last executing test programs:

41.190196499s ago: executing program 0 (id=8989):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="3102000000000000003900000004100d80"], 0x18}, 0x1, 0x0, 0x0, 0x11}, 0x80)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x4, @empty, 'tunl0\x00'}}, 0x1e)
r3 = socket(0x18, 0x0, 0x0)
connect$pppoe(r3, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
socket$inet(0xa, 0x1, 0x401)
r4 = open$dir(&(0x7f0000000080)='./bus\x00', 0x81, 0x152)
r5 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000200))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
mount_setattr(r4, &(0x7f0000000180)='./bus\x00', 0x9000, &(0x7f0000000240)={0x80, 0x0, 0x0, {r5}}, 0x20)

41.13896202s ago: executing program 0 (id=8990):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wg1\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x14, 0x0, 0x0)
sendto$packet(r1, &(0x7f0000000240)='\x00', 0x1, 0x800, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfc}}, 0x14)

41.040615331s ago: executing program 0 (id=8993):
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xdc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2000, 0xfffffffffffffffd}, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0xffbe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c23003f)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000000000000230500000100000000000000a9df0c31b602426f561b5cf24d294db53ac15b5e3a9df74b5d8ef519e10554bcca651cbb67ed1e9dd5ac7bcc93aea323e3188cfc3bb335f99f0edc379ecfe1e5d5b304645297fd29da117135b3690508e1a8368f8de032274df0889ac6", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000280), 0x6, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703f2ff08000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
write$cgroup_type(r0, &(0x7f0000000080), 0xfffffed8)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffc})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r6}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")

40.860858014s ago: executing program 0 (id=8999):
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x319080, 0x0)
removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='com.apple.system.Security\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00')
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xa5d4}, 0x4c58, 0x0, 0x0, 0x1, 0x8, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0)
setxattr$trusted_overlay_origin(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000280), 0x2, 0x1)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10)

40.649879847s ago: executing program 0 (id=9004):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000400), 0xf}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="04000000040000000400000005", @ANYRES32=0x0, @ANYRESDEC], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = epoll_create(0x8)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0xf6c447fee59251f4})
close(r5)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4401})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
pipe2(&(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100002a86da000da356f0efcfe37258c0", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000940)={0x0, 0x1400, &(0x7f0000000180)=[{&(0x7f00000001c0)="d80000001c0081064e81f782db44b9040a1d08040e00000000000aa1180002000600142603600e1208000f0000810401a8001605200001400200000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162756aa5e8d7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r10}, &(0x7f0000000040), &(0x7f0000000280)='%pS    \x00'}, 0x20)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff0000000700000000000000009500000000000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r11}, 0x10)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0)

40.198737514s ago: executing program 0 (id=9010):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x8}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x6, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x80000000000}, 0x18)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r3, &(0x7f0000000040), 0x2, 0x0)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x20, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r6, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

40.167162024s ago: executing program 32 (id=9010):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x8}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x6, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x80000000000}, 0x18)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r3, &(0x7f0000000040), 0x2, 0x0)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x20, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r6, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

818.731767ms ago: executing program 2 (id=9759):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IMADDTIMER(r3, 0x80044940, &(0x7f0000000280)=0x14)
read(r3, &(0x7f00000019c0)=""/4097, 0x1001)

783.676328ms ago: executing program 2 (id=9761):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
mount_setattr(0xffffffffffffffff, &(0x7f0000000180)='./bus\x00', 0x9000, &(0x7f0000000240)={0x80}, 0x20)

742.882129ms ago: executing program 2 (id=9762):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000)=0x80, 0x4)

742.692059ms ago: executing program 2 (id=9763):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
write(r2, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
gettid()
r3 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
fcntl$addseals(r3, 0x409, 0xb)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)

719.777439ms ago: executing program 5 (id=9766):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)

701.405999ms ago: executing program 5 (id=9767):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@rdma_args={0x48, 0x114, 0xa1, {{0x3, 0x2}, {&(0x7f00000000c0)=""/160, 0xa0}, &(0x7f0000000340)=[{&(0x7f0000001140)=""/102, 0x66}], 0x1, 0x60, 0xfffffffefffffffe}}], 0x48, 0x8004}, 0x0)

604.307081ms ago: executing program 5 (id=9768):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x100}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f62726964676500140001007767"], 0xa8}}, 0x0)

603.781091ms ago: executing program 5 (id=9769):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x9d0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
r5 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
write$binfmt_script(r5, &(0x7f0000000300)={'#! ', './file0'}, 0xb)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x3c, r8, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}]}]}, 0x3c}}, 0x4000000)
r9 = getpid()
unshare(0x2040400)
r10 = syz_pidfd_open(r9, 0x0)
close_range(r10, 0xffffffffffffffff, 0x2)

551.771122ms ago: executing program 5 (id=9771):
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001200)}, 0x58)

523.619702ms ago: executing program 2 (id=9772):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000180)='./bus\x00', 0x9000, &(0x7f0000000240)={0x80}, 0x20)

508.179222ms ago: executing program 5 (id=9773):
getrusage(0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = msgget$private(0x0, 0x700)
msgrcv(r0, 0x0, 0x0, 0x1, 0x2000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
creat(0x0, 0x19a)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, 0x0, 0x0)
bind$inet(r1, 0x0, 0x0)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x1, 0x800000000004, @thr={&(0x7f0000000300)="41157f665a44bb95e282b824a2c1710729672c661834381aae63b9b7eb7cb2dba4b7084a62eb2eb275a6bfa8d60f6d347e64574b5b7a9e6968dfcc62ca9f6ca4c58ff2d7a88ec7a395ada4136f033cbc13692b220618713ef3571959d381d95a0d7b9b757879320eccac77f42aab71af10a057f04349206a061e7382e20a1bd3942b02c2", &(0x7f0000000440)="0b6f11505642f5ed2d7546154378944fb31b4304a236f073196a0e8668e609353e37059e64552b2f3af84c8906a43435790381aa0c744b6231e87c1f4b635ab2a0cfa67b99989edafe20662624f14973cfd6d54a905a161c3422accd92db2ea2d68a7be65f4a7ed24652da233e14e68a801b970402ce46b5a3a28c469de6f7e19ae385d2ceb57942cd8469981930d5bafc53efaaa0a879f4cc134403619c0439cb4d6fa05fe6ba8b6eee02fccfed146e2e0d5963ac8878e59bd16c3d0545"}}, &(0x7f0000bbdffc))
r2 = syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x6d89, 0x400, 0x40000, 0x118}, &(0x7f0000000400)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r3, 0x0, 0x0)
io_uring_enter(r2, 0x8aa, 0x0, 0x41, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea048500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
readv(r4, &(0x7f0000000180)=[{&(0x7f0000000000)=""/24, 0x23}], 0x1)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x614000, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'veth0_to_hsr\x00'})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETLINK(r6, 0x400454cd, 0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

486.309782ms ago: executing program 2 (id=9775):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = memfd_secret(0x80000)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r1, &(0x7f0000001940)={0xa, 0x0, 0x0, @private0, 0x9}, 0x1c)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3, 0x0, 0x2}, 0x18)
fcntl$setlease(r0, 0x400, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r9}, 0x10)
r10 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a00)=@newtfilter={0x58, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r11, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x28, 0x2, [@TCA_CGROUP_EMATCHES={0x24, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x9, 0x7, 0xff}, {{}, {0x2, 0x1, 0x1, 0x1}}}}]}]}]}}]}, 0x58}}, 0x0)
ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x0, 0x1, 0x1fc}})

486.055792ms ago: executing program 3 (id=9776):
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
close(r0)

475.770853ms ago: executing program 3 (id=9777):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)

