last executing test programs:

4m10.454127539s ago: executing program 1 (id=2610):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)

4m8.925422343s ago: executing program 1 (id=2614):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sysinfo(0x0)

4m8.874317937s ago: executing program 1 (id=2616):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
unshare(0x62040200)

4m7.956808581s ago: executing program 1 (id=2623):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@orlov}, {@noauto_da_alloc}, {@inlinecrypt}, {@dioread_lock}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0300", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
io_setup(0x7, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x0, &(0x7f0000000040)}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&'], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0xa, 0x200, 0x7, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r4, &(0x7f0000000a40)='&', &(0x7f0000000040)=""/98}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000), &(0x7f0000000040)=""/76}, 0x20)
io_submit(0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1818e58, &(0x7f0000000040), 0x22, 0x65f, &(0x7f0000002980)="$eJzs3c9rXFsdAPDvvZOkSZo2qYjYoBhw0YI0TWqx6sa2LuyiYMEuRFw0NEkNnf6gScHWggm4UFAQcVukG/8B99K9OxHU3Vs/6Hs8+niF90rncWfuNJPJ/MqPmUkynw8kc+655+ac79w5uefemTM3gIE1k/1KI05HvLuVREzWrJuIysqZvNzrT57dzn6SKJV+9nESSZ5XLZ/kj8fzhdGI+PfViK8Utte7+uTp3YViqeK3EefX7j08v/rk6bmVewt3lu4s3Z+/8P2Ll+Z+MH9xvqahu3c8f7x2/aff+NPvfvW95f8UzyVxOW4O/2Yx6uLYLzMxE+/yEGvzhyLiUpZo8LwcNoUmaQ6HQv56HI6Ir8VkFMpLFZOx8se+Ng7oqlIhotRa0q4AcFjp3jCoquOA6rl9Z+fBN7s8KumdV1cqJ0Db4x/KLzmMls+Nxl8nNWdGlWsbU/tQf1bH22ejz98+m34eW65DvHm/d4b2oZ5m1jci4uuN4k/KbZsqR5rFn245v08jYi4iRvL2/XgPbUhq0t24DtPKTuKv3Q9Z/Jfzxyz/6i7rr7+s1ev4ARhML6/kB/L1bGnz+JeNParjn2gw/pnY+1syZf0+/jUf/1WP96PlcU9aNw7Lxiw3Gv/J4fqMD/5w7S/N6q+M/6az8d9o9pjVXx0L9sKrjYjpuvh/nwWbj3+y+JMG+z8rcutyZ3X85L8fXWu2rib+5/2Iv/Qi4kzD85/NUWmWavH+5PnlleLSXOV3wzr++a9f/r1Z/Y3jP9aFSBvL9v94k/hr9n9av132nDxs/Cc36jP+cePFvWb1T7Td/+mHI0nlfHMkz/n1xtrao/mIkeR6XiTPX1hbe3ShdbyVMm9K5cf5Svxnv924/295/ddFNVb9l9mBhz+/+7rZut28/mveTH5X6rANzWTxL7bf/9v6f5b35w7r+OwXj7/ZbF2r+Mf2EhgAAAAAAAAMoLT8HmySzr5Pp+nsbGW+7FdjPC0+WF37zvKDx/cXI86WPw85nEaalD8yMllZTpZXikvz+edhq8sX6pa/GxGnIuKvhbHy8uztB8XFfgcPAAAAAAAAAAAAAAAAAAAAB8TxfP5/9T7VnxYq8/+BAfH+i/233eah7QrgkOvmDSaBg63c/1sd4k/2ri1Abzn+w+DaQf/v3Z0pgZ5w/IfBpf/D4Nph/z/RrXYAvef4D4NL/4fBpf8DAAAAwJF06lsv/59ExPoPx8o/mZF8nUm/cLQNtyswUrtQ6GpbgN7abY8e2ed2AL3X/qt/gKOq7fg/83n+5YDdbw7QB0mjzPLgoNS6879suOWmjb23DQAAAAAAAAAAAACoOHO6+fz/juYGAIeWaX8wuHY4/z/d/abAQeOr/2FwOccH2szij9FmK9rN/wcAAAAAAAAAAAAA9s1E+SdJZ/PJfRORprOzESciYiqGk+WV4tJcRJyMiP8Vho9ly/P9bjQAAAAAAAAAAAAAAAAAAAAcMatPnt5dKBaXHtUmvtiWc7QT1bugti9c6qBMy8SPYodbRdL7p2UsIvq+U7qWGKrJSSLWsz3f0eYx1e2nJQ7C85Mn+vyPCQAAAAAAAAAAAAAAAAAABlDN3OPGpv/W4xYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQO9t3v+/TWJxvLJBR4W3JvodIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwOH0ZAAD//6w3Oic=")
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xc002, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
recvmsg$can_j1939(r5, &(0x7f0000000240)={&(0x7f0000000080)=@qipcrtr, 0x80, &(0x7f0000000800)=[{&(0x7f00000001c0)=""/119, 0x77}, {&(0x7f00000002c0)=""/196, 0xc4}, {&(0x7f00000004c0)=""/196, 0xc4}, {&(0x7f00000005c0)=""/186, 0xba}, {&(0x7f0000001b80)=""/4096, 0x1000}, {&(0x7f0000000780)=""/72, 0x48}], 0x6, &(0x7f0000000100)=""/62, 0x3e}, 0x40)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r6, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x6b2, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8, 0x10000000000]})

4m7.071580213s ago: executing program 1 (id=2629):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@orlov}, {@noauto_da_alloc}, {@inlinecrypt}, {@dioread_lock}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0300", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
io_setup(0x7, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x0, &(0x7f0000000040)}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&'], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0xa, 0x200, 0x7, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r4, &(0x7f0000000a40)='&', &(0x7f0000000040)=""/98}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000), &(0x7f0000000040)=""/76}, 0x20)
io_submit(0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1818e58, &(0x7f0000000040), 0x22, 0x65f, &(0x7f0000002980)="$eJzs3c9rXFsdAPDvvZOkSZo2qYjYoBhw0YI0TWqx6sa2LuyiYMEuRFw0NEkNnf6gScHWggm4UFAQcVukG/8B99K9OxHU3Vs/6Hs8+niF90rncWfuNJPJ/MqPmUkynw8kc+655+ac79w5uefemTM3gIE1k/1KI05HvLuVREzWrJuIysqZvNzrT57dzn6SKJV+9nESSZ5XLZ/kj8fzhdGI+PfViK8Utte7+uTp3YViqeK3EefX7j08v/rk6bmVewt3lu4s3Z+/8P2Ll+Z+MH9xvqahu3c8f7x2/aff+NPvfvW95f8UzyVxOW4O/2Yx6uLYLzMxE+/yEGvzhyLiUpZo8LwcNoUmaQ6HQv56HI6Ir8VkFMpLFZOx8se+Ng7oqlIhotRa0q4AcFjp3jCoquOA6rl9Z+fBN7s8KumdV1cqJ0Db4x/KLzmMls+Nxl8nNWdGlWsbU/tQf1bH22ejz98+m34eW65DvHm/d4b2oZ5m1jci4uuN4k/KbZsqR5rFn245v08jYi4iRvL2/XgPbUhq0t24DtPKTuKv3Q9Z/Jfzxyz/6i7rr7+s1ev4ARhML6/kB/L1bGnz+JeNParjn2gw/pnY+1syZf0+/jUf/1WP96PlcU9aNw7Lxiw3Gv/J4fqMD/5w7S/N6q+M/6az8d9o9pjVXx0L9sKrjYjpuvh/nwWbj3+y+JMG+z8rcutyZ3X85L8fXWu2rib+5/2Iv/Qi4kzD85/NUWmWavH+5PnlleLSXOV3wzr++a9f/r1Z/Y3jP9aFSBvL9v94k/hr9n9av132nDxs/Cc36jP+cePFvWb1T7Td/+mHI0nlfHMkz/n1xtrao/mIkeR6XiTPX1hbe3ShdbyVMm9K5cf5Svxnv924/295/ddFNVb9l9mBhz+/+7rZut28/mveTH5X6rANzWTxL7bf/9v6f5b35w7r+OwXj7/ZbF2r+Mf2EhgAAAAAAAAMoLT8HmySzr5Pp+nsbGW+7FdjPC0+WF37zvKDx/cXI86WPw85nEaalD8yMllZTpZXikvz+edhq8sX6pa/GxGnIuKvhbHy8uztB8XFfgcPAAAAAAAAAAAAAAAAAAAAB8TxfP5/9T7VnxYq8/+BAfH+i/233eah7QrgkOvmDSaBg63c/1sd4k/2ri1Abzn+w+DaQf/v3Z0pgZ5w/IfBpf/D4Nph/z/RrXYAvef4D4NL/4fBpf8DAAAAwJF06lsv/59ExPoPx8o/mZF8nUm/cLQNtyswUrtQ6GpbgN7abY8e2ed2AL3X/qt/gKOq7fg/83n+5YDdbw7QB0mjzPLgoNS6879suOWmjb23DQAAAAAAAAAAAACoOHO6+fz/juYGAIeWaX8wuHY4/z/d/abAQeOr/2FwOccH2szij9FmK9rN/wcAAAAAAAAAAAAA9s1E+SdJZ/PJfRORprOzESciYiqGk+WV4tJcRJyMiP8Vho9ly/P9bjQAAAAAAAAAAAAAAAAAAAAcMatPnt5dKBaXHtUmvtiWc7QT1bugti9c6qBMy8SPYodbRdL7p2UsIvq+U7qWGKrJSSLWsz3f0eYx1e2nJQ7C85Mn+vyPCQAAAAAAAAAAAAAAAAAABlDN3OPGpv/W4xYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQO9t3v+/TWJxvLJBR4W3JvodIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwOH0ZAAD//6w3Oic=")
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xc002, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
recvmsg$can_j1939(r5, &(0x7f0000000240)={&(0x7f0000000080)=@qipcrtr, 0x80, &(0x7f0000000800)=[{&(0x7f00000001c0)=""/119, 0x77}, {&(0x7f00000002c0)=""/196, 0xc4}, {&(0x7f00000004c0)=""/196, 0xc4}, {&(0x7f00000005c0)=""/186, 0xba}, {&(0x7f0000001b80)=""/4096, 0x1000}, {&(0x7f0000000780)=""/72, 0x48}], 0x6, &(0x7f0000000100)=""/62, 0x3e}, 0x40)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r6, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x6b2, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8, 0x10000000000]})

4m6.696905223s ago: executing program 1 (id=2631):
r0 = socket$packet(0x11, 0xa, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b'], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
ppoll(&(0x7f00000001c0)=[{r2, 0x2000}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@deltaction={0x54, 0x31, 0x300, 0x70bd29, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}]}, 0x54}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="e0b7b6dd13ef0c548e9eab4cdf632196e30db0fc058454afc663941ef099908addd791c1a941c6f909282436e7865bcc6eb201da995f60340286419130446ac364cd15ed2d54396605a1eefafd0aa41b789195f3e319aa76ebd5d10d03cb4f0381aecb5a93296c96ca317e48e09ac8a34971ca4b286f6a35eef8d629cf448e8457b041463339fa018e9d0f294995087695fb9e4399"], &(0x7f00000002c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x7fff}, 0x18)
close_range(r3, 0xffffffffffffffff, 0x200000000000000)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5ebe, 0xa00000}}, './file0\x00'})
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8000001f)
r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r8, 0x402, 0x8000003d)
close_range(r7, r8, 0x0)

4m6.696466594s ago: executing program 32 (id=2631):
r0 = socket$packet(0x11, 0xa, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b'], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
ppoll(&(0x7f00000001c0)=[{r2, 0x2000}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@deltaction={0x54, 0x31, 0x300, 0x70bd29, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}]}, 0x54}}, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="e0b7b6dd13ef0c548e9eab4cdf632196e30db0fc058454afc663941ef099908addd791c1a941c6f909282436e7865bcc6eb201da995f60340286419130446ac364cd15ed2d54396605a1eefafd0aa41b789195f3e319aa76ebd5d10d03cb4f0381aecb5a93296c96ca317e48e09ac8a34971ca4b286f6a35eef8d629cf448e8457b041463339fa018e9d0f294995087695fb9e4399"], &(0x7f00000002c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0x7fff}, 0x18)
close_range(r3, 0xffffffffffffffff, 0x200000000000000)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5ebe, 0xa00000}}, './file0\x00'})
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8000001f)
r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r8, 0x402, 0x8000003d)
close_range(r7, r8, 0x0)

4m3.850500444s ago: executing program 0 (id=2644):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
read(r0, 0x0, 0x0)
r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000140)=ANY=[], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1fc, 0x0)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000380)={'syztnl1\x00', <r5=>0x0, 0x2f, 0xf, 0x5, 0x4, 0x48, @local, @mcast1, 0x8000, 0x8, 0x57, 0x8fa}})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYRESHEX=r4, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x803, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c00018006000180"], 0x38}}, 0x0)
socket(0x400000000010, 0x3, 0x0)
r8 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="02030003200000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000400030c0000000005000500000000000a0000000000000000000000000000000000000000000001070000000000000010000800c003000067328c217950d4ed0ce9fd283e7a39cddf91db11b8d33fe41b6225fa8075fb71275ea059e57dbe5ddb41c0ece4532edb885207438d8c8ccd0b4736f5a7f78c02c158f5c563524df4f34de949509868d522a81cd34a99546e74c7f8725419f8e1f7ff115bd0f7914e267c1fc4f70fee6200286b016552268c"], 0x100}, 0x1, 0x7}, 0x14)
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/197, 0xc5}], 0x24a, 0x0, 0xa)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000300))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000c80)={0x8, <r11=>0x0}, 0x8)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xa, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="c56bea0f180000000000000002200000000000004eb649d1433e62396e18110000", @ANYRES32=r8, @ANYRESHEX=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1c, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000480)='kmem_cache_free\x00', r12}, 0x18)
r13 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r13, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r13, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x3, 0x2}})

4m3.631275202s ago: executing program 0 (id=2647):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
unshare(0x62040200)

4m2.739523314s ago: executing program 0 (id=2654):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0, 0x1}, 0x4, 0x800000000000c8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x1}, 0x0, 0xfffffbffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000fffe800000"], 0xfdef)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0xffffffffffffffae}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xfdef)

