace:
[  207.923378][T11502]  <TASK>
[  207.923409][T11502]  __dump_stack+0x1d/0x30
[  207.923437][T11502]  dump_stack_lvl+0xe8/0x140
[  207.923457][T11502]  dump_stack+0x15/0x1b
[  207.923473][T11502]  should_fail_ex+0x265/0x280
[  207.923504][T11502]  ? tcf_connmark_init+0x163/0x4d0
[  207.923581][T11502]  should_failslab+0x8c/0xb0
[  207.923603][T11502]  __kmalloc_cache_noprof+0x4c/0x320
[  207.923633][T11502]  tcf_connmark_init+0x163/0x4d0
[  207.923683][T11502]  tcf_action_init_1+0x367/0x4a0
[  207.923739][T11502]  tcf_action_init+0x267/0x6d0
[  207.923815][T11502]  tc_ctl_action+0x291/0x830
[  207.923938][T11502]  ? __pfx_tc_ctl_action+0x10/0x10
[  207.924041][T11502]  rtnetlink_rcv_msg+0x657/0x6d0
[  207.924086][T11502]  netlink_rcv_skb+0x120/0x220
[  207.924168][T11502]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  207.924214][T11502]  rtnetlink_rcv+0x1c/0x30
[  207.924247][T11502]  netlink_unicast+0x5a8/0x680
[  207.924304][T11502]  netlink_sendmsg+0x58b/0x6b0
[  207.924340][T11502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.924453][T11502]  __sock_sendmsg+0x142/0x180
[  207.924494][T11502]  ____sys_sendmsg+0x31e/0x4e0
[  207.924530][T11502]  ___sys_sendmsg+0x17b/0x1d0
[  207.924589][T11502]  __x64_sys_sendmsg+0xd4/0x160
[  207.924725][T11502]  x64_sys_call+0x191e/0x2ff0
[  207.924755][T11502]  do_syscall_64+0xd2/0x200
[  207.924788][T11502]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  207.924844][T11502]  ? clear_bhb_loop+0x40/0x90
[  207.924867][T11502]  ? clear_bhb_loop+0x40/0x90
[  207.924889][T11502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.924915][T11502] RIP: 0033:0x7f2ec874e9a9
[  207.924935][T11502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.924972][T11502] RSP: 002b:00007f2ec6db7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  207.924996][T11502] RAX: ffffffffffffffda RBX: 00007f2ec8975fa0 RCX: 00007f2ec874e9a9
[  207.925010][T11502] RDX: 0000000000000000 RSI: 0000200000007940 RDI: 0000000000000003
[  207.925026][T11502] RBP: 00007f2ec6db7090 R08: 0000000000000000 R09: 0000000000000000
[  207.925042][T11502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  207.925077][T11502] R13: 0000000000000000 R14: 00007f2ec8975fa0 R15: 00007ffe75883b18
[  207.925102][T11502]  </TASK>
[  208.216913][T11500] loop5: detected capacity change from 0 to 128
[  208.242580][T11500] bio_check_eod: 15 callbacks suppressed
[  208.242596][T11500] +}[@: attempt to access beyond end of device
[  208.242596][T11500] loop5: rw=0, sector=121, nr_sectors = 120 limit=128
[  208.294005][ T7026] kworker/u8:13: attempt to access beyond end of device
[  208.294005][ T7026] loop5: rw=1, sector=241, nr_sectors = 800 limit=128
[  208.382882][T11521] Invalid ELF header magic: != ELF
[  208.449749][T11518] hub 6-0:1.0: USB hub found
[  208.454620][T11518] hub 6-0:1.0: 8 ports detected
[  208.549364][T11538] netlink: 20 bytes leftover after parsing attributes in process `+}[@'.
[  208.605788][T11546] FAULT_INJECTION: forcing a failure.
[  208.605788][T11546] name failslab, interval 1, probability 0, space 0, times 0
[  208.618512][T11546] CPU: 1 UID: 0 PID: 11546 Comm: syz.0.2719 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  208.618581][T11546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  208.618596][T11546] Call Trace:
[  208.618601][T11546]  <TASK>
[  208.618608][T11546]  __dump_stack+0x1d/0x30
[  208.618629][T11546]  dump_stack_lvl+0xe8/0x140
[  208.618741][T11546]  dump_stack+0x15/0x1b
[  208.618756][T11546]  should_fail_ex+0x265/0x280
[  208.618779][T11546]  should_failslab+0x8c/0xb0
[  208.618799][T11546]  kmem_cache_alloc_noprof+0x50/0x310
[  208.618875][T11546]  ? posix_lock_inode+0x162/0x2380
[  208.618932][T11546]  ? avc_has_perm+0xf7/0x180
[  208.619017][T11546]  posix_lock_inode+0x162/0x2380
[  208.619045][T11546]  ? file_has_perm+0x324/0x370
[  208.619074][T11546]  fcntl_setlk+0x61f/0x950
[  208.619195][T11546]  do_fcntl+0x5dd/0xdf0
[  208.619217][T11546]  ? selinux_file_fcntl+0x1cb/0x1e0
[  208.619278][T11546]  __se_sys_fcntl+0xb1/0x120
[  208.619299][T11546]  __x64_sys_fcntl+0x43/0x50
[  208.619320][T11546]  x64_sys_call+0x29a0/0x2ff0
[  208.619338][T11546]  do_syscall_64+0xd2/0x200
[  208.619401][T11546]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  208.619495][T11546]  ? clear_bhb_loop+0x40/0x90
[  208.619576][T11546]  ? clear_bhb_loop+0x40/0x90
[  208.619597][T11546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.619643][T11546] RIP: 0033:0x7f6a2c5fe9a9
[  208.619706][T11546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.619730][T11546] RSP: 002b:00007f6a2ac67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  208.619753][T11546] RAX: ffffffffffffffda RBX: 00007f6a2c825fa0 RCX: 00007f6a2c5fe9a9
[  208.619770][T11546] RDX: 0000200000000000 RSI: 0000000000000026 RDI: 0000000000000004
[  208.619786][T11546] RBP: 00007f6a2ac67090 R08: 0000000000000000 R09: 0000000000000000
[  208.619797][T11546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  208.619808][T11546] R13: 0000000000000000 R14: 00007f6a2c825fa0 R15: 00007ffe5ddf6448
[  208.619882][T11546]  </TASK>
[  209.176828][T11577] loop5: detected capacity change from 0 to 600
[  209.190749][T11577] ext4 filesystem being mounted at /509/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.230426][T11585] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2729'.
[  209.310750][T11591] loop5: detected capacity change from 0 to 128
[  209.319331][T11591] ext4 filesystem being mounted at /510/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  209.465842][T11599] loop1: detected capacity change from 0 to 1024
[  209.482091][T11599] netlink: 'syz.1.2733': attribute type 10 has an invalid length.
[  209.499139][T11599] ipvlan0: entered allmulticast mode
[  209.504503][T11599] veth0_vlan: entered allmulticast mode
[  209.510716][T11599] team0: Device ipvlan0 is VLAN challenged and team device has VLAN set up
[  209.532474][T11599] loop1: detected capacity change from 0 to 1024
[  209.539556][T11599] EXT4-fs: inline encryption not supported
[  209.545908][T11599] EXT4-fs: Ignoring removed nomblk_io_submit option
[  209.552827][T11599] EXT4-fs: Ignoring removed bh option
[  209.563577][T11606] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2736'.
[  209.585491][T11599] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  209.596660][T11599] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.2733: Allocating blocks 497-513 which overlap fs metadata
[  209.628651][T11596] EXT4-fs (loop1): pa ffff888106e65150: logic 16, phys. 145, len 23
[  209.636718][T11596] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1
[  209.815426][T11613] loop1: detected capacity change from 0 to 128
[  209.844039][T11613] +}[@: attempt to access beyond end of device
[  209.844039][T11613] loop1: rw=0, sector=121, nr_sectors = 120 limit=128
[  209.889863][ T7026] kworker/u8:13: attempt to access beyond end of device
[  209.889863][ T7026] loop1: rw=1, sector=241, nr_sectors = 800 limit=128
[  209.986452][T11624] loop4: detected capacity change from 0 to 128
[  209.994864][T11619] loop1: detected capacity change from 0 to 8192
[  210.004790][T11624] ext4 filesystem being mounted at /556/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  210.092375][   T23] hid-generic 0006:0098:0009.0003: collection stack underflow
[  210.100033][   T23] hid-generic 0006:0098:0009.0003: item 0 0 0 12 parsing failed
[  210.136022][   T23] hid-generic 0006:0098:0009.0003: probe with driver hid-generic failed with error -22
[  210.530643][T11632] loop5: detected capacity change from 0 to 128
[  210.544440][T11637] bond2: entered promiscuous mode
[  210.549695][T11637] bond2: entered allmulticast mode
[  210.575966][T11637] 8021q: adding VLAN 0 to HW filter on device bond2
[  210.590298][T11637] bond2 (unregistering): Released all slaves
[  210.613446][T11639] vlan0: entered promiscuous mode
[  210.618711][T11639] bridge0: entered promiscuous mode
[  210.861092][T11646] loop6: detected capacity change from 0 to 128
[  210.889418][T11646] +}[@: attempt to access beyond end of device
[  210.889418][T11646] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  210.932969][   T37] kworker/u8:2: attempt to access beyond end of device
[  210.932969][   T37] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  211.006053][T11654] loop1: detected capacity change from 0 to 128
[  211.015518][T11656] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2752'.
[  211.027270][T11654] ext4 filesystem being mounted at /501/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  211.130242][T11652] loop6: detected capacity change from 0 to 128
[  211.156771][T11652] +}[@: attempt to access beyond end of device
[  211.156771][T11652] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  211.201476][ T7030] kworker/u8:14: attempt to access beyond end of device
[  211.201476][ T7030] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  211.317241][T11670] loop4: detected capacity change from 0 to 128
[  211.506450][T11686] bond0: entered promiscuous mode
[  211.511686][T11686] bond0: entered allmulticast mode
[  211.529963][T11686] 9pnet_fd: Insufficient options for proto=fd
[  211.567077][T11682] loop4: detected capacity change from 0 to 128
[  211.585292][T11689] hub 6-0:1.0: USB hub found
[  211.590914][T11689] hub 6-0:1.0: 8 ports detected
[  211.594526][T11682] +}[@: attempt to access beyond end of device
[  211.594526][T11682] loop4: rw=0, sector=121, nr_sectors = 120 limit=128
[  211.637634][ T7030] kworker/u8:14: attempt to access beyond end of device
[  211.637634][ T7030] loop4: rw=1, sector=241, nr_sectors = 800 limit=128
[  211.690340][T11698] netlink: 'syz.4.2769': attribute type 3 has an invalid length.
[  211.698366][T11699] netlink: 'syz.4.2769': attribute type 3 has an invalid length.