456.718653ms ago: executing program 3 (id=9778):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x2, 0x0, 0x7ffffdbd}]})
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x1, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file2\x00', 0x185042, 0x1d8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1b, 0x11, r0, 0x0)
sendmmsg$sock(r0, &(0x7f0000005300)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000006c0)="38d8ee1c603d648b3a1f98b8b053fb0918c8325b1f49819c393fc58b78282e23a453788d48060b700aa092f0373c25ce6088d77aacffc0d79032e15eb1c8f1afae65eab85a62f8539209e57fd933d6", 0x4f}, {&(0x7f0000002600)="e822d37585bb960fc3931e621e32f4cdd94c0ba5c6aceca37c3e02a8b391107ac4c815706f9e5fc657bea21f22b3ee11561b7409af86b5ac7c1d2e7c6b58a036ff67c2928cac97148e2c5c301da9aa5cebee8de009578361eeaf6c2327d1119ad4f542d46c2cf855b4e3124b46af0d25a4045b6f53ef3b45848101610f3be72ed1d9ddd96fa7b09a56a94a3f8c9886b459a3c02b4035805a65dd99f870466bb00226b750418cd605d075b1ac84a6e9c48f72335711a77c627c28260a1e61b68c802bd0a5d28fffe2186c5dc5c162eeaac0738b9b5a536011778b2ab0d7464c2841c7ea781359636857b1bb8efb9b643cfa2a1fdb819dca0768a5545b1e4d3f18d4bf55c9e21efbb0e5ea0d79503202d2ed8e4fd56de77da2dd9cd370907da4baf6ceaa552d75714f86cb215090d8cf95905f7a66c2072a81b42d314b18533daa46ec5fc944ea891bedad5688147a9651ef548ca2e438aa2017d629f7dcf4e31f4ec1597940424998e7393765dc6be398356f80ab9ada33c0d637aa78defaeab06aded965500cbce7b7af79c9c4a7f94d640d2606b819b000236d954928adb6036e873332f0113692b82606b1cb8a577f1c4670533c73b6213071da69ebd3c8668b1dcb5245014ef0350dcafbd4e0ed87abc3dc07562b3cc8cb58613d37afc391712a45cfb532793e95c7c3029ff4a6898dcd020910cc09b76361ca84c156bbaebe97645fa00d16f3358b49a7d4ab95452445c9f55cd25537d5b44b9551cadf0193c41e82b6cc9945948d4b385a49d806b24a61b43bad4fa5265f36415b3fb571546bad577386e9f6f9a54d356f5716ae849e36bdff98789243611b42e8beaf7e73c3c9125d7b486db335394729d0c2bd6b596720262de5c6d6eae1eaf7ede5a8614bdfef49faa18a7e7856cc2ccc0b41ccdfe789ec06b83905e52be52265def8b5269fb3b2502d3f2d7f9eb3f2d20aa2f2fb683c8a74732442244a2e83dd242b755f1adc8035c96a0543bd2119f8f86c6ae68d1e428147d371376ed936bb0ebe60889c4caf06c593721697eed6be631d3431568604368dde1c2ec034490aa4a9b0451e4495e7d1d92c150d4e2aab1a4a21f2ee75061c6f931b5c9668098a381670f5ea9c845bb56ea432790df83f759f751e6079d517dd11d1be3d227ea7721ace9cc3740e9f15a756e2ee31ddc07cb09c73462ff43e8e519b4e016b82ae6fea6ed96818dcfa495e7d51db6c75eb909c0cc39937fadb1e260987a6cac4ce8ab98c16af9496987d6c92f73b72c2c6827508dbb1a2f7747b55b8b0c46f206976522e2ca82b737521a6e65b6e3f5fb9b6cd4c42c984ec5c70451656767aa8d6f258634c75a97fd30c5b5e7989279966755a9af60ab5b7b3f59fa2afbc9b1b04a9624a434bde2aff68fe82eb0033802f0972cb878f55666007e9000860c09b8cc1d2a5676346983ac8450523e08cbea08ac0ef20985bb74c09024a077ef922f211a668ec443477550ca5a1e5576b48f611e3d94dfd40c7c02481c70570b1bdbbd0e7cabbed15ab4f5672d895c1dc162530ffe8d1a6d341175779082166af87986f3b4700d2e63c0b31c4dde4f5d51717f3932f37cec5eb31321e12c9e72c3754ec23612b454f039320b3b355bf00139dd43d04edcbeb41e53da4cbc83997b27838d6e0b5322529e06a75fb05e533c63618fbf064e9a7c4ec086508029e56fd0f372a91165526ff34c9237b4f9da04b6a935db2cb6c9bd6659ae245406480147f0ed6a57ae653af583e7418f97ce8672646764132cd38e4e3386de3add023995f27be996b3a41a5949f34699fbb5292a52eb4ce0da4edbb0b5f0b6950516369e3ccff200afd199080b70e45072898f21a5f7b8cf50a87b5be287edc0fbe8d2656b4726c7699ac478d5396975ff3466f21d904182041f24c392e72a199c90be7bbcee04506153cbb12f1848e166f915aa2e3902d3676d903ac9f4d20744cfe60502e63881ad45320a1a0d6518cd7e06bacf36242c2a41b67e1a4f272f1773ea785b7a3dac761d98a578d9486b9f916572e28d44a27e42764b73206c3fc7168e2362086d5587dc5a20d4a86b7e36f13418dac44ed2a4d4f021e5bd3aa211a626ed6231f74625f033454d12cda81b3274796f416b2571dddc72aaef624dd689c52de7974a2ea5d41ad068a1ec951ed2fdc4f2d740162f0279d15d9b58ae019632884fe920043b623c1c766be84f377ebcadf3d67f62abfb5cc862059be01a3449d9c7daabfd8d335861ebdaa69dd433fbd30c980f9fbcbff0c4f77549ef71f8fd331f37e6c7c67d92d157e3396822587ab717cbe01de61cc88c5143c8b0d0f92836c484c7d726aed2f1052403278df94f4713407b0855b9c13452267dcc13d949b3b93be1d30d8506abd537d8733ce8e64d8859f74819ba3f0e2d095b5ed6981aec66970d41d0d2133957c0feab9d2897fd5c950bea31d69f7d42c5c509f0fa6672eb10e6f327a51e223d10e286a222dff4313270c3f4da1e871f89df41318659f7f6dd5cce57d46bd32a0a9fc0a112fd26bda69d98b91222db66c932167a8ea3f1479be8a5689f05c67395504288064cebce2b05d6cdf8d885baaacfee8748b6ad8b6e3e1dc7e6f0e0bfa39523aea0b6ae312bfdc8c10b819be8ba0583a01dc9ee5ef62ec343d7093ac84e0f35a4ab23502e5c18b106a22e58c20e884e7e58f6a77719cc8fff7f24d40d35a44b3a601ace3e7d54188f91fab578f2f50f10606eba9e4a07e4a32a32a67dbbac6d008acb57440acde5f222489982ff517503eb64932b8caa689be56b5e2665fab257ec423925797a64bf711ced2e39d8437b732d9ae39526b92f63e0a98aa7de9277f7b535b91f3d0144ee13287154300a0a8cab3b7e6eeee6e18d8f876067e57ee2a6f94c853b7fdb10ce1fef03864a66d72f365f3f1afc257513430783d2376907aea78eb5967e8d7a58b0eb73ae3761f8aef3af1db5713bd6f13e15a88852db110bb215fef683afeb94699bc011f17bbd73de9e457b4a93acebebea4dd55f2466ade2ccc59f0c4dc5bdb866d610fc00dbd73363394e50542342cea4b4aa4dbfbd2af6ea8de67c688b5c3796e99925ce7f7439e298da6ad15be7f3d6802f80d9431c436b42add9c494a3ff3a1bc7ab2e65fdbdda9f3ac2946394f3907ccc5773cd8ea28c5f0baa80856471bca1ef16cbbb702306cded509103826212112151563ccaca40db6ead8c62f0a842dff863e26bb1bb7e719ae23a864b89e86049d77ce2f0da239565b6f891109bac90bbb6bc06fd936fe3928d50bd23f777a00231d78f7f2c92f43b053e0c048085cd58dc38636e2192af9c999632988aee0c6634e984c89334e18e796605f5885d9f77c994516b03a8e35bb4db84577783a66fe2a28eba9a8c34d313f3a5cfb752a37febc9b31a9f2a68ae4464dcdb742bfc2663741728b2f19e4f252e4cfbd8895f8498d50863d88258bc04444f7c3ce73a8eccd46f26226b0e96933becdd83ec9095b330e70d0a925161612d9badeeb7781afd4fc9895ddc26a7ebd93681edc59f050ad5dcc43629961b9b99ffaa487ef2462a512bd64e51741205e0330e47db15063071c69b75588ae", 0x9ff}, {0x0}], 0x3, &(0x7f0000000900)=[@mark={{0x14, 0x1, 0x24, 0x3}}, @mark={{0x14, 0x1, 0x24, 0x4af8}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0xd6}}, @txtime={{0x18, 0x1, 0x3d, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x4}}], 0xa8}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20000040)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file3\x00', 0x143441, 0x98)
fallocate(r1, 0x10, 0xcf7, 0x2c03)

419.102093ms ago: executing program 1 (id=9779):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x100}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f62726964676500140001007767"], 0xa8}}, 0x0)

400.867784ms ago: executing program 1 (id=9780):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001900)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30080, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)

396.604444ms ago: executing program 3 (id=9781):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x4000841, &(0x7f000005ffe4)={0xa, 0x4e21, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}, 0xffffffff}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000005000000020000000400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000400000000000800000000000000000000000002000000000067f421e94b48d5e57bf582d0fb531a9f72e20239b8d8accc90f4d1085ecf9a432d2a2e4ca1e906dff55986573daf0315e499dbd594ca2d69b078f3e8daf2366334912c91112cdd"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x40000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r4}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1124000}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x40, r5, 0x20, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xffff}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000085)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r6}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

356.643834ms ago: executing program 1 (id=9782):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
write(r2, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
gettid()
r3 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
fcntl$addseals(r3, 0x409, 0xb)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)

207.921847ms ago: executing program 1 (id=9785):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x11, 0xb, &(0x7f0000000880)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {}, {0x3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0xffffffffffffffff, 0xea, 0x100004}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x4, 0x1}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

164.351987ms ago: executing program 3 (id=9786):
perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x3, 0x800000000001}, 0x11120, 0x5dd8, 0x0, 0x6, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000800000000000000000000000000000000083fde303482ce3e2532d649ba4faf3d59dcacad4a624ed9e19ee33cd32f42f88094c69710efad332b96cb680244f", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffe76)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r3}, 0x10)
socket(0x28, 0x4, 0x8000000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000000))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x3, 0x800000000001}, 0x1180, 0x5dd8, 0x0, 0x8, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6)
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xb3}, 0x18)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000240)=ANY=[@ANYBLOB="240100001600010428bd700000000000fe8000000000000000000000000000bbfc01000000000000000000000000000100040000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff02000000000000000000000000000100000000330000000a0101010000000000000000000000000000000000004e340100000000000000000000000000000004000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000a0000002bbd70000000000000000200000000000000000008000020ffffffdf2c0027cc"], 0x124}}, 0x0)
r8 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000040)={'vxcan0\x00'})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r9}, 0x10)

163.986267ms ago: executing program 4 (id=9787):
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
close(r0)

150.025947ms ago: executing program 4 (id=9788):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
kcmp(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)

129.842148ms ago: executing program 1 (id=9789):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
process_madvise(r1, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000240)="f7", 0x1}], 0x2, 0x66, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TCSBRK(r2, 0x5409, 0x401)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
pipe2(&(0x7f0000001cc0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x80a, &(0x7f0000000940)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYRESHEX=r1])
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000c0c69c1efa4d719d7d96a2e1df8853a12f5f9c177f0a52cba5f10b342f3cfa3344e49a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000140)='erofs_destroy_inode\x00', r6, 0x0, 0x8001}, 0x18)
r7 = open(&(0x7f00000003c0)='./bus\x00', 0x20102, 0x0)
fcntl$setstatus(r7, 0x4, 0x46400)
vmsplice(r7, &(0x7f0000000100)=[{&(0x7f0000000180)="d5", 0x1}], 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x1e, 0x16, &(0x7f0000000780)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000700)='GPL\x00', 0x9, 0xa2, &(0x7f0000000840)=""/162, 0x40f00, 0x65, '\x00', 0x0, @sk_lookup=0x24, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000900)={0x2, 0x3, 0x200, 0x75}, 0x10, 0x0, 0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000a00)=[{0x2, 0x5, 0x0, 0xa}, {0x3, 0x2, 0xd, 0xc}, {0x0, 0x1, 0x7, 0x9}, {0x3, 0x5, 0x2, 0x2}, {0x2, 0x1, 0xd, 0x3}, {0x4, 0x4, 0xe, 0x7}, {0x5, 0x3, 0xe, 0x5}, {0x1, 0x4, 0xa, 0x9}, {0x1, 0x1, 0xc}], 0x10, 0xfff, @void, @value}, 0x94)
syz_emit_ethernet(0x46, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000286dd6000cd0400103afffe8000000000000000000000000000aaff0200000000000000000000000000f585009078005a0100070000000300000066fc64a06e85e2a9a4f20267dfb3b6ffb5baca2e24058dae6484e1403cf8e058068eefbf3c2b8b02d76f0bbc29ea898539e0cc42985340f138f9898c60d34afc482de3281a4dfba1a86bc5ea53b526ae5457146ecf6ca992b44e2d4173b0d80941235bf62be3b5c78397a2d74db59c013088b68fc8652f5e296e69618edd27a83262917d2aa5f2cd681457a67c94b71f3658ef53de314a88904e2955d5772e08ff9dba0d06bdacbc3726d3fbf02474869004ebc704ed5778"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000640)={'team0\x00', <r8=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000680)={@private2={0xfc, 0x2, '\x00', 0x1}, 0x6, r8})
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r11 = socket$inet6(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000400)='securityfs\x00', 0x0)
sendmsg$inet6(r11, &(0x7f0000000140)={&(0x7f0000000080)={0xa, 0x4e22, 0x80000, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=[@rthdr={{0x10, 0x29, 0x3b, {0x1d, 0x0, 0x1, 0x2}}}], 0x18}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r10}, 0x10)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000580))
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200)

129.258698ms ago: executing program 4 (id=9790):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x100}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f62726964676500140001007767"], 0xa8}}, 0x0)