4m2.725299265s ago: executing program 0 (id=2655):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@orlov}, {@noauto_da_alloc}, {@inlinecrypt}, {@dioread_lock}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0300", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, 0x0, 0x0)
io_setup(0x7, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x0, &(0x7f0000000040)}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&'], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0xa, 0x200, 0x7, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r4, &(0x7f0000000a40)='&', &(0x7f0000000040)=""/98}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r4, &(0x7f0000000000), &(0x7f0000000040)=""/76}, 0x20)
io_submit(0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1818e58, &(0x7f0000000040), 0x22, 0x65f, &(0x7f0000002980)="$eJzs3c9rXFsdAPDvvZOkSZo2qYjYoBhw0YI0TWqx6sa2LuyiYMEuRFw0NEkNnf6gScHWggm4UFAQcVukG/8B99K9OxHU3Vs/6Hs8+niF90rncWfuNJPJ/MqPmUkynw8kc+655+ac79w5uefemTM3gIE1k/1KI05HvLuVREzWrJuIysqZvNzrT57dzn6SKJV+9nESSZ5XLZ/kj8fzhdGI+PfViK8Utte7+uTp3YViqeK3EefX7j08v/rk6bmVewt3lu4s3Z+/8P2Ll+Z+MH9xvqahu3c8f7x2/aff+NPvfvW95f8UzyVxOW4O/2Yx6uLYLzMxE+/yEGvzhyLiUpZo8LwcNoUmaQ6HQv56HI6Ir8VkFMpLFZOx8se+Ng7oqlIhotRa0q4AcFjp3jCoquOA6rl9Z+fBN7s8KumdV1cqJ0Db4x/KLzmMls+Nxl8nNWdGlWsbU/tQf1bH22ejz98+m34eW65DvHm/d4b2oZ5m1jci4uuN4k/KbZsqR5rFn245v08jYi4iRvL2/XgPbUhq0t24DtPKTuKv3Q9Z/Jfzxyz/6i7rr7+s1ev4ARhML6/kB/L1bGnz+JeNParjn2gw/pnY+1syZf0+/jUf/1WP96PlcU9aNw7Lxiw3Gv/J4fqMD/5w7S/N6q+M/6az8d9o9pjVXx0L9sKrjYjpuvh/nwWbj3+y+JMG+z8rcutyZ3X85L8fXWu2rib+5/2Iv/Qi4kzD85/NUWmWavH+5PnlleLSXOV3wzr++a9f/r1Z/Y3jP9aFSBvL9v94k/hr9n9av132nDxs/Cc36jP+cePFvWb1T7Td/+mHI0nlfHMkz/n1xtrao/mIkeR6XiTPX1hbe3ShdbyVMm9K5cf5Svxnv924/295/ddFNVb9l9mBhz+/+7rZut28/mveTH5X6rANzWTxL7bf/9v6f5b35w7r+OwXj7/ZbF2r+Mf2EhgAAAAAAAAMoLT8HmySzr5Pp+nsbGW+7FdjPC0+WF37zvKDx/cXI86WPw85nEaalD8yMllZTpZXikvz+edhq8sX6pa/GxGnIuKvhbHy8uztB8XFfgcPAAAAAAAAAAAAAAAAAAAAB8TxfP5/9T7VnxYq8/+BAfH+i/233eah7QrgkOvmDSaBg63c/1sd4k/2ri1Abzn+w+DaQf/v3Z0pgZ5w/IfBpf/D4Nph/z/RrXYAvef4D4NL/4fBpf8DAAAAwJF06lsv/59ExPoPx8o/mZF8nUm/cLQNtyswUrtQ6GpbgN7abY8e2ed2AL3X/qt/gKOq7fg/83n+5YDdbw7QB0mjzPLgoNS6879suOWmjb23DQAAAAAAAAAAAACoOHO6+fz/juYGAIeWaX8wuHY4/z/d/abAQeOr/2FwOccH2szij9FmK9rN/wcAAAAAAAAAAAAA9s1E+SdJZ/PJfRORprOzESciYiqGk+WV4tJcRJyMiP8Vho9ly/P9bjQAAAAAAAAAAAAAAAAAAAAcMatPnt5dKBaXHtUmvtiWc7QT1bugti9c6qBMy8SPYodbRdL7p2UsIvq+U7qWGKrJSSLWsz3f0eYx1e2nJQ7C85Mn+vyPCQAAAAAAAAAAAAAAAAAABlDN3OPGpv/W4xYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQO9t3v+/TWJxvLJBR4W3JvodIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwOH0ZAAD//6w3Oic=")
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xc002, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
recvmsg$can_j1939(r5, &(0x7f0000000240)={&(0x7f0000000080)=@qipcrtr, 0x80, &(0x7f0000000800)=[{&(0x7f00000001c0)=""/119, 0x77}, {&(0x7f00000002c0)=""/196, 0xc4}, {&(0x7f00000004c0)=""/196, 0xc4}, {&(0x7f00000005c0)=""/186, 0xba}, {&(0x7f0000001b80)=""/4096, 0x1000}, {&(0x7f0000000780)=""/72, 0x48}], 0x6, &(0x7f0000000100)=""/62, 0x3e}, 0x40)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r6, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x6b2, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8, 0x10000000000]})

4m1.875205934s ago: executing program 0 (id=2657):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x4, 0x522, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_bp={0x0, 0x6}, 0x0, 0x10000, 0x1e, 0x2, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r0 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001580)}, 0x8000)
r1 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f000801}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4810)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7030000e2000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
getpid()
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x58, 0x5}, 0x0, 0x0, 0x0, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000010018120000", @ANYRES32=r4], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r5, 0x0, 0x40}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, 0x0, 0x0)
syz_clone(0x20000000, 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00')

4m1.421109791s ago: executing program 0 (id=2660):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)

4m1.403773903s ago: executing program 33 (id=2660):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00"/13], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x18)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)

6.376982093s ago: executing program 3 (id=4067):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
time(0x0)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0x1, 0x24044851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

6.234400885s ago: executing program 3 (id=4071):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000045"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = dup(r2)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r4 = dup(r2)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10)
write$binfmt_misc(r4, &(0x7f0000000640)="df", 0x1)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=@newtaction={0x14, 0x30, 0x1, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2000c800}, 0x2400c800)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x0, 0x1b}, 0x9c)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)

6.152714691s ago: executing program 3 (id=4074):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
read(r0, 0x0, 0x0)
r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000140)=ANY=[], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1fc, 0x0)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000380)={'syztnl1\x00', <r5=>0x0, 0x2f, 0xf, 0x5, 0x4, 0x48, @local, @mcast1, 0x8000, 0x8, 0x57, 0x8fa}})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x803, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c00018006000180"], 0x38}}, 0x0)
socket(0x400000000010, 0x3, 0x0)
r8 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="02030003200000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000400030c0000000005000500000000000a0000000000000000000000000000000000000000000001070000000000000010000800c003000067328c217950d4ed0ce9fd283e7a39cddf91db11b8d33fe41b6225fa8075fb71275ea059e57dbe5ddb41c0ece4532edb885207438d8c8ccd0b4736f5a7f78c02c158f5c563524df4f34de949509868d522a81cd34a99546e74c7f8725419f8e1f7ff115bd0f7914e267c1fc4f70fee6200286b016552268c"], 0x100}, 0x1, 0x7}, 0x14)
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/197, 0xc5}], 0x24a, 0x0, 0xa)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000300))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000c80)={0x8, <r11=>0x0}, 0x8)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xa, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="c56bea0f180000000000000002200000000000004eb649d1433e62396e18110000", @ANYRES32=r8, @ANYRESHEX=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1c, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000480)='kmem_cache_free\x00', r12}, 0x18)
r13 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r13, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r13, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x3, 0x2}})

6.013353662s ago: executing program 3 (id=4078):
r0 = socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast})
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_256={{0x303}, "1c236b0a9004a6db", "29f93aa1381248c4e94cc98734dfc1ba5291857169073f338f933a7bf68ed789", "175b838c", "679fe636a1f32af2"}, 0x38)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
close_range(r0, r1, 0x0)

5.930441919s ago: executing program 3 (id=4080):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000001000030500fffffffffffffff4000000", @ANYRES32=0x0, @ANYBLOB="15460100ef000000280012800b0001006d61637365630000180002800c0001004057000000000000050003"], 0x50}}, 0x4000000)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed6, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r3}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)

5.871072824s ago: executing program 3 (id=4081):
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@o_path={0x0, 0x0, 0x4018}, 0x18)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xfffeffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x44}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000004c0)=""/233, 0xfffffffffffffff7}], 0x15, 0x0, 0x0, 0x2000000}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000040)=0x10, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0a00e32894cfa2000002800000ff0f000007e4b3576e425ad4fe09a625f81caca22b57a7461158c9d376982b57aed154cd376d05e3c381e2b4c8b73a87b81a757124842ffb17857813f6ac9124d4e7d8ddddc63769d5ed931522a80c0869a8f02c573626f3774863c4b2c8fb2175b8a88f8fc3dfdc7ed12ec80506024142fdeece85c122e50992c5d581ac050cadfa2593965c27d8083e288f2bd127d70e55c085022c643c957eb54ffa0f36d53cb1f49929a00217f37443f0d860619a82ba0d4d2ce213fdad3a7d989a39010b16d0480c550e7363973b3204e423f909afbd0cbac0ea712ef31dd76da75f30558872665deaa721e3874b05fb175286edac754f805b1cc9316cd0d87b0ec551e4480ef7ae36c1bb00"/289], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x78, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1be6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='tcp_cong_state_set\x00', r6}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000640), 0xffffffffffffffff)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f913", 0x11}], 0x1}, 0x4000)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x4004)

3.505316185s ago: executing program 2 (id=4096):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000efffffff850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
mlock2(&(0x7f0000008000/0x4000)=nil, 0x4000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x8001, 0x5}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0a00000005000000020000000700000044"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000004c0)='kfree\x00', r2}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r4 = memfd_create(&(0x7f0000000b40)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZH\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\xea\x82\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\x0f\x8eS\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x84\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8b \x00\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)2\xe2\xd6\x81\x00b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|&k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc2Ru2Ht\re\xa1\xf6\xbd\xaa\xb0\x83}i\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf\xa4O\xb4\xed\xc8\xccH\xd1=\x81\x00\x00\x00\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xd6\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\x86C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17U\xf0\x16K\xf9&@\xb1[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5#\x7f\xa8\x1f\x14\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebk\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x850\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96\x87\xc0e\xab\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!\xec\xf7$\xc2\xbaU \x98\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\"k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xec\x01\'\t\x89(\xf9\x98B\xaf\xde*\x91\xd5k\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\xdfC\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84\x0e\xa7U\xc7}\xea.U`\x1b*\xcep\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xc9\xcfw\xf3\x02\x1b\xde\xc3\x86\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x13\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcdQ\xdf\x83\xbdjp,\xe8\xbb\xe6\xc6Db\xb8\xd6\xcd\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd4k7L\x8a\xa3Z\xf9%{\xfax\x9a\x04\'/\x90\xe6\xe2\xe9\xf1@o\x0ez\xb8\xce\xbeF\x0fkE\xf4ry\x92n\xff\xcb\xf8e\xf3j\xc5[wK\x91\xdb\xf7-r\xd3\x1bx\x9b$\x91\x03q~@\xd8R\x11\x05|\x8f\xb4\xc9\x16\x87C\xab\x96\xc4\xef\xea\xb9\r\xf5\xf3\xbe\x8a\t\xc7\x88\xc0sL;.\xcf\x1d\xc4^\xb0l\xbb\x97\xc5\xf6n\xca\x18M\xb8\x81\xff\xa9~\xf7\xa3\xa6\xd3\x15I\xecXG\x89\xa8\b\x8b\xcc\xe8\x88\xa07Z\x03\xff14\x87I\xc7\\vK<m2\x16\x03\xcd\xc1\xa8.\x7f\x16qlk\xf1\xf1y\x8c\xde\xd6|\xa1(\xf4\x12O\xca3\xf8%1\x8d\xd7\a\xfeJ\xe6\x8bc\xb3\x1bKC.\xafB\x8d\xdd\xf9\x1e\x9d\xa7\x13\x00\x14\xc7\xa1\xf3\x1e\xcb\x19\x13z`\xac\xf3\xd1x\x1b#}\xfaYR\xc5#Zoag@\x18\xfa*\xb4\xc4\x04\x03V\x87\xc5\xe7\xb5\x9bJ\x85-\x7f\xfe\xc0\xb7g\xe8\'`\x96q\x88[\xf8\xe8L\x12\x85\xf5t\x99\x0e}\xd3H\xed\xda\xf3>\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=Z\x0e\xde\x99\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14<B\x91\xc0{{\x9d@\xb3a\xad\x14\xe9\xcc|\xd7\xa1\xc6\xb9F\x04\xce]\xb9Y\xbd\xbd\f\xa4F;q\xec\x83\x9bM\x93\xa4\x9c\xdd\x93\xa0\x82E\x02d\xd4RAI\xd9O\x17\xa6P#\xa35\a\xf6\xbb\t>p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]\xd5~\xfb\xfb>\x9d\x91Kq]N\x87\x0f\x04L\xd4(\xf2G \xfdr~:\xc4\xc3\xfe\x14G\xadG~^l\xe0:(Y`\x0e\x90\xfa\x1c\xb6\f6\x92B\x92\xd3\xa9BG\xd2*AB\x1e\x01\xf0m+\x02\x87\x81aj;\xb6y.g\xeb\xc4\x0f\xd3\x85\xa5\x00\xa1\xa6iP\x0f\x02\x14\x90q\x94\xab\xb3\x0f\x01=\x06\x98\xa8\x87\xd9=\xce\xbef<\x1d\v\xba[\xd8]\x9e\xf30\xb8\xf1\b\x06M\x18w\xdc\x0e\x98?\x04G\xf9\x99\xab\xc1\xc0z\xe9Fu\x03\x9aj\xc0]\xb47\xd5\xb8]\x98y@\x8c\x8fM\x8c],\x1b\x03\xaa\'gv\xeb\xbf\xa8d\"\x94e3Q\xfci\xdf\xad\x819\xd1\xf3\xaa\xc8i\xf2\x8a\xc4CU3\x87Ns\x9f\x9f\xcd\x05\x06g\x9aRBg\x98\x10Ch\x1c\x96\xd3\xce', 0x7)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000002, 0x10012, r4, 0x0)

3.458982229s ago: executing program 2 (id=4098):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x6000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x15, 0x1c, "fee8a2ab78fcffffffffffffff2000b8785d960000000000000000000000000f00000000000100000000000000000000000000000200", "2809e897bdb2128bfc82525edd665240f45f819e01982861ac0000000000000000001100", "90be8b1c551265406c7f306003d8a0f4bd00", [0x1000000020, 0x6]}})
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000300)=ANY=[], 0x15)
r8 = dup(r7)
write$P9_RLERRORu(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r8, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])

3.313957331s ago: executing program 2 (id=4100):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
read(r0, 0x0, 0x0)
r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000140)=ANY=[], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1fc, 0x0)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000380)={'syztnl1\x00', <r5=>0x0, 0x2f, 0xf, 0x5, 0x4, 0x48, @local, @mcast1, 0x8000, 0x8, 0x57, 0x8fa}})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYRESHEX=r4, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x803, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c00018006000180"], 0x38}}, 0x0)
socket(0x400000000010, 0x3, 0x0)
r8 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="02030003200000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000400030c0000000005000500000000000a0000000000000000000000000000000000000000000001070000000000000010000800c003000067328c217950d4ed0ce9fd283e7a39cddf91db11b8d33fe41b6225fa8075fb71275ea059e57dbe5ddb41c0ece4532edb885207438d8c8ccd0b4736f5a7f78c02c158f5c563524df4f34de949509868d522a81cd34a99546e74c7f8725419f8e1f7ff115bd0f7914e267c1fc4f70fee6200286b016552268c"], 0x100}, 0x1, 0x7}, 0x14)
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/197, 0xc5}], 0x24a, 0x0, 0xa)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000300))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000c80)={0x8, <r11=>0x0}, 0x8)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xa, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="c56bea0f180000000000000002200000000000004eb649d1433e62396e18110000", @ANYRES32=r8, @ANYRESHEX=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1c, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000480)='kmem_cache_free\x00', r12}, 0x18)
r13 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r13, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r13, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x3, 0x2}})

3.244217496s ago: executing program 2 (id=4102):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000640)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337dfe5af64aaf38a0a2a", 0x71}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a", 0x54}], 0x2}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000e80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055b0e2843cb487ed4657c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d183b2958886a77e1f2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21654af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb5f20e8db56962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982d", 0x1b0}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x10008095, 0x0, 0x0)

2.369472238s ago: executing program 2 (id=4116):
r0 = socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close_range(r0, r1, 0x0)

2.368768048s ago: executing program 2 (id=4117):
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@o_path={0x0, 0x0, 0x4018}, 0x18)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xfffeffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x44}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000004c0)=""/233, 0xfffffffffffffff7}], 0x15, 0x0, 0x0, 0x2000000}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000040)=0x10, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0a00e32894cfa2000002800000ff0f000007e4b3576e425ad4fe09a625f81caca22b57a7461158c9d376982b57aed154cd376d05e3c381e2b4c8b73a87b81a757124842ffb17857813f6ac9124d4e7d8ddddc63769d5ed931522a80c0869a8f02c573626f3774863c4b2c8fb2175b8a88f8fc3dfdc7ed12ec80506024142fdeece85c122e50992c5d581ac050cadfa2593965c27d8083e288f2bd127d70e55c085022c643c957eb54ffa0f36d53cb1f49929a00217f37443f0d860619a82ba0d4d2ce213fdad3a7d989a39010b16d0480c550e7363973b3204e423f909afbd0cbac0ea712ef31dd76da75f30558872665deaa721e3874b05fb175286edac754f805b1cc9316cd0d87b0ec551e4480ef7ae36c1bb00"/289], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x78, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1be6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='tcp_cong_state_set\x00', r6}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000640), 0xffffffffffffffff)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r7, 0x6, 0x1, &(0x7f0000000080)={0x2, 0x4d}, 0xc)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f913", 0x11}], 0x1}, 0x4000)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x4004)