[  211.865763][T11705] loop4: detected capacity change from 0 to 128
[  211.955235][T11713] loop1: detected capacity change from 0 to 512
[  211.963363][T11713] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  211.975417][T11713] EXT4-fs error (device loop1): ext4_orphan_get:1419: comm syz.1.2775: bad orphan inode 16
[  211.986234][T11713] ext4_test_bit(bit=15, block=4) = 0
[  211.991873][T11713] EXT4-fs (loop1): 1 orphan inode deleted
[  212.022267][T11717] loop1: detected capacity change from 0 to 1024
[  212.028940][T11717] EXT4-fs: Ignoring removed bh option
[  212.034560][T11717] EXT4-fs: inline encryption not supported
[  212.040899][T11717] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  212.051944][T11717] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  212.061335][T11717] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 2: comm syz.1.2776: lblock 2 mapped to illegal pblock 2 (length 1)
[  212.075467][T11717] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 48: comm syz.1.2776: lblock 0 mapped to illegal pblock 48 (length 1)
[  212.090346][T11717] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.2776: Failed to acquire dquot type 0
[  212.102118][T11717] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  212.111741][T11717] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.2776: mark_inode_dirty error
[  212.123243][T11717] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  212.133874][T11717] EXT4-fs (loop1): 1 orphan inode deleted
[  212.145873][ T7030] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:14: lblock 1 mapped to illegal pblock 1 (length 1)
[  212.160869][ T7030] __quota_error: 981 callbacks suppressed
[  212.160886][ T7030] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  212.175175][ T7030] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:14: Failed to release dquot type 0
[  212.187163][   T29] audit: type=1326 audit(1754914272.583:17325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.192800][T11717] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  212.210892][   T29] audit: type=1326 audit(1754914272.583:17326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.242681][   T29] audit: type=1326 audit(1754914272.583:17327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.266370][   T29] audit: type=1326 audit(1754914272.583:17328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.290105][   T29] audit: type=1326 audit(1754914272.583:17329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.313727][   T29] audit: type=1326 audit(1754914272.593:17330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.337563][   T29] audit: type=1326 audit(1754914272.593:17331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.361255][   T29] audit: type=1326 audit(1754914272.593:17332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.384986][   T29] audit: type=1326 audit(1754914272.593:17333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11719 comm="syz.6.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  212.463237][T11722] hub 6-0:1.0: USB hub found
[  212.468246][T11722] hub 6-0:1.0: 8 ports detected
[  212.631711][T11726] loop5: detected capacity change from 0 to 128
[  212.690391][T11741] loop5: detected capacity change from 0 to 512
[  212.698209][T11741] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  212.710247][T11741] EXT4-fs error (device loop5): ext4_orphan_get:1419: comm syz.5.2786: bad orphan inode 16
[  212.720631][T11741] ext4_test_bit(bit=15, block=4) = 0
[  212.725947][T11741] EXT4-fs (loop5): 1 orphan inode deleted
[  212.744113][T11746] loop1: detected capacity change from 0 to 128
[  212.754588][T11746] ext4 filesystem being mounted at /510/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  212.798962][T11755] loop4: detected capacity change from 0 to 128
[  212.807108][T11754] xt_CT: You must specify a L4 protocol and not use inversions on it
[  212.811436][T11755] FAT-fs (loop4): Directory bread(block 32) failed
[  212.829803][T11755] FAT-fs (loop4): Directory bread(block 33) failed
[  212.843038][T11755] FAT-fs (loop4): Directory bread(block 34) failed
[  212.849806][T11755] FAT-fs (loop4): Directory bread(block 35) failed
[  212.856490][T11755] FAT-fs (loop4): Directory bread(block 36) failed
[  212.866241][T11755] FAT-fs (loop4): Directory bread(block 37) failed
[  212.881002][T11755] FAT-fs (loop4): Directory bread(block 38) failed
[  212.887865][T11755] FAT-fs (loop4): Directory bread(block 39) failed
[  212.894917][T11755] FAT-fs (loop4): Directory bread(block 40) failed
[  212.902692][T11755] FAT-fs (loop4): Directory bread(block 41) failed
[  212.928573][T11760] hub 6-0:1.0: USB hub found
[  212.938788][T11760] hub 6-0:1.0: 8 ports detected
[  213.094302][T11761] lo speed is unknown, defaulting to 1000
[  213.162705][T11769] loop1: detected capacity change from 0 to 128
[  213.185337][T11761] lo speed is unknown, defaulting to 1000
[  213.244137][T11782] loop1: detected capacity change from 0 to 512
[  213.248348][T11761] chnl_net:caif_netlink_parms(): no params data found
[  213.252864][T11782] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  213.270140][T11782] EXT4-fs error (device loop1): ext4_orphan_get:1419: comm syz.1.2799: bad orphan inode 16
[  213.280605][T11782] ext4_test_bit(bit=15, block=4) = 0
[  213.286000][T11782] EXT4-fs (loop1): 1 orphan inode deleted
[  213.311996][T11761] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.319129][T11761] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.326516][T11761] bridge_slave_0: entered allmulticast mode
[  213.333463][T11790] loop1: detected capacity change from 0 to 2048
[  213.334110][T11761] bridge_slave_0: entered promiscuous mode
[  213.347145][T11761] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.354384][T11761] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.363115][T11761] bridge_slave_1: entered allmulticast mode
[  213.369884][T11761] bridge_slave_1: entered promiscuous mode
[  213.394633][T11794] loop6: detected capacity change from 0 to 1024
[  213.402015][T11794] EXT4-fs: quotafile must be on filesystem root
[  213.404530][T11761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  213.419063][T11761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  213.442078][T11761] team0: Port device team_slave_0 added
[  213.449191][T11761] team0: Port device team_slave_1 added
[  213.469263][T11761] batman_adv: batadv0: Adding interface: batadv_slave_0
[  213.476350][T11761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.502391][T11761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  213.514216][T11761] batman_adv: batadv0: Adding interface: batadv_slave_1
[  213.521350][T11761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.547468][T11761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  213.576383][T11761] hsr_slave_0: entered promiscuous mode
[  213.582443][T11761] hsr_slave_1: entered promiscuous mode
[  213.588289][T11761] debugfs: 'hsr0' already exists in 'hsr'
[  213.594083][T11761] Cannot create hsr debugfs directory
[  213.616681][T11801] loop6: detected capacity change from 0 to 128
[  213.627116][T11801] ext4 filesystem being mounted at /320/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  213.664632][T11805] netlink: 'syz.5.2804': attribute type 4 has an invalid length.
[  213.672581][T11805] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.2804'.
[  213.701529][T11761] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.742713][T11761] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.792846][T11761] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.841472][T11761] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.918164][T11761] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  213.928371][T11761] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  213.938106][T11761] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  213.950844][T11761] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  213.998236][T11761] 8021q: adding VLAN 0 to HW filter on device bond0
[  214.010056][T11761] 8021q: adding VLAN 0 to HW filter on device team0
[  214.028804][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.035915][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  214.044976][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.052111][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.228817][T11761] 8021q: adding VLAN 0 to HW filter on device batadv0
[  214.372736][T11761] veth0_vlan: entered promiscuous mode
[  214.383008][T11761] veth1_vlan: entered promiscuous mode
[  214.405656][T11761] veth0_macvtap: entered promiscuous mode
[  214.420851][T11761] veth1_macvtap: entered promiscuous mode
[  214.438044][T11761] batman_adv: batadv0: Interface activated: batadv_slave_0
[  214.453533][T11761] batman_adv: batadv0: Interface activated: batadv_slave_1
[  214.465632][T11761] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  214.474495][T11761] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  214.483339][T11761] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  214.492320][T11761] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  214.738652][T11837] loop1: detected capacity change from 0 to 128
[  214.783025][T11839] loop6: detected capacity change from 0 to 128
[  214.828100][T11848] loop5: detected capacity change from 0 to 512
[  214.836780][T11848] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  214.850089][T11848] EXT4-fs error (device loop5): ext4_orphan_get:1419: comm syz.5.2809: bad orphan inode 16
[  214.861997][T11848] ext4_test_bit(bit=15, block=4) = 0
[  214.867355][T11848] EXT4-fs (loop5): 1 orphan inode deleted
[  214.989866][T11857] loop5: detected capacity change from 0 to 512
[  214.997348][T11857] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  215.008765][T11857] EXT4-fs (loop5): 1 truncate cleaned up
[  215.088738][T11859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  215.097412][T11859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.171205][T11859] loop6: detected capacity change from 0 to 8192
[  215.317720][T11863] syzkaller1: entered promiscuous mode
[  215.323307][T11863] syzkaller1: entered allmulticast mode
[  215.659069][T11871] syzkaller0: entered promiscuous mode
[  215.664777][T11871] syzkaller0: entered allmulticast mode
[  215.674475][T11871] FAULT_INJECTION: forcing a failure.
[  215.674475][T11871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.687673][T11871] CPU: 1 UID: 0 PID: 11871 Comm: +}[@ Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  215.687710][T11871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  215.687723][T11871] Call Trace:
[  215.687728][T11871]  <TASK>
[  215.687792][T11871]  __dump_stack+0x1d/0x30
[  215.687814][T11871]  dump_stack_lvl+0xe8/0x140
[  215.687835][T11871]  dump_stack+0x15/0x1b
[  215.687857][T11871]  should_fail_ex+0x265/0x280
[  215.687885][T11871]  should_fail+0xb/0x20
[  215.687907][T11871]  should_fail_usercopy+0x1a/0x20
[  215.688032][T11871]  _copy_to_user+0x20/0xa0
[  215.688075][T11871]  simple_read_from_buffer+0xb5/0x130
[  215.688114][T11871]  proc_fail_nth_read+0x100/0x140
[  215.688208][T11871]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  215.688309][T11871]  vfs_read+0x19d/0x6f0
[  215.688341][T11871]  ? __rcu_read_unlock+0x4f/0x70
[  215.688370][T11871]  ? __fget_files+0x184/0x1c0
[  215.688393][T11871]  ? finish_task_switch+0xad/0x2b0
[  215.688503][T11871]  ksys_read+0xda/0x1a0
[  215.688544][T11871]  __x64_sys_read+0x40/0x50
[  215.688576][T11871]  x64_sys_call+0x27bc/0x2ff0
[  215.688604][T11871]  do_syscall_64+0xd2/0x200
[  215.688666][T11871]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  215.688697][T11871]  ? clear_bhb_loop+0x40/0x90
[  215.688718][T11871]  ? clear_bhb_loop+0x40/0x90
[  215.688739][T11871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.688864][T11871] RIP: 0033:0x7f042ba3d3bc
[  215.688890][T11871] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  215.688913][T11871] RSP: 002b:00007f042a09f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  215.688933][T11871] RAX: ffffffffffffffda RBX: 00007f042bc65fa0 RCX: 00007f042ba3d3bc
[  215.688945][T11871] RDX: 000000000000000f RSI: 00007f042a09f0a0 RDI: 0000000000000008
[  215.688957][T11871] RBP: 00007f042a09f090 R08: 0000000000000000 R09: 0000000000000000
[  215.688973][T11871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.689011][T11871] R13: 0000000000000000 R14: 00007f042bc65fa0 R15: 00007ffd8a73f128
[  215.689037][T11871]  </TASK>
[  216.229566][T11879] loop4: detected capacity change from 0 to 512
[  216.286033][T11879] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  216.386451][T11879] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.2822: bad orphan inode 16
[  216.480740][T11879] ext4_test_bit(bit=15, block=4) = 0
[  216.486351][T11879] EXT4-fs (loop4): 1 orphan inode deleted
[  216.795617][T11887] loop4: detected capacity change from 0 to 764
[  216.854867][T11887] Symlink component flag not implemented
[  216.879050][T11887] Symlink component flag not implemented (7)
[  216.931738][T11877] loop0: detected capacity change from 0 to 128
[  217.116048][T11892] syzkaller1: entered promiscuous mode
[  217.121733][T11892] syzkaller1: entered allmulticast mode
[  217.187740][   T29] kauditd_printk_skb: 611 callbacks suppressed
[  217.187755][   T29] audit: type=1400 audit(1754914277.600:17945): avc:  denied  { prog_load } for  pid=11889 comm="syz.0.2825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  217.217321][   T29] audit: type=1400 audit(1754914277.600:17946): avc:  denied  { bpf } for  pid=11889 comm="syz.0.2825" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  217.238174][   T29] audit: type=1400 audit(1754914277.600:17947): avc:  denied  { perfmon } for  pid=11889 comm="syz.0.2825" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  217.259379][   T29] audit: type=1400 audit(1754914277.600:17948): avc:  denied  { map_create } for  pid=11889 comm="syz.0.2825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  217.303556][   T29] audit: type=1400 audit(1754914277.720:17949): avc:  denied  { read write } for  pid=3311 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  217.328094][   T29] audit: type=1400 audit(1754914277.720:17950): avc:  denied  { open } for  pid=3311 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  217.352550][   T29] audit: type=1400 audit(1754914277.720:17951): avc:  denied  { ioctl } for  pid=3311 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=101 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  217.386314][   T29] audit: type=1400 audit(1754914277.800:17952): avc:  denied  { map_read map_write } for  pid=11897 comm="syz.5.2828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  217.406456][   T29] audit: type=1400 audit(1754914277.800:17953): avc:  denied  { prog_run } for  pid=11897 comm="syz.5.2828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  217.425704][   T29] audit: type=1326 audit(1754914277.800:17954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11897 comm="syz.5.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f319ee0e9a9 code=0x7ffc0000
[  217.680068][T11905] can0: slcan on ttyS3.
[  217.722067][T11905] can0 (unregistered): slcan off ttyS3.
[  217.809152][T11911] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2831'.
[  217.818643][T11911] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2831'.