111.222128ms ago: executing program 4 (id=9791):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x2, 0x0, 0x7ffffdbd}]})
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x1, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file2\x00', 0x185042, 0x1d8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1b, 0x11, r0, 0x0)
sendmmsg$sock(r0, &(0x7f0000005300)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000006c0)="38d8ee1c603d648b3a1f98b8b053fb0918c8325b1f49819c393fc58b78282e23a453788d48060b700aa092f0373c25ce6088d77aacffc0d79032e15eb1c8f1afae65eab85a62f8539209e57fd933d6", 0x4f}, {&(0x7f0000002600)="e822d37585bb960fc3931e621e32f4cdd94c0ba5c6aceca37c3e02a8b391107ac4c815706f9e5fc657bea21f22b3ee11561b7409af86b5ac7c1d2e7c6b58a036ff67c2928cac97148e2c5c301da9aa5cebee8de009578361eeaf6c2327d1119ad4f542d46c2cf855b4e3124b46af0d25a4045b6f53ef3b45848101610f3be72ed1d9ddd96fa7b09a56a94a3f8c9886b459a3c02b4035805a65dd99f870466bb00226b750418cd605d075b1ac84a6e9c48f72335711a77c627c28260a1e61b68c802bd0a5d28fffe2186c5dc5c162eeaac0738b9b5a536011778b2ab0d7464c2841c7ea781359636857b1bb8efb9b643cfa2a1fdb819dca0768a5545b1e4d3f18d4bf55c9e21efbb0e5ea0d79503202d2ed8e4fd56de77da2dd9cd370907da4baf6ceaa552d75714f86cb215090d8cf95905f7a66c2072a81b42d314b18533daa46ec5fc944ea891bedad5688147a9651ef548ca2e438aa2017d629f7dcf4e31f4ec1597940424998e7393765dc6be398356f80ab9ada33c0d637aa78defaeab06aded965500cbce7b7af79c9c4a7f94d640d2606b819b000236d954928adb6036e873332f0113692b82606b1cb8a577f1c4670533c73b6213071da69ebd3c8668b1dcb5245014ef0350dcafbd4e0ed87abc3dc07562b3cc8cb58613d37afc391712a45cfb532793e95c7c3029ff4a6898dcd020910cc09b76361ca84c156bbaebe97645fa00d16f3358b49a7d4ab95452445c9f55cd25537d5b44b9551cadf0193c41e82b6cc9945948d4b385a49d806b24a61b43bad4fa5265f36415b3fb571546bad577386e9f6f9a54d356f5716ae849e36bdff98789243611b42e8beaf7e73c3c9125d7b486db335394729d0c2bd6b596720262de5c6d6eae1eaf7ede5a8614bdfef49faa18a7e7856cc2ccc0b41ccdfe789ec06b83905e52be52265def8b5269fb3b2502d3f2d7f9eb3f2d20aa2f2fb683c8a74732442244a2e83dd242b755f1adc8035c96a0543bd2119f8f86c6ae68d1e428147d371376ed936bb0ebe60889c4caf06c593721697eed6be631d3431568604368dde1c2ec034490aa4a9b0451e4495e7d1d92c150d4e2aab1a4a21f2ee75061c6f931b5c9668098a381670f5ea9c845bb56ea432790df83f759f751e6079d517dd11d1be3d227ea7721ace9cc3740e9f15a756e2ee31ddc07cb09c73462ff43e8e519b4e016b82ae6fea6ed96818dcfa495e7d51db6c75eb909c0cc39937fadb1e260987a6cac4ce8ab98c16af9496987d6c92f73b72c2c6827508dbb1a2f7747b55b8b0c46f206976522e2ca82b737521a6e65b6e3f5fb9b6cd4c42c984ec5c70451656767aa8d6f258634c75a97fd30c5b5e7989279966755a9af60ab5b7b3f59fa2afbc9b1b04a9624a434bde2aff68fe82eb0033802f0972cb878f55666007e9000860c09b8cc1d2a5676346983ac8450523e08cbea08ac0ef20985bb74c09024a077ef922f211a668ec443477550ca5a1e5576b48f611e3d94dfd40c7c02481c70570b1bdbbd0e7cabbed15ab4f5672d895c1dc162530ffe8d1a6d341175779082166af87986f3b4700d2e63c0b31c4dde4f5d51717f3932f37cec5eb31321e12c9e72c3754ec23612b454f039320b3b355bf00139dd43d04edcbeb41e53da4cbc83997b27838d6e0b5322529e06a75fb05e533c63618fbf064e9a7c4ec086508029e56fd0f372a91165526ff34c9237b4f9da04b6a935db2cb6c9bd6659ae245406480147f0ed6a57ae653af583e7418f97ce8672646764132cd38e4e3386de3add023995f27be996b3a41a5949f34699fbb5292a52eb4ce0da4edbb0b5f0b6950516369e3ccff200afd199080b70e45072898f21a5f7b8cf50a87b5be287edc0fbe8d2656b4726c7699ac478d5396975ff3466f21d904182041f24c392e72a199c90be7bbcee04506153cbb12f1848e166f915aa2e3902d3676d903ac9f4d20744cfe60502e63881ad45320a1a0d6518cd7e06bacf36242c2a41b67e1a4f272f1773ea785b7a3dac761d98a578d9486b9f916572e28d44a27e42764b73206c3fc7168e2362086d5587dc5a20d4a86b7e36f13418dac44ed2a4d4f021e5bd3aa211a626ed6231f74625f033454d12cda81b3274796f416b2571dddc72aaef624dd689c52de7974a2ea5d41ad068a1ec951ed2fdc4f2d740162f0279d15d9b58ae019632884fe920043b623c1c766be84f377ebcadf3d67f62abfb5cc862059be01a3449d9c7daabfd8d335861ebdaa69dd433fbd30c980f9fbcbff0c4f77549ef71f8fd331f37e6c7c67d92d157e3396822587ab717cbe01de61cc88c5143c8b0d0f92836c484c7d726aed2f1052403278df94f4713407b0855b9c13452267dcc13d949b3b93be1d30d8506abd537d8733ce8e64d8859f74819ba3f0e2d095b5ed6981aec66970d41d0d2133957c0feab9d2897fd5c950bea31d69f7d42c5c509f0fa6672eb10e6f327a51e223d10e286a222dff4313270c3f4da1e871f89df41318659f7f6dd5cce57d46bd32a0a9fc0a112fd26bda69d98b91222db66c932167a8ea3f1479be8a5689f05c67395504288064cebce2b05d6cdf8d885baaacfee8748b6ad8b6e3e1dc7e6f0e0bfa39523aea0b6ae312bfdc8c10b819be8ba0583a01dc9ee5ef62ec343d7093ac84e0f35a4ab23502e5c18b106a22e58c20e884e7e58f6a77719cc8fff7f24d40d35a44b3a601ace3e7d54188f91fab578f2f50f10606eba9e4a07e4a32a32a67dbbac6d008acb57440acde5f222489982ff517503eb64932b8caa689be56b5e2665fab257ec423925797a64bf711ced2e39d8437b732d9ae39526b92f63e0a98aa7de9277f7b535b91f3d0144ee13287154300a0a8cab3b7e6eeee6e18d8f876067e57ee2a6f94c853b7fdb10ce1fef03864a66d72f365f3f1afc257513430783d2376907aea78eb5967e8d7a58b0eb73ae3761f8aef3af1db5713bd6f13e15a88852db110bb215fef683afeb94699bc011f17bbd73de9e457b4a93acebebea4dd55f2466ade2ccc59f0c4dc5bdb866d610fc00dbd73363394e50542342cea4b4aa4dbfbd2af6ea8de67c688b5c3796e99925ce7f7439e298da6ad15be7f3d6802f80d9431c436b42add9c494a3ff3a1bc7ab2e65fdbdda9f3ac2946394f3907ccc5773cd8ea28c5f0baa80856471bca1ef16cbbb702306cded509103826212112151563ccaca40db6ead8c62f0a842dff863e26bb1bb7e719ae23a864b89e86049d77ce2f0da239565b6f891109bac90bbb6bc06fd936fe3928d50bd23f777a00231d78f7f2c92f43b053e0c048085cd58dc38636e2192af9c999632988aee0c6634e984c89334e18e796605f5885d9f77c994516b03a8e35bb4db84577783a66fe2a28eba9a8c34d313f3a5cfb752a37febc9b31a9f2a68ae4464dcdb742bfc2663741728b2f19e4f252e4cfbd8895f8498d50863d88258bc04444f7c3ce73a8eccd46f26226b0e96933becdd83ec9095b330e70d0a925161612d9badeeb7781afd4fc9895ddc26a7ebd93681edc59f050ad5dcc43629961b9b99ffaa487ef2462a512bd64e51741205e0330e47db15063071c69b75588ae", 0x9ff}, {0x0}], 0x3, &(0x7f0000000900)=[@mark={{0x14, 0x1, 0x24, 0x3}}, @mark={{0x14, 0x1, 0x24, 0x4af8}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0xd6}}, @txtime={{0x18, 0x1, 0x3d, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x4}}], 0xa8}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20000040)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file3\x00', 0x143441, 0x98)
fallocate(r1, 0x10, 0xcf7, 0x2c03)

44.836909ms ago: executing program 3 (id=9792):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x22020, &(0x7f00000000c0)={[{@bsdgroups}, {@nodiscard}, {@oldalloc}, {@noauto_da_alloc}, {@dax_always}, {@mblk_io_submit}, {@abort}, {@nodiscard}, {@data_ordered}]}, 0x64, 0x50d, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x48a, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@noblock_validity}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000010a00"/20, @ANYRES32=0x0, @ANYBLOB="1500009955aa860057bfa56563e41700f27f05000300100000000c0004000300000100c28000ecffffffffffffff0000"], 0x48}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

44.324889ms ago: executing program 1 (id=9793):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000000)={0xfffffffffffffffc, 0x12000, 0x1000, 0x0, 0x2}, 0x20)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000002c0)=0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x0, 0x4, &(0x7f0000000580)=ANY=[], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d00000006000000040000000140000001000000", @ANYRES32], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)}, 0x20)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1100000005000000000000000100000008100000", @ANYRES32=r2, @ANYBLOB="2200f5e81a160000000000000010000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000100"/28], 0x50)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r4, &(0x7f0000000900)}, 0x20)
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_int(r6, 0x29, 0x4e, 0x0, &(0x7f0000000000))
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000780)={0x308, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x3a4}, @NL80211_ATTR_FRAME={0x2d, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x2}, @device_a, @device_b, @from_mac, {0xe, 0x4}}, @sp_mp_confirm={0xf, 0x2, {0x400, @random=0xd18d, {0x1, 0x1, [{0xb, 0x1}]}, @val={0x72, 0x6}, @void}}}}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3}], @NL80211_ATTR_FRAME={0x21, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0x8, 0x40}}, @tdls_setup_cfm={0xc, 0x2, {0x25, 0x40}}}}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_FRAME={0x285, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7f61}, @device_a, @device_b, @initial, {0x1, 0x7}}, 0x1, 0x2, 0x29, @val={0x10, 0x1, 0x50}, [{0xdd, 0x29, "f3c1c9d531a713c34933ce0c092d5e49dddb94100af4c5a0d0c52e688ceb716c429a9287c91f796e3e"}, {0xdd, 0x63, "9e297d3ea697ac681dcfcd7a59b26da870cfaadd9e30430a6fd08ad96f616d508dc145afce23f35acb021d3d163e7f91f52f552f7a8133ea1ee834444943d5351e6711ce092a46b089b9ef6cc92426e4af41acdf36e7810778405ab1fa7831c11fefd8"}, {0xdd, 0xfd, "58da637f79da84e1f0afc93e77cac09b2559c5a8aa70bd40e589dd3238e695536812156499f53a6407585afabb48b2e3297d08b18558da8a12c98adf555f8efc20685dba30b3f1337face0a8a4961848101685c51e6174ed4fed24cbd82b4037e3976763a5bf5ae81d87997e0a32dc5103f91082f5738602b45eede5c258c3a3be1edc264f42e03b4e3b20d823b628de6f156f4977b11ba1510522b932ec3834225e8125da9085a56d0716914cd51262d19638568e05eaa15169a3618a85d3b9f8a2047b0967c3bd5b67c1cdb691685fc7d2f9af6219b7b242fabc3f4159ad7fed4e74aac1404dc38c3f5177e78e493f5d707fa46c094b9f9f5a5b0180"}, {0xdd, 0xcf, "a8718284ccd7f6e6eb255698d1a10e5926809a4999e0a41e3d6c218b9a8b52149df4495e344654bfb179491476b5dd46fcf19217c9a40f795786515adc24288ad46b4a3b5cc52b12db75165b255d7a2b6da406df784442ec5ac70227239ca8fb2cda1b1a8a93b81a5fe411ca5b37d4ff8bf3bcbebe0f597583f831cca1b80d1efcacb0c1d8da438c7ac0a7f86c052d8488e8d4aa47008aa38deeff43d4907a9f11d132a04fc01e302bbf42157bfbc16adb3622ca59a99c8ed2cc51f46de0e61c579636091bbc6d768cc3d5e6fb1c0d"}]}}]}, 0x308}, 0x1, 0x0, 0x0, 0x200048c0}, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r8, &(0x7f0000001240)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1)