2.237850038s ago: executing program 4 (id=4123):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {}, {0x6}, {}, {0x0, 0x0, 0xfe}, {0xf792}, {0x3}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)

2.195514862s ago: executing program 4 (id=4124):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
time(0x0)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x75, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)

2.172112564s ago: executing program 4 (id=4125):
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)

2.134387326s ago: executing program 4 (id=4126):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")

2.032600235s ago: executing program 6 (id=4130):
r0 = memfd_create(&(0x7f0000000b40)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZH\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\xea\x82\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\x0f\x8eS\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x84\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8b \x00\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)2\xe2\xd6\x81\x00b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|&k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc2Ru2Ht\re\xa1\xf6\xbd\xaa\xb0\x83}i\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf\xa4O\xb4\xed\xc8\xccH\xd1=\x81\x00\x00\x00\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xd6\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\x86C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17U\xf0\x16K\xf9&@\xb1[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5#\x7f\xa8\x1f\x14\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebk\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x850\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96\x87\xc0e\xab\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!\xec\xf7$\xc2\xbaU \x98\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\"k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xec\x01\'\t\x89(\xf9\x98B\xaf\xde*\x91\xd5k\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\xdfC\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84\x0e\xa7U\xc7}\xea.U`\x1b*\xcep\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xc9\xcfw\xf3\x02\x1b\xde\xc3\x86\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x13\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcdQ\xdf\x83\xbdjp,\xe8\xbb\xe6\xc6Db\xb8\xd6\xcd\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd4k7L\x8a\xa3Z\xf9%{\xfax\x9a\x04\'/\x90\xe6\xe2\xe9\xf1@o\x0ez\xb8\xce\xbeF\x0fkE\xf4ry\x92n\xff\xcb\xf8e\xf3j\xc5[wK\x91\xdb\xf7-r\xd3\x1bx\x9b$\x91\x03q~@\xd8R\x11\x05|\x8f\xb4\xc9\x16\x87C\xab\x96\xc4\xef\xea\xb9\r\xf5\xf3\xbe\x8a\t\xc7\x88\xc0sL;.\xcf\x1d\xc4^\xb0l\xbb\x97\xc5\xf6n\xca\x18M\xb8\x81\xff\xa9~\xf7\xa3\xa6\xd3\x15I\xecXG\x89\xa8\b\x8b\xcc\xe8\x88\xa07Z\x03\xff14\x87I\xc7\\vK<m2\x16\x03\xcd\xc1\xa8.\x7f\x16qlk\xf1\xf1y\x8c\xde\xd6|\xa1(\xf4\x12O\xca3\xf8%1\x8d\xd7\a\xfeJ\xe6\x8bc\xb3\x1bKC.\xafB\x8d\xdd\xf9\x1e\x9d\xa7\x13\x00\x14\xc7\xa1\xf3\x1e\xcb\x19\x13z`\xac\xf3\xd1x\x1b#}\xfaYR\xc5#Zoag@\x18\xfa*\xb4\xc4\x04\x03V\x87\xc5\xe7\xb5\x9bJ\x85-\x7f\xfe\xc0\xb7g\xe8\'`\x96q\x88[\xf8\xe8L\x12\x85\xf5t\x99\x0e}\xd3H\xed\xda\xf3>\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=Z\x0e\xde\x99\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14<B\x91\xc0{{\x9d@\xb3a\xad\x14\xe9\xcc|\xd7\xa1\xc6\xb9F\x04\xce]\xb9Y\xbd\xbd\f\xa4F;q\xec\x83\x9bM\x93\xa4\x9c\xdd\x93\xa0\x82E\x02d\xd4RAI\xd9O\x17\xa6P#\xa35\a\xf6\xbb\t>p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]\xd5~\xfb\xfb>\x9d\x91Kq]N\x87\x0f\x04L\xd4(\xf2G \xfdr~:\xc4\xc3\xfe\x14G\xadG~^l\xe0:(Y`\x0e\x90\xfa\x1c\xb6\f6\x92B\x92\xd3\xa9BG\xd2*AB\x1e\x01\xf0m+\x02\x87\x81aj;\xb6y.g\xeb\xc4\x0f\xd3\x85\xa5\x00\xa1\xa6iP\x0f\x02\x14\x90q\x94\xab\xb3\x0f\x01=\x06\x98\xa8\x87\xd9=\xce\xbef<\x1d\v\xba[\xd8]\x9e\xf30\xb8\xf1\b\x06M\x18w\xdc\x0e\x98?\x04G\xf9\x99\xab\xc1\xc0z\xe9Fu\x03\x9aj\xc0]\xb47\xd5\xb8]\x98y@\x8c\x8fM\x8c],\x1b\x03\xaa\'gv\xeb\xbf\xa8d\"\x94e3Q\xfci\xdf\xad\x819\xd1\xf3\xaa\xc8i\xf2\x8a\xc4CU3\x87Ns\x9f\x9f\xcd\x05\x06g\x9aRBg\x98\x10Ch\x1c\x96\xd3\xce', 0x7)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000002, 0x10012, r0, 0x0)

1.986411439s ago: executing program 6 (id=4132):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
time(0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0x1, 0x24044851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

1.936602503s ago: executing program 6 (id=4133):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20)
listen(0xffffffffffffffff, 0x0)
io_setup(0xb2, &(0x7f0000000200))
ppoll(&(0x7f0000000180)=[{}], 0x1, 0x0, 0x0, 0x0)

1.009106328s ago: executing program 6 (id=4135):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
exit(0x1ff)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0)

959.296822ms ago: executing program 5 (id=4136):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
time(0x0)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x75, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)

856.80482ms ago: executing program 5 (id=4137):
socket(0x10, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast})
connect$inet6(r0, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_256={{0x303}, "1c236b0a9004a6db", "29f93aa1381248c4e94cc98734dfc1ba5291857169073f338f933a7bf68ed789", "175b838c", "679fe636a1f32af2"}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmmsg$inet(r4, &(0x7f0000003b00)=[{{&(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

659.421806ms ago: executing program 5 (id=4138):
r0 = getpid()
syz_pidfd_open(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

514.622508ms ago: executing program 5 (id=4139):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001000000", @ANYRES32, @ANYBLOB="00002fdc2b010fffffffffff00000000ac", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x2000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000780)=ANY=[@ANYRESDEC=r1], 0x0}, 0x94)
ioctl$FICLONE(r1, 0x40049409, 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES16=r0], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x8000001f)
fcntl$notify(r4, 0x402, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r5}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a0101000000000000000001000000090003001e007a3200000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)

232.434301ms ago: executing program 5 (id=4140):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000001000030500fffffffffffffff4000000", @ANYRES32=0x0, @ANYBLOB="15460100ef000000280012800b0001006d61637365630000180002800c0001004057000000000000050003"], 0x50}}, 0x4000000)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed6, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r4}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x10)
sendmsg$unix(r5, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000005600)='sys_enter\x00', r7, 0x0, 0x200002}, 0x18)
syz_emit_ethernet(0x66, &(0x7f00000004c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x1000002, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xfffff788}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0xffff}}}, {0x8, 0x6558, 0xfffffffe}}}}}}, 0x0)
msgsnd(0x0, 0x0, 0xfd1, 0x0)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x74, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x48, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x5, 0xd, 0x3, 0x4, 0x13, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x2, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}]}}]}, 0x74}}, 0x24040084)

195.244414ms ago: executing program 6 (id=4141):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
read(r0, 0x0, 0x0)
r1 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000140)=ANY=[], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1fc, 0x0)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200))
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYRESHEX=r3, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x1, 0x84)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c00018006000180"], 0x38}}, 0x0)
socket(0x400000000010, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="02030003200000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000400030c0000000005000500000000000a0000000000000000000000000000000000000000000001070000000000000010000800c003000067328c217950d4ed0ce9fd283e7a39cddf91db11b8d33fe41b6225fa8075fb71275ea059e57dbe5ddb41c0ece4532edb885207438d8c8ccd0b4736f5a7f78c02c158f5c563524df4f34de949509868d522a81cd34a99546e74c7f8725419f8e1f7ff115bd0f7914e267c1fc4f70fee6200286b016552268c"], 0x100}, 0x1, 0x7}, 0x14)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
preadv(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f0000000880)=""/197, 0xc5}], 0x24a, 0x0, 0xa)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000300))
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000c80)={0x8, <r9=>0x0}, 0x8)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xa, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="c56bea0f180000000000000002200000000000004eb649d1433e62396e18110000", @ANYRES32=r6, @ANYRESHEX=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1c, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000480)='kmem_cache_free\x00', r10}, 0x18)
r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r11, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r11, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x3, 0x2}})

186.702184ms ago: executing program 5 (id=4142):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f00000003c0)=""/67}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRESHEX=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES64=r1], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r2}, &(0x7f00000004c0), &(0x7f0000000300)=r3}, 0x20)
syz_emit_ethernet(0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaa0800450000289d8800c4a60000059078ac141400640103020007000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c00000090780000"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000014c0)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0x7000000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='f2fs_sync_fs\x00', r5, 0x0, 0xffffffffffffffff}, 0x18)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
recvmsg(r6, &(0x7f0000000740)={&(0x7f0000000340)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000680)=""/104, 0x68}, {&(0x7f0000000280)=""/46, 0x2e}, {&(0x7f0000000780)=""/105, 0x69}], 0x3, &(0x7f0000001780)=""/4096, 0x1000}, 0x100)
bind$bt_hci(r6, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r7, 0x400448e3, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r9 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r9, &(0x7f00000002c0)={0x2, 0xfffc, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r9, 0x8)
r10 = accept4(r7, 0x0, 0x0, 0x800)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
close_range(r8, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

175.437445ms ago: executing program 6 (id=4143):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000640)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337dfe5af64aaf38a0a2a", 0x71}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a", 0x54}], 0x2}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000e80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055b0e2843cb487ed4657c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d183b2958886a77e1f2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21654af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb5f20e8db56962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982d", 0x1b0}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

27.094437ms ago: executing program 4 (id=4144):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000640)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337dfe5af64aaf38a", 0x6f}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a", 0x54}], 0x2}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000e80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055b0e2843cb487ed4657c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d183b2958886a77e1f2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21654af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb5f20e8db56962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982d", 0x1b0}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

0s ago: executing program 4 (id=4145):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001e00)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/vlan/vlan1\x00')
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f00000000c0)={0x1, 'vlan1\x00', {}, 0x5832})
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x100, 0x1ff, 0x1, 0x6, 0xfffffffffffffffa, 0x5, 0x2, 0x8}, &(0x7f0000000080)={0x7f, 0x3, 0xfffffffffffffff8, 0x8001, 0x28a0, 0x82, 0x7, 0x5}, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
stat(0x0, 0x0)
write(r3, &(0x7f00000009c0)="3bf58d7d45d32c", 0x7)
r4 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r5 = epoll_create1(0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip_vti0\x00', <r6=>0x0})
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000576ff1e1db61ed87e00000095000000000000005ecc69612c3df19ff6d656"], &(0x7f00000000c0)='GPL\x00', 0xb, 0x65, &(0x7f00000001c0)=""/101, 0x41000, 0x23, '\x00', r6, @fallback=0x8, r7, 0x8, &(0x7f0000000240)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0xe, 0x7, 0x80000001}, 0x10, 0x0, r2, 0x6, 0x0, &(0x7f00000002c0)=[{0x2, 0x2, 0x4, 0x8}, {0x3, 0x1, 0x3, 0xa}, {0x4, 0x3, 0x6, 0x8}, {0x1, 0x3, 0x2, 0x4}, {0x0, 0x1, 0x8, 0x7}, {0x5, 0x4, 0xa, 0xc}], 0x10, 0xffff34f0}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0xa0000004})
sendfile(r3, r2, 0x0, 0x3ffff)
sendfile(r3, r2, 0x0, 0x7fffeffd)

kernel console output (not intermixed with test programs):