[  217.970640][T11918] loop0: detected capacity change from 0 to 512
[  217.978213][T11918] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  217.990829][T11918] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.2834: bad orphan inode 16
[  218.001209][T11918] ext4_test_bit(bit=15, block=4) = 0
[  218.006729][T11918] EXT4-fs (loop0): 1 orphan inode deleted
[  218.146554][T11922] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  218.146554][T11922]    program syz.0.2835 not setting count and/or reply_len properly
[  218.295180][T11928] syzkaller1: entered promiscuous mode
[  218.300811][T11928] syzkaller1: entered allmulticast mode
[  218.709330][T11948] loop6: detected capacity change from 0 to 512
[  218.724291][T11951] loop1: detected capacity change from 0 to 128
[  218.742375][T11948] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  218.819861][T11948] EXT4-fs error (device loop6): ext4_orphan_get:1419: comm syz.6.2846: bad orphan inode 16
[  218.844182][T11952] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2845'.
[  218.868938][T11948] ext4_test_bit(bit=15, block=4) = 0
[  218.874378][T11948] EXT4-fs (loop6): 1 orphan inode deleted
[  218.883788][T11957] FAULT_INJECTION: forcing a failure.
[  218.883788][T11957] name failslab, interval 1, probability 0, space 0, times 0
[  218.896605][T11957] CPU: 0 UID: 0 PID: 11957 Comm: syz.5.2848 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  218.896637][T11957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  218.896650][T11957] Call Trace:
[  218.896657][T11957]  <TASK>
[  218.896667][T11957]  __dump_stack+0x1d/0x30
[  218.896694][T11957]  dump_stack_lvl+0xe8/0x140
[  218.896778][T11957]  dump_stack+0x15/0x1b
[  218.896801][T11957]  should_fail_ex+0x265/0x280
[  218.896876][T11957]  should_failslab+0x8c/0xb0
[  218.896905][T11957]  __kvmalloc_node_noprof+0x123/0x4e0
[  218.896934][T11957]  ? alloc_netdev_mqs+0xa1/0xab0
[  218.897000][T11957]  ? vsnprintf+0x829/0x890
[  218.897092][T11957]  alloc_netdev_mqs+0xa1/0xab0
[  218.897117][T11957]  ? __pfx_wg_setup+0x10/0x10
[  218.897152][T11957]  rtnl_create_link+0x239/0x710
[  218.897185][T11957]  rtnl_newlink_create+0x14c/0x620
[  218.897305][T11957]  ? security_capable+0x83/0x90
[  218.897337][T11957]  ? netlink_ns_capable+0x86/0xa0
[  218.897368][T11957]  rtnl_newlink+0xf29/0x12d0
[  218.897471][T11957]  ? bpf_trace_run3+0x12c/0x1d0
[  218.897495][T11957]  ? __memcg_slab_free_hook+0x135/0x230
[  218.897640][T11957]  ? __rcu_read_unlock+0x4f/0x70
[  218.897663][T11957]  ? avc_has_perm_noaudit+0x1b1/0x200
[  218.897705][T11957]  ? cred_has_capability+0x210/0x280
[  218.897736][T11957]  ? selinux_capable+0x31/0x40
[  218.897850][T11957]  ? security_capable+0x83/0x90
[  218.897939][T11957]  ? ns_capable+0x7d/0xb0
[  218.897964][T11957]  ? __pfx_rtnl_newlink+0x10/0x10
[  218.898037][T11957]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  218.898116][T11957]  netlink_rcv_skb+0x120/0x220
[  218.898143][T11957]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  218.898231][T11957]  rtnetlink_rcv+0x1c/0x30
[  218.898289][T11957]  netlink_unicast+0x5a8/0x680
[  218.898322][T11957]  netlink_sendmsg+0x58b/0x6b0
[  218.898359][T11957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  218.898395][T11957]  __sock_sendmsg+0x142/0x180
[  218.898481][T11957]  ____sys_sendmsg+0x31e/0x4e0
[  218.898510][T11957]  ___sys_sendmsg+0x17b/0x1d0
[  218.898551][T11957]  __x64_sys_sendmsg+0xd4/0x160
[  218.898665][T11957]  x64_sys_call+0x191e/0x2ff0
[  218.898693][T11957]  do_syscall_64+0xd2/0x200
[  218.898767][T11957]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  218.898802][T11957]  ? clear_bhb_loop+0x40/0x90
[  218.898837][T11957]  ? clear_bhb_loop+0x40/0x90
[  218.898859][T11957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.898908][T11957] RIP: 0033:0x7f319ee0e9a9
[  218.898925][T11957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.898980][T11957] RSP: 002b:00007f319d46f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  218.899003][T11957] RAX: ffffffffffffffda RBX: 00007f319f035fa0 RCX: 00007f319ee0e9a9
[  218.899020][T11957] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  218.899037][T11957] RBP: 00007f319d46f090 R08: 0000000000000000 R09: 0000000000000000
[  218.899053][T11957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.899104][T11957] R13: 0000000000000000 R14: 00007f319f035fa0 R15: 00007fffb451b248
[  218.899131][T11957]  </TASK>
[  219.386981][T11961] loop5: detected capacity change from 0 to 1024
[  219.395393][T11961] EXT4-fs: Ignoring removed bh option
[  219.401471][T11961] EXT4-fs: inline encryption not supported
[  219.410651][T11961] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  219.422503][T11958] netlink: 'syz.4.2845': attribute type 12 has an invalid length.
[  219.455639][T11961] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  219.474289][T11961] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 2: comm syz.5.2849: lblock 2 mapped to illegal pblock 2 (length 1)
[  219.500247][T11961] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 48: comm syz.5.2849: lblock 0 mapped to illegal pblock 48 (length 1)
[  219.546730][T11961] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2849: Failed to acquire dquot type 0
[  219.580543][T11961] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  219.646799][T11961] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.2849: mark_inode_dirty error
[  219.682244][T11981] 9pnet_fd: Insufficient options for proto=fd
[  219.702434][T11981] loop0: detected capacity change from 0 to 164
[  219.709086][T11961] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  219.740186][T11981] syz.0.2855: attempt to access beyond end of device
[  219.740186][T11981] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  219.743428][T11961] EXT4-fs (loop5): 1 orphan inode deleted
[  219.754093][T11981] syz.0.2855: attempt to access beyond end of device
[  219.754093][T11981] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164
[  219.763457][   T57] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  219.779361][T11981] iso9660: Corrupted directory entry in block 4 of inode 1792
[  219.796053][T11952] lo speed is unknown, defaulting to 1000
[  219.827939][   T57] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0
[  219.844412][T11961] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  219.895343][T11952] lo speed is unknown, defaulting to 1000
[  219.962860][T11988] loop4: detected capacity change from 0 to 1024
[  219.970823][T11988] EXT4-fs: Ignoring removed bh option
[  219.976658][T11988] EXT4-fs: inline encryption not supported
[  220.003938][T11988] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  220.029462][T11988] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  220.052803][T11988] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2857: lblock 2 mapped to illegal pblock 2 (length 1)
[  220.085774][T11988] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2857: lblock 0 mapped to illegal pblock 48 (length 1)
[  220.111833][T11988] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2857: Failed to acquire dquot type 0
[  220.124375][T11988] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  220.134426][T11988] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2857: mark_inode_dirty error
[  220.146933][T11988] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  220.158955][T11988] EXT4-fs (loop4): 1 orphan inode deleted
[  220.171138][  T995] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  220.185963][  T995] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0
[  220.198937][T11988] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  220.414204][T11993] loop5: detected capacity change from 0 to 128
[  220.461864][T12002] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2862'.
[  220.613086][T12006] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  220.613086][T12006]    program +}[@ not setting count and/or reply_len properly
[  220.784049][T12014] loop6: detected capacity change from 0 to 128
[  220.862959][T12022] loop6: detected capacity change from 0 to 1024
[  220.869840][T12022] EXT4-fs: Ignoring removed bh option
[  220.883127][T12022] EXT4-fs: inline encryption not supported
[  220.889454][T12022] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  220.901375][T12022] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  220.910477][T12022] EXT4-fs error (device loop6): ext4_map_blocks:780: inode #3: block 2: comm syz.6.2870: lblock 2 mapped to illegal pblock 2 (length 1)
[  220.925695][T12022] EXT4-fs error (device loop6): ext4_map_blocks:780: inode #3: block 48: comm syz.6.2870: lblock 0 mapped to illegal pblock 48 (length 1)
[  220.940073][T12022] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.2870: Failed to acquire dquot type 0
[  220.952534][T12022] EXT4-fs error (device loop6) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  220.962201][T12022] EXT4-fs error (device loop6): ext4_evict_inode:254: inode #11: comm syz.6.2870: mark_inode_dirty error
[  220.973955][T12022] EXT4-fs warning (device loop6): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  220.984444][T12022] EXT4-fs (loop6): 1 orphan inode deleted
[  220.994009][   T57] EXT4-fs error (device loop6): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  221.009062][   T57] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0
[  221.021620][T12022] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  221.099404][T12033] loop6: detected capacity change from 0 to 764
[  221.158152][T12027] loop0: detected capacity change from 0 to 128
[  221.190827][T12027] +}[@: attempt to access beyond end of device
[  221.190827][T12027] loop0: rw=0, sector=121, nr_sectors = 120 limit=128
[  221.249010][  T995] kworker/u8:6: attempt to access beyond end of device
[  221.249010][  T995] loop0: rw=1, sector=241, nr_sectors = 800 limit=128
[  221.263941][T12046] netlink: 328 bytes leftover after parsing attributes in process `syz.1.2879'.
[  221.307408][T12054] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2883'.
[  221.372116][T12060] netlink: 'syz.6.2886': attribute type 1 has an invalid length.
[  221.391217][T12060] 8021q: adding VLAN 0 to HW filter on device bond2
[  221.398871][T12064] netlink: 'syz.5.2887': attribute type 12 has an invalid length.
[  221.420728][T12060] 8021q: adding VLAN 0 to HW filter on device batadv1
[  221.438582][T12060] bond2: (slave batadv1): making interface the new active one
[  221.455151][T12060] bond2: (slave batadv1): Enslaving as an active interface with an up link
[  221.494973][T12073] loop6: detected capacity change from 0 to 128
[  221.506282][T12073] ext4 filesystem being mounted at /340/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  221.522355][T12051] loop0: detected capacity change from 0 to 128
[  221.527224][T12071] hub 6-0:1.0: USB hub found
[  221.533470][T12071] hub 6-0:1.0: 8 ports detected
[  221.573250][T12077] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2893'.
[  221.583924][T12077] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2893'.
[  221.626770][T12083] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2895'.
[  221.644529][T12083] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2895'.
[  221.706551][T12089] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  221.713736][T12088] tipc: Resetting bearer <eth:syzkaller0>
[  221.722957][T12090] loop6: detected capacity change from 0 to 128
[  221.731437][T12088] tipc: Disabling bearer <eth:syzkaller0>
[  221.752178][T12079] syz.6.2892: attempt to access beyond end of device
[  221.752178][T12079] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  221.815151][ T7019] kworker/u8:11: attempt to access beyond end of device
[  221.815151][ T7019] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  221.853743][T12098] loop5: detected capacity change from 0 to 128
[  221.862875][T12098] ext4 filesystem being mounted at /548/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  221.941618][T12107] program syz.5.2906 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  222.063311][T12116] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  222.068327][T12103] loop6: detected capacity change from 0 to 128
[  222.076511][T12115] tipc: Resetting bearer <eth:syzkaller0>
[  222.104927][T12115] tipc: Disabling bearer <eth:syzkaller0>
[  222.200458][T12129] loop5: detected capacity change from 0 to 128
[  222.215648][   T29] kauditd_printk_skb: 686 callbacks suppressed
[  222.215662][   T29] audit: type=1326 audit(1754914282.628:18632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ec874e9a9 code=0x7ffc0000
[  222.222443][T12118] loop4: detected capacity change from 0 to 128
[  222.245065][   T29] audit: type=1326 audit(1754914282.628:18633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ec874e9a9 code=0x7ffc0000
[  222.245167][   T29] audit: type=1326 audit(1754914282.628:18634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f2ec874e9a9 code=0x7ffc0000
[  222.297757][   T29] audit: type=1326 audit(1754914282.628:18635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2ec874e9e3 code=0x7ffc0000
[  222.321176][   T29] audit: type=1326 audit(1754914282.628:18636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2ec874d45f code=0x7ffc0000
[  222.344215][   T29] audit: type=1326 audit(1754914282.628:18637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f2ec874ea37 code=0x7ffc0000
[  222.362819][T12118] +}[@: attempt to access beyond end of device
[  222.362819][T12118] loop4: rw=0, sector=121, nr_sectors = 120 limit=128
[  222.367295][   T29] audit: type=1326 audit(1754914282.628:18638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2ec874d310 code=0x7ffc0000
[  222.403166][   T29] audit: type=1326 audit(1754914282.628:18639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2ec874e5ab code=0x7ffc0000
[  222.426380][   T29] audit: type=1326 audit(1754914282.658:18640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2ec874d60a code=0x7ffc0000
[  222.449296][   T29] audit: type=1326 audit(1754914282.658:18641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12117 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2ec874d60a code=0x7ffc0000
[  222.475600][T12129] EXT4-fs mount: 46 callbacks suppressed
[  222.475620][T12129] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  222.495316][  T995] kworker/u8:6: attempt to access beyond end of device
[  222.495316][  T995] loop4: rw=1, sector=241, nr_sectors = 800 limit=128
[  222.509868][T12129] ext4 filesystem being mounted at /555/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  222.570995][T12138] loop1: detected capacity change from 0 to 1024
[  222.588006][T12138] EXT4-fs: Ignoring removed bh option
[  222.593475][T12138] EXT4-fs: inline encryption not supported
[  222.600568][ T3694] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  222.612355][T12138] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  222.635364][T12143] netlink: 'syz.0.2922': attribute type 12 has an invalid length.