34.126279ms ago: executing program 4 (id=9794):
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, 0x0)
recvmsg(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
close(r0)

0s ago: executing program 4 (id=9795):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
listen(r1, 0x3)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r2, &(0x7f0000772000)={0xffc0, 0x4e23}, 0x10)

kernel console output (not intermixed with test programs):

: entered allmulticast mode
[  528.477446][T29874] bridge_slave_1: entered promiscuous mode
[  528.488358][T29938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  528.491744][T29941] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  528.525371][T21769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  528.538159][T29874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  528.542242][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  528.548907][T29874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  528.578265][T29948] netlink: 148 bytes leftover after parsing attributes in process `syz.3.9146'.
[  528.596605][T29874] team0: Port device team_slave_0 added
[  528.609201][T29874] team0: Port device team_slave_1 added
[  528.641759][T29953] loop3: detected capacity change from 0 to 2048
[  528.645751][T29874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  528.655230][T29874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  528.681209][T29874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  528.697968][T29953] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  528.735270][T21769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  528.867658][T10562] bond0 (unregistering): Released all slaves
[  528.876287][T29874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  528.883421][T29874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  528.910176][T29874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  528.980401][T29874] hsr_slave_0: entered promiscuous mode
[  529.007266][T29874] hsr_slave_1: entered promiscuous mode
[  529.013257][T29874] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  529.021497][T29874] Cannot create hsr debugfs directory
[  529.030237][T10562] hsr_slave_0: left promiscuous mode
[  529.041807][T10562] hsr_slave_1: left promiscuous mode
[  529.057501][T10562] veth1_macvtap: left promiscuous mode
[  529.063206][T10562] veth0_macvtap: left promiscuous mode
[  529.080220][T10562] veth1_vlan: left promiscuous mode
[  529.089804][T29971] loop4: detected capacity change from 0 to 2048
[  529.152684][T29971] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  529.179495][T29988] FAULT_INJECTION: forcing a failure.
[  529.179495][T29988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  529.192629][T29988] CPU: 1 UID: 0 PID: 29988 Comm: syz.5.9162 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  529.192663][T29988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  529.192705][T29988] Call Trace:
[  529.192713][T29988]  <TASK>
[  529.192723][T29988]  __dump_stack+0x1d/0x30
[  529.192749][T29988]  dump_stack_lvl+0xe8/0x140
[  529.192769][T29988]  dump_stack+0x15/0x1b
[  529.192845][T29988]  should_fail_ex+0x265/0x280
[  529.192885][T29988]  should_fail+0xb/0x20
[  529.192912][T29988]  should_fail_usercopy+0x1a/0x20
[  529.192930][T29988]  _copy_from_user+0x1c/0xb0
[  529.193015][T29988]  __sys_sendto+0x19e/0x330
[  529.193115][T29988]  __x64_sys_sendto+0x76/0x90
[  529.193154][T29988]  x64_sys_call+0x2eb6/0x2fb0
[  529.193248][T29988]  do_syscall_64+0xd0/0x1a0
[  529.193276][T29988]  ? clear_bhb_loop+0x25/0x80
[  529.193335][T29988]  ? clear_bhb_loop+0x25/0x80
[  529.193355][T29988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.193375][T29988] RIP: 0033:0x7f97c896e969
[  529.193436][T29988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.193453][T29988] RSP: 002b:00007f97c6fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  529.193472][T29988] RAX: ffffffffffffffda RBX: 00007f97c8b95fa0 RCX: 00007f97c896e969
[  529.193487][T29988] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  529.193579][T29988] RBP: 00007f97c6fd7090 R08: 0000200000e68000 R09: 0000000000000010
[  529.193593][T29988] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001
[  529.193607][T29988] R13: 0000000000000000 R14: 00007f97c8b95fa0 R15: 00007ffe110b9408
[  529.193630][T29988]  </TASK>
[  529.389435][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.399140][T29990] loop3: detected capacity change from 0 to 512
[  529.426443][T29990] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  529.467642][T29997] sit0: entered allmulticast mode
[  529.480288][T29997] sit0: entered promiscuous mode
[  529.773006][T29975] lo speed is unknown, defaulting to 1000
[  529.803118][T30013] FAULT_INJECTION: forcing a failure.
[  529.803118][T30013] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  529.816273][T30013] CPU: 1 UID: 0 PID: 30013 Comm: syz.2.9170 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  529.816326][T30013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  529.816338][T30013] Call Trace:
[  529.816344][T30013]  <TASK>
[  529.816352][T30013]  __dump_stack+0x1d/0x30
[  529.816372][T30013]  dump_stack_lvl+0xe8/0x140
[  529.816426][T30013]  dump_stack+0x15/0x1b
[  529.816447][T30013]  should_fail_ex+0x265/0x280
[  529.816486][T30013]  should_fail+0xb/0x20
[  529.816563][T30013]  should_fail_usercopy+0x1a/0x20
[  529.816584][T30013]  _copy_from_user+0x1c/0xb0
[  529.816610][T30013]  ___sys_sendmsg+0xc1/0x1d0
[  529.816641][T30013]  __x64_sys_sendmsg+0xd4/0x160
[  529.816746][T30013]  x64_sys_call+0x2999/0x2fb0
[  529.816767][T30013]  do_syscall_64+0xd0/0x1a0
[  529.816788][T30013]  ? clear_bhb_loop+0x25/0x80
[  529.816808][T30013]  ? clear_bhb_loop+0x25/0x80
[  529.816904][T30013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.816924][T30013] RIP: 0033:0x7f2797a1e969
[  529.816970][T30013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.816991][T30013] RSP: 002b:00007f2796087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  529.817013][T30013] RAX: ffffffffffffffda RBX: 00007f2797c45fa0 RCX: 00007f2797a1e969
[  529.817029][T30013] RDX: 00000000200c0841 RSI: 00002000000000c0 RDI: 0000000000000003
[  529.817045][T30013] RBP: 00007f2796087090 R08: 0000000000000000 R09: 0000000000000000
[  529.817061][T30013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.817100][T30013] R13: 0000000000000000 R14: 00007f2797c45fa0 R15: 00007ffcf6cc5ce8
[  529.817123][T30013]  </TASK>
[  530.067006][T29990] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.9157: Failed to acquire dquot type 0
[  530.080124][T29990] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  530.104560][T29990] EXT4-fs (loop3): 1 truncate cleaned up
[  530.113878][T30008] netlink: 12 bytes leftover after parsing attributes in process `syz.5.9168'.
[  530.148030][T29990] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  530.177215][T30015] loop5: detected capacity change from 0 to 512
[  530.201592][T30015] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  530.229985][T30015] EXT4-fs (loop5): 1 truncate cleaned up
[  530.240809][T30015] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  530.280407][T30027] FAULT_INJECTION: forcing a failure.
[  530.280407][T30027] name failslab, interval 1, probability 0, space 0, times 0
[  530.293109][T30027] CPU: 1 UID: 0 PID: 30027 Comm: syz.2.9175 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  530.293155][T30027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  530.293240][T30027] Call Trace:
[  530.293247][T30027]  <TASK>
[  530.293256][T30027]  __dump_stack+0x1d/0x30
[  530.293278][T30027]  dump_stack_lvl+0xe8/0x140
[  530.293297][T30027]  dump_stack+0x15/0x1b
[  530.293342][T30027]  should_fail_ex+0x265/0x280
[  530.293374][T30027]  should_failslab+0x8c/0xb0
[  530.293409][T30027]  __kmalloc_noprof+0xa5/0x3e0
[  530.293449][T30027]  ? iter_file_splice_write+0xfe/0x970
[  530.293473][T30027]  ? terminate_walk+0x27f/0x2a0
[  530.293501][T30027]  iter_file_splice_write+0xfe/0x970
[  530.293530][T30027]  ? _parse_integer_limit+0x170/0x190
[  530.293637][T30027]  ? _parse_integer+0x27/0x40
[  530.293663][T30027]  ? avc_policy_seqno+0x15/0x30
[  530.293744][T30027]  ? selinux_file_permission+0x213/0x360
[  530.293782][T30027]  ? __pfx_iter_file_splice_write+0x10/0x10
[  530.293803][T30027]  do_splice+0x974/0x10b0
[  530.293828][T30027]  ? __rcu_read_unlock+0x4f/0x70
[  530.293848][T30027]  ? __fget_files+0x184/0x1c0
[  530.293881][T30027]  __se_sys_splice+0x26c/0x3a0
[  530.293916][T30027]  __x64_sys_splice+0x78/0x90
[  530.293992][T30027]  x64_sys_call+0xb0a/0x2fb0
[  530.294019][T30027]  do_syscall_64+0xd0/0x1a0
[  530.294040][T30027]  ? clear_bhb_loop+0x25/0x80
[  530.294061][T30027]  ? clear_bhb_loop+0x25/0x80
[  530.294085][T30027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.294146][T30027] RIP: 0033:0x7f2797a1e969
[  530.294163][T30027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  530.294186][T30027] RSP: 002b:00007f2796087038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  530.294208][T30027] RAX: ffffffffffffffda RBX: 00007f2797c45fa0 RCX: 00007f2797a1e969
[  530.294224][T30027] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  530.294238][T30027] RBP: 00007f2796087090 R08: 0000000000004a0a R09: 0000000000000002
[  530.294277][T30027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.294291][T30027] R13: 0000000000000000 R14: 00007f2797c45fa0 R15: 00007ffcf6cc5ce8
[  530.294315][T30027]  </TASK>
[  530.587422][T29874] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  530.605621][T29874] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  530.614810][T29874] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  530.649255][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.662904][T29874] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  530.699447][T21769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.762561][T29874] 8021q: adding VLAN 0 to HW filter on device bond0
[  530.797523][T29874] 8021q: adding VLAN 0 to HW filter on device team0
[  530.813703][T30037] Falling back ldisc for ttyS3.
[  530.821326][ T1662] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.828549][ T1662] bridge0: port 1(bridge_slave_0) entered forwarding state
[  530.844240][T10566] bridge0: port 2(bridge_slave_1) entered blocking state
[  530.851398][T10566] bridge0: port 2(bridge_slave_1) entered forwarding state
[  530.992637][T29874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  531.068160][T30064] lo speed is unknown, defaulting to 1000
[  531.124716][T30079] vlan2: entered allmulticast mode
[  531.171426][T29874] veth0_vlan: entered promiscuous mode
[  531.181900][T29874] veth1_vlan: entered promiscuous mode
[  531.208653][T29874] veth0_macvtap: entered promiscuous mode
[  531.232485][T29874] veth1_macvtap: entered promiscuous mode
[  531.272338][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.282954][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.292930][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.303599][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.313870][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.324352][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.334212][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.344662][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.354582][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.365013][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.375451][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.385984][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.413181][T29874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  531.423620][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  531.434260][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.444178][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  531.454862][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.464847][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  531.475362][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.485327][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  531.495844][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.505713][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  531.516183][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.526033][T29874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  531.536534][T29874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.556747][   T29] kauditd_printk_skb: 212 callbacks suppressed