 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  629.582890][   T29] audit: type=1326 audit(1755187793.621:7896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16012 comm="syz.5.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  629.606452][   T29] audit: type=1326 audit(1755187793.621:7897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16012 comm="syz.5.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  629.629914][   T29] audit: type=1326 audit(1755187793.621:7898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16012 comm="syz.5.3379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  629.657016][T16016] loop6: detected capacity change from 0 to 512
[  629.705577][T16016] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  629.789586][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  629.809747][T16016] EXT4-fs (loop6): orphan cleanup on readonly fs
[  629.870606][T16016] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.3378: bg 0: block 248: padding at end of block bitmap is not set
[  629.918803][T16014] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  629.939467][T16016] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.3378: Failed to acquire dquot type 1
[  630.004416][T16016] EXT4-fs (loop6): 1 truncate cleaned up
[  630.011037][T16029] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3384'.
[  630.044343][T16024] loop5: detected capacity change from 0 to 1024
[  630.061697][T16016] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  630.075487][T16024] EXT4-fs: Ignoring removed nomblk_io_submit option
[  630.573992][T16024] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  630.629299][T16036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3385'.
[  630.666120][T16024] System zones: 0-1, 3-36
[  630.711179][T16024] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  631.173194][T16040] netlink: 'syz.2.3386': attribute type 10 has an invalid length.
[  631.185212][T16040] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3386'.
[  631.904268][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  632.750525][T16052] loop5: detected capacity change from 0 to 512
[  632.780517][T16052] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  635.679413][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3390'.
[  635.907580][T16052] EXT4-fs (loop5): 1 truncate cleaned up
[  635.913930][T16052] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  636.027962][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  636.426796][T16074] hub 8-0:1.0: USB hub found
[  636.439426][T16074] hub 8-0:1.0: 8 ports detected
[  637.926398][T16089] loop3: detected capacity change from 0 to 1024
[  637.947086][T16089] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  637.976032][T16089] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  638.049421][T16089] EXT4-fs (loop3): invalid journal inode
[  638.137519][   T29] kauditd_printk_skb: 26 callbacks suppressed
[  638.137533][   T29] audit: type=1326 audit(1755187802.361:7923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.178260][T16096] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3403'.
[  638.211005][   T29] audit: type=1326 audit(1755187802.401:7924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.234596][   T29] audit: type=1326 audit(1755187802.401:7925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.258008][   T29] audit: type=1326 audit(1755187802.401:7926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.281759][   T29] audit: type=1326 audit(1755187802.401:7927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.293123][T16103] loop5: detected capacity change from 0 to 512
[  638.305274][   T29] audit: type=1326 audit(1755187802.401:7928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.305301][   T29] audit: type=1326 audit(1755187802.401:7929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.358546][   T29] audit: type=1326 audit(1755187802.401:7930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.382266][   T29] audit: type=1326 audit(1755187802.401:7931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.405837][   T29] audit: type=1326 audit(1755187802.401:7932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16095 comm="syz.3.3403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  638.485201][T16103] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  638.580306][T16108] loop2: detected capacity change from 0 to 512
[  638.855195][T16103] EXT4-fs (loop5): orphan cleanup on readonly fs
[  638.905999][T16108] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  638.918539][T16108] ext4 filesystem being mounted at /113/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  639.051259][T16103] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3404: bg 0: block 248: padding at end of block bitmap is not set
[  639.491389][T16103] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.3404: Failed to acquire dquot type 1
[  639.504896][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  639.575252][T16103] EXT4-fs (loop5): 1 truncate cleaned up
[  639.627834][T16103] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  639.914437][T16117] loop3: detected capacity change from 0 to 512
[  639.960263][T16117] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  640.000623][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  640.023109][T16117] EXT4-fs (loop3): 1 truncate cleaned up
[  640.036205][T16117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  640.258087][T12551] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  640.312775][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  640.694833][T16141] loop6: detected capacity change from 0 to 1024
[  640.720849][T16141] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  640.734869][T16141] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  640.745735][T16141] EXT4-fs (loop6): invalid journal inode
[  640.824276][T16149] loop6: detected capacity change from 0 to 128
[  640.912907][T16152] loop3: detected capacity change from 0 to 512
[  640.922116][T16152] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  640.933030][T16152] EXT4-fs (loop3): orphan cleanup on readonly fs
[  640.942782][T16152] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3417: bg 0: block 248: padding at end of block bitmap is not set
[  640.958812][T16152] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.3417: Failed to acquire dquot type 1
[  640.971332][T16152] EXT4-fs (loop3): 1 truncate cleaned up
[  640.979179][T16152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  643.817249][T16173] loop4: detected capacity change from 0 to 512
[  643.841903][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  643.854516][T16173] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  643.873490][   T29] kauditd_printk_skb: 39 callbacks suppressed
[  643.873503][   T29] audit: type=1326 audit(1755187808.101:7968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16163 comm="syz.2.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  643.938483][T16175] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3425'.
[  643.941499][   T29] audit: type=1326 audit(1755187808.131:7969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16163 comm="syz.2.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  643.971329][   T29] audit: type=1326 audit(1755187808.161:7970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  643.975619][T16173] EXT4-fs (loop4): orphan cleanup on readonly fs
[  643.995130][   T29] audit: type=1326 audit(1755187808.161:7971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  644.024815][   T29] audit: type=1326 audit(1755187808.161:7972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  644.048460][   T29] audit: type=1326 audit(1755187808.161:7973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  644.072048][   T29] audit: type=1326 audit(1755187808.161:7974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  644.095583][   T29] audit: type=1326 audit(1755187808.161:7975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  644.099975][T16178] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3426'.
[  644.119148][   T29] audit: type=1326 audit(1755187808.161:7976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  644.119178][   T29] audit: type=1326 audit(1755187808.161:7977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16174 comm="syz.3.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  644.257296][T16173] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3424: bg 0: block 248: padding at end of block bitmap is not set
[  644.279671][T16173] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3424: Failed to acquire dquot type 1
[  644.399933][T16173] EXT4-fs (loop4): 1 truncate cleaned up
[  644.438830][T16173] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  644.519439][T16186] loop2: detected capacity change from 0 to 1024
[  644.595334][T16186] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  644.704291][T16191] loop3: detected capacity change from 0 to 512
[  644.732264][T16186] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  644.742539][T16186] EXT4-fs (loop2): invalid journal inode
[  644.781991][T16191] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  645.261007][T16191] EXT4-fs (loop3): 1 truncate cleaned up
[  645.267187][T16191] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  645.918648][T16206] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3436'.
[  645.998973][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  646.186143][T16216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.449573][T16216] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.699197][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  647.422137][T16244] loop6: detected capacity change from 0 to 512
[  647.441070][T16244] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  647.467305][T16244] EXT4-fs (loop6): orphan cleanup on readonly fs
[  647.495528][T16244] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.3443: bg 0: block 248: padding at end of block bitmap is not set
[  647.581557][T16244] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.3443: Failed to acquire dquot type 1
[  647.605668][T16244] EXT4-fs (loop6): 1 truncate cleaned up
[  647.685417][T16249] loop2: detected capacity change from 0 to 512
[  647.702029][T16249] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  647.713979][T16244] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  647.850465][T16249] EXT4-fs (loop2): 1 truncate cleaned up
[  647.859836][T16249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  648.347368][T16258] loop3: detected capacity change from 0 to 128
[  648.523265][T16262] loop3: detected capacity change from 0 to 512
[  648.534158][T16262] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  648.543835][T16262] EXT4-fs (loop3): orphan cleanup on readonly fs
[  648.551118][T16262] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3453: bg 0: block 248: padding at end of block bitmap is not set
[  648.565940][T16262] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.3453: Failed to acquire dquot type 1
[  648.579402][T16262] EXT4-fs (loop3): 1 truncate cleaned up
[  648.741917][T16267] loop5: detected capacity change from 0 to 128
[  648.818597][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  648.875690][T16262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  648.897265][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  648.941723][T16276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3458'.
[  648.966373][T16275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.979823][T16275] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.992494][   T29] kauditd_printk_skb: 64 callbacks suppressed
[  648.992507][   T29] audit: type=1326 audit(1755187813.221:8036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.069611][   T29] audit: type=1326 audit(1755187813.251:8037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.093257][   T29] audit: type=1326 audit(1755187813.251:8038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.116787][   T29] audit: type=1326 audit(1755187813.251:8039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.140341][   T29] audit: type=1326 audit(1755187813.251:8040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.163857][   T29] audit: type=1326 audit(1755187813.251:8041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.187363][   T29] audit: type=1326 audit(1755187813.251:8042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.211373][   T29] audit: type=1326 audit(1755187813.251:8043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.235314][   T29] audit: type=1326 audit(1755187813.251:8044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.258956][   T29] audit: type=1326 audit(1755187813.251:8045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16278 comm="syz.2.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f561d0eebe9 code=0x7ffc0000
[  649.377079][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  649.426941][T16289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.435759][T16289] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  649.507558][T16290] hub 8-0:1.0: USB hub found
[  649.512297][T16290] hub 8-0:1.0: 8 ports detected
[  649.625141][T16292] loop5: detected capacity change from 0 to 128
[  649.865788][T16295] netlink: 'syz.5.3464': attribute type 10 has an invalid length.
[  649.886749][T16295] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3464'.
[  649.962785][T16297] loop2: detected capacity change from 0 to 1024
[  649.975472][T16297] EXT4-fs: Ignoring removed nomblk_io_submit option
[  649.985230][T16297] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  649.987478][T16300] loop3: detected capacity change from 0 to 128
[  649.993564][T16297] System zones: 0-1, 3-36
[  650.010208][T16297] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  650.705386][T16314] loop4: detected capacity change from 0 to 512
[  650.734486][T16314] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  650.747777][T16314] EXT4-fs (loop4): 1 truncate cleaned up
[  650.753845][T16314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  650.768548][T16317] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3471'.
[  650.815194][T16320] loop3: detected capacity change from 0 to 128
[  650.973297][T16323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  650.982095][T16325] loop5: detected capacity change from 0 to 128
[  651.000335][T16323] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  651.086508][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  651.194727][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  651.227010][T16335] loop5: detected capacity change from 0 to 512
[  651.272190][T16335] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  651.284926][T16335] ext4 filesystem being mounted at /183/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  651.513471][T12551] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  651.522607][T16341] loop2: detected capacity change from 0 to 1024
[  651.562894][T16342] hub 8-0:1.0: USB hub found
[  651.567668][T16342] hub 8-0:1.0: 8 ports detected
[  651.698567][T16341] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  651.709638][T16341] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  651.831351][T16341] EXT4-fs (loop2): invalid journal inode
[  652.237758][T16347] loop3: detected capacity change from 0 to 128
[  652.822328][T16357] loop6: detected capacity change from 0 to 512
[  652.861661][T16357] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  652.896682][T16357] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  652.923679][T16357] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #15: comm syz.6.3485: corrupted xattr block 19: overlapping e_value 
[  652.952651][T16357] EXT4-fs (loop6): Remounting filesystem read-only
[  652.959212][T16357] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop6 ino=15
[  652.985899][T16357] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop6 ino=15
[  653.009056][T16357] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop6 ino=15
[  653.158238][T16361] loop3: detected capacity change from 0 to 8192
[  653.195180][T12551] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  653.211994][T16361] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  653.220683][T16361] FAT-fs (loop3): Filesystem has been set read-only
[  653.272264][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  653.303244][T16365] loop4: detected capacity change from 0 to 1024
[  653.329830][T16365] EXT4-fs: Ignoring removed nomblk_io_submit option
[  653.388074][T16365] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  653.429048][T16365] System zones: 0-1, 3-36
[  653.436720][T16374] loop6: detected capacity change from 0 to 512
[  653.443865][T16374] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  653.458762][T16374] EXT4-fs (loop6): 1 truncate cleaned up
[  653.464803][T16374] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  653.482795][T16365] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  654.414409][T16386] loop5: detected capacity change from 0 to 128
[  654.492547][T12551] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  654.585000][T16388] loop3: detected capacity change from 0 to 512
[  654.595677][T16388] EXT4-fs: test_dummy_encryption option not supported
[  654.846907][T16394] loop6: detected capacity change from 0 to 1024
[  655.259070][T16394] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  655.268981][T16394] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  655.280682][T16394] EXT4-fs (loop6): invalid journal inode
[  655.348948][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  655.393786][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  655.393801][   T29] audit: type=1400 audit(1755187819.621:8053): avc:  denied  { sqpoll } for  pid=16398 comm="syz.3.3496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  655.456688][   T29] audit: type=1400 audit(1755187819.651:8054): avc:  denied  { execute } for  pid=16398 comm="syz.3.3496" path="/102/cpu.stat" dev="tmpfs" ino=568 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  655.479786][   T29] audit: type=1400 audit(1755187819.651:8055): avc:  denied  { shutdown } for  pid=16398 comm="syz.3.3496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  655.499659][   T29] audit: type=1400 audit(1755187819.651:8056): avc:  denied  { ioctl } for  pid=16398 comm="syz.3.3496" path="socket:[44065]" dev="sockfs" ino=44065 ioctlcmd=0x894c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  655.718677][   T29] audit: type=1400 audit(1755187819.881:8057): avc:  denied  { ioctl } for  pid=16402 comm="syz.3.3497" path="socket:[44078]" dev="sockfs" ino=44078 ioctlcmd=0x7452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  655.743616][   T29] audit: type=1326 audit(1755187819.881:8058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16402 comm="syz.3.3497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  655.747713][T16417] loop2: detected capacity change from 0 to 128
[  655.767230][   T29] audit: type=1326 audit(1755187819.881:8059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16402 comm="syz.3.3497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  655.797104][   T29] audit: type=1326 audit(1755187819.881:8060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16402 comm="syz.3.3497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  655.820737][   T29] audit: type=1326 audit(1755187819.881:8061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16402 comm="syz.3.3497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  655.844405][   T29] audit: type=1326 audit(1755187819.881:8062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16402 comm="syz.3.3497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  655.872866][T16420] loop6: detected capacity change from 0 to 512
[  655.974517][T16420] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  655.987258][T16420] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  656.443302][T16437] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3507'.
[  656.485527][T16439] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3508'.
[  656.509053][T16432] loop2: detected capacity change from 0 to 1024
[  656.551874][T16441] FAULT_INJECTION: forcing a failure.
[  656.551874][T16441] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  656.564990][T16441] CPU: 0 UID: 0 PID: 16441 Comm: syz.5.3509 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  656.565083][T16441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  656.565099][T16441] Call Trace:
[  656.565106][T16441]  <TASK>
[  656.565113][T16441]  __dump_stack+0x1d/0x30
[  656.565131][T16441]  dump_stack_lvl+0xe8/0x140
[  656.565177][T16441]  dump_stack+0x15/0x1b
[  656.565195][T16441]  should_fail_ex+0x265/0x280
[  656.565214][T16441]  should_fail+0xb/0x20
[  656.565273][T16441]  should_fail_usercopy+0x1a/0x20
[  656.565295][T16441]  _copy_from_user+0x1c/0xb0
[  656.565318][T16441]  ___sys_sendmsg+0xc1/0x1d0
[  656.565367][T16441]  __x64_sys_sendmsg+0xd4/0x160
[  656.565466][T16441]  x64_sys_call+0x191e/0x2ff0
[  656.565486][T16441]  do_syscall_64+0xd2/0x200
[  656.565566][T16441]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  656.565586][T16441]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  656.565608][T16441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.565631][T16441] RIP: 0033:0x7f581020ebe9
[  656.565654][T16441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  656.565724][T16441] RSP: 002b:00007f580ec6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  656.565745][T16441] RAX: ffffffffffffffda RBX: 00007f5810435fa0 RCX: 00007f581020ebe9
[  656.565758][T16441] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000005
[  656.565771][T16441] RBP: 00007f580ec6f090 R08: 0000000000000000 R09: 0000000000000000
[  656.565803][T16441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  656.565831][T16441] R13: 00007f5810436038 R14: 00007f5810435fa0 R15: 00007ffe55c23208
[  656.565849][T16441]  </TASK>
[  656.802095][T16432] EXT4-fs: Ignoring removed nomblk_io_submit option
[  656.842702][T16445] lo speed is unknown, defaulting to 1000
[  656.848559][T16445] lo speed is unknown, defaulting to 1000
[  656.867838][T16443] loop3: detected capacity change from 0 to 1024
[  656.885368][T16432] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  656.901839][T16443] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  656.913096][T16445] lo speed is unknown, defaulting to 1000
[  656.919172][T16445] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  656.935745][T16432] System zones: 0-1, 3-36
[  656.955684][T16432] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  656.968379][T16443] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  656.993059][T16445] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  657.003284][T16443] EXT4-fs (loop3): invalid journal inode
[  657.023015][T16445] lo speed is unknown, defaulting to 1000
[  657.035062][T16445] lo speed is unknown, defaulting to 1000
[  657.049847][T16445] lo speed is unknown, defaulting to 1000
[  657.062353][T16445] lo speed is unknown, defaulting to 1000
[  657.090881][T16445] lo speed is unknown, defaulting to 1000
[  657.515053][T16458] lo speed is unknown, defaulting to 1000
[  657.773821][T12551] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  657.833616][T16464] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3518'.
[  657.891931][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  657.914809][T16473] loop6: detected capacity change from 0 to 1024
[  657.917575][T16473] ext4: Unknown parameter 'euid>00000000000000000000'
[  658.051295][T16484] loop6: detected capacity change from 0 to 512
[  658.137606][T16484] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  658.137756][T16484] ext4 filesystem being mounted at /175/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  658.141932][T16484] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  658.157897][T16483] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  658.269684][T16499] loop4: detected capacity change from 0 to 512
[  658.358309][T16501] netlink: 763 bytes leftover after parsing attributes in process `syz.6.3528'.
[  658.379682][T16499] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  658.379812][T16499] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  658.900924][T16510] loop2: detected capacity change from 0 to 1024
[  658.974351][T16510] EXT4-fs: Ignoring removed nomblk_io_submit option
[  659.067618][T16510] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  659.703527][T16520] loop3: detected capacity change from 0 to 512
[  659.761318][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  659.777992][T16520] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  659.789090][T16520] EXT4-fs (loop3): orphan cleanup on readonly fs
[  659.796720][T16520] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3533: bg 0: block 248: padding at end of block bitmap is not set
[  659.812424][T16520] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.3533: Failed to acquire dquot type 1
[  659.826870][T16520] EXT4-fs (loop3): 1 truncate cleaned up
[  659.833988][T16520] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  659.888415][T16510] System zones: 0-1, 3-36
[  659.947440][T16510] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  660.864922][   T29] kauditd_printk_skb: 143 callbacks suppressed
[  660.865018][   T29] audit: type=1326 audit(1755187825.091:8204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.226806][T16543] lo speed is unknown, defaulting to 1000
[  661.555440][   T29] audit: type=1326 audit(1755187825.151:8205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.555641][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  661.578975][   T29] audit: type=1326 audit(1755187825.151:8206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.578999][   T29] audit: type=1326 audit(1755187825.151:8207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.634987][   T29] audit: type=1326 audit(1755187825.151:8208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.658594][   T29] audit: type=1326 audit(1755187825.161:8209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.682071][   T29] audit: type=1326 audit(1755187825.161:8210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.705728][   T29] audit: type=1326 audit(1755187825.161:8211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16517 comm="syz.5.3534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  661.730644][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  661.790879][T16553] SELinux:  Context system_u:object_r:modules_dep_t:s0 is not valid (left unmapped).
[  661.801267][   T29] audit: type=1400 audit(1755187826.031:8212): avc:  denied  { relabelto } for  pid=16552 comm="syz.3.3541" name="memfd:" dev="hugetlbfs" ino=43237 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:modules_dep_t:s0"
[  661.828499][   T29] audit: type=1400 audit(1755187826.031:8213): avc:  denied  { associate } for  pid=16552 comm="syz.3.3541" name="memfd:" dev="hugetlbfs" ino=43237 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:modules_dep_t:s0"
[  661.902015][T16561] FAULT_INJECTION: forcing a failure.
[  661.902015][T16561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  661.915199][T16561] CPU: 0 UID: 0 PID: 16561 Comm: syz.2.3548 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  661.915275][T16561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  661.915287][T16561] Call Trace:
[  661.915294][T16561]  <TASK>
[  661.915301][T16561]  __dump_stack+0x1d/0x30
[  661.915319][T16561]  dump_stack_lvl+0xe8/0x140
[  661.915375][T16561]  dump_stack+0x15/0x1b
[  661.915393][T16561]  should_fail_ex+0x265/0x280
[  661.915480][T16561]  should_fail+0xb/0x20
[  661.915499][T16561]  should_fail_usercopy+0x1a/0x20
[  661.915520][T16561]  _copy_from_user+0x1c/0xb0
[  661.915609][T16561]  __copy_msghdr+0x244/0x300
[  661.915628][T16561]  ___sys_sendmsg+0x109/0x1d0
[  661.915655][T16561]  __x64_sys_sendmsg+0xd4/0x160
[  661.915726][T16561]  x64_sys_call+0x191e/0x2ff0
[  661.915776][T16561]  do_syscall_64+0xd2/0x200
[  661.915803][T16561]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  661.915912][T16561]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  661.915937][T16561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.915955][T16561] RIP: 0033:0x7f561d0eebe9
[  661.916042][T16561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.916059][T16561] RSP: 002b:00007f561bb4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  661.916080][T16561] RAX: ffffffffffffffda RBX: 00007f561d315fa0 RCX: 00007f561d0eebe9
[  661.916092][T16561] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  661.916105][T16561] RBP: 00007f561bb4f090 R08: 0000000000000000 R09: 0000000000000000
[  661.916117][T16561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.916128][T16561] R13: 00007f561d316038 R14: 00007f561d315fa0 R15: 00007ffe4e5f9418
[  661.916148][T16561]  </TASK>
[  662.130458][T16563] loop2: detected capacity change from 0 to 1024
[  662.138174][T16563] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  662.155082][T16564] dummy0: left allmulticast mode
[  662.165741][T16564] bridge0: port 3(dummy0) entered disabled state
[  662.173002][T16563] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  662.183901][T16563] EXT4-fs (loop2): invalid journal inode
[  662.190053][T16564] batman_adv: batadv0: Adding interface: dummy0
[  662.196312][T16564] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  662.223148][T16564] batman_adv: batadv0: Interface activated: dummy0
[  662.368074][T16587] loop2: detected capacity change from 0 to 512
[  662.382143][T16587] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  662.427257][T16587] EXT4-fs (loop2): orphan cleanup on readonly fs
[  662.442448][T16587] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3554: bg 0: block 248: padding at end of block bitmap is not set
[  662.511342][T16590] lo speed is unknown, defaulting to 1000
[  662.600772][T16587] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.3554: Failed to acquire dquot type 1
[  662.617044][T16587] EXT4-fs (loop2): 1 truncate cleaned up
[  662.625590][T16587] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  663.289595][T16592] loop3: detected capacity change from 0 to 2048
[  663.300959][T16595] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3561'.
[  663.436602][T16600] netlink: 'syz.4.3562': attribute type 2 has an invalid length.
[  663.518204][T16603] capability: warning: `syz.4.3562' uses 32-bit capabilities (legacy support in use)
[  664.244513][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  664.275550][T16625] loop3: detected capacity change from 0 to 512
[  664.288658][T16630] loop4: detected capacity change from 0 to 1024
[  664.296174][T16625] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  664.310497][T16625] EXT4-fs (loop3): 1 truncate cleaned up
[  664.316616][T16625] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  664.316822][T16630] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  664.379202][T16630] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  664.406789][T16630] EXT4-fs (loop4): invalid journal inode
[  664.513491][T16636] loop4: detected capacity change from 0 to 128
[  664.599365][T16647] loop5: detected capacity change from 0 to 512
[  664.609474][T16647] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  664.626936][T16647] EXT4-fs (loop5): 1 truncate cleaned up
[  664.634222][T16647] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  664.647185][T16647] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  664.970112][T16656] hub 8-0:1.0: USB hub found
[  664.975059][T16656] hub 8-0:1.0: 8 ports detected
[  665.270403][T16642] Illegal XDP return value 4294967274 on prog  (id 1983) dev N/A, expect packet loss!
[  665.518749][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  665.534428][T16661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.559950][T16661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.709599][T16671] loop5: detected capacity change from 0 to 512
[  665.717089][T16671] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  665.780921][T16673] loop3: detected capacity change from 0 to 512
[  665.795607][T16673] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  665.817756][T16671] EXT4-fs (loop5): orphan cleanup on readonly fs
[  665.830156][T16671] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3581: bg 0: block 248: padding at end of block bitmap is not set
[  665.850396][T16673] EXT4-fs (loop3): 1 truncate cleaned up
[  665.857220][T16673] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  665.873579][T16671] __quota_error: 10 callbacks suppressed
[  665.873615][T16671] Quota error (device loop5): write_blk: dquota write failed
[  665.886666][T16671] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  665.896666][T16671] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.3581: Failed to acquire dquot type 1
[  665.956327][T16671] EXT4-fs (loop5): 1 truncate cleaned up
[  665.966385][T16671] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  666.119517][   T29] audit: type=1326 audit(1755187830.321:8222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  666.143049][   T29] audit: type=1326 audit(1755187830.321:8223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  666.166652][   T29] audit: type=1326 audit(1755187830.321:8224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  666.190193][   T29] audit: type=1326 audit(1755187830.321:8225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  666.213962][   T29] audit: type=1326 audit(1755187830.321:8226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  666.237610][   T29] audit: type=1326 audit(1755187830.321:8227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  666.261077][   T29] audit: type=1326 audit(1755187830.321:8228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  666.284804][   T29] audit: type=1326 audit(1755187830.321:8229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16674 comm="syz.6.3583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  667.443564][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  667.491103][T16689] mmap: syz.4.3587 (16689) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  667.595248][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  667.601580][T16689] netlink: 14593 bytes leftover after parsing attributes in process `syz.4.3587'.
[  667.817162][T16707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.848687][T16707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.887567][T16708] loop4: detected capacity change from 0 to 512
[  667.905135][T16704] loop2: detected capacity change from 0 to 512
[  667.913662][T16710] loop3: detected capacity change from 0 to 2048
[  667.933833][T16708] EXT4-fs: Ignoring removed mblk_io_submit option
[  668.007902][T16704] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  668.021380][T16710] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  668.058470][T16708] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  668.086126][T16704] EXT4-fs (loop2): orphan cleanup on readonly fs
[  668.113016][T16708] EXT4-fs (loop4): 1 truncate cleaned up
[  668.122265][T16704] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3586: bg 0: block 248: padding at end of block bitmap is not set
[  668.146482][T16708] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  668.190180][T16704] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.3586: Failed to acquire dquot type 1
[  668.206969][T16716] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:169: inode #12: comm syz.3.3594: inline data xattr refers to an external xattr inode
[  668.274448][T16704] EXT4-fs (loop2): 1 truncate cleaned up
[  668.297527][T16704] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  668.325083][T16716] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:169: inode #12: comm syz.3.3594: inline data xattr refers to an external xattr inode
[  668.483262][  T312] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  668.505372][  T312] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[  668.518065][  T312] EXT4-fs (loop3): This should not happen!! Data will be lost
[  668.518065][  T312] 
[  668.528199][  T312] EXT4-fs (loop3): Total free blocks count 0
[  668.534221][  T312] EXT4-fs (loop3): Free/Dirty block details
[  668.540462][  T312] EXT4-fs (loop3): free_blocks=2415919104
[  668.546167][  T312] EXT4-fs (loop3): dirty_blocks=3776
[  668.551569][  T312] EXT4-fs (loop3): Block reservation details
[  668.557622][  T312] EXT4-fs (loop3): i_reserved_data_blocks=236
[  668.625361][  T312] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2048 with max blocks 2048 with error 28
[  668.649066][T16730] process 'syz.6.3599' launched './file0' with NULL argv: empty string added
[  668.721117][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  668.801937][T16734] loop5: detected capacity change from 0 to 512
[  668.842928][T16734] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  668.869835][T16734] EXT4-fs (loop5): orphan cleanup on readonly fs
[  668.876786][T16734] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.3601: Block bitmap for bg 0 marked uninitialized
[  668.901047][T16734] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  668.910989][T16734] EXT4-fs (loop5): 1 orphan inode deleted
[  668.917530][T16734] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  668.938091][T16741] loop4: detected capacity change from 0 to 512
[  668.959823][T16741] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  669.009742][T16734] FAULT_INJECTION: forcing a failure.
[  669.009742][T16734] name failslab, interval 1, probability 0, space 0, times 1
[  669.022405][T16734] CPU: 1 UID: 0 PID: 16734 Comm: syz.5.3601 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  669.022495][T16734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  669.022507][T16734] Call Trace:
[  669.022515][T16734]  <TASK>
[  669.022524][T16734]  __dump_stack+0x1d/0x30
[  669.022546][T16734]  dump_stack_lvl+0xe8/0x140
[  669.022565][T16734]  dump_stack+0x15/0x1b
[  669.022656][T16734]  should_fail_ex+0x265/0x280
[  669.022678][T16734]  should_failslab+0x8c/0xb0
[  669.022749][T16734]  kmem_cache_alloc_noprof+0x50/0x310
[  669.022775][T16734]  ? getname_flags+0x80/0x3b0
[  669.022829][T16734]  getname_flags+0x80/0x3b0
[  669.022902][T16734]  user_path_at+0x28/0x130
[  669.022927][T16734]  __se_sys_mount+0x25b/0x2e0
[  669.022945][T16734]  ? fput+0x8f/0xc0
[  669.022969][T16734]  __x64_sys_mount+0x67/0x80
[  669.023042][T16734]  x64_sys_call+0x2b4d/0x2ff0
[  669.023064][T16734]  do_syscall_64+0xd2/0x200
[  669.023091][T16734]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  669.023126][T16734]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  669.023151][T16734]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  669.023172][T16734] RIP: 0033:0x7f581020ebe9
[  669.023252][T16734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  669.023268][T16734] RSP: 002b:00007f580ec6f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  669.023289][T16734] RAX: ffffffffffffffda RBX: 00007f5810435fa0 RCX: 00007f581020ebe9
[  669.023303][T16734] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000
[  669.023321][T16734] RBP: 00007f580ec6f090 R08: 0000000000000000 R09: 0000000000000000
[  669.023334][T16734] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000001
[  669.023387][T16734] R13: 00007f5810436038 R14: 00007f5810435fa0 R15: 00007ffe55c23208
[  669.023402][T16734]  </TASK>
[  669.373313][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  669.447283][T16741] EXT4-fs (loop4): 1 truncate cleaned up
[  669.453803][T16741] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  669.948735][T16753] FAULT_INJECTION: forcing a failure.
[  669.948735][T16753] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  669.961861][T16753] CPU: 1 UID: 0 PID: 16753 Comm: syz.5.3605 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  669.961893][T16753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  669.961908][T16753] Call Trace:
[  669.961917][T16753]  <TASK>
[  669.961925][T16753]  __dump_stack+0x1d/0x30
[  669.961946][T16753]  dump_stack_lvl+0xe8/0x140
[  669.961966][T16753]  dump_stack+0x15/0x1b
[  669.961984][T16753]  should_fail_ex+0x265/0x280
[  669.962068][T16753]  should_fail+0xb/0x20
[  669.962083][T16753]  should_fail_usercopy+0x1a/0x20
[  669.962106][T16753]  _copy_from_user+0x1c/0xb0
[  669.962131][T16753]  __copy_msghdr+0x244/0x300
[  669.962154][T16753]  ___sys_sendmsg+0x109/0x1d0
[  669.962214][T16753]  __x64_sys_sendmsg+0xd4/0x160
[  669.962237][T16753]  x64_sys_call+0x191e/0x2ff0
[  669.962260][T16753]  do_syscall_64+0xd2/0x200
[  669.962338][T16753]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  669.962358][T16753]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  669.962388][T16753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  669.962418][T16753] RIP: 0033:0x7f581020ebe9