[  222.650407][T12138] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  222.669078][T12138] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 2: comm syz.1.2919: lblock 2 mapped to illegal pblock 2 (length 1)
[  222.683469][T12138] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 48: comm syz.1.2919: lblock 0 mapped to illegal pblock 48 (length 1)
[  222.701084][T12138] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.2919: Failed to acquire dquot type 0
[  222.713840][T12138] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  222.725501][T12138] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.2919: mark_inode_dirty error
[  222.737853][T12138] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  222.748623][T12138] EXT4-fs (loop1): 1 orphan inode deleted
[  222.755699][T12138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  222.768603][  T995] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  222.784064][  T995] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0
[  222.806074][T12138] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  222.846992][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.916602][T12166] loop1: detected capacity change from 0 to 128
[  222.929263][T12166] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  222.951228][T12166] ext4 filesystem being mounted at /541/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  223.021283][ T3311] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  223.058637][T12158] loop0: detected capacity change from 0 to 128
[  223.225002][T12184] __nla_validate_parse: 6 callbacks suppressed
[  223.225018][T12184] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2938'.
[  223.296125][T12187] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2939'.
[  223.339542][T12189] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2940'.
[  223.349628][T12191] loop0: detected capacity change from 0 to 1024
[  223.369325][T12191] EXT4-fs: Ignoring removed bh option
[  223.381504][T12191] EXT4-fs: inline encryption not supported
[  223.394227][T12189] lo speed is unknown, defaulting to 1000
[  223.400988][T12191] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  223.435065][T12191] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  223.455903][T12191] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.2941: lblock 2 mapped to illegal pblock 2 (length 1)
[  223.490254][T12191] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.2941: lblock 0 mapped to illegal pblock 48 (length 1)
[  223.511933][T12189] lo speed is unknown, defaulting to 1000
[  223.527107][T12191] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.2941: Failed to acquire dquot type 0
[  223.528256][T12195] loop4: detected capacity change from 0 to 128
[  223.551363][T12191] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  223.566673][T12195] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  223.584996][T12191] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.2941: mark_inode_dirty error
[  223.596607][T12195] ext4 filesystem being mounted at /587/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  223.604942][T12191] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  223.645257][T12191] EXT4-fs (loop0): 1 orphan inode deleted
[  223.657798][T12191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.671913][   T57] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  223.688538][   T57] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0
[  223.715678][T12191] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  223.735277][ T3302] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  223.788379][T12197] loop5: detected capacity change from 0 to 128
[  223.798707][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.824538][T12208] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2949'.
[  223.848573][T12209] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2945'.
[  223.956940][T12216] netlink: 'syz.4.2945': attribute type 12 has an invalid length.
[  223.958088][T12215] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2951'.
[  224.010568][T12209] lo speed is unknown, defaulting to 1000
[  224.027174][T12219] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2952'.
[  224.086778][T12203] loop1: detected capacity change from 0 to 128
[  224.124124][T12209] lo speed is unknown, defaulting to 1000
[  224.174851][T12203] syz.1.2946: attempt to access beyond end of device
[  224.174851][T12203] loop1: rw=0, sector=121, nr_sectors = 120 limit=128
[  224.287975][   T12] kworker/u8:0: attempt to access beyond end of device
[  224.287975][   T12] loop1: rw=1, sector=241, nr_sectors = 800 limit=128
[  224.320873][T12211] loop0: detected capacity change from 0 to 128
[  224.348635][T12227] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  224.369392][T12229] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2955'.
[  224.379518][T12233] FAULT_INJECTION: forcing a failure.
[  224.379518][T12233] name failslab, interval 1, probability 0, space 0, times 0
[  224.392324][T12233] CPU: 0 UID: 0 PID: 12233 Comm: syz.6.2957 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  224.392357][T12233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  224.392406][T12233] Call Trace:
[  224.392415][T12233]  <TASK>
[  224.392426][T12233]  __dump_stack+0x1d/0x30
[  224.392453][T12233]  dump_stack_lvl+0xe8/0x140
[  224.392479][T12233]  dump_stack+0x15/0x1b
[  224.392501][T12233]  should_fail_ex+0x265/0x280
[  224.392528][T12233]  should_failslab+0x8c/0xb0
[  224.392640][T12233]  __kmalloc_cache_node_noprof+0x54/0x320
[  224.392675][T12233]  ? __get_vm_area_node+0x106/0x1d0
[  224.392710][T12233]  __get_vm_area_node+0x106/0x1d0
[  224.392781][T12233]  __vmalloc_node_range_noprof+0x273/0xe00
[  224.392822][T12233]  ? n_tty_open+0x1b/0xf0
[  224.392874][T12233]  ? klist_dec_and_del+0xba/0x270
[  224.392906][T12233]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  224.392951][T12233]  ? _raw_spin_unlock+0x26/0x50
[  224.393026][T12233]  ? n_tty_open+0x1b/0xf0
[  224.393049][T12233]  vzalloc_noprof+0x82/0xc0
[  224.393087][T12233]  ? n_tty_open+0x1b/0xf0
[  224.393136][T12233]  n_tty_open+0x1b/0xf0
[  224.393166][T12233]  tty_ldisc_setup+0x80/0x220
[  224.393206][T12233]  tty_init_dev+0x183/0x330
[  224.393304][T12233]  tty_open+0x6cc/0xaf0
[  224.393345][T12233]  chrdev_open+0x2eb/0x3a0
[  224.393367][T12233]  do_dentry_open+0x646/0xa20
[  224.393390][T12233]  ? __pfx_chrdev_open+0x10/0x10
[  224.393412][T12233]  vfs_open+0x37/0x1e0
[  224.393468][T12233]  path_openat+0x1c5e/0x2170
[  224.393520][T12233]  do_filp_open+0x109/0x230
[  224.393560][T12233]  do_sys_openat2+0xa6/0x110
[  224.393617][T12233]  __x64_sys_openat+0xf2/0x120
[  224.393658][T12233]  x64_sys_call+0x2e9c/0x2ff0
[  224.393679][T12233]  do_syscall_64+0xd2/0x200
[  224.393746][T12233]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  224.393856][T12233]  ? clear_bhb_loop+0x40/0x90
[  224.393883][T12233]  ? clear_bhb_loop+0x40/0x90
[  224.393964][T12233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.393990][T12233] RIP: 0033:0x7fdc682be9a9
[  224.394009][T12233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.394029][T12233] RSP: 002b:00007fdc66927038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  224.394047][T12233] RAX: ffffffffffffffda RBX: 00007fdc684e5fa0 RCX: 00007fdc682be9a9
[  224.394060][T12233] RDX: 00000000000a4802 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  224.394075][T12233] RBP: 00007fdc66927090 R08: 0000000000000000 R09: 0000000000000000
[  224.394107][T12233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.394119][T12233] R13: 0000000000000000 R14: 00007fdc684e5fa0 R15: 00007fffe8b4c858
[  224.394156][T12233]  </TASK>
[  224.394165][T12233] syz.6.2957: vmalloc error: size 8904, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  224.676476][T12233] CPU: 0 UID: 0 PID: 12233 Comm: syz.6.2957 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  224.676503][T12233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  224.676515][T12233] Call Trace:
[  224.676521][T12233]  <TASK>
[  224.676529][T12233]  __dump_stack+0x1d/0x30
[  224.676686][T12233]  dump_stack_lvl+0xe8/0x140
[  224.676704][T12233]  dump_stack+0x15/0x1b
[  224.676718][T12233]  warn_alloc+0x12b/0x1a0
[  224.676752][T12233]  __vmalloc_node_range_noprof+0x297/0xe00
[  224.676836][T12233]  ? klist_dec_and_del+0xba/0x270
[  224.676864][T12233]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  224.676896][T12233]  ? _raw_spin_unlock+0x26/0x50
[  224.676941][T12233]  ? n_tty_open+0x1b/0xf0
[  224.676963][T12233]  vzalloc_noprof+0x82/0xc0
[  224.677080][T12233]  ? n_tty_open+0x1b/0xf0
[  224.677127][T12233]  n_tty_open+0x1b/0xf0
[  224.677148][T12233]  tty_ldisc_setup+0x80/0x220
[  224.677250][T12233]  tty_init_dev+0x183/0x330
[  224.677279][T12233]  tty_open+0x6cc/0xaf0
[  224.677310][T12233]  chrdev_open+0x2eb/0x3a0
[  224.677330][T12233]  do_dentry_open+0x646/0xa20
[  224.677405][T12233]  ? __pfx_chrdev_open+0x10/0x10
[  224.677425][T12233]  vfs_open+0x37/0x1e0
[  224.677446][T12233]  path_openat+0x1c5e/0x2170
[  224.677585][T12233]  do_filp_open+0x109/0x230
[  224.677700][T12233]  do_sys_openat2+0xa6/0x110
[  224.677726][T12233]  __x64_sys_openat+0xf2/0x120
[  224.677752][T12233]  x64_sys_call+0x2e9c/0x2ff0
[  224.677771][T12233]  do_syscall_64+0xd2/0x200
[  224.677873][T12233]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  224.677897][T12233]  ? clear_bhb_loop+0x40/0x90
[  224.677916][T12233]  ? clear_bhb_loop+0x40/0x90
[  224.677936][T12233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.678000][T12233] RIP: 0033:0x7fdc682be9a9
[  224.678013][T12233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.678029][T12233] RSP: 002b:00007fdc66927038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  224.678047][T12233] RAX: ffffffffffffffda RBX: 00007fdc684e5fa0 RCX: 00007fdc682be9a9
[  224.678117][T12233] RDX: 00000000000a4802 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  224.678129][T12233] RBP: 00007fdc66927090 R08: 0000000000000000 R09: 0000000000000000
[  224.678140][T12233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.678152][T12233] R13: 0000000000000000 R14: 00007fdc684e5fa0 R15: 00007fffe8b4c858
[  224.678170][T12233]  </TASK>
[  224.678185][T12233] Mem-Info:
[  224.923138][T12233] active_anon:6574 inactive_anon:19 isolated_anon:0
[  224.923138][T12233]  active_file:23504 inactive_file:2707 isolated_file:0
[  224.923138][T12233]  unevictable:0 dirty:42 writeback:21
[  224.923138][T12233]  slab_reclaimable:3443 slab_unreclaimable:33216
[  224.923138][T12233]  mapped:30269 shmem:3340 pagetables:1157
[  224.923138][T12233]  sec_pagetables:0 bounce:0
[  224.923138][T12233]  kernel_misc_reclaimable:0
[  224.923138][T12233]  free:1854347 free_pcp:16984 free_cma:0
[  224.968387][T12233] Node 0 active_anon:26296kB inactive_anon:76kB active_file:94016kB inactive_file:10828kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:121076kB dirty:168kB writeback:84kB shmem:13360kB writeback_tmp:0kB kernel_stack:3728kB pagetables:4628kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  224.997514][T12233] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  225.026723][T12233] lowmem_reserve[]: 0 2883 7862 7862
[  225.032271][T12233] Node 0 DMA32 free:2949536kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953068kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:3532kB free_cma:0kB
[  225.062941][T12233] lowmem_reserve[]: 0 0 4978 4978
[  225.068049][T12233] Node 0 Normal free:4452492kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26296kB inactive_anon:76kB active_file:94016kB inactive_file:10828kB unevictable:0kB writepending:252kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:64396kB local_pcp:63440kB free_cma:0kB
[  225.100280][T12233] lowmem_reserve[]: 0 0 0 0
[  225.104901][T12233] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  225.117677][T12233] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 4*16kB (M) 4*32kB (M) 3*64kB (M) 2*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949536kB
[  225.134121][T12233] Node 0 Normal: 522*4kB (UME) 624*8kB (UME) 478*16kB (UME) 251*32kB (UME) 148*64kB (UME) 201*128kB (UME) 90*256kB (UME) 54*512kB (UME) 70*1024kB (UME) 40*2048kB (UME) 1023*4096kB (UM) = 4452456kB
[  225.153604][T12233] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  225.162937][T12233] 29528 total pagecache pages
[  225.167641][T12233] 50 pages in swap cache
[  225.171882][T12233] Free swap  = 124812kB
[  225.176132][T12233] Total swap = 124996kB
[  225.180317][T12233] 2097051 pages RAM
[  225.184147][T12233] 0 pages HighMem/MovableOnly
[  225.188949][T12233] 80384 pages reserved
[  225.193022][T12233] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  225.200277][T12226] tipc: Resetting bearer <eth:syzkaller0>
[  225.235709][T12237] loop0: detected capacity change from 0 to 1024
[  225.236645][T12226] tipc: Disabling bearer <eth:syzkaller0>
[  225.242511][T12237] EXT4-fs: Ignoring removed bh option
[  225.254951][T12237] EXT4-fs: inline encryption not supported
[  225.261323][T12237] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  225.273256][T12237] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  225.282393][T12237] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.2958: lblock 2 mapped to illegal pblock 2 (length 1)
[  225.296775][T12237] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.2958: lblock 0 mapped to illegal pblock 48 (length 1)
[  225.311213][T12237] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.2958: Failed to acquire dquot type 0
[  225.322737][T12237] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  225.333465][T12237] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.2958: mark_inode_dirty error
[  225.345615][T12237] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  225.356927][T12237] EXT4-fs (loop0): 1 orphan inode deleted
[  225.364759][T12237] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.377316][ T7030] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:14: lblock 1 mapped to illegal pblock 1 (length 1)
[  225.393261][T12244] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2960'.