[  531.556766][   T29] audit: type=1107 audit(1746921670.810:20992): pid=30085 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  531.629355][T29874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  531.678444][T29874] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  531.687388][T29874] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  531.696270][T29874] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  531.705054][T29874] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  531.820929][T30109] bridge0: port 3(vlan2) entered blocking state
[  531.827504][T30109] bridge0: port 3(vlan2) entered disabled state
[  531.847428][T30109] vlan2: entered allmulticast mode
[  531.854224][T30109] vlan2: entered promiscuous mode
[  531.859318][T30109] bond0: entered promiscuous mode
[  531.864443][   T29] audit: type=1107 audit(1746921671.260:20993): pid=30112 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  531.864511][T30109] bond_slave_0: entered promiscuous mode
[  531.883714][T30109] bond_slave_1: entered promiscuous mode
[  531.921264][   T29] audit: type=1400 audit(1746921671.310:20994): avc:  denied  { sqpoll } for  pid=30110 comm="syz.1.9208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  531.951322][T30120] loop4: detected capacity change from 0 to 128
[  531.971990][T30126] FAULT_INJECTION: forcing a failure.
[  531.971990][T30126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  531.985255][T30126] CPU: 1 UID: 0 PID: 30126 Comm: syz.5.9211 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  531.985289][T30126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  531.985341][T30126] Call Trace:
[  531.985348][T30126]  <TASK>
[  531.985358][T30126]  __dump_stack+0x1d/0x30
[  531.985384][T30126]  dump_stack_lvl+0xe8/0x140
[  531.985425][T30126]  dump_stack+0x15/0x1b
[  531.985441][T30126]  should_fail_ex+0x265/0x280
[  531.985559][T30126]  should_fail+0xb/0x20
[  531.985592][T30126]  should_fail_usercopy+0x1a/0x20
[  531.985609][T30126]  _copy_from_user+0x1c/0xb0
[  531.985630][T30126]  ___sys_sendmsg+0xc1/0x1d0
[  531.985667][T30126]  __x64_sys_sendmsg+0xd4/0x160
[  531.985737][T30126]  x64_sys_call+0x2999/0x2fb0
[  531.985761][T30126]  do_syscall_64+0xd0/0x1a0
[  531.985787][T30126]  ? clear_bhb_loop+0x25/0x80
[  531.985811][T30126]  ? clear_bhb_loop+0x25/0x80
[  531.985835][T30126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.985885][T30126] RIP: 0033:0x7f97c896e969
[  531.985904][T30126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.985923][T30126] RSP: 002b:00007f97c6fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  531.985941][T30126] RAX: ffffffffffffffda RBX: 00007f97c8b95fa0 RCX: 00007f97c896e969
[  531.985954][T30126] RDX: 000000000400c010 RSI: 0000200000003780 RDI: 0000000000000003
[  531.985968][T30126] RBP: 00007f97c6fd7090 R08: 0000000000000000 R09: 0000000000000000
[  531.985981][T30126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.986035][T30126] R13: 0000000000000000 R14: 00007f97c8b95fa0 R15: 00007ffe110b9408
[  531.986127][T30126]  </TASK>
[  532.186684][T30120] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  532.199152][   T29] audit: type=1400 audit(1746921671.600:20995): avc:  denied  { sqpoll } for  pid=30110 comm="syz.1.9208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  532.218844][   T29] audit: type=1400 audit(1746921671.600:20996): avc:  denied  { allowed } for  pid=30110 comm="syz.1.9208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  532.317361][T30120] ext4 filesystem being mounted at /90/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  532.340615][T30142] FAULT_INJECTION: forcing a failure.
[  532.340615][T30142] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.362425][T30142] CPU: 0 UID: 0 PID: 30142 Comm: syz.5.9217 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  532.362527][T30142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  532.362543][T30142] Call Trace:
[  532.362563][T30142]  <TASK>
[  532.362572][T30142]  __dump_stack+0x1d/0x30
[  532.362597][T30142]  dump_stack_lvl+0xe8/0x140
[  532.362650][T30142]  dump_stack+0x15/0x1b
[  532.362671][T30142]  should_fail_ex+0x265/0x280
[  532.362713][T30142]  should_fail+0xb/0x20
[  532.362750][T30142]  should_fail_usercopy+0x1a/0x20
[  532.362854][T30142]  _copy_from_user+0x1c/0xb0
[  532.362888][T30142]  ___sys_sendmsg+0xc1/0x1d0
[  532.362923][T30142]  __x64_sys_sendmsg+0xd4/0x160
[  532.363019][T30142]  x64_sys_call+0x2999/0x2fb0
[  532.363053][T30142]  do_syscall_64+0xd0/0x1a0
[  532.363108][T30142]  ? clear_bhb_loop+0x25/0x80
[  532.363207][T30142]  ? clear_bhb_loop+0x25/0x80
[  532.363233][T30142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.363259][T30142] RIP: 0033:0x7f97c896e969
[  532.363276][T30142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.363297][T30142] RSP: 002b:00007f97c6fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  532.363319][T30142] RAX: ffffffffffffffda RBX: 00007f97c8b95fa0 RCX: 00007f97c896e969
[  532.363374][T30142] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  532.363388][T30142] RBP: 00007f97c6fd7090 R08: 0000000000000000 R09: 0000000000000000
[  532.363403][T30142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.363417][T30142] R13: 0000000000000000 R14: 00007f97c8b95fa0 R15: 00007ffe110b9408
[  532.363457][T30142]  </TASK>
[  532.372697][   T29] audit: type=1400 audit(1746921671.660:20997): avc:  denied  { recv } for  pid=30110 comm="syz.1.9208" saddr=10.128.0.163 src=30030 daddr=10.128.10.40 dest=46210 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  532.560384][   T29] audit: type=1400 audit(1746921671.660:20998): avc:  denied  { map_create } for  pid=30127 comm="syz.2.9213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  532.580175][   T29] audit: type=1400 audit(1746921671.660:20999): avc:  denied  { perfmon } for  pid=30127 comm="syz.2.9213" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  532.601268][   T29] audit: type=1400 audit(1746921671.660:21000): avc:  denied  { map_read map_write } for  pid=30127 comm="syz.2.9213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  532.621478][   T29] audit: type=1400 audit(1746921671.660:21001): avc:  denied  { prog_load } for  pid=30127 comm="syz.2.9213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  532.679568][T28578] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  532.734360][T30159] SELinux: syz.5.9223 (30159) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  532.792999][T30159] 9pnet_fd: Insufficient options for proto=fd
[  532.941503][T30181] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  533.023937][T30191] loop4: detected capacity change from 0 to 128
[  533.050613][T30191] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  533.084843][T30191] ext4 filesystem being mounted at /93/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  533.232341][T28578] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  533.441404][T30212] lo speed is unknown, defaulting to 1000
[  533.598484][T30230] loop4: detected capacity change from 0 to 512
[  533.624883][T30209] lo speed is unknown, defaulting to 1000
[  533.631954][T30230] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.9250: invalid indirect mapped block 256 (level 2)
[  533.671464][T30230] EXT4-fs (loop4): 2 truncates cleaned up
[  533.684026][T30230] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  533.731810][T30230] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.9250: bg 0: block 5: invalid block bitmap
[  533.746867][T30209] chnl_net:caif_netlink_parms(): no params data found
[  533.755617][T30230] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  533.768222][T30230] EXT4-fs (loop4): This should not happen!! Data will be lost
[  533.768222][T30230] 
[  533.778037][T30230] EXT4-fs (loop4): Total free blocks count 0
[  533.780517][T30244] FAULT_INJECTION: forcing a failure.
[  533.780517][T30244] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  533.784186][T30230] EXT4-fs (loop4): Free/Dirty block details
[  533.784202][T30230] EXT4-fs (loop4): free_blocks=0
[  533.797265][T30244] CPU: 0 UID: 0 PID: 30244 Comm: syz.5.9254 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  533.797307][T30244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  533.797325][T30244] Call Trace:
[  533.797368][T30244]  <TASK>
[  533.797379][T30244]  __dump_stack+0x1d/0x30
[  533.797407][T30244]  dump_stack_lvl+0xe8/0x140
[  533.797434][T30244]  dump_stack+0x15/0x1b
[  533.797455][T30244]  should_fail_ex+0x265/0x280
[  533.797506][T30244]  should_fail+0xb/0x20
[  533.797572][T30244]  should_fail_usercopy+0x1a/0x20
[  533.797597][T30244]  _copy_from_user+0x1c/0xb0
[  533.797685][T30244]  ___sys_sendmsg+0xc1/0x1d0
[  533.797729][T30244]  __x64_sys_sendmsg+0xd4/0x160
[  533.797801][T30244]  x64_sys_call+0x2999/0x2fb0
[  533.797829][T30244]  do_syscall_64+0xd0/0x1a0
[  533.797858][T30244]  ? clear_bhb_loop+0x25/0x80
[  533.797886][T30244]  ? clear_bhb_loop+0x25/0x80
[  533.797914][T30244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.798021][T30244] RIP: 0033:0x7f97c896e969
[  533.798047][T30244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.798083][T30244] RSP: 002b:00007f97c6fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  533.798108][T30244] RAX: ffffffffffffffda RBX: 00007f97c8b95fa0 RCX: 00007f97c896e969
[  533.798124][T30244] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  533.798206][T30244] RBP: 00007f97c6fd7090 R08: 0000000000000000 R09: 0000000000000000
[  533.798222][T30244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.798238][T30244] R13: 0000000000000000 R14: 00007f97c8b95fa0 R15: 00007ffe110b9408
[  533.798262][T30244]  </TASK>
[  533.842943][T30247] loop5: detected capacity change from 0 to 2048
[  533.846213][T30230] EXT4-fs (loop4): dirty_blocks=44
[  533.881973][T30247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  533.883257][T30230] EXT4-fs (loop4): Block reservation details
[  533.883274][T30230] EXT4-fs (loop4): i_reserved_data_blocks=44
[  534.017446][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  534.088294][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  534.119411][T13077] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.169732][T30209] bridge0: port 1(bridge_slave_0) entered blocking state
[  534.177142][T30209] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.178269][T30264] loop4: detected capacity change from 0 to 128
[  534.185010][T30209] bridge_slave_0: entered allmulticast mode
[  534.198351][T30209] bridge_slave_0: entered promiscuous mode
[  534.208876][T13077] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.220717][T30209] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.227875][T30209] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.233239][T30264] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  534.249483][T30209] bridge_slave_1: entered allmulticast mode
[  534.257958][T30209] bridge_slave_1: entered promiscuous mode
[  534.264186][T30264] ext4 filesystem being mounted at /97/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  534.270781][T30267] syzkaller0: entered allmulticast mode
[  534.304663][T13077] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.381515][T28578] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  534.413429][T30272] loop5: detected capacity change from 0 to 128
[  534.423800][T13077] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.439278][T30267] netlink: 68 bytes leftover after parsing attributes in process `syz.1.9257'.
[  534.452392][T30209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  534.468360][T30209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  534.471128][T30272] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  534.507691][T30272] ext4 filesystem being mounted at /47/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  534.510454][T30209] team0: Port device team_slave_0 added
[  534.594851][T30209] team0: Port device team_slave_1 added
[  534.602264][T30267] syzkaller0 (unregistering): left allmulticast mode
[  534.675656][T29566] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  534.698036][T30209] batman_adv: batadv0: Adding interface: batadv_slave_0