[  669.962504][T16753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  669.962523][T16753] RSP: 002b:00007f580ec6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  669.962544][T16753] RAX: ffffffffffffffda RBX: 00007f5810435fa0 RCX: 00007f581020ebe9
[  669.962558][T16753] RDX: 0000000000000000 RSI: 0000200000002c40 RDI: 0000000000000003
[  669.962572][T16753] RBP: 00007f580ec6f090 R08: 0000000000000000 R09: 0000000000000000
[  669.962619][T16753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  669.962631][T16753] R13: 00007f5810436038 R14: 00007f5810435fa0 R15: 00007ffe55c23208
[  669.962645][T16753]  </TASK>
[  670.296505][T16757] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3610'.
[  670.458971][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  670.549201][T16762] loop5: detected capacity change from 0 to 128
[  671.271184][   T29] kauditd_printk_skb: 55 callbacks suppressed
[  671.271197][   T29] audit: type=1400 audit(1755187835.501:8283): avc:  denied  { name_connect } for  pid=16777 comm="syz.4.3611" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  671.304146][T16778] FAULT_INJECTION: forcing a failure.
[  671.304146][T16778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  671.317300][T16778] CPU: 0 UID: 0 PID: 16778 Comm: syz.4.3611 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  671.317330][T16778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  671.317342][T16778] Call Trace:
[  671.317348][T16778]  <TASK>
[  671.317354][T16778]  __dump_stack+0x1d/0x30
[  671.317420][T16778]  dump_stack_lvl+0xe8/0x140
[  671.317480][T16778]  dump_stack+0x15/0x1b
[  671.317498][T16778]  should_fail_ex+0x265/0x280
[  671.317520][T16778]  should_fail+0xb/0x20
[  671.317593][T16778]  should_fail_usercopy+0x1a/0x20
[  671.317614][T16778]  _copy_from_user+0x1c/0xb0
[  671.317714][T16778]  __copy_msghdr+0x244/0x300
[  671.317736][T16778]  ___sys_sendmsg+0x109/0x1d0
[  671.317809][T16778]  __x64_sys_sendmsg+0xd4/0x160
[  671.317834][T16778]  x64_sys_call+0x191e/0x2ff0
[  671.317920][T16778]  do_syscall_64+0xd2/0x200
[  671.317945][T16778]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  671.317969][T16778]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  671.318002][T16778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.318025][T16778] RIP: 0033:0x7f614a15ebe9
[  671.318041][T16778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.318056][T16778] RSP: 002b:00007f6148bc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  671.318155][T16778] RAX: ffffffffffffffda RBX: 00007f614a385fa0 RCX: 00007f614a15ebe9
[  671.318169][T16778] RDX: 00000000000080d1 RSI: 0000200000000140 RDI: 0000000000000006
[  671.318183][T16778] RBP: 00007f6148bc7090 R08: 0000000000000000 R09: 0000000000000000
[  671.318210][T16778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  671.318221][T16778] R13: 00007f614a386038 R14: 00007f614a385fa0 R15: 00007ffe03a73728
[  671.318239][T16778]  </TASK>
[  671.638534][T16786] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3623'.
[  671.820784][T16792] hub 8-0:1.0: USB hub found
[  671.826257][T16792] hub 8-0:1.0: 8 ports detected
[  671.927341][T16803] loop3: detected capacity change from 0 to 512
[  671.963799][T16803] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  672.074173][T16803] EXT4-fs (loop3): 1 truncate cleaned up
[  672.080704][T16803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  672.250309][T16807] lo speed is unknown, defaulting to 1000
[  673.038760][T16828] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3634'.
[  673.071987][T16829] netlink: 'syz.4.3636': attribute type 10 has an invalid length.
[  673.082934][T16829] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3636'.
[  673.190305][T16829] dummy0: entered promiscuous mode
[  673.248125][T16829] bridge0: port 3(dummy0) entered blocking state
[  673.254935][T16829] bridge0: port 3(dummy0) entered disabled state
[  673.292291][T16832] loop5: detected capacity change from 0 to 8192
[  673.312289][T16829] dummy0: entered allmulticast mode
[  673.392917][T16829] bridge0: port 3(dummy0) entered blocking state
[  673.399687][T16829] bridge0: port 3(dummy0) entered forwarding state
[  673.652258][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  673.706324][T16849] netlink: 'syz.3.3643': attribute type 10 has an invalid length.
[  673.715724][T16849] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3643'.
[  673.735935][T16849] batman_adv: batadv0: Interface deactivated: dummy0
[  673.743156][T16849] batman_adv: batadv0: Removing interface: dummy0
[  673.893191][T16849] bridge0: port 3(dummy0) entered blocking state
[  673.901309][T16849] bridge0: port 3(dummy0) entered disabled state
[  673.924589][T16849] dummy0: entered allmulticast mode
[  673.955751][T16849] bridge0: port 3(dummy0) entered blocking state
[  673.962415][T16849] bridge0: port 3(dummy0) entered forwarding state
[  674.041367][T16858] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3642'.
[  674.121147][T16868] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3648'.
[  674.360885][   T29] audit: type=1400 audit(1755187838.591:8284): avc:  denied  { write } for  pid=16873 comm="syz.4.3651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  674.723645][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  674.779952][   T29] audit: type=1400 audit(1755187839.011:8285): avc:  denied  { create } for  pid=16886 comm="syz.4.3657" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  674.848896][   T29] audit: type=1400 audit(1755187839.031:8286): avc:  denied  { mounton } for  pid=16886 comm="syz.4.3657" path="/66/file0" dev="tmpfs" ino=369 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  674.915804][T16897] loop3: detected capacity change from 0 to 1024
[  674.954389][T16897] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  674.977751][   T29] audit: type=1400 audit(1755187839.161:8287): avc:  denied  { unlink } for  pid=15388 comm="syz-executor" name="file0" dev="tmpfs" ino=369 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  675.026985][T16897] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  675.059623][T16897] EXT4-fs (loop3): invalid journal inode
[  675.151467][T16918] dummy0: left allmulticast mode
[  675.159660][T16918] bridge0: port 3(dummy0) entered disabled state
[  675.168756][T16919] dummy0: left allmulticast mode
[  675.176648][T16919] bridge0: port 3(dummy0) entered disabled state
[  675.188226][T16917] FAULT_INJECTION: forcing a failure.
[  675.188226][T16917] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.201415][T16917] CPU: 1 UID: 0 PID: 16917 Comm: syz.2.3669 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  675.201520][T16917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  675.201530][T16917] Call Trace:
[  675.201537][T16917]  <TASK>
[  675.201543][T16917]  __dump_stack+0x1d/0x30
[  675.201637][T16917]  dump_stack_lvl+0xe8/0x140
[  675.201702][T16917]  dump_stack+0x15/0x1b
[  675.201723][T16917]  should_fail_ex+0x265/0x280
[  675.201740][T16917]  should_fail+0xb/0x20
[  675.201755][T16917]  should_fail_usercopy+0x1a/0x20
[  675.201812][T16917]  _copy_to_user+0x20/0xa0
[  675.201835][T16917]  simple_read_from_buffer+0xb5/0x130
[  675.201883][T16917]  proc_fail_nth_read+0x10e/0x150
[  675.201905][T16917]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  675.201925][T16917]  vfs_read+0x1a5/0x770
[  675.201942][T16917]  ? __rcu_read_unlock+0x4f/0x70
[  675.201963][T16917]  ? __fget_files+0x184/0x1c0
[  675.201984][T16917]  ksys_read+0xda/0x1a0
[  675.202002][T16917]  __x64_sys_read+0x40/0x50
[  675.202020][T16917]  x64_sys_call+0x27bc/0x2ff0
[  675.202063][T16917]  do_syscall_64+0xd2/0x200
[  675.202099][T16917]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  675.202118][T16917]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  675.202138][T16917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.202155][T16917] RIP: 0033:0x7f561d0ed5fc
[  675.202169][T16917] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  675.202221][T16917] RSP: 002b:00007f561bb4f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  675.202238][T16917] RAX: ffffffffffffffda RBX: 00007f561d315fa0 RCX: 00007f561d0ed5fc
[  675.202308][T16917] RDX: 000000000000000f RSI: 00007f561bb4f0a0 RDI: 0000000000000006
[  675.202320][T16917] RBP: 00007f561bb4f090 R08: 0000000000000000 R09: 0000000000000000
[  675.202338][T16917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.202426][T16917] R13: 00007f561d316038 R14: 00007f561d315fa0 R15: 00007ffe4e5f9418
[  675.202445][T16917]  </TASK>
[  675.415184][   T29] audit: type=1400 audit(1755187839.641:8288): avc:  denied  { ioctl } for  pid=16922 comm="syz.5.3671" path="socket:[43928]" dev="sockfs" ino=43928 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  675.455223][T16930] FAULT_INJECTION: forcing a failure.
[  675.455223][T16930] name failslab, interval 1, probability 0, space 0, times 0
[  675.468407][T16930] CPU: 0 UID: 0 PID: 16930 Comm: syz.2.3672 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  675.468435][T16930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  675.468445][T16930] Call Trace:
[  675.468451][T16930]  <TASK>
[  675.468457][T16930]  __dump_stack+0x1d/0x30
[  675.468475][T16930]  dump_stack_lvl+0xe8/0x140
[  675.468492][T16930]  dump_stack+0x15/0x1b
[  675.468519][T16930]  should_fail_ex+0x265/0x280
[  675.468554][T16930]  should_failslab+0x8c/0xb0
[  675.468577][T16930]  kmem_cache_alloc_node_noprof+0x57/0x320
[  675.468658][T16930]  ? __alloc_skb+0x101/0x320
[  675.468689][T16930]  __alloc_skb+0x101/0x320
[  675.468742][T16930]  ? selinux_file_permission+0x1e4/0x320
[  675.468762][T16930]  ppp_write+0x87/0x310
[  675.468824][T16930]  vfs_writev+0x403/0x8b0
[  675.468843][T16930]  ? __pfx_ppp_write+0x10/0x10
[  675.468887][T16930]  __x64_sys_pwritev+0xfd/0x1c0
[  675.468901][T16930]  x64_sys_call+0x14f8/0x2ff0
[  675.468918][T16930]  do_syscall_64+0xd2/0x200
[  675.468963][T16930]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  675.468976][T16930]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  675.468990][T16930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.469002][T16930] RIP: 0033:0x7f561d0eebe9
[  675.469011][T16930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.469041][T16930] RSP: 002b:00007f561bb4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  675.469052][T16930] RAX: ffffffffffffffda RBX: 00007f561d315fa0 RCX: 00007f561d0eebe9
[  675.469059][T16930] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000007
[  675.469066][T16930] RBP: 00007f561bb4f090 R08: 0000000000000004 R09: 0000000000000000
[  675.469073][T16930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.469137][T16930] R13: 00007f561d316038 R14: 00007f561d315fa0 R15: 00007ffe4e5f9418
[  675.469147][T16930]  </TASK>
[  675.681209][T16932] loop3: detected capacity change from 0 to 128
[  675.687962][   T29] audit: type=1400 audit(1755187839.911:8289): avc:  denied  { mounton } for  pid=16931 comm="syz.3.3673" path="/131/file1" dev="tmpfs" ino=725 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  675.750605][   T29] audit: type=1400 audit(1755187839.981:8290): avc:  denied  { getopt } for  pid=16935 comm="syz.3.3675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  675.772085][T16936] netlink: 'syz.3.3675': attribute type 1 has an invalid length.
[  675.779863][T16936] netlink: 'syz.3.3675': attribute type 2 has an invalid length.
[  675.787605][T16936] netlink: 'syz.3.3675': attribute type 1 has an invalid length.
[  675.795385][T16936] netlink: 'syz.3.3675': attribute type 1 has an invalid length.
[  675.803149][T16936] netlink: 'syz.3.3675': attribute type 1 has an invalid length.
[  675.810870][T16936] netlink: 'syz.3.3675': attribute type 1 has an invalid length.
[  675.870379][T16947] loop2: detected capacity change from 0 to 1024
[  675.887466][T16947] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  675.907689][T16947] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  675.918911][T16947] EXT4-fs (loop2): invalid journal inode
[  675.988091][   T29] audit: type=1326 audit(1755187840.211:8291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.011941][   T29] audit: type=1326 audit(1755187840.211:8292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.038687][T16966] FAULT_INJECTION: forcing a failure.
[  676.038687][T16966] name failslab, interval 1, probability 0, space 0, times 0
[  676.051383][T16966] CPU: 1 UID: 0 PID: 16966 Comm: syz.5.3682 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  676.051409][T16966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  676.051440][T16966] Call Trace:
[  676.051448][T16966]  <TASK>
[  676.051456][T16966]  __dump_stack+0x1d/0x30
[  676.051488][T16966]  dump_stack_lvl+0xe8/0x140
[  676.051531][T16966]  dump_stack+0x15/0x1b
[  676.051546][T16966]  should_fail_ex+0x265/0x280
[  676.051564][T16966]  should_failslab+0x8c/0xb0
[  676.051600][T16966]  kmem_cache_alloc_noprof+0x50/0x310
[  676.051672][T16966]  ? audit_log_start+0x365/0x6c0
[  676.051771][T16966]  audit_log_start+0x365/0x6c0
[  676.051797][T16966]  audit_seccomp+0x48/0x100
[  676.051819][T16966]  ? __seccomp_filter+0x68c/0x10d0
[  676.051837][T16966]  __seccomp_filter+0x69d/0x10d0
[  676.051856][T16966]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  676.051946][T16966]  ? vfs_write+0x7e8/0x960
[  676.051963][T16966]  ? __rcu_read_unlock+0x4f/0x70
[  676.051982][T16966]  ? __fget_files+0x184/0x1c0
[  676.052004][T16966]  __secure_computing+0x82/0x150
[  676.052058][T16966]  syscall_trace_enter+0xcf/0x1e0
[  676.052079][T16966]  do_syscall_64+0xac/0x200
[  676.052102][T16966]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  676.052122][T16966]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  676.052231][T16966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.052318][T16966] RIP: 0033:0x7f581020ebe9
[  676.052376][T16966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  676.052391][T16966] RSP: 002b:00007f580ec4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  676.052408][T16966] RAX: ffffffffffffffda RBX: 00007f5810436090 RCX: 00007f581020ebe9
[  676.052420][T16966] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400
[  676.052431][T16966] RBP: 00007f580ec4e090 R08: 0000000000000000 R09: 0000000000000000
[  676.052442][T16966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.052453][T16966] R13: 00007f5810436128 R14: 00007f5810436090 R15: 00007ffe55c23208
[  676.052470][T16966]  </TASK>
[  676.086495][T16972] loop2: detected capacity change from 0 to 128
[  676.176742][T16977] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3692'.
[  676.283719][   T29] kauditd_printk_skb: 47 callbacks suppressed
[  676.283731][   T29] audit: type=1326 audit(1755187840.511:8338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.331135][   T29] audit: type=1326 audit(1755187840.541:8339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.354675][   T29] audit: type=1326 audit(1755187840.551:8340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.385970][T16986] loop2: detected capacity change from 0 to 128
[  676.421212][   T29] audit: type=1326 audit(1755187840.561:8341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.438220][T16992] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  676.444915][   T29] audit: type=1326 audit(1755187840.601:8342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.451341][T16992] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  676.451526][T16992] vhci_hcd vhci_hcd.0: Device attached
[  676.475087][   T29] audit: type=1326 audit(1755187840.611:8343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.511765][   T29] audit: type=1326 audit(1755187840.621:8344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.535512][   T29] audit: type=1326 audit(1755187840.631:8345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.559052][   T29] audit: type=1326 audit(1755187840.641:8346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.579190][T16993] vhci_hcd: cannot find the pending unlink 1
[  676.583170][   T29] audit: type=1326 audit(1755187840.651:8347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16960 comm="syz.3.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  676.677482][T16999] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3697'.
[  676.719856][T16993] vhci_hcd: connection closed
[  676.720044][ T1419] vhci_hcd: stop threads
[  676.729067][ T1419] vhci_hcd: release socket
[  676.733647][ T1419] vhci_hcd: disconnect device
[  676.784580][ T1048] usb 10-1: enqueue for inactive port 0
[  676.785045][T17001] loop5: detected capacity change from 0 to 128
[  676.852357][T17006] loop2: detected capacity change from 0 to 128
[  677.000361][ T1048] usb 10-1: enqueue for inactive port 0
[  677.132402][T17023] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3705'.
[  677.240858][T17028] loop2: detected capacity change from 0 to 128
[  677.737301][T17038] loop4: detected capacity change from 0 to 512
[  678.521252][T17038] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  678.643932][T17040] loop2: detected capacity change from 0 to 512
[  678.662066][T17040] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  678.675338][T17040] EXT4-fs (loop2): 1 truncate cleaned up
[  678.681748][T17040] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  678.702322][ T1048] usb usb10-port1: attempt power cycle
[  678.988350][T17051] loop5: detected capacity change from 0 to 128
[  679.002308][T17038] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  679.067113][T17038] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.3715: corrupted xattr block 19: overlapping e_value 
[  679.081622][T17053] loop3: detected capacity change from 0 to 512
[  679.126753][T17053] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  679.177265][T17038] EXT4-fs (loop4): Remounting filesystem read-only
[  679.183887][T17038] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  679.199344][T17053] EXT4-fs (loop3): orphan cleanup on readonly fs
[  679.221224][T17053] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.3717: Block bitmap for bg 0 marked uninitialized
[  679.244793][T17038] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  679.266763][T17038] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[  679.276901][T17053] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  679.300681][T17053] EXT4-fs (loop3): 1 orphan inode deleted
[  679.327287][T17053] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  679.365782][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  679.407701][T17053] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  679.456540][T17053] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  679.511184][T17068] loop4: detected capacity change from 0 to 128
[  679.605705][T17071] loop4: detected capacity change from 0 to 128
[  679.919036][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  679.932245][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  680.002156][T17084] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3728'.
[  680.809533][ T1048] usb usb10-port1: unable to enumerate USB device
[  680.978245][T17101] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3730'.
[  680.987316][T17101] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3730'.
[  681.004215][T17100] hub 8-0:1.0: USB hub found
[  681.009389][T17100] hub 8-0:1.0: 8 ports detected
[  681.083195][T17104] loop5: detected capacity change from 0 to 512
[  681.101418][T17104] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  681.120141][T17104] EXT4-fs (loop5): orphan cleanup on readonly fs
[  681.127177][T17104] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3736: bg 0: block 248: padding at end of block bitmap is not set
[  681.142921][T17104] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.3736: Failed to acquire dquot type 1
[  681.154983][T17104] EXT4-fs (loop5): 1 truncate cleaned up
[  681.161905][T17104] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  681.260774][T17109] loop4: detected capacity change from 0 to 1024
[  681.334371][T17109] EXT4-fs: Ignoring removed nomblk_io_submit option
[  681.353445][T17109] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  681.370998][T17109] System zones: 0-1, 3-36
[  681.380314][T17109] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  681.612710][T17122] loop2: detected capacity change from 0 to 128
[  681.706252][T17125] loop2: detected capacity change from 0 to 512
[  681.714688][T17130] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3744'.
[  681.718249][T17125] EXT4-fs: Ignoring removed mblk_io_submit option