[  225.399889][T12234] lo speed is unknown, defaulting to 1000
[  225.423873][ T7030] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:14: Failed to release dquot type 0
[  225.443946][T12237] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  225.477108][T12234] lo speed is unknown, defaulting to 1000
[  225.489633][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.515401][T12251] program syz.0.2963 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  225.525216][T12251] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2963'.
[  225.630939][T12258] hub 6-0:1.0: USB hub found
[  225.641268][T12258] hub 6-0:1.0: 8 ports detected
[  225.725347][T12255] loop0: detected capacity change from 0 to 128
[  225.750736][T12255] +}[@: attempt to access beyond end of device
[  225.750736][T12255] loop0: rw=0, sector=121, nr_sectors = 120 limit=128
[  225.798369][  T995] kworker/u8:6: attempt to access beyond end of device
[  225.798369][  T995] loop0: rw=1, sector=241, nr_sectors = 800 limit=128
[  225.989376][T12277] loop0: detected capacity change from 0 to 128
[  226.080144][T12282] lo speed is unknown, defaulting to 1000
[  226.140723][T12282] lo speed is unknown, defaulting to 1000
[  226.206526][T12289] loop0: detected capacity change from 0 to 512
[  226.213794][T12289] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  226.226112][T12289] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.2978: bad orphan inode 16
[  226.237828][T12289] ext4_test_bit(bit=15, block=4) = 0
[  226.243197][T12289] EXT4-fs (loop0): 1 orphan inode deleted
[  226.250252][T12289] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.283111][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.351228][T12293] tipc: Started in network mode
[  226.351257][T12293] tipc: Node identity 7678b68cdcca, cluster identity 4711
[  226.351341][T12293] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  226.352030][T12292] tipc: Resetting bearer <eth:syzkaller0>
[  226.397171][T12292] tipc: Disabling bearer <eth:syzkaller0>
[  226.412815][T12302] netlink: 'syz.4.2984': attribute type 21 has an invalid length.
[  227.264838][   T29] kauditd_printk_skb: 349 callbacks suppressed
[  227.264854][   T29] audit: type=1400 audit(1754914287.665:18982): avc:  denied  { create } for  pid=12325 comm="syz.5.2991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  227.301948][   T29] audit: type=1400 audit(1754914287.705:18983): avc:  denied  { write } for  pid=12325 comm="syz.5.2991" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  227.331069][T12326] hub 6-0:1.0: USB hub found
[  227.335867][T12326] hub 6-0:1.0: 8 ports detected
[  227.383131][   T29] audit: type=1400 audit(1754914287.785:18984): avc:  denied  { read write } for  pid=12327 comm="syz.5.2992" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  227.384238][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.406915][   T29] audit: type=1400 audit(1754914287.785:18985): avc:  denied  { open } for  pid=12327 comm="syz.5.2992" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  227.414323][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.445330][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.448800][   T29] audit: type=1400 audit(1754914287.855:18986): avc:  denied  { create } for  pid=12329 comm="syz.0.2993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  227.452831][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.479793][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.487231][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.494754][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.502316][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.509753][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.517198][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.524616][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.532102][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.539629][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.547204][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.554629][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.562200][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.569638][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.577183][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.577515][   T29] audit: type=1400 audit(1754914287.975:18987): avc:  denied  { setopt } for  pid=12327 comm="syz.5.2992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  227.584584][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.611651][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.619108][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.626551][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.634055][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.641499][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.648944][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.656538][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.664052][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.671558][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.671586][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.671610][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.671641][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.701589][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.709055][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.716500][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.724136][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.731602][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.739060][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.746502][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.753953][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.761452][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.768973][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.776421][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.783953][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.791615][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.799164][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.806804][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.814266][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.821921][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.829354][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.836774][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.844300][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.851826][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.859283][ T1038] hid-generic 0008:0006:0007.0004: unknown main item tag 0x0
[  227.874928][   T29] audit: type=1400 audit(1754914288.275:18988): avc:  denied  { setopt } for  pid=12327 comm="syz.5.2992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  227.880286][ T1038] hid-generic 0008:0006:0007.0004: hidraw0: <UNKNOWN> HID v0.0b Device [syz1] on syz1
[  227.922181][   T29] audit: type=1400 audit(1754914288.275:18989): avc:  denied  { map_create } for  pid=12334 comm="syz.1.2994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  227.941769][   T29] audit: type=1400 audit(1754914288.305:18990): avc:  denied  { map_read map_write } for  pid=12334 comm="syz.1.2994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  227.961950][   T29] audit: type=1400 audit(1754914288.305:18991): avc:  denied  { prog_load } for  pid=12334 comm="syz.1.2994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  228.030830][T12341] loop5: detected capacity change from 0 to 128
[  228.048423][T12341] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  228.080215][T12341] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  228.109172][T12344] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  228.115871][T12338] lo speed is unknown, defaulting to 1000
[  228.128565][T12340] tipc: Resetting bearer <eth:syzkaller0>
[  228.129006][T12343] loop1: detected capacity change from 0 to 512
[  228.162189][T12343] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  228.177967][T12340] tipc: Disabling bearer <eth:syzkaller0>
[  228.201530][T12343] EXT4-fs (loop1): 1 truncate cleaned up
[  228.207944][T12343] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.251381][T12338] lo speed is unknown, defaulting to 1000
[  228.336050][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.386218][T12358] hub 6-0:1.0: USB hub found
[  228.391217][T12358] hub 6-0:1.0: 8 ports detected
[  228.490171][T12366] loop6: detected capacity change from 0 to 128
[  228.575870][T12366] syz.6.3004: attempt to access beyond end of device
[  228.575870][T12366] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  228.626819][   T57] kworker/u8:4: attempt to access beyond end of device
[  228.626819][   T57] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  228.680819][T12369] __nla_validate_parse: 11 callbacks suppressed
[  228.680839][T12369] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3005'.
[  229.087804][T12375] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3008'.
[  229.097080][T12375] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3008'.
[  229.132213][T12378] program syz.4.3009 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  229.194760][T12383] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  229.209186][T12382] tipc: Resetting bearer <eth:syzkaller0>
[  229.224739][T12382] tipc: Disabling bearer <eth:syzkaller0>
[  229.280595][   T12] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.312997][T12393] loop5: detected capacity change from 0 to 128
[  229.350076][   T12] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.373684][T12399] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3016'.
[  229.429189][   T12] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.467743][T12385] lo speed is unknown, defaulting to 1000
[  229.501080][   T12] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.573707][T12385] lo speed is unknown, defaulting to 1000
[  229.603941][T12407] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3019'.
[  229.628105][T12401] loop5: detected capacity change from 0 to 128
[  229.684451][T12401] +}[@: attempt to access beyond end of device
[  229.684451][T12401] loop5: rw=0, sector=121, nr_sectors = 120 limit=128
[  229.729836][ T7030] kworker/u8:14: attempt to access beyond end of device
[  229.729836][ T7030] loop5: rw=1, sector=241, nr_sectors = 800 limit=128
[  229.754605][T12422] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3024'.
[  229.790179][   T12] bond0 (unregistering): Released all slaves
[  229.860806][   T12] tipc: Disabling bearer <udp:syz2>
[  229.866243][   T12] tipc: Left network mode
[  229.874961][T12429] netlink: 'syz.5.3025': attribute type 10 has an invalid length.
[  229.880186][T12385] chnl_net:caif_netlink_parms(): no params data found
[  229.902289][T12429] team0: Port device dummy0 added
[  229.913518][T12429] netlink: 'syz.5.3025': attribute type 10 has an invalid length.
[  229.937657][T12429] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  229.951973][T12429] team0: Failed to send options change via netlink (err -105)
[  229.976055][T12429] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  229.987449][T12429] team0: Port device dummy0 removed
[  230.015049][   T12] hsr_slave_0: left promiscuous mode
[  230.022783][   T12] hsr_slave_1: left promiscuous mode
[  230.032509][   T12] veth1_macvtap: left promiscuous mode
[  230.039821][   T12] veth0_macvtap: left promiscuous mode
[  230.140692][ T7030] smc: removing ib device s
z1
[  230.165390][   T23] lo speed is unknown, defaulting to 1000
[  230.171379][   T23] s
z1: Port: 1 Link DOWN
[  230.191593][T12385] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.198828][T12385] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.216234][T12385] bridge_slave_0: entered allmulticast mode
[  230.254597][T12385] bridge_slave_0: entered promiscuous mode
[  230.265836][T12385] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.273128][T12385] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.281457][T12385] bridge_slave_1: entered allmulticast mode
[  230.288530][T12385] bridge_slave_1: entered promiscuous mode
[  230.402255][T12385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  230.413835][T12385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  230.473199][T12385] team0: Port device team_slave_0 added
[  230.480578][T12385] team0: Port device team_slave_1 added
[  230.493282][T12435] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3026'.
[  230.513896][T12385] batman_adv: batadv0: Adding interface: batadv_slave_0
[  230.521010][T12385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.547219][T12385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  230.563030][T12385] batman_adv: batadv0: Adding interface: batadv_slave_1
[  230.570052][T12385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.596118][T12385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.637293][   T12] IPVS: stop unused estimator thread 0...
[  230.668001][T12385] hsr_slave_0: entered promiscuous mode
[  230.674130][T12385] hsr_slave_1: entered promiscuous mode
[  230.680051][T12385] debugfs: 'hsr0' already exists in 'hsr'
[  230.685821][T12385] Cannot create hsr debugfs directory
[  230.720953][T12446] loop1: detected capacity change from 0 to 1024
[  230.753577][T12446] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.790593][T12452] xt_CT: No such helper "pptp"
[  230.952147][T12459] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  230.961556][T12458] tipc: Resetting bearer <eth:syzkaller0>
[  230.974609][T12458] tipc: Disabling bearer <eth:syzkaller0>
[  230.983953][T12446] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt.
[  231.004031][T12385] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  231.013205][T12385] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  231.023920][T12385] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  231.040715][T12385] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  231.066279][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.083741][T12462] hub 6-0:1.0: USB hub found
[  231.089132][T12462] hub 6-0:1.0: 8 ports detected
[  231.094326][T12385] 8021q: adding VLAN 0 to HW filter on device bond0
[  231.108954][T12470] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3036'.