[  534.705065][T30209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  534.731223][T30209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  534.746924][T30209] batman_adv: batadv0: Adding interface: batadv_slave_1
[  534.753963][T30209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  534.779963][T30209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  535.082845][T30209] hsr_slave_0: entered promiscuous mode
[  535.101679][T30209] hsr_slave_1: entered promiscuous mode
[  535.198970][T30209] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  535.235204][T30209] Cannot create hsr debugfs directory
[  535.247957][T30295] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.318858][T13077] batadv1: left allmulticast mode
[  535.324132][T13077] batadv1: left promiscuous mode
[  535.329335][T13077] bridge0: port 1(batadv1) entered disabled state
[  535.566756][T13077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  535.577882][T13077] bond_slave_0: left allmulticast mode
[  535.584974][T13077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  535.595851][T13077] bond_slave_1: left allmulticast mode
[  535.605765][T13077] bond0 (unregistering): Released all slaves
[  535.616962][T13077] bond1 (unregistering): Released all slaves
[  535.684921][T30295] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.720704][T30315] loop5: detected capacity change from 0 to 128
[  535.739323][T30316] loop4: detected capacity change from 0 to 2048
[  535.744190][T30315] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  535.780219][T30316] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  535.785254][T30315] ext4 filesystem being mounted at /49/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  535.835446][T30295] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.864120][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  535.885737][T13077] hsr_slave_0: left promiscuous mode
[  535.896344][T13077] hsr_slave_1: left promiscuous mode
[  535.902078][T13077] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  535.909587][T13077] batman_adv: batadv0: Removing interface: batadv_slave_0
[  535.918891][T13077] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  535.926366][T13077] batman_adv: batadv0: Removing interface: batadv_slave_1
[  535.935524][T30326] netlink: 56 bytes leftover after parsing attributes in process `syz.4.9280'.
[  535.946460][T13077] veth1_macvtap: left promiscuous mode
[  535.952069][T13077] veth0_macvtap: left promiscuous mode
[  535.953906][T30326] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9280'.
[  535.963606][T13077] veth1_vlan: left promiscuous mode
[  535.974672][T29566] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  536.078423][T13077] team0 (unregistering): Port device team_slave_1 removed
[  536.092923][T13077] team0 (unregistering): Port device team_slave_0 removed
[  536.101101][   T51] smc: removing ib device syz!
[  536.127826][T30338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9280'.
[  536.149407][T30295] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.163095][ T1039] lo speed is unknown, defaulting to 1000
[  536.165504][T30338] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  536.169051][ T1039] infiniband syz0: ib_query_port failed (-19)
[  536.182896][T30338] batman_adv: batadv0: Removing interface: batadv_slave_0
[  536.206753][T30338] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  536.214443][T30338] batman_adv: batadv0: Removing interface: batadv_slave_1
[  536.258793][T30339] vlan2: entered allmulticast mode
[  536.264146][T30339] bond0: entered allmulticast mode
[  536.269341][T30339] bond_slave_0: entered allmulticast mode
[  536.275199][T30339] bond_slave_1: entered allmulticast mode
[  536.417840][T30342] loop5: detected capacity change from 0 to 128
[  536.427905][T30342] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  536.443042][T30342] ext4 filesystem being mounted at /53/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  536.526334][T29566] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  536.545251][T30295] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.579677][   T29] kauditd_printk_skb: 261 callbacks suppressed
[  536.579692][   T29] audit: type=1400 audit(1746921675.990:21263): avc:  denied  { read } for  pid=30344 comm="syz.5.9286" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  536.612692][T30295] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.627097][T30295] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.635450][   T29] audit: type=1400 audit(1746921676.020:21264): avc:  denied  { open } for  pid=30344 comm="syz.5.9286" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  536.664682][T30295] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  536.678245][T30346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  536.683593][   T29] audit: type=1400 audit(1746921676.090:21265): avc:  denied  { create } for  pid=30344 comm="syz.5.9286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  536.686912][T30346] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  536.706423][   T29] audit: type=1400 audit(1746921676.090:21266): avc:  denied  { write } for  pid=30344 comm="syz.5.9286" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  536.737500][   T29] audit: type=1400 audit(1746921676.090:21267): avc:  denied  { open } for  pid=30344 comm="syz.5.9286" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  536.761147][   T29] audit: type=1400 audit(1746921676.090:21268): avc:  denied  { setopt } for  pid=30344 comm="syz.5.9286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  536.781064][   T29] audit: type=1400 audit(1746921676.090:21269): avc:  denied  { write } for  pid=30344 comm="syz.5.9286" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  536.818373][T30348] FAULT_INJECTION: forcing a failure.
[  536.818373][T30348] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  536.831754][T30348] CPU: 0 UID: 0 PID: 30348 Comm: syz.2.9287 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  536.831782][T30348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  536.831795][T30348] Call Trace:
[  536.831801][T30348]  <TASK>
[  536.831811][T30348]  __dump_stack+0x1d/0x30
[  536.831888][T30348]  dump_stack_lvl+0xe8/0x140
[  536.831912][T30348]  dump_stack+0x15/0x1b
[  536.831931][T30348]  should_fail_ex+0x265/0x280
[  536.832009][T30348]  should_fail+0xb/0x20
[  536.832045][T30348]  should_fail_usercopy+0x1a/0x20
[  536.832101][T30348]  _copy_from_user+0x1c/0xb0
[  536.832121][T30348]  ___sys_sendmsg+0xc1/0x1d0
[  536.832158][T30348]  __x64_sys_sendmsg+0xd4/0x160
[  536.832187][T30348]  x64_sys_call+0x2999/0x2fb0
[  536.832213][T30348]  do_syscall_64+0xd0/0x1a0
[  536.832260][T30348]  ? clear_bhb_loop+0x25/0x80
[  536.832281][T30348]  ? clear_bhb_loop+0x25/0x80
[  536.832322][T30348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.832349][T30348] RIP: 0033:0x7f2797a1e969
[  536.832373][T30348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.832395][T30348] RSP: 002b:00007f2796087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  536.832419][T30348] RAX: ffffffffffffffda RBX: 00007f2797c45fa0 RCX: 00007f2797a1e969
[  536.832435][T30348] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  536.832448][T30348] RBP: 00007f2796087090 R08: 0000000000000000 R09: 0000000000000000
[  536.832460][T30348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  536.832472][T30348] R13: 0000000000000000 R14: 00007f2797c45fa0 R15: 00007ffcf6cc5ce8
[  536.832536][T30348]  </TASK>
[  537.093914][T30209] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  537.127503][T30209] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  537.175999][T30209] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  537.187847][T30209] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  537.283001][T30361] loop4: detected capacity change from 0 to 512
[  537.297085][T30209] 8021q: adding VLAN 0 to HW filter on device bond0
[  537.308125][T30361] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.9294: invalid indirect mapped block 256 (level 2)
[  537.322497][T30361] EXT4-fs (loop4): 2 truncates cleaned up
[  537.335378][T30361] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  537.357665][T30209] 8021q: adding VLAN 0 to HW filter on device team0
[  537.366151][T30361] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.9294: bg 0: block 5: invalid block bitmap
[  537.383363][T30147] bridge0: port 1(bridge_slave_0) entered blocking state
[  537.386551][T30361] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  537.390514][T30147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  537.403094][T30361] EXT4-fs (loop4): This should not happen!! Data will be lost
[  537.403094][T30361] 
[  537.420208][T30361] EXT4-fs (loop4): Total free blocks count 0
[  537.426407][T30361] EXT4-fs (loop4): Free/Dirty block details
[  537.432373][T30361] EXT4-fs (loop4): free_blocks=0
[  537.437576][T30361] EXT4-fs (loop4): dirty_blocks=44
[  537.442848][T30361] EXT4-fs (loop4): Block reservation details
[  537.448994][T30361] EXT4-fs (loop4): i_reserved_data_blocks=44
[  537.456929][T30147] bridge0: port 2(bridge_slave_1) entered blocking state
[  537.464090][T30147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  537.506012][   T29] audit: type=1400 audit(1746921676.920:21270): avc:  denied  { read } for  pid=30367 comm="syz.1.9296" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  537.534676][   T29] audit: type=1400 audit(1746921676.920:21271): avc:  denied  { open } for  pid=30367 comm="syz.1.9296" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  537.559062][   T29] audit: type=1400 audit(1746921676.930:21272): avc:  denied  { ioctl } for  pid=30367 comm="syz.1.9296" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  537.570028][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  537.674754][T30209] 8021q: adding VLAN 0 to HW filter on device batadv0
[  537.724835][T30209] veth0_vlan: entered promiscuous mode
[  537.736324][T30209] veth1_vlan: entered promiscuous mode
[  537.771078][T30209] veth0_macvtap: entered promiscuous mode
[  537.790180][T30209] veth1_macvtap: entered promiscuous mode
[  537.813230][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.823850][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.833727][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.844330][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.854334][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.864826][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.874684][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.885146][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.895014][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  537.905538][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.923775][T30209] batman_adv: batadv0: Interface activated: batadv_slave_0
[  537.936517][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.948012][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.958325][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.968838][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.978762][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.989289][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.999212][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  538.009684][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  538.019585][T30209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  538.030056][T30209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  538.041210][T30209] batman_adv: batadv0: Interface activated: batadv_slave_1
[  538.064741][T30209] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  538.073730][T30209] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  538.082475][T30209] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  538.090211][T30414] FAULT_INJECTION: forcing a failure.
[  538.090211][T30414] name failslab, interval 1, probability 0, space 0, times 0
[  538.091386][T30209] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  538.103885][T30414] CPU: 0 UID: 0 PID: 30414 Comm: syz.2.9310 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  538.103918][T30414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  538.103997][T30414] Call Trace:
[  538.104003][T30414]  <TASK>
[  538.104012][T30414]  __dump_stack+0x1d/0x30
[  538.104100][T30414]  dump_stack_lvl+0xe8/0x140