[  681.737895][T17125] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  681.750138][T17125] EXT4-fs (loop2): 1 truncate cleaned up
[  681.756502][T17125] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  681.773685][   T29] kauditd_printk_skb: 77 callbacks suppressed
[  681.773697][   T29] audit: type=1400 audit(1755187846.001:8423): avc:  denied  { read } for  pid=17132 comm="syz.3.3745" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  681.803540][   T29] audit: type=1400 audit(1755187846.001:8424): avc:  denied  { open } for  pid=17132 comm="syz.3.3745" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  681.828806][   T29] audit: type=1400 audit(1755187846.031:8425): avc:  denied  { ioctl } for  pid=17132 comm="syz.3.3745" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  681.865007][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  681.892360][   T29] audit: type=1400 audit(1755187846.121:8426): avc:  denied  { read write } for  pid=17134 comm="syz.5.3746" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  681.916005][   T29] audit: type=1400 audit(1755187846.121:8427): avc:  denied  { open } for  pid=17134 comm="syz.5.3746" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  681.916988][T17135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.948606][T17135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.977018][   T29] audit: type=1400 audit(1755187846.141:8428): avc:  denied  { ioctl } for  pid=17134 comm="syz.5.3746" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  682.007332][T17137] pim6reg: tun_chr_ioctl cmd 35108
[  682.127374][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  682.168448][T17145] netlink: 'syz.6.3752': attribute type 10 has an invalid length.
[  682.179364][T17145] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3752'.
[  682.205692][T17145] bridge0: port 3(dummy0) entered blocking state
[  682.212809][T17145] bridge0: port 3(dummy0) entered disabled state
[  682.219034][T17149] loop3: detected capacity change from 0 to 128
[  682.228200][T17145] dummy0: entered allmulticast mode
[  682.271971][T17152] loop4: detected capacity change from 0 to 128
[  682.272042][T17145] bridge0: port 3(dummy0) entered blocking state
[  682.285476][T17145] bridge0: port 3(dummy0) entered forwarding state
[  682.394247][   T29] audit: type=1326 audit(1755187846.621:8429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17157 comm="syz.3.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  682.417967][   T29] audit: type=1326 audit(1755187846.621:8430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17157 comm="syz.3.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  682.470530][   T29] audit: type=1326 audit(1755187846.621:8431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17157 comm="syz.3.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  682.494159][   T29] audit: type=1326 audit(1755187846.621:8432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17157 comm="syz.3.3755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  682.540432][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  682.563259][T17169] loop4: detected capacity change from 0 to 1024
[  682.569963][T17169] EXT4-fs: Ignoring removed nomblk_io_submit option
[  682.611658][T17169] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  682.623765][T17169] System zones: 0-1, 3-36
[  682.642836][T17169] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  682.664728][T17182] netlink: 'syz.2.3765': attribute type 10 has an invalid length.
[  682.678978][T17182] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3765'.
[  682.757130][T17186] loop5: detected capacity change from 0 to 128
[  682.877175][T17194] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3766'.
[  682.886610][T17194] FAULT_INJECTION: forcing a failure.
[  682.886610][T17194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  682.899799][T17194] CPU: 1 UID: 0 PID: 17194 Comm: syz.3.3766 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  682.899887][T17194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  682.899899][T17194] Call Trace:
[  682.899907][T17194]  <TASK>
[  682.899916][T17194]  __dump_stack+0x1d/0x30
[  682.899960][T17194]  dump_stack_lvl+0xe8/0x140
[  682.899978][T17194]  dump_stack+0x15/0x1b
[  682.899992][T17194]  should_fail_ex+0x265/0x280
[  682.900010][T17194]  should_fail+0xb/0x20
[  682.900027][T17194]  should_fail_usercopy+0x1a/0x20
[  682.900079][T17194]  _copy_from_user+0x1c/0xb0
[  682.900104][T17194]  ___sys_sendmsg+0xc1/0x1d0
[  682.900135][T17194]  __x64_sys_sendmsg+0xd4/0x160
[  682.900156][T17194]  x64_sys_call+0x191e/0x2ff0
[  682.900173][T17194]  do_syscall_64+0xd2/0x200
[  682.900319][T17194]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  682.900342][T17194]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  682.900363][T17194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.900518][T17194] RIP: 0033:0x7f932cf0ebe9
[  682.900534][T17194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  682.900549][T17194] RSP: 002b:00007f932b92d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  682.900566][T17194] RAX: ffffffffffffffda RBX: 00007f932d136180 RCX: 00007f932cf0ebe9
[  682.900577][T17194] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  682.900588][T17194] RBP: 00007f932b92d090 R08: 0000000000000000 R09: 0000000000000000
[  682.900600][T17194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  682.900612][T17194] R13: 00007f932d136218 R14: 00007f932d136180 R15: 00007ffc4fac32d8
[  682.900627][T17194]  </TASK>
[  683.241850][T17198] loop2: detected capacity change from 0 to 512
[  683.268227][T17198] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  683.325171][T17198] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  683.371772][T17198] ext4 filesystem being mounted at /173/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  683.475355][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  683.508081][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  683.655789][T17213] hub 8-0:1.0: USB hub found
[  683.660657][T17213] hub 8-0:1.0: 8 ports detected
[  683.680788][T17215] dummy0: left allmulticast mode
[  683.685884][T17215] bridge0: port 3(dummy0) entered disabled state
[  683.917568][T17220] SELinux:  Context Ü is not valid (left unmapped).
[  684.045052][T17222] lo speed is unknown, defaulting to 1000
[  684.367922][T17230] loop4: detected capacity change from 0 to 512
[  684.375568][T17230] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  684.384949][T17230] EXT4-fs (loop4): orphan cleanup on readonly fs
[  684.392038][T17230] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3779: bg 0: block 248: padding at end of block bitmap is not set
[  684.409360][T17230] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3779: Failed to acquire dquot type 1
[  684.423151][T17230] EXT4-fs (loop4): 1 truncate cleaned up
[  684.429293][T17230] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  684.748204][T17245] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3786'.
[  684.757146][T17245] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3786'.
[  684.868190][   T51] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  684.880408][T17252] loop5: detected capacity change from 0 to 512
[  684.918241][   T51] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  684.934784][T17252] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  684.967978][   T51] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  684.982355][T17252] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.3789: invalid indirect mapped block 2683928664 (level 1)
[  685.006049][   T51] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  685.157960][T17252] EXT4-fs (loop5): Remounting filesystem read-only
[  685.166993][T17252] EXT4-fs (loop5): 1 truncate cleaned up
[  685.173566][T17252] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  685.518207][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  685.578990][T17273] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3798'.
[  685.617588][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  685.806930][T17294] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3807'.
[  685.913288][T17295] lo speed is unknown, defaulting to 1000
[  686.450560][T17297] loop3: detected capacity change from 0 to 512
[  686.467917][T17297] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  686.578150][T17297] EXT4-fs (loop3): 1 truncate cleaned up
[  686.584625][T17297] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  687.050403][T17306] hub 8-0:1.0: USB hub found
[  687.055098][T17306] hub 8-0:1.0: 8 ports detected
[  687.085138][T17312] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3813'.
[  687.732016][T17315] loop5: detected capacity change from 0 to 512
[  687.789085][T17315] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  687.805498][T17315] EXT4-fs (loop5): orphan cleanup on readonly fs
[  687.813087][T17315] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3812: bg 0: block 248: padding at end of block bitmap is not set
[  687.836076][T17315] __quota_error: 31 callbacks suppressed
[  687.836089][T17315] Quota error (device loop5): write_blk: dquota write failed
[  687.849347][T17315] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  687.859233][T17315] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.3812: Failed to acquire dquot type 1
[  687.883160][T17315] EXT4-fs (loop5): 1 truncate cleaned up
[  687.889347][T17315] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  687.912973][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  688.566392][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  688.622574][T17336] loop3: detected capacity change from 0 to 512
[  688.641570][T17336] EXT4-fs: Ignoring removed mblk_io_submit option
[  688.667046][T17336] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  688.685486][T17336] EXT4-fs (loop3): 1 truncate cleaned up
[  688.691449][T17342] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3824'.
[  688.701989][T17336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  688.793455][T17346] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3825'.
[  688.874988][T17349] loop4: detected capacity change from 0 to 512
[  688.882054][T17349] EXT4-fs: Ignoring removed mblk_io_submit option
[  688.912362][T17349] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  689.020750][T17349] EXT4-fs (loop4): 1 truncate cleaned up
[  689.026913][T17349] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  689.070472][T17353] hub 8-0:1.0: USB hub found
[  689.075256][T17353] hub 8-0:1.0: 8 ports detected
[  689.124962][T17358] veth1_to_bond: entered allmulticast mode
[  689.145682][   T29] audit: type=1400 audit(1755187853.371:8462): avc:  denied  { override_creds } for  pid=17357 comm="syz.5.3829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  689.204814][T17358] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  689.222959][   T29] audit: type=1400 audit(1755187853.451:8463): avc:  denied  { bind } for  pid=17357 comm="syz.5.3829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  689.246831][   T29] audit: type=1400 audit(1755187853.471:8464): avc:  denied  { setopt } for  pid=17357 comm="syz.5.3829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  689.268080][T17358] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3829'.
[  689.283929][T17358] bond0: (slave bond_slave_1): Releasing backup interface
[  689.295032][T17358] veth1_to_bond (unregistering): left allmulticast mode
[  689.400099][T17369] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3832'.
[  689.476298][T17375] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3835'.
[  689.486629][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  689.709790][T17382] hub 8-0:1.0: USB hub found
[  689.714472][T17382] hub 8-0:1.0: 8 ports detected
[  690.137790][T17392] loop2: detected capacity change from 0 to 512
[  690.152207][T17392] EXT4-fs: Ignoring removed mblk_io_submit option
[  690.186722][T17392] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  690.270636][T17392] EXT4-fs (loop2): 1 truncate cleaned up
[  690.291012][T17392] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  690.413379][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  690.551405][T17397] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3844'.
[  690.778627][   T29] audit: type=1326 audit(1755187855.001:8465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17400 comm="syz.5.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  690.802214][   T29] audit: type=1326 audit(1755187855.001:8466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17400 comm="syz.5.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  690.825792][   T29] audit: type=1326 audit(1755187855.001:8467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17400 comm="syz.5.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  690.849287][   T29] audit: type=1326 audit(1755187855.001:8468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17400 comm="syz.5.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  690.942873][T17409] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  691.151217][   T29] audit: type=1326 audit(1755187855.101:8469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17400 comm="syz.5.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  691.204793][T17426] loop5: detected capacity change from 0 to 512
[  691.216922][T17426] EXT4-fs: Ignoring removed mblk_io_submit option
[  691.225235][T17426] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  691.243645][T17426] EXT4-fs (loop5): 1 truncate cleaned up
[  691.262944][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  691.264378][T17426] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  691.295264][T17432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3855'.
[  691.383870][T17437] loop3: detected capacity change from 0 to 128
[  691.814933][T17455] loop2: detected capacity change from 0 to 512
[  691.961701][T17455] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  691.974297][T17455] ext4 filesystem being mounted at /192/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  692.245035][T17463] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  692.590738][T17469] FAULT_INJECTION: forcing a failure.
[  692.590738][T17469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  692.603856][T17469] CPU: 0 UID: 0 PID: 17469 Comm: syz.3.3867 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  692.603886][T17469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  692.603899][T17469] Call Trace:
[  692.603927][T17469]  <TASK>
[  692.603936][T17469]  __dump_stack+0x1d/0x30
[  692.603993][T17469]  dump_stack_lvl+0xe8/0x140
[  692.604093][T17469]  dump_stack+0x15/0x1b
[  692.604110][T17469]  should_fail_ex+0x265/0x280
[  692.604131][T17469]  should_fail+0xb/0x20
[  692.604196][T17469]  should_fail_usercopy+0x1a/0x20
[  692.604216][T17469]  _copy_from_user+0x1c/0xb0
[  692.604240][T17469]  ___sys_sendmsg+0xc1/0x1d0
[  692.604280][T17469]  __x64_sys_sendmsg+0xd4/0x160
[  692.604303][T17469]  x64_sys_call+0x191e/0x2ff0
[  692.604325][T17469]  do_syscall_64+0xd2/0x200
[  692.604352][T17469]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  692.604419][T17469]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  692.604445][T17469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.604492][T17469] RIP: 0033:0x7f932cf0ebe9
[  692.604507][T17469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.604579][T17469] RSP: 002b:00007f932b96f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  692.604624][T17469] RAX: ffffffffffffffda RBX: 00007f932d135fa0 RCX: 00007f932cf0ebe9
[  692.604653][T17469] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  692.604664][T17469] RBP: 00007f932b96f090 R08: 0000000000000000 R09: 0000000000000000
[  692.604675][T17469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.604688][T17469] R13: 00007f932d136038 R14: 00007f932d135fa0 R15: 00007ffc4fac32d8
[  692.604708][T17469]  </TASK>
[  692.914679][T17473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3870'.
[  693.039401][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  693.094980][   T29] kauditd_printk_skb: 18 callbacks suppressed
[  693.094993][   T29] audit: type=1400 audit(1755187857.321:8488): avc:  denied  { write } for  pid=17483 comm="syz.3.3875" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  693.234959][T13909] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  693.254035][   T29] audit: type=1326 audit(1755187857.441:8489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  693.277596][   T29] audit: type=1326 audit(1755187857.441:8490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  693.301300][   T29] audit: type=1326 audit(1755187857.441:8491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  693.324938][   T29] audit: type=1326 audit(1755187857.441:8492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  693.348545][   T29] audit: type=1326 audit(1755187857.441:8493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  693.372211][   T29] audit: type=1326 audit(1755187857.441:8494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  693.395981][   T29] audit: type=1326 audit(1755187857.441:8495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f932cf0ec23 code=0x7ffc0000
[  693.430873][   T29] audit: type=1326 audit(1755187857.531:8496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f932cf0d69f code=0x7ffc0000
[  693.431821][T17485] loop3: detected capacity change from 0 to 512
[  693.454395][   T29] audit: type=1326 audit(1755187857.531:8497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17483 comm="syz.3.3875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f932cf0ec77 code=0x7ffc0000
[  693.550644][T17485] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  693.553307][T17489] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3876'.
[  693.597625][T17485] ext4 filesystem being mounted at /182/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  693.602479][T17484] lo speed is unknown, defaulting to 1000
[  693.630541][T17489] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3876'.
[  693.708188][T17484] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3875: corrupted inode contents
[  693.722077][T17484] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.3875: mark_inode_dirty error
[  693.736315][T17484] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3875: corrupted inode contents
[  693.759005][T17484] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.3875: mark_inode_dirty error
[  693.763396][T17503] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3881'.
[  693.797962][T17506] loop4: detected capacity change from 0 to 512
[  693.805736][T17506] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  693.815343][T17506] EXT4-fs (loop4): orphan cleanup on readonly fs
[  693.822985][T17506] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3882: bg 0: block 248: padding at end of block bitmap is not set
[  693.838121][T17506] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.3882: Failed to acquire dquot type 1
[  693.851227][T17506] EXT4-fs (loop4): 1 truncate cleaned up
[  693.857645][T17506] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  693.873517][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  693.893836][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  693.983167][T17511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3883'.
[  694.203021][T17530] netlink: 'syz.4.3888': attribute type 10 has an invalid length.
[  694.210992][T17530] dummy0: left promiscuous mode
[  694.219664][T17530] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  694.475508][T17550] lo speed is unknown, defaulting to 1000
[  694.609074][T17545] hub 8-0:1.0: USB hub found
[  694.619191][T17545] hub 8-0:1.0: 8 ports detected
[  694.640897][T17552] loop3: detected capacity change from 0 to 512
[  694.648839][T17552] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  694.660155][T17552] EXT4-fs (loop3): orphan cleanup on readonly fs
[  694.690594][T17552] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3895: bg 0: block 248: padding at end of block bitmap is not set
[  694.706024][T17552] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.3895: Failed to acquire dquot type 1
[  694.723654][T17552] EXT4-fs (loop3): 1 truncate cleaned up
[  694.766852][T17552] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  694.795718][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  694.818531][T17557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3896'.