[  231.126308][T12385] 8021q: adding VLAN 0 to HW filter on device team0
[  231.143756][  T995] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.150900][  T995] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.174243][T12385] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  231.184857][T12385] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  231.205766][  T995] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.212933][  T995] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.257045][T12479] hub 6-0:1.0: USB hub found
[  231.267326][T12479] hub 6-0:1.0: 8 ports detected
[  231.310036][T12385] 8021q: adding VLAN 0 to HW filter on device batadv0
[  231.359940][T12472] loop6: detected capacity change from 0 to 128
[  231.384573][T12472] +}[@: attempt to access beyond end of device
[  231.384573][T12472] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  231.436338][ T7019] kworker/u8:11: attempt to access beyond end of device
[  231.436338][ T7019] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  231.465056][T12493] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3041'.
[  231.714424][T12505] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  231.760791][T12501] tipc: Resetting bearer <eth:syzkaller0>
[  231.790283][T12501] tipc: Disabling bearer <eth:syzkaller0>
[  231.933710][T12509] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3047'.
[  232.043410][T12520] FAULT_INJECTION: forcing a failure.
[  232.043410][T12520] name failslab, interval 1, probability 0, space 0, times 0
[  232.056183][T12520] CPU: 1 UID: 0 PID: 12520 Comm: syz.6.3050 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  232.056225][T12520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.056239][T12520] Call Trace:
[  232.056246][T12520]  <TASK>
[  232.056330][T12520]  __dump_stack+0x1d/0x30
[  232.056356][T12520]  dump_stack_lvl+0xe8/0x140
[  232.056376][T12520]  dump_stack+0x15/0x1b
[  232.056458][T12520]  should_fail_ex+0x265/0x280
[  232.056485][T12520]  should_failslab+0x8c/0xb0
[  232.056535][T12520]  kmem_cache_alloc_noprof+0x50/0x310
[  232.056569][T12520]  ? vm_area_alloc+0x2c/0xb0
[  232.056606][T12520]  vm_area_alloc+0x2c/0xb0
[  232.056662][T12520]  create_init_stack_vma+0x28/0x390
[  232.056691][T12520]  alloc_bprm+0x2b9/0x350
[  232.056764][T12520]  do_execveat_common+0x12e/0x750
[  232.056803][T12520]  __x64_sys_execve+0x5c/0x70
[  232.056840][T12520]  x64_sys_call+0x2716/0x2ff0
[  232.056861][T12520]  do_syscall_64+0xd2/0x200
[  232.056922][T12520]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  232.056957][T12520]  ? clear_bhb_loop+0x40/0x90
[  232.056984][T12520]  ? clear_bhb_loop+0x40/0x90
[  232.057013][T12520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.057086][T12520] RIP: 0033:0x7fdc682be9a9
[  232.057106][T12520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.057129][T12520] RSP: 002b:00007fdc66927038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  232.057154][T12520] RAX: ffffffffffffffda RBX: 00007fdc684e5fa0 RCX: 00007fdc682be9a9
[  232.057172][T12520] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  232.057248][T12520] RBP: 00007fdc66927090 R08: 0000000000000000 R09: 0000000000000000
[  232.057265][T12520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.057303][T12520] R13: 0000000000000000 R14: 00007fdc684e5fa0 R15: 00007fffe8b4c858
[  232.057330][T12520]  </TASK>
[  232.192124][T12385] veth0_vlan: entered promiscuous mode
[  232.280365][   T29] kauditd_printk_skb: 182 callbacks suppressed
[  232.280396][   T29] audit: type=1326 audit(1754914292.693:19174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12506 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f042ba3e9a9 code=0x7ffc0000
[  232.319918][   T29] audit: type=1326 audit(1754914292.723:19175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12506 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f042ba3e9a9 code=0x7ffc0000
[  232.343142][   T29] audit: type=1326 audit(1754914292.723:19176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12506 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f042ba3e9e3 code=0x7ffc0000
[  232.366875][T12385] veth1_vlan: entered promiscuous mode
[  232.381068][T12385] veth0_macvtap: entered promiscuous mode
[  232.390592][   T29] audit: type=1326 audit(1754914292.733:19177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12506 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f042ba3d45f code=0x7ffc0000
[  232.413730][   T29] audit: type=1326 audit(1754914292.733:19178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12506 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f042ba3ea37 code=0x7ffc0000
[  232.413961][T12507] loop0: detected capacity change from 0 to 128
[  232.436867][   T29] audit: type=1326 audit(1754914292.793:19179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12530 comm="syz.6.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  232.466836][   T29] audit: type=1326 audit(1754914292.793:19180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12530 comm="syz.6.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  232.490610][   T29] audit: type=1326 audit(1754914292.793:19181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12530 comm="syz.6.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  232.514366][   T29] audit: type=1326 audit(1754914292.793:19182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12530 comm="syz.6.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  232.524914][T12507] +}[@: attempt to access beyond end of device
[  232.524914][T12507] loop0: rw=0, sector=121, nr_sectors = 120 limit=128
[  232.538245][   T29] audit: type=1326 audit(1754914292.793:19183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12530 comm="syz.6.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc682be9a9 code=0x7ffc0000
[  232.581121][T12532] loop6: detected capacity change from 0 to 512
[  232.590340][T12385] veth1_macvtap: entered promiscuous mode
[  232.604020][T12532] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  232.610274][ T7019] kworker/u8:11: attempt to access beyond end of device
[  232.610274][ T7019] loop0: rw=1, sector=241, nr_sectors = 800 limit=128
[  232.652191][T12532] EXT4-fs error (device loop6): ext4_orphan_get:1419: comm syz.6.3053: bad orphan inode 16
[  232.678786][T12532] ext4_test_bit(bit=15, block=4) = 0
[  232.684191][T12532] EXT4-fs (loop6): 1 orphan inode deleted
[  232.700097][T12532] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.831891][   T12] bond0 (unregistering): Released all slaves
[  232.838576][ T7019] smc: removing ib device syz1
[  232.843992][   T12] bond1 (unregistering): Released all slaves
[  232.864959][   T12] bond2 (unregistering): Released all slaves
[  232.892838][T12385] batman_adv: batadv0: Interface activated: batadv_slave_0
[  232.904546][T12529] IPVS: Error joining to the multicast group
[  232.921567][T12385] batman_adv: batadv0: Interface activated: batadv_slave_1
[  232.946514][T12538] loop0: detected capacity change from 0 to 1024
[  232.954258][T12385] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.961435][T12538] EXT4-fs: Ignoring removed orlov option
[  232.963046][T12385] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.977617][T12385] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.986583][T12385] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  233.011681][ T7278] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.051813][T12538] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.140703][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.192536][T12550] loop4: detected capacity change from 0 to 1024
[  233.199329][T12550] EXT4-fs: Ignoring removed bh option
[  233.210246][   T12] tipc: Left network mode
[  233.219646][T12550] EXT4-fs: inline encryption not supported
[  233.237482][T12550] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  233.277506][T12550] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  233.289765][   T12] hsr_slave_0: left promiscuous mode
[  233.299652][   T12] hsr_slave_1: left promiscuous mode
[  233.312455][T12550] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.3013: lblock 2 mapped to illegal pblock 2 (length 1)
[  233.336720][   T12] veth1_macvtap: left promiscuous mode
[  233.342387][   T12] veth0_macvtap: left promiscuous mode
[  233.348139][   T12] veth1_vlan: left promiscuous mode
[  233.351347][T12550] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.3013: lblock 0 mapped to illegal pblock 48 (length 1)
[  233.353630][   T12] veth0_vlan: left promiscuous mode
[  233.376324][T12550] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3013: Failed to acquire dquot type 0
[  233.410246][T12550] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  233.438383][T12550] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.3013: mark_inode_dirty error
[  233.482096][   T12] pim6reg (unregistering): left allmulticast mode
[  233.488808][T12550] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  233.513204][T12554] loop6: detected capacity change from 0 to 128
[  233.521238][T12550] EXT4-fs (loop4): 1 orphan inode deleted
[  233.530727][T12550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.549872][ T7030] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:14: lblock 1 mapped to illegal pblock 1 (length 1)
[  233.573583][T12554] syz.6.3061: attempt to access beyond end of device
[  233.573583][T12554] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  233.587617][ T7030] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:14: Failed to release dquot type 0
[  233.604790][ T7019] smc: removing ib device syz!
[  233.613850][T12548] loop1: detected capacity change from 0 to 128
[  233.631778][T12550] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  233.670529][T12385] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.701411][ T3397] lo speed is unknown, defaulting to 1000
[  233.707271][ T3397] infiniband syz0: ib_query_port failed (-19)
[  233.722579][T12548] +}[@: attempt to access beyond end of device
[  233.722579][T12548] loop1: rw=0, sector=121, nr_sectors = 120 limit=128
[  233.738705][  T995] kworker/u8:6: attempt to access beyond end of device
[  233.738705][  T995] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  233.774078][T12562] syzkaller1: entered promiscuous mode
[  233.779666][T12562] syzkaller1: entered allmulticast mode
[  233.824122][T12565] __nla_validate_parse: 7 callbacks suppressed
[  233.824138][T12565] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3064'.
[  233.867202][ T7030] kworker/u8:14: attempt to access beyond end of device
[  233.867202][ T7030] loop1: rw=1, sector=241, nr_sectors = 800 limit=128
[  233.952069][T12567] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3066'.
[  234.011188][T12573] loop1: detected capacity change from 0 to 1024
[  234.023256][T12573] EXT4-fs: Ignoring removed orlov option
[  234.051446][T12573] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.065826][   T12] IPVS: stop unused estimator thread 0...
[  234.075101][T12567] netlink: 'syz.6.3066': attribute type 12 has an invalid length.
[  234.106967][T12561] loop5: detected capacity change from 0 to 128
[  234.114642][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.178732][T12587] loop1: detected capacity change from 0 to 1024
[  234.185591][T12587] EXT4-fs: Ignoring removed bh option
[  234.193317][T12587] EXT4-fs: inline encryption not supported
[  234.199795][T12587] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  234.222853][T12587] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  234.243012][T12587] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 2: comm syz.1.3073: lblock 2 mapped to illegal pblock 2 (length 1)
[  234.281194][T12587] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 48: comm syz.1.3073: lblock 0 mapped to illegal pblock 48 (length 1)
[  234.316038][T12587] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.3073: Failed to acquire dquot type 0
[  234.327743][T12587] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  234.347644][T12587] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.3073: mark_inode_dirty error
[  234.370538][T12589] loop5: detected capacity change from 0 to 128
[  234.373273][T12587] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  234.388967][T12587] EXT4-fs (loop1): 1 orphan inode deleted
[  234.401120][ T7035] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:15: lblock 1 mapped to illegal pblock 1 (length 1)
[  234.411986][T12587] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.428548][ T7035] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:15: Failed to release dquot type 0
[  234.443252][T12587] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  234.444524][T12589] +}[@: attempt to access beyond end of device
[  234.444524][T12589] loop5: rw=0, sector=121, nr_sectors = 120 limit=128
[  234.477678][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.505129][   T12] kworker/u8:0: attempt to access beyond end of device
[  234.505129][   T12] loop5: rw=1, sector=241, nr_sectors = 800 limit=128
[  234.534368][T12598] loop5: detected capacity change from 0 to 128
[  234.597968][T12601] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3074'.
[  234.610452][T12601] IPVS: Error joining to the multicast group
[  234.642926][T12606] loop4: detected capacity change from 0 to 128
[  234.678251][T12608] netlink: 'syz.5.3081': attribute type 3 has an invalid length.
[  234.814144][T12615] hub 6-0:1.0: USB hub found
[  234.830482][T12615] hub 6-0:1.0: 8 ports detected
[  234.946185][T12616] loop4: detected capacity change from 0 to 128
[  235.105484][T12627] loop4: detected capacity change from 0 to 128
[  235.229783][T12630] syzkaller1: entered promiscuous mode
[  235.235447][T12630] syzkaller1: entered allmulticast mode
[  235.251934][T12621] loop0: detected capacity change from 0 to 128
[  235.336054][T12633] loop4: detected capacity change from 0 to 128
[  235.367456][T12637] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3093'.
[  235.429189][T12643] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3096'.
[  235.475241][T12643] netlink: 'syz.1.3096': attribute type 12 has an invalid length.
[  235.522384][T12652] loop1: detected capacity change from 0 to 128
[  235.615641][T12662] loop1: detected capacity change from 0 to 1024
[  235.633791][T12662] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.666963][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.716488][T12657] loop6: detected capacity change from 0 to 128
[  235.765363][T12674] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  235.775435][T12673] tipc: Resetting bearer <eth:syzkaller0>
[  235.787875][T12673] tipc: Disabling bearer <eth:syzkaller0>
[  235.822593][T12678] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3109'.