[  538.104125][T30414]  dump_stack+0x15/0x1b
[  538.104146][T30414]  should_fail_ex+0x265/0x280
[  538.104247][T30414]  should_failslab+0x8c/0xb0
[  538.104295][T30414]  kmem_cache_alloc_noprof+0x50/0x310
[  538.104337][T30414]  ? audit_log_start+0x365/0x6c0
[  538.104456][T30414]  audit_log_start+0x365/0x6c0
[  538.104496][T30414]  audit_seccomp+0x48/0x100
[  538.104565][T30414]  ? __seccomp_filter+0x68c/0x10d0
[  538.104591][T30414]  __seccomp_filter+0x69d/0x10d0
[  538.104670][T30414]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  538.104703][T30414]  ? vfs_write+0x75e/0x8d0
[  538.104758][T30414]  __secure_computing+0x82/0x150
[  538.104783][T30414]  syscall_trace_enter+0xcf/0x1e0
[  538.104812][T30414]  do_syscall_64+0xaa/0x1a0
[  538.104856][T30414]  ? clear_bhb_loop+0x25/0x80
[  538.104882][T30414]  ? clear_bhb_loop+0x25/0x80
[  538.104909][T30414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.104935][T30414] RIP: 0033:0x7f2797a1e969
[  538.104969][T30414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.104992][T30414] RSP: 002b:00007f2796087038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  538.105015][T30414] RAX: ffffffffffffffda RBX: 00007f2797c45fa0 RCX: 00007f2797a1e969
[  538.105031][T30414] RDX: ffffffffffbffff8 RSI: 000000000000002c RDI: 0000200000b2c000
[  538.105046][T30414] RBP: 00007f2796087090 R08: 0000000000000000 R09: 0000000000000000
[  538.105061][T30414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.105121][T30414] R13: 0000000000000000 R14: 00007f2797c45fa0 R15: 00007ffcf6cc5ce8
[  538.105143][T30414]  </TASK>
[  538.349933][T30430] netlink: '+}[@': attribute type 10 has an invalid length.
[  538.357462][T30430] netlink: 40 bytes leftover after parsing attributes in process `+}[@'.
[  538.366611][T30428] loop5: detected capacity change from 0 to 128
[  538.377665][T30430] team0: Failed to send port change of device geneve1 via netlink (err -105)
[  538.388222][T30428] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  538.400442][T30430] team0: Failed to send options change via netlink (err -105)
[  538.407964][T30430] team0: Port device geneve1 added
[  538.415870][T30428] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  538.456227][T30438] FAULT_INJECTION: forcing a failure.
[  538.456227][T30438] name failslab, interval 1, probability 0, space 0, times 0
[  538.469408][T30438] CPU: 1 UID: 0 PID: 30438 Comm: syz.3.9243 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  538.469525][T30438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  538.469540][T30438] Call Trace:
[  538.469546][T30438]  <TASK>
[  538.469555][T30438]  __dump_stack+0x1d/0x30
[  538.469579][T30438]  dump_stack_lvl+0xe8/0x140
[  538.469645][T30438]  dump_stack+0x15/0x1b
[  538.469664][T30438]  should_fail_ex+0x265/0x280
[  538.469702][T30438]  should_failslab+0x8c/0xb0
[  538.469786][T30438]  kmem_cache_alloc_node_noprof+0x57/0x320
[  538.469825][T30438]  ? dup_task_struct+0x70/0x6a0
[  538.469911][T30438]  dup_task_struct+0x70/0x6a0
[  538.469982][T30438]  ? _parse_integer+0x27/0x40
[  538.470018][T30438]  copy_process+0x399/0x1f90
[  538.470047][T30438]  ? kstrtouint+0x76/0xc0
[  538.470115][T30438]  ? kstrtouint_from_user+0x9f/0xf0
[  538.470210][T30438]  ? __rcu_read_unlock+0x4f/0x70
[  538.470320][T30438]  kernel_clone+0x16c/0x5b0
[  538.470353][T30438]  ? vfs_write+0x75e/0x8d0
[  538.470387][T30438]  __x64_sys_clone+0xe6/0x120
[  538.470440][T30438]  x64_sys_call+0x2c59/0x2fb0
[  538.470472][T30438]  do_syscall_64+0xd0/0x1a0
[  538.470493][T30438]  ? clear_bhb_loop+0x25/0x80
[  538.470558][T30438]  ? clear_bhb_loop+0x25/0x80
[  538.470585][T30438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.470611][T30438] RIP: 0033:0x7fbb618de969
[  538.470631][T30438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.470651][T30438] RSP: 002b:00007fbb5ff46fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  538.470670][T30438] RAX: ffffffffffffffda RBX: 00007fbb61b05fa0 RCX: 00007fbb618de969
[  538.470683][T30438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000630c1000
[  538.470753][T30438] RBP: 00007fbb5ff47090 R08: 0000000000000000 R09: 0000000000000000
[  538.470765][T30438] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  538.470777][T30438] R13: 0000000000000000 R14: 00007fbb61b05fa0 R15: 00007ffec9b4e5b8
[  538.470801][T30438]  </TASK>
[  538.707928][T30443] loop3: detected capacity change from 0 to 1024
[  538.739576][T30443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  538.740289][T29566] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  538.762880][T30443] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  538.780107][T30453] FAULT_INJECTION: forcing a failure.
[  538.780107][T30453] name failslab, interval 1, probability 0, space 0, times 0
[  538.780497][T30443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  538.792871][T30453] CPU: 0 UID: 0 PID: 30453 Comm: syz.1.9321 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  538.792905][T30453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  538.792962][T30453] Call Trace:
[  538.792971][T30453]  <TASK>
[  538.792982][T30453]  __dump_stack+0x1d/0x30
[  538.793011][T30453]  dump_stack_lvl+0xe8/0x140
[  538.793037][T30453]  dump_stack+0x15/0x1b
[  538.793079][T30453]  should_fail_ex+0x265/0x280
[  538.793198][T30453]  should_failslab+0x8c/0xb0
[  538.793236][T30453]  kmem_cache_alloc_noprof+0x50/0x310
[  538.793280][T30453]  ? audit_log_start+0x365/0x6c0
[  538.793384][T30453]  audit_log_start+0x365/0x6c0
[  538.793426][T30453]  audit_seccomp+0x48/0x100
[  538.793458][T30453]  ? __seccomp_filter+0x68c/0x10d0
[  538.793485][T30453]  __seccomp_filter+0x69d/0x10d0
[  538.793592][T30453]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  538.793626][T30453]  ? vfs_write+0x75e/0x8d0
[  538.793678][T30453]  __secure_computing+0x82/0x150
[  538.793780][T30453]  syscall_trace_enter+0xcf/0x1e0
[  538.793884][T30453]  do_syscall_64+0xaa/0x1a0
[  538.793954][T30453]  ? clear_bhb_loop+0x25/0x80
[  538.793988][T30453]  ? clear_bhb_loop+0x25/0x80
[  538.794016][T30453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.794042][T30453] RIP: 0033:0x7f2edee1e969
[  538.794062][T30453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.794085][T30453] RSP: 002b:00007f2edd487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  538.794145][T30453] RAX: ffffffffffffffda RBX: 00007f2edf045fa0 RCX: 00007f2edee1e969
[  538.794169][T30453] RDX: ffffffffffbffff8 RSI: 000000000000002c RDI: 0000200000b2c000
[  538.794185][T30453] RBP: 00007f2edd487090 R08: 0000000000000000 R09: 0000000000000000
[  538.794200][T30453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.794216][T30453] R13: 0000000000000000 R14: 00007f2edf045fa0 R15: 00007ffc108b3728
[  538.794239][T30453]  </TASK>
[  538.827725][T30455] loop5: detected capacity change from 0 to 128
[  538.943910][T30461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  538.964905][T30443] loop3: detected capacity change from 0 to 1024
[  538.974382][T30461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  538.983240][T30455] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  539.042504][T30455] ext4 filesystem being mounted at /56/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  539.083772][T30443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.107609][T30443] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  539.123777][T30443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.158199][T30443] loop3: detected capacity change from 0 to 1024
[  539.182235][T30443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.219794][T29566] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  539.221189][T30443] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  539.249970][T30443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.272658][T30482] loop5: detected capacity change from 0 to 2048
[  539.285224][T30482] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.340746][T30443] loop3: detected capacity change from 0 to 1024
[  539.380306][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.396612][T30443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.410180][T30443] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  539.423707][T30443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.443426][T30443] loop3: detected capacity change from 0 to 1024
[  539.488153][T30443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.579611][T30501] vlan2: entered allmulticast mode
[  539.580699][T30443] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  539.597101][T30443] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.739857][T30506] infiniband syz!: set active
[  539.744796][T30506] infiniband syz!: added team_slave_0
[  539.765484][T30506] RDS/IB: syz!: added
[  539.777763][T30506] smc: adding ib device syz! with port count 1
[  539.793871][T30506] smc:    ib device syz! port 1 has pnetid 
[  540.049881][T30520] loop5: detected capacity change from 0 to 2048
[  540.086825][T30520] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  540.117482][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  540.165192][T30528] loop5: detected capacity change from 0 to 512
[  540.176279][T30528] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.9347: invalid indirect mapped block 256 (level 2)
[  540.190144][T30528] EXT4-fs (loop5): 2 truncates cleaned up
[  540.197725][T30528] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  540.214986][T30528] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.9347: bg 0: block 5: invalid block bitmap
[  540.227739][T30528] EXT4-fs (loop5): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  540.240194][T30528] EXT4-fs (loop5): This should not happen!! Data will be lost
[  540.240194][T30528] 
[  540.249939][T30528] EXT4-fs (loop5): Total free blocks count 0
[  540.256259][T30528] EXT4-fs (loop5): Free/Dirty block details
[  540.262163][T30528] EXT4-fs (loop5): free_blocks=0
[  540.267188][T30528] EXT4-fs (loop5): dirty_blocks=44
[  540.272396][T30528] EXT4-fs (loop5): Block reservation details
[  540.278479][T30528] EXT4-fs (loop5): i_reserved_data_blocks=44
[  540.304139][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  540.369140][T30539] loop5: detected capacity change from 0 to 512
[  540.378907][T30539] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.9352: invalid indirect mapped block 256 (level 2)
[  540.409029][T30539] EXT4-fs (loop5): 2 truncates cleaned up
[  540.415807][T30539] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  540.454737][T30539] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.9352: bg 0: block 5: invalid block bitmap
[  540.477824][T30539] EXT4-fs (loop5): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  540.490494][T30539] EXT4-fs (loop5): This should not happen!! Data will be lost
[  540.490494][T30539] 
[  540.500341][T30539] EXT4-fs (loop5): Total free blocks count 0
[  540.506545][T30539] EXT4-fs (loop5): Free/Dirty block details
[  540.512448][T30539] EXT4-fs (loop5): free_blocks=0
[  540.517438][T30539] EXT4-fs (loop5): dirty_blocks=44
[  540.522558][T30539] EXT4-fs (loop5): Block reservation details
[  540.528717][T30539] EXT4-fs (loop5): i_reserved_data_blocks=44
[  540.605718][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  540.718262][T30568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  540.727117][T30568] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  540.820194][T30557] FAULT_INJECTION: forcing a failure.
[  540.820194][T30557] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  540.833350][T30557] CPU: 1 UID: 0 PID: 30557 Comm: syz.4.9360 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  540.833384][T30557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  540.833471][T30557] Call Trace:
[  540.833480][T30557]  <TASK>
[  540.833489][T30557]  __dump_stack+0x1d/0x30
[  540.833519][T30557]  dump_stack_lvl+0xe8/0x140
[  540.833539][T30557]  dump_stack+0x15/0x1b
[  540.833604][T30557]  should_fail_ex+0x265/0x280
[  540.833644][T30557]  should_fail+0xb/0x20
[  540.833680][T30557]  should_fail_usercopy+0x1a/0x20
[  540.833704][T30557]  _copy_from_user+0x1c/0xb0
[  540.833731][T30557]  ___sys_sendmsg+0xc1/0x1d0
[  540.833831][T30557]  __x64_sys_sendmsg+0xd4/0x160
[  540.833859][T30557]  x64_sys_call+0x2999/0x2fb0
[  540.833886][T30557]  do_syscall_64+0xd0/0x1a0