[  694.927708][T17564] hub 8-0:1.0: USB hub found
[  694.932524][T17564] hub 8-0:1.0: 8 ports detected
[  694.973776][T17567] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3900'.
[  695.323778][T17569] hub 8-0:1.0: USB hub found
[  695.328521][T17569] hub 8-0:1.0: 8 ports detected
[  695.403313][T17596] loop3: detected capacity change from 0 to 128
[  695.786408][T17622] loop4: detected capacity change from 0 to 128
[  695.798021][T17623] loop3: detected capacity change from 0 to 128
[  696.001725][T17627] hub 8-0:1.0: USB hub found
[  696.006416][T17627] hub 8-0:1.0: 8 ports detected
[  696.147079][T17640] hub 8-0:1.0: USB hub found
[  696.151832][T17640] hub 8-0:1.0: 8 ports detected
[  696.711617][T17653] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.751040][T17653] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.761291][T17650] bridge0: port 3(dummy0) entered disabled state
[  696.767700][T17650] bridge0: port 2(bridge_slave_1) entered disabled state
[  696.774957][T17650] bridge0: port 1(bridge_slave_0) entered disabled state
[  696.849298][T17650] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.859742][T17650] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.892437][ T6173] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  696.909389][ T6173] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  696.928880][ T6173] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  696.949240][T17657] loop4: detected capacity change from 0 to 128
[  696.975907][ T6173] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  697.000491][T17660] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3937'.
[  697.049569][T17664] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3939'.
[  697.352869][T17678] lo speed is unknown, defaulting to 1000
[  697.639673][T17677] lo speed is unknown, defaulting to 1000
[  698.198033][   T29] kauditd_printk_skb: 170 callbacks suppressed
[  698.198046][   T29] audit: type=1326 audit(1755187862.421:8664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17693 comm="syz.3.3953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  698.268587][T17699] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3954'.
[  698.289869][T17701] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3956'.
[  698.302327][   T29] audit: type=1326 audit(1755187862.471:8665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17693 comm="syz.3.3953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  698.325718][   T29] audit: type=1326 audit(1755187862.471:8666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17693 comm="syz.3.3953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  698.349275][   T29] audit: type=1326 audit(1755187862.471:8667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17693 comm="syz.3.3953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  698.372603][   T29] audit: type=1326 audit(1755187862.471:8668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17693 comm="syz.3.3953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  698.396417][   T29] audit: type=1326 audit(1755187862.471:8669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17693 comm="syz.3.3953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  698.419822][   T29] audit: type=1326 audit(1755187862.471:8670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17693 comm="syz.3.3953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f932cf0ebe9 code=0x7ffc0000
[  698.447223][T17703] dummy0: left allmulticast mode
[  698.458923][T17703] bridge0: port 3(dummy0) entered disabled state
[  698.679508][   T29] audit: type=1326 audit(1755187862.851:8671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17718 comm="syz.4.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f614a15ebe9 code=0x7ffc0000
[  698.703195][   T29] audit: type=1326 audit(1755187862.851:8672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17718 comm="syz.4.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f614a15ebe9 code=0x7ffc0000
[  698.726963][   T29] audit: type=1326 audit(1755187862.851:8673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17718 comm="syz.4.3963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f614a15ebe9 code=0x7ffc0000
[  698.753954][T17721] 9pnet_fd: Insufficient options for proto=fd
[  698.760496][T17722] hub 8-0:1.0: USB hub found
[  698.765177][T17722] hub 8-0:1.0: 8 ports detected
[  698.865353][T17735] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3970'.
[  698.905351][T17738] loop3: detected capacity change from 0 to 128
[  699.276335][T17761] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3981'.
[  699.336623][T17763] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  699.457829][T17780] netlink: 'syz.4.3991': attribute type 10 has an invalid length.
[  699.466174][T17780] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3991'.
[  699.486760][T17780] dummy0: entered promiscuous mode
[  699.502191][T17780] bond0: (slave dummy0): Releasing backup interface
[  699.530605][T17780] bridge0: port 3(dummy0) entered blocking state
[  699.537472][T17780] bridge0: port 3(dummy0) entered disabled state
[  699.554309][T17787] loop3: detected capacity change from 0 to 512
[  699.562301][T17787] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  699.581233][T17780] dummy0: entered allmulticast mode
[  699.601114][T17787] EXT4-fs (loop3): orphan cleanup on readonly fs
[  699.611141][T17787] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3986: bg 0: block 248: padding at end of block bitmap is not set
[  699.696111][T17790] FAULT_INJECTION: forcing a failure.
[  699.696111][T17790] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  699.709797][T17790] CPU: 1 UID: 0 PID: 17790 Comm: syz.5.3993 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  699.709834][T17790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  699.709846][T17790] Call Trace:
[  699.709852][T17790]  <TASK>
[  699.709860][T17790]  __dump_stack+0x1d/0x30
[  699.709932][T17790]  dump_stack_lvl+0xe8/0x140
[  699.709949][T17790]  dump_stack+0x15/0x1b
[  699.709966][T17790]  should_fail_ex+0x265/0x280
[  699.709983][T17790]  should_fail+0xb/0x20
[  699.709998][T17790]  should_fail_usercopy+0x1a/0x20
[  699.710157][T17790]  _copy_from_user+0x1c/0xb0
[  699.710185][T17790]  bm_entry_write+0x9c/0x370
[  699.710213][T17790]  ? __pfx_bm_entry_write+0x10/0x10
[  699.710239][T17790]  vfs_write+0x266/0x960
[  699.710306][T17790]  ? __rcu_read_unlock+0x4f/0x70
[  699.710327][T17790]  ? __fget_files+0x184/0x1c0
[  699.710354][T17790]  ksys_write+0xda/0x1a0
[  699.710418][T17790]  __x64_sys_write+0x40/0x50
[  699.710438][T17790]  x64_sys_call+0x27fe/0x2ff0
[  699.710458][T17790]  do_syscall_64+0xd2/0x200
[  699.710551][T17790]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  699.710575][T17790]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  699.710597][T17790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.710615][T17790] RIP: 0033:0x7f581020ebe9
[  699.710629][T17790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  699.710700][T17790] RSP: 002b:00007f580ec6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  699.710720][T17790] RAX: ffffffffffffffda RBX: 00007f5810435fa0 RCX: 00007f581020ebe9
[  699.710734][T17790] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000003
[  699.710814][T17790] RBP: 00007f580ec6f090 R08: 0000000000000000 R09: 0000000000000000
[  699.710825][T17790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  699.710835][T17790] R13: 00007f5810436038 R14: 00007f5810435fa0 R15: 00007ffe55c23208
[  699.710854][T17790]  </TASK>
[  699.936466][T17787] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.3986: Failed to acquire dquot type 1
[  699.951309][T17787] EXT4-fs (loop3): 1 truncate cleaned up
[  699.953815][T17794] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3994'.
[  699.996516][T17787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  700.178767][T17812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3999'.
[  700.287387][T17813] hub 8-0:1.0: USB hub found
[  700.292168][T17813] hub 8-0:1.0: 8 ports detected
[  700.466284][T17817] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4002'.
[  701.269604][T17857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4018'.
[  701.282180][T17846] bridge0: port 3(dummy0) entered disabled state
[  701.288639][T17846] bridge0: port 2(bridge_slave_1) entered disabled state
[  701.296006][T17846] bridge0: port 1(bridge_slave_0) entered disabled state
[  701.356330][T17846] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  701.366660][T17846] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  701.422142][T17846] veth3: left promiscuous mode
[  701.429670][   T57] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  701.438632][   T57] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  701.457366][   T57] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  701.466378][   T57] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  701.489776][   T57] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  701.498768][   T57] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  701.507804][T17862] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4019'.
[  701.517620][   T57] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  701.526565][   T57] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  701.754542][T17888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  701.770046][T17888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  702.555813][T14383] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  702.572250][T17927] loop3: detected capacity change from 0 to 128
[  702.887851][T17945] loop4: detected capacity change from 0 to 512
[  702.899640][T17945] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  702.973484][T17945] EXT4-fs (loop4): 1 truncate cleaned up
[  702.979717][T17945] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  703.316928][T17955] loop5: detected capacity change from 0 to 128
[  703.449447][   T29] kauditd_printk_skb: 158 callbacks suppressed
[  703.449549][   T29] audit: type=1326 audit(1755187867.641:8830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.479212][   T29] audit: type=1326 audit(1755187867.641:8831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.502785][   T29] audit: type=1326 audit(1755187867.641:8832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.526335][   T29] audit: type=1326 audit(1755187867.651:8833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.549854][   T29] audit: type=1326 audit(1755187867.651:8834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.573328][   T29] audit: type=1326 audit(1755187867.651:8835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.596794][   T29] audit: type=1326 audit(1755187867.651:8836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.620272][   T29] audit: type=1326 audit(1755187867.651:8837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.643735][   T29] audit: type=1326 audit(1755187867.661:8838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.667260][   T29] audit: type=1326 audit(1755187867.661:8839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17956 comm="syz.6.4058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f054350ebe9 code=0x7ffc0000
[  703.885548][T17970] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  703.892083][T17970] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  703.899920][T17970] vhci_hcd vhci_hcd.0: Device attached
[  703.916707][T17977] __nla_validate_parse: 2 callbacks suppressed
[  703.916767][T17977] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4064'.
[  703.955650][T17980] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4068'.
[  704.161999][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  704.167619][T17997] loop3: detected capacity change from 0 to 128
[  704.195672][   T36] usb 6-1: SetAddress Request (2) to port 0
[  704.205359][   T36] usb 6-1: new SuperSpeed USB device number 2 using vhci_hcd
[  704.249779][T18003] loop5: detected capacity change from 0 to 1024
[  704.279582][T18003] EXT4-fs: Ignoring removed nomblk_io_submit option
[  704.294017][T18003] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  704.304084][T18003] System zones: 0-1, 3-36
[  704.312695][T18003] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  704.365565][T18016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4080'.
[  704.666287][T17971] vhci_hcd: connection reset by peer
[  704.672062][ T1419] vhci_hcd: stop threads
[  704.676301][ T1419] vhci_hcd: release socket
[  704.680838][ T1419] vhci_hcd: disconnect device
[  705.099953][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  705.221811][T18038] loop5: detected capacity change from 0 to 128
[  705.230772][T18037] loop2: detected capacity change from 0 to 128
[  705.439933][T18050] loop5: detected capacity change from 0 to 512
[  705.529971][T18050] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  705.542619][T18050] ext4 filesystem being mounted at /304/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  705.746229][T18057] loop4: detected capacity change from 0 to 512
[  705.775869][T18057] EXT4-fs: Ignoring removed mblk_io_submit option
[  705.834937][T18057] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  705.890368][T18057] EXT4-fs (loop4): 1 truncate cleaned up
[  705.919204][T18057] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  706.621192][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  706.998096][T18072] loop2: detected capacity change from 0 to 128
[  707.096387][T18081] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4104'.
[  707.184702][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  707.202936][T18090] loop4: detected capacity change from 0 to 512
[  707.209753][T18090] EXT4-fs: Ignoring removed mblk_io_submit option
[  707.232248][T18090] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  707.261133][T18090] EXT4-fs (loop4): 1 truncate cleaned up
[  707.286866][T18090] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  708.052802][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  708.296921][T18142] loop4: detected capacity change from 0 to 512
[  708.322445][T18144] 9pnet_fd: Insufficient options for proto=fd
[  708.333640][T18142] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  708.355926][T18142] EXT4-fs (loop4): orphan cleanup on readonly fs
[  708.452045][T18142] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4126: bg 0: block 248: padding at end of block bitmap is not set
[  708.477140][T18152] loop5: detected capacity change from 0 to 512
[  708.483270][T18142] __quota_error: 283 callbacks suppressed
[  708.483285][T18142] Quota error (device loop4): write_blk: dquota write failed
[  708.484032][T18152] EXT4-fs: Ignoring removed mblk_io_submit option
[  708.489223][T18142] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  708.497981][T18152] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  708.503077][T18142] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4126: Failed to acquire dquot type 1
[  708.700812][T18142] EXT4-fs (loop4): 1 truncate cleaned up
[  708.789771][T18152] EXT4-fs (loop5): 1 truncate cleaned up
[  708.809769][T18152] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  708.835401][T18142] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  709.259361][   T36] usb 6-1: device descriptor read/8, error -110
[  709.294958][T18160] dummy0: left allmulticast mode
[  709.307979][T18160] dummy0: left promiscuous mode
[  709.313055][T18160] bridge0: port 3(dummy0) entered disabled state
[  709.330526][T12326] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  709.355821][   T29] audit: type=1326 audit(1755187873.581:9123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  709.379404][   T29] audit: type=1326 audit(1755187873.581:9124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  709.389353][   T36] usb 6-1: new SuperSpeed USB device number 2 using vhci_hcd
[  709.433888][   T36] usb 6-1: enqueue for inactive port 0
[  709.437048][   T29] audit: type=1326 audit(1755187873.631:9125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  709.445148][   T36] usb 6-1: enqueue for inactive port 0
[  709.462955][   T29] audit: type=1326 audit(1755187873.631:9126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  709.491778][   T36] usb 6-1: enqueue for inactive port 0
[  709.491781][   T29] audit: type=1326 audit(1755187873.631:9127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  709.520693][   T29] audit: type=1326 audit(1755187873.631:9128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  709.544727][   T29] audit: type=1326 audit(1755187873.631:9129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  709.568214][   T29] audit: type=1326 audit(1755187873.631:9130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18161 comm="syz.5.4136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f581020ebe9 code=0x7ffc0000
[  710.073260][T18174] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4140'.
[  710.261886][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  710.299366][T18186] loop4: detected capacity change from 0 to 512
[  710.306047][T18186] EXT4-fs: Ignoring removed mblk_io_submit option
[  710.313550][T18186] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  710.324447][T18186] EXT4-fs (loop4): 1 truncate cleaned up
[  710.330520][T18186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  710.510077][   T36] usb usb6-port1: attempt power cycle
[  710.661637][T18186] ==================================================================
[  710.669732][T18186] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping
[  710.677524][T18186] 
[  710.679826][T18186] write to 0xffffea0004703858 of 8 bytes by task 18188 on cpu 1:
[  710.687516][T18186]  __filemap_remove_folio+0x1a5/0x2a0
[  710.692869][T18186]  folio_unmap_invalidate+0x1dd/0x360
[  710.698220][T18186]  invalidate_inode_pages2_range+0x27c/0x3d0
[  710.704614][T18186]  filemap_invalidate_pages+0x16d/0x1a0
[  710.710134][T18186]  kiocb_invalidate_pages+0x6e/0x80
[  710.715325][T18186]  __iomap_dio_rw+0x5d4/0x1250
[  710.720071][T18186]  iomap_dio_rw+0x40/0x90
[  710.724384][T18186]  ext4_file_write_iter+0xad9/0xf00
[  710.729566][T18186]  iter_file_splice_write+0x669/0x9e0
[  710.735068][T18186]  direct_splice_actor+0x156/0x2a0
[  710.740200][T18186]  splice_direct_to_actor+0x312/0x680
[  710.745561][T18186]  do_splice_direct+0xda/0x150
[  710.750300][T18186]  do_sendfile+0x380/0x650
[  710.754705][T18186]  __x64_sys_sendfile64+0x105/0x150
[  710.759903][T18186]  x64_sys_call+0x2bb0/0x2ff0
[  710.764556][T18186]  do_syscall_64+0xd2/0x200
[  710.769125][T18186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.774998][T18186] 
[  710.777311][T18186] read to 0xffffea0004703858 of 8 bytes by task 18186 on cpu 0:
[  710.784932][T18186]  folio_mapping+0xa1/0x120
[  710.789436][T18186]  lru_add+0x80/0x430
[  710.793410][T18186]  folio_batch_move_lru+0x177/0x230
[  710.798597][T18186]  lru_add_drain_cpu+0x77/0x250
[  710.803425][T18186]  __folio_batch_release+0x44/0xb0
[  710.808519][T18186]  file_write_and_wait_range+0x241/0x2c0
[  710.814354][T18186]  generic_buffers_fsync_noflush+0x45/0x120
[  710.820224][T18186]  ext4_sync_file+0x1ab/0x690
[  710.824881][T18186]  vfs_fsync_range+0x10a/0x130
[  710.829620][T18186]  ext4_buffered_write_iter+0x34f/0x3c0
[  710.835145][T18186]  ext4_file_write_iter+0xdbf/0xf00
[  710.840323][T18186]  iter_file_splice_write+0x669/0x9e0
[  710.845670][T18186]  direct_splice_actor+0x156/0x2a0
[  710.850755][T18186]  splice_direct_to_actor+0x312/0x680
[  710.856100][T18186]  do_splice_direct+0xda/0x150
[  710.860842][T18186]  do_sendfile+0x380/0x650
[  710.865239][T18186]  __x64_sys_sendfile64+0x105/0x150
[  710.870425][T18186]  x64_sys_call+0x2bb0/0x2ff0
[  710.875077][T18186]  do_syscall_64+0xd2/0x200
[  710.879648][T18186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.885521][T18186] 
[  710.887979][T18186] value changed: 0xffff8881073e53e0 -> 0x0000000000000000
[  710.895142][T18186] 
[  710.897441][T18186] Reported by Kernel Concurrency Sanitizer on:
[  710.903578][T18186] CPU: 0 UID: 0 PID: 18186 Comm: syz.4.4145 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary) 
[  710.916047][T18186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  710.926078][T18186] ==================================================================
[  711.218303][T15388] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  712.479473][   T36] usb usb6-port1: unable to enumerate USB device