[  235.861399][T12678] netlink: 'syz.5.3109': attribute type 12 has an invalid length.
[  235.884354][T12681] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3110'.
[  235.901030][T12681] IPVS: Error joining to the multicast group
[  236.214211][T12691] nfs: Unknown parameter ''
[  236.485646][T12708] loop5: detected capacity change from 0 to 128
[  236.672273][T12718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3123'.
[  236.684443][T12716] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  236.693021][T12720] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3124'.
[  236.702532][T12720] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3124'.
[  236.711898][T12713] tipc: Resetting bearer <eth:syzkaller0>
[  236.727146][T12713] tipc: Disabling bearer <eth:syzkaller0>
[  236.738997][T12721] netlink: 'syz.4.3123': attribute type 12 has an invalid length.
[  236.827312][T12733] loop4: detected capacity change from 0 to 512
[  236.847154][T12733] loop4: detected capacity change from 0 to 2048
[  236.862974][T12733] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.887168][T12737] hub 6-0:1.0: USB hub found
[  236.892909][T12737] hub 6-0:1.0: 8 ports detected
[  236.893318][T12385] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.941104][T12744] loop0: detected capacity change from 0 to 512
[  236.948717][T12744] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  236.960733][T12744] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.3134: bad orphan inode 16
[  236.973327][T12744] ext4_test_bit(bit=15, block=4) = 0
[  236.978681][T12744] EXT4-fs (loop0): 1 orphan inode deleted
[  236.985514][T12744] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.016538][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.095813][T12757] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  237.113335][T12756] tipc: Resetting bearer <eth:syzkaller0>
[  237.126266][T12756] tipc: Disabling bearer <eth:syzkaller0>
[  237.135674][T12763] IPVS: Error joining to the multicast group
[  237.158281][T12764] netlink: 'syz.6.3141': attribute type 12 has an invalid length.
[  237.191871][T12766] vhci_hcd: invalid port number 96
[  237.197134][T12766] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  237.230544][T12770] hub 6-0:1.0: USB hub found
[  237.235901][T12770] hub 6-0:1.0: 8 ports detected
[  237.304328][   T29] kauditd_printk_skb: 488 callbacks suppressed
[  237.304345][   T29] audit: type=1400 audit(2000000000.469:19666): avc:  denied  { create } for  pid=12774 comm="syz.6.3147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  237.339235][   T29] audit: type=1400 audit(2000000000.489:19667): avc:  denied  { module_request } for  pid=12774 comm="syz.6.3147" kmod="net-pf-3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  237.369982][   T29] audit: type=1400 audit(2000000000.529:19668): avc:  denied  { create } for  pid=12774 comm="syz.6.3147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  237.370493][T12775] syzkaller1: entered promiscuous mode
[  237.395575][T12775] syzkaller1: entered allmulticast mode
[  237.401350][   T29] audit: type=1400 audit(2000000000.529:19669): avc:  denied  { ioctl } for  pid=12774 comm="syz.6.3147" path="socket:[41977]" dev="sockfs" ino=41977 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  237.462277][   T29] audit: type=1326 audit(2000000000.629:19670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.1.3148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4247be9a9 code=0x7ffc0000
[  237.485993][   T29] audit: type=1326 audit(2000000000.629:19671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.1.3148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4247be9a9 code=0x7ffc0000
[  237.511572][   T29] audit: type=1326 audit(2000000000.679:19672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.1.3148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4247be9a9 code=0x7ffc0000
[  237.542743][   T29] audit: type=1326 audit(2000000000.679:19673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.1.3148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4247be9a9 code=0x7ffc0000
[  237.566562][   T29] audit: type=1326 audit(2000000000.699:19674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.1.3148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4247be9a9 code=0x7ffc0000
[  237.590282][   T29] audit: type=1326 audit(2000000000.699:19675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12778 comm="syz.1.3148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc4247be9a9 code=0x7ffc0000
[  237.621551][T12779] loop1: detected capacity change from 0 to 512
[  237.629134][T12779] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  237.641967][T12779] EXT4-fs error (device loop1): ext4_orphan_get:1419: comm syz.1.3148: bad orphan inode 16
[  237.653593][T12779] ext4_test_bit(bit=15, block=4) = 0
[  237.658994][T12779] EXT4-fs (loop1): 1 orphan inode deleted
[  237.665549][T12779] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.695631][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.823957][ T6293] syz_tun (unregistering): left allmulticast mode
[  237.862523][T12804] loop1: detected capacity change from 0 to 128
[  237.895619][T12796] bio_check_eod: 14 callbacks suppressed
[  237.895641][T12796] syz.1.3156: attempt to access beyond end of device
[  237.895641][T12796] loop1: rw=0, sector=121, nr_sectors = 120 limit=128
[  237.967550][   T12] kworker/u8:0: attempt to access beyond end of device
[  237.967550][   T12] loop1: rw=1, sector=241, nr_sectors = 800 limit=128
[  237.998596][T12814] loop1: detected capacity change from 0 to 512
[  237.998649][T12801] chnl_net:caif_netlink_parms(): no params data found
[  238.006032][T12814] EXT4-fs (loop1): invalid inodes per group: 131104
[  238.006032][T12814] 
[  238.022876][   T12] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.054580][T12816] loop0: detected capacity change from 0 to 1024
[  238.061531][T12816] EXT4-fs: Ignoring removed bh option
[  238.067504][T12816] EXT4-fs: inline encryption not supported
[  238.082200][T12816] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  238.097507][T12816] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  238.106749][T12816] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.3160: lblock 2 mapped to illegal pblock 2 (length 1)
[  238.106860][   T12] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.122770][T12816] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.3160: lblock 0 mapped to illegal pblock 48 (length 1)
[  238.145436][T12816] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.3160: Failed to acquire dquot type 0
[  238.164491][T12816] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  238.174449][T12816] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.3160: mark_inode_dirty error
[  238.186689][T12801] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.188311][T12816] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  238.193938][T12801] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.204132][T12816] EXT4-fs (loop0): 1 orphan inode deleted
[  238.217512][T12816] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.230149][ T7030] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:14: lblock 1 mapped to illegal pblock 1 (length 1)
[  238.230398][T12801] bridge_slave_0: entered allmulticast mode
[  238.256893][ T7030] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:14: Failed to release dquot type 0
[  238.262207][T12801] bridge_slave_0: entered promiscuous mode
[  238.280634][T12801] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.287945][T12801] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.295511][T12801] bridge_slave_1: entered allmulticast mode
[  238.301778][T12816] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  238.322354][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.332014][T12801] bridge_slave_1: entered promiscuous mode
[  238.350718][   T12] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.395640][T12832] loop0: detected capacity change from 0 to 512
[  238.405626][T12830] loop6: detected capacity change from 0 to 128
[  238.408954][T12834] hub 6-0:1.0: USB hub found
[  238.413106][T12801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  238.419108][T12834] hub 6-0:1.0: 8 ports detected
[  238.431092][T12832] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  238.445105][   T12] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.456001][T12832] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.3164: bad orphan inode 16
[  238.467834][T12801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.480128][T12832] ext4_test_bit(bit=15, block=4) = 0
[  238.485622][T12832] EXT4-fs (loop0): 1 orphan inode deleted
[  238.498949][T12832] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.523058][T12801] team0: Port device team_slave_0 added
[  238.533901][T12801] team0: Port device team_slave_1 added
[  238.551353][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.575953][T12801] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.583200][T12801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.609287][T12801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.621322][T12801] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.628347][T12801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.654342][T12801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.703666][T12801] hsr_slave_0: entered promiscuous mode
[  238.710124][T12801] hsr_slave_1: entered promiscuous mode
[  238.819350][T12848] loop0: detected capacity change from 0 to 128
[  238.934272][   T12] tipc: Disabling bearer <udp:ree>
[  238.939541][   T12] tipc: Left network mode
[  238.952491][   T12] hsr_slave_0: left promiscuous mode
[  238.958975][   T12] hsr_slave_1: left promiscuous mode
[  238.966188][   T12] veth1_macvtap: left promiscuous mode
[  238.973983][   T12] veth0_macvtap: left promiscuous mode
[  238.979790][   T12] veth1_vlan: left promiscuous mode
[  238.985303][   T12] veth0_vlan: left promiscuous mode
[  239.286383][T12801] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  239.295347][T12801] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  239.304367][T12801] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  239.313989][T12801] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  239.355739][T12801] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.367965][T12801] 8021q: adding VLAN 0 to HW filter on device team0
[  239.382654][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.389790][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  239.399786][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.406944][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  239.425349][T12867] __nla_validate_parse: 7 callbacks suppressed
[  239.425365][T12867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3174'.
[  239.519179][T12870] hub 6-0:1.0: USB hub found
[  239.524518][T12870] hub 6-0:1.0: 8 ports detected
[  239.524931][T12877] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.563802][T12801] 8021q: adding VLAN 0 to HW filter on device batadv0
[  239.581037][T12881] loop6: detected capacity change from 0 to 128
[  239.612393][T12884] loop0: detected capacity change from 0 to 128
[  239.622771][T12877] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.632715][T12881] syz.6.3179: attempt to access beyond end of device
[  239.632715][T12881] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  239.670985][ T7019] kworker/u8:11: attempt to access beyond end of device
[  239.670985][ T7019] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  239.694097][T12877] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.720193][T12890] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3180'.
[  239.730845][T12890] netlink: 'syz.6.3180': attribute type 12 has an invalid length.
[  239.742576][T12877] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.777934][T12898] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3190'.
[  239.788189][T12898] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3190'.
[  239.809173][T12897] hub 6-0:1.0: USB hub found
[  239.818289][T12897] hub 6-0:1.0: 8 ports detected
[  239.823016][T12877] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  239.855609][T12877] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  239.867712][T12801] veth0_vlan: entered promiscuous mode
[  239.877546][T12877] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  239.890003][T12877] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  239.899808][T12801] veth1_vlan: entered promiscuous mode
[  239.922112][T12801] veth0_macvtap: entered promiscuous mode
[  239.935701][T12801] veth1_macvtap: entered promiscuous mode
[  239.952612][T12801] batman_adv: batadv0: Interface activated: batadv_slave_0
[  239.972428][T12801] batman_adv: batadv0: Interface activated: batadv_slave_1
[  239.982925][T12801] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  239.991831][T12801] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  240.000650][T12801] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  240.009445][T12801] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  240.059330][T12911] loop5: detected capacity change from 0 to 128
[  240.083101][T12911] syz.5.3155: attempt to access beyond end of device
[  240.083101][T12911] loop5: rw=0, sector=121, nr_sectors = 120 limit=128
[  240.110273][ T7019] kworker/u8:11: attempt to access beyond end of device
[  240.110273][ T7019] loop5: rw=1, sector=241, nr_sectors = 800 limit=128
[  240.124999][T12913] loop0: detected capacity change from 0 to 1024
[  240.141271][T12915] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3186'.
[  240.153466][T12913] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  240.187084][T11761] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.225289][T12926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3191'.
[  240.228648][T12928] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3192'.
[  240.244702][T12926] netlink: 'syz.4.3191': attribute type 12 has an invalid length.
[  240.247293][T12928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3192'.
[  240.344100][T12934] loop4: detected capacity change from 0 to 1024
[  240.350927][T12934] EXT4-fs: Ignoring removed bh option
[  240.358026][T12934] EXT4-fs: inline encryption not supported
[  240.360759][T12936] FAULT_INJECTION: forcing a failure.
[  240.360759][T12936] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  240.364627][T12934] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  240.377318][T12936] CPU: 1 UID: 0 PID: 12936 Comm: +}[@ Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  240.377360][T12936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  240.377380][T12936] Call Trace:
[  240.377389][T12936]  <TASK>
[  240.377402][T12936]  __dump_stack+0x1d/0x30
[  240.377432][T12936]  dump_stack_lvl+0xe8/0x140
[  240.377514][T12936]  dump_stack+0x15/0x1b
[  240.377537][T12936]  should_fail_ex+0x265/0x280
[  240.377635][T12936]  should_fail+0xb/0x20
[  240.377665][T12936]  should_fail_usercopy+0x1a/0x20
[  240.377702][T12936]  _copy_from_iter+0xcf/0xe40
[  240.377784][T12936]  ? __build_skb_around+0x1a0/0x200
[  240.377825][T12936]  ? __alloc_skb+0x223/0x320
[  240.377854][T12936]  netlink_sendmsg+0x471/0x6b0
[  240.377889][T12936]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.377933][T12936]  __sock_sendmsg+0x142/0x180
[  240.378001][T12936]  sock_write_iter+0x165/0x1b0
[  240.378098][T12936]  do_iter_readv_writev+0x41e/0x4c0
[  240.378222][T12936]  vfs_writev+0x2df/0x8b0
[  240.378373][T12936]  do_writev+0xe7/0x210
[  240.378408][T12936]  __x64_sys_writev+0x45/0x50
[  240.378505][T12936]  x64_sys_call+0x1e9a/0x2ff0
[  240.378537][T12936]  do_syscall_64+0xd2/0x200
[  240.378574][T12936]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  240.378681][T12936]  ? clear_bhb_loop+0x40/0x90
[  240.378711][T12936]  ? clear_bhb_loop+0x40/0x90
[  240.378744][T12936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.378776][T12936] RIP: 0033:0x7f042ba3e9a9
[  240.378799][T12936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.378828][T12936] RSP: 002b:00007f042a09f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  240.378975][T12936] RAX: ffffffffffffffda RBX: 00007f042bc65fa0 RCX: 00007f042ba3e9a9
[  240.378993][T12936] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000004
[  240.379012][T12936] RBP: 00007f042a09f090 R08: 0000000000000000 R09: 0000000000000000
[  240.379030][T12936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.379048][T12936] R13: 0000000000000000 R14: 00007f042bc65fa0 R15: 00007ffd8a73f128
[  240.379203][T12936]  </TASK>
[  240.604979][T12934] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  240.613884][T12934] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.3194: lblock 2 mapped to illegal pblock 2 (length 1)
[  240.628121][T12934] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.3194: lblock 0 mapped to illegal pblock 48 (length 1)
[  240.643161][T12934] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3194: Failed to acquire dquot type 0
[  240.655669][T12934] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6250: Corrupt filesystem
[  240.667823][T12934] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.3194: mark_inode_dirty error
[  240.676165][T12944] loop6: detected capacity change from 0 to 128
[  240.679263][T12934] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[  240.695899][T12934] EXT4-fs (loop4): 1 orphan inode deleted
[  240.702285][T12934] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.708961][T12944] syz.6.3198: attempt to access beyond end of device
[  240.708961][T12944] loop6: rw=0, sector=121, nr_sectors = 120 limit=128
[  240.715412][ T7035] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:15: lblock 1 mapped to illegal pblock 1 (length 1)
[  240.744164][ T7035] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:15: Failed to release dquot type 0
[  240.761106][ T7030] kworker/u8:14: attempt to access beyond end of device
[  240.761106][ T7030] loop6: rw=1, sector=241, nr_sectors = 800 limit=128
[  240.783972][T12942] hub 6-0:1.0: USB hub found
[  240.789266][T12934] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  240.799767][T12942] hub 6-0:1.0: 8 ports detected
[  240.837598][T12385] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.843395][T12946] syzkaller1: entered promiscuous mode
[  240.852302][T12946] syzkaller1: entered allmulticast mode
[  240.955529][T12962] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3205'.
[  240.989283][ T7030] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.020112][T12962] netlink: 'syz.0.3205': attribute type 12 has an invalid length.
[  241.036647][ T7030] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.115056][ T7030] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.736324][T12987] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3211'.
[  241.761742][T12981] ==================================================================
[  241.769978][T12981] BUG: KCSAN: data-race in __bpf_get_stackid / bcmp
[  241.776605][T12981] 
[  241.778939][T12981] write to 0xffff88811ccfa190 of 216 bytes by interrupt on cpu 1:
[  241.786755][T12981]  __bpf_get_stackid+0x761/0x800
[  241.791762][T12981]  bpf_get_stackid+0xee/0x120
[  241.796487][T12981]  bpf_get_stackid_raw_tp+0xf6/0x120
[  241.801891][T12981]  bpf_prog_e6fc920cfeff8120+0x2a/0x32
[  241.807366][T12981]  bpf_trace_run2+0x107/0x1c0
[  241.812066][T12981]  __traceiter_kfree+0x2e/0x50
[  241.816888][T12981]  kfree+0x27b/0x320
[  241.820847][T12981]  shmem_free_in_core_inode+0x50/0x80
[  241.826273][T12981]  i_callback+0x36/0x70
[  241.830475][T12981]  rcu_core+0x5a2/0xc00
[  241.834669][T12981]  rcu_core_si+0xd/0x20
[  241.838845][T12981]  handle_softirqs+0xb7/0x290
[  241.843549][T12981]  __irq_exit_rcu+0x3a/0xc0
[  241.848073][T12981]  sysvec_apic_timer_interrupt+0x74/0x80
[  241.853816][T12981]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  241.859840][T12981]  finish_task_switch+0xb6/0x2b0
[  241.864801][T12981]  __schedule+0x6a8/0xb30
[  241.869166][T12981]  schedule+0x5f/0xd0
[  241.873180][T12981]  schedule_timeout+0x53/0x170
[  241.877971][T12981]  unix_wait_for_peer+0x113/0x170
[  241.883013][T12981]  unix_dgram_sendmsg+0x8aa/0xfc0
[  241.888053][T12981]  __sock_sendmsg+0x142/0x180
[  241.892762][T12981]  ____sys_sendmsg+0x345/0x4e0
[  241.897554][T12981]  ___sys_sendmsg+0x17b/0x1d0
[  241.902257][T12981]  __sys_sendmmsg+0x178/0x300
[  241.906983][T12981]  __x64_sys_sendmmsg+0x57/0x70
[  241.911858][T12981]  x64_sys_call+0x1c4a/0x2ff0
[  241.916560][T12981]  do_syscall_64+0xd2/0x200
[  241.921090][T12981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.927002][T12981] 
[  241.929360][T12981] read to 0xffff88811ccfa1e0 of 8 bytes by task 12981 on cpu 0:
[  241.937006][T12981]  bcmp+0x23/0x90
[  241.940670][T12981]  __bpf_get_stackid+0x371/0x800
[  241.945633][T12981]  bpf_get_stackid+0xee/0x120
[  241.950331][T12981]  bpf_get_stackid_raw_tp+0xf6/0x120
[  241.955643][T12981]  bpf_prog_e6fc920cfeff8120+0x2a/0x32
[  241.961117][T12981]  bpf_trace_run2+0x107/0x1c0
[  241.965820][T12981]  __traceiter_kfree+0x2e/0x50
[  241.970617][T12981]  kfree+0x27b/0x320
[  241.974534][T12981]  ___sys_recvmsg+0x135/0x370
[  241.979237][T12981]  do_recvmmsg+0x1ef/0x540
[  241.983760][T12981]  __x64_sys_recvmmsg+0xe5/0x170
[  241.988757][T12981]  x64_sys_call+0x27a6/0x2ff0
[  241.993469][T12981]  do_syscall_64+0xd2/0x200
[  241.998085][T12981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.003996][T12981] 
[  242.006331][T12981] value changed: 0xffffffff81000130 -> 0xffffffff8139e42a
[  242.013463][T12981] 
[  242.015824][T12981] Reported by Kernel Concurrency Sanitizer on:
[  242.021994][T12981] CPU: 0 UID: 0 PID: 12981 Comm: syz.6.3210 Not tainted 6.16.0-syzkaller-03556-g0919a5b3b11c #0 PREEMPT(voluntary) 
[  242.034167][T12981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  242.044328][T12981] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  242.622073][ T7030] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.856213][ T7030] team0: Port device geneve1 removed
[  242.993957][ T7030] bond0 (unregistering): Released all slaves
[  243.002890][ T7030] bond1 (unregistering): Released all slaves
[  243.054215][ T7030] tipc: Left network mode
[  243.061015][ T7030] hsr_slave_0: left promiscuous mode
[  243.066833][ T7030] hsr_slave_1: left promiscuous mode
[  243.405869][ T7030] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.464268][ T7030] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.544381][ T7030] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.594567][ T7030] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.676001][ T7030] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.734071][ T7030] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.814290][ T7030] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.874072][ T7030] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  244.114577][ T7030] bridge_slave_1: left allmulticast mode
[  244.120243][ T7030] bridge_slave_1: left promiscuous mode
[  244.126223][ T7030] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.133897][ T7030] bridge_slave_0: left allmulticast mode
[  244.139554][ T7030] bridge_slave_0: left promiscuous mode
[  244.145227][ T7030] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.153540][ T7030] bridge_slave_1: left allmulticast mode
[  244.159193][ T7030] bridge_slave_1: left promiscuous mode
[  244.164936][ T7030] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.172754][ T7030] bridge_slave_0: left allmulticast mode
[  244.178401][ T7030] bridge_slave_0: left promiscuous mode
[  244.184085][ T7030] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.284017][ T7030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  244.294074][ T7030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  244.303615][ T7030] bond0 (unregistering): Released all slaves
[  244.384158][ T7030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  244.393786][ T7030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  244.403433][ T7030] bond0 (unregistering): Released all slaves
[  244.472999][ T7030] bond0 (unregistering): Released all slaves
[  244.553827][ T7030] bond0 (unregistering): Released all slaves
[  244.561962][ T7030] bond1 (unregistering): Released all slaves
[  244.570530][ T7030] bond2 (unregistering): (slave batadv1): Releasing active interface
[  244.579886][ T7030] bond2 (unregistering): Released all slaves
[  244.636696][ T7030] tipc: Left network mode
[  244.641825][ T7030] tipc: Left network mode
[  244.650649][ T7030] hsr_slave_0: left promiscuous mode
[  244.656436][ T7030] hsr_slave_1: left promiscuous mode
[  244.662210][ T7030] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.669713][ T7030] batman_adv: batadv0: Removing interface: batadv_slave_0
[  244.677691][ T7030] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  244.685214][ T7030] batman_adv: batadv0: Removing interface: batadv_slave_1
[  244.694360][ T7030] hsr_slave_0: left promiscuous mode
[  244.700037][ T7030] hsr_slave_1: left promiscuous mode
[  244.705678][ T7030] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.713174][ T7030] batman_adv: batadv0: Removing interface: batadv_slave_0
[  244.720679][ T7030] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  244.728157][ T7030] batman_adv: batadv0: Removing interface: batadv_slave_1
[  244.737755][ T7030] hsr_slave_0: left promiscuous mode
[  244.743422][ T7030] hsr_slave_1: left promiscuous mode
[  244.755596][ T7030] veth1_macvtap: left promiscuous mode
[  244.761092][ T7030] veth0_macvtap: left promiscuous mode
[  244.766682][ T7030] veth1_vlan: left promiscuous mode
[  244.772050][ T7030] veth0_vlan: left promiscuous mode
[  244.777838][ T7030] veth1_macvtap: left promiscuous mode
[  244.783352][ T7030] veth0_macvtap: left promiscuous mode
[  244.788942][ T7030] veth1_vlan: left promiscuous mode
[  244.794455][ T7030] veth0_vlan: left promiscuous mode
[  244.891119][ T7030] team0 (unregistering): Port device team_slave_1 removed
[  244.901836][ T7030] team0 (unregistering): Port device team_slave_0 removed
[  244.955833][ T7030] team0 (unregistering): Port device team_slave_1 removed
[  244.965404][ T7030] team0 (unregistering): Port device team_slave_0 removed
[  245.001880][ T7030] pimreg (unregistering): left allmulticast mode
[  245.835005][ T7030] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.903891][ T7030] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.954116][ T7030] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.023771][ T7030] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.104311][ T7030] bridge_slave_1: left allmulticast mode
[  246.110061][ T7030] bridge_slave_1: left promiscuous mode
[  246.115774][ T7030] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.123642][ T7030] bridge_slave_0: left allmulticast mode
[  246.129290][ T7030] bridge_slave_0: left promiscuous mode
[  246.135011][ T7030] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.203801][ T7030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  246.213590][ T7030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.223133][ T7030] bond0 (unregistering): Released all slaves
[  246.274902][ T7030] hsr_slave_0: left promiscuous mode
[  246.280547][ T7030] hsr_slave_1: left promiscuous mode
[  246.286284][ T7030] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.293794][ T7030] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.301289][ T7030] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.308810][ T7030] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.318582][ T7030] veth1_macvtap: left promiscuous mode
[  246.324129][ T7030] veth0_macvtap: left promiscuous mode
[  246.329669][ T7030] veth1_vlan: left promiscuous mode
[  246.335126][ T7030] veth0_vlan: left promiscuous mode
[  246.396420][ T7030] team0 (unregistering): Port device team_slave_1 removed
[  246.407744][ T7030] team0 (unregistering): Port device team_slave_0 removed