[  540.833983][T30557]  ? clear_bhb_loop+0x25/0x80
[  540.834007][T30557]  ? clear_bhb_loop+0x25/0x80
[  540.834028][T30557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.834107][T30557] RIP: 0033:0x7f107894e969
[  540.834126][T30557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  540.834156][T30557] RSP: 002b:00007f1076fb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  540.834179][T30557] RAX: ffffffffffffffda RBX: 00007f1078b75fa0 RCX: 00007f107894e969
[  540.834195][T30557] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004
[  540.834207][T30557] RBP: 00007f1076fb7090 R08: 0000000000000000 R09: 0000000000000000
[  540.834219][T30557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  540.834266][T30557] R13: 0000000000000000 R14: 00007f1078b75fa0 R15: 00007ffd925ba3b8
[  540.834311][T30557]  </TASK>
[  541.028678][T30560] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9362'.
[  541.158805][T30588] vlan3: entered allmulticast mode
[  541.203342][T30589] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  541.286015][T30592] pimreg: entered allmulticast mode
[  541.295033][T30592] pimreg: left allmulticast mode
[  541.441985][T30598] loop4: detected capacity change from 0 to 512
[  541.467319][T30600] syz!: rxe_newlink: already configured on team_slave_0
[  541.504124][T30598] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.9375: invalid indirect mapped block 256 (level 2)
[  541.520761][T30598] EXT4-fs (loop4): 2 truncates cleaned up
[  541.527481][T30598] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  541.559950][T30598] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.9375: bg 0: block 5: invalid block bitmap
[  541.574351][T30598] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  541.586932][T30598] EXT4-fs (loop4): This should not happen!! Data will be lost
[  541.586932][T30598] 
[  541.596707][T30598] EXT4-fs (loop4): Total free blocks count 0
[  541.602712][T30598] EXT4-fs (loop4): Free/Dirty block details
[  541.608648][T30598] EXT4-fs (loop4): free_blocks=0
[  541.613647][T30598] EXT4-fs (loop4): dirty_blocks=44
[  541.618810][T30598] EXT4-fs (loop4): Block reservation details
[  541.624915][T30598] EXT4-fs (loop4): i_reserved_data_blocks=44
[  541.629138][   T29] kauditd_printk_skb: 244 callbacks suppressed
[  541.629207][   T29] audit: type=1107 audit(1746921681.020:21513): pid=30603 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  541.667447][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  541.687234][T30608] loop3: detected capacity change from 0 to 512
[  541.697562][   T29] audit: type=1400 audit(1746921681.110:21514): avc:  denied  { remount } for  pid=30607 comm="syz.3.9380" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  541.698565][T30608] loop3: detected capacity change from 0 to 512
[  541.734971][T30611] netlink: 156 bytes leftover after parsing attributes in process `syz.5.9381'.
[  541.750627][T30614] loop4: detected capacity change from 0 to 128
[  541.759206][T30608] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  541.765623][T30611] openvswitch: netlink: Message has 6 unknown bytes.
[  541.769613][T30608] EXT4-fs (loop3): 1 truncate cleaned up
[  541.780140][   T29] audit: type=1400 audit(1746921681.190:21515): avc:  denied  { create } for  pid=30610 comm="syz.5.9381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  541.799955][   T29] audit: type=1400 audit(1746921681.190:21516): avc:  denied  { setopt } for  pid=30610 comm="syz.5.9381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  541.814133][T30608] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  541.820416][   T29] audit: type=1400 audit(1746921681.220:21517): avc:  denied  { create } for  pid=30617 comm="syz.5.9383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  541.852459][   T29] audit: type=1400 audit(1746921681.220:21518): avc:  denied  { bind } for  pid=30617 comm="syz.5.9383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  541.875703][T30614] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  541.889989][T30614] ext4 filesystem being mounted at /126/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  541.895891][   T29] audit: type=1400 audit(1746921681.310:21519): avc:  denied  { map } for  pid=30615 comm="syz.2.9382" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=104740 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  541.947109][   T29] audit: type=1400 audit(1746921681.310:21520): avc:  denied  { read write } for  pid=30615 comm="syz.2.9382" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=104740 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  541.972326][   T29] audit: type=1400 audit(1746921681.340:21521): avc:  denied  { create } for  pid=30615 comm="syz.2.9382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  541.972722][T30623] netlink: 'syz.5.9383': attribute type 21 has an invalid length.
[  541.992561][   T29] audit: type=1400 audit(1746921681.340:21522): avc:  denied  { connect } for  pid=30615 comm="syz.2.9382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  542.027092][T30625] loop5: detected capacity change from 0 to 512
[  542.060394][T28578] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  542.061508][T30625] EXT4-fs (loop5): 1 orphan inode deleted
[  542.075273][T13083] EXT4-fs error (device loop5): ext4_release_dquot:6971: comm kworker/u8:18: Failed to release dquot type 1
[  542.075795][T30625] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  542.118346][T30625] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  542.134786][T30631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.136246][T30632] FAULT_INJECTION: forcing a failure.
[  542.136246][T30632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  542.143269][T30631] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.156313][T30632] CPU: 1 UID: 0 PID: 30632 Comm: syz.4.9384 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  542.156352][T30632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  542.156368][T30632] Call Trace:
[  542.156378][T30632]  <TASK>
[  542.156388][T30632]  __dump_stack+0x1d/0x30
[  542.156451][T30632]  dump_stack_lvl+0xe8/0x140
[  542.156476][T30632]  dump_stack+0x15/0x1b
[  542.156498][T30632]  should_fail_ex+0x265/0x280
[  542.156540][T30632]  should_fail+0xb/0x20
[  542.156608][T30632]  should_fail_usercopy+0x1a/0x20
[  542.156632][T30632]  _copy_from_user+0x1c/0xb0
[  542.156660][T30632]  ___sys_sendmsg+0xc1/0x1d0
[  542.156706][T30632]  __x64_sys_sendmsg+0xd4/0x160
[  542.156738][T30632]  x64_sys_call+0x2999/0x2fb0
[  542.156825][T30632]  do_syscall_64+0xd0/0x1a0
[  542.156855][T30632]  ? clear_bhb_loop+0x25/0x80
[  542.156927][T30632]  ? clear_bhb_loop+0x25/0x80
[  542.156955][T30632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.156982][T30632] RIP: 0033:0x7f107894e969
[  542.157011][T30632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.157034][T30632] RSP: 002b:00007f1076fb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  542.157058][T30632] RAX: ffffffffffffffda RBX: 00007f1078b75fa0 RCX: 00007f107894e969
[  542.157075][T30632] RDX: 0000000000000040 RSI: 0000200000000040 RDI: 000000000000000f
[  542.157146][T30632] RBP: 00007f1076fb7090 R08: 0000000000000000 R09: 0000000000000000
[  542.157162][T30632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  542.157178][T30632] R13: 0000000000000000 R14: 00007f1078b75fa0 R15: 00007ffd925ba3b8
[  542.157203][T30632]  </TASK>
[  542.220370][T30608] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9380'.
[  542.278556][T30631] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  542.351725][T30631] batman_adv: batadv0: Removing interface: batadv_slave_0
[  542.374615][T30631] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  542.382565][T30631] batman_adv: batadv0: Removing interface: batadv_slave_1
[  542.425737][T30640] FAULT_INJECTION: forcing a failure.
[  542.425737][T30640] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  542.438950][T30640] CPU: 1 UID: 0 PID: 30640 Comm: syz.4.9389 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  542.438982][T30640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  542.438999][T30640] Call Trace:
[  542.439008][T30640]  <TASK>
[  542.439017][T30640]  __dump_stack+0x1d/0x30
[  542.439055][T30640]  dump_stack_lvl+0xe8/0x140
[  542.439126][T30640]  dump_stack+0x15/0x1b
[  542.439147][T30640]  should_fail_ex+0x265/0x280
[  542.439182][T30640]  should_fail+0xb/0x20
[  542.439209][T30640]  should_fail_usercopy+0x1a/0x20
[  542.439302][T30640]  _copy_from_user+0x1c/0xb0
[  542.439335][T30640]  do_fcntl+0x5a3/0xdf0
[  542.439353][T30640]  ? selinux_file_fcntl+0x1cb/0x1e0
[  542.439390][T30640]  __se_sys_fcntl+0xb1/0x120
[  542.439503][T30640]  __x64_sys_fcntl+0x43/0x50
[  542.439535][T30640]  x64_sys_call+0x1f1d/0x2fb0
[  542.439556][T30640]  do_syscall_64+0xd0/0x1a0
[  542.439654][T30640]  ? clear_bhb_loop+0x25/0x80
[  542.439680][T30640]  ? clear_bhb_loop+0x25/0x80
[  542.439763][T30640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.439807][T30640] RIP: 0033:0x7f107894e969
[  542.439826][T30640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.439848][T30640] RSP: 002b:00007f1076fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  542.439921][T30640] RAX: ffffffffffffffda RBX: 00007f1078b75fa0 RCX: 00007f107894e969
[  542.439937][T30640] RDX: 0000200000000000 RSI: 0000000000000025 RDI: 0000000000000005
[  542.439951][T30640] RBP: 00007f1076fb7090 R08: 0000000000000000 R09: 0000000000000000
[  542.439962][T30640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  542.440033][T30640] R13: 0000000000000000 R14: 00007f1078b75fa0 R15: 00007ffd925ba3b8
[  542.440124][T30640]  </TASK>
[  542.656218][T30608] ext4: Unknown parameter 'kmem_cache_free'
[  542.673465][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.711605][T30652] netlink: 'syz.5.9391': attribute type 6 has an invalid length.
[  542.731415][T30209] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.791991][T30657] loop5: detected capacity change from 0 to 128
[  542.800845][T30657] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  542.814985][T30657] ext4 filesystem being mounted at /74/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  542.876963][T29566] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  542.950146][T30670] vlan2: entered allmulticast mode
[  542.959762][T30673] FAULT_INJECTION: forcing a failure.
[  542.959762][T30673] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  542.973118][T30673] CPU: 1 UID: 0 PID: 30673 Comm: syz.3.9401 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  542.973153][T30673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  542.973170][T30673] Call Trace:
[  542.973178][T30673]  <TASK>
[  542.973258][T30673]  __dump_stack+0x1d/0x30
[  542.973284][T30673]  dump_stack_lvl+0xe8/0x140
[  542.973308][T30673]  dump_stack+0x15/0x1b
[  542.973324][T30673]  should_fail_ex+0x265/0x280
[  542.973355][T30673]  should_fail_alloc_page+0xf2/0x100
[  542.973465][T30673]  __alloc_frozen_pages_noprof+0xff/0x360
[  542.973506][T30673]  alloc_pages_mpol+0xb3/0x250
[  542.973562][T30673]  vma_alloc_folio_noprof+0x1aa/0x300
[  542.973591][T30673]  handle_mm_fault+0x1056/0x2ae0
[  542.973649][T30673]  ? mas_walk+0xf2/0x120
[  542.973680][T30673]  do_user_addr_fault+0x636/0x1090
[  542.973714][T30673]  exc_page_fault+0x54/0xc0
[  542.973747][T30673]  asm_exc_page_fault+0x26/0x30
[  542.973850][T30673] RIP: 0033:0x7fbb6188bf6b
[  542.973868][T30673] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[  542.973885][T30673] RSP: 002b:00007fbb5ff44e10 EFLAGS: 00010246
[  542.973900][T30673] RAX: 00007fbb5ff46f30 RBX: 00007fbb61ad3620 RCX: 0000000000000000
[  542.973912][T30673] RDX: 00007fbb5ff46f78 RSI: 00007fbb6193dbf8 RDI: 00007fbb5ff44e30
[  542.973992][T30673] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[  542.974004][T30673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  542.974015][T30673] R13: 0000000000000000 R14: 00007fbb61b05fa0 R15: 00007ffec9b4e5b8
[  542.974042][T30673]  </TASK>
[  543.139438][T30673] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  543.504307][T30691] loop3: detected capacity change from 0 to 128
[  543.531487][T30691] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  543.557991][T30691] ext4 filesystem being mounted at /25/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  543.646239][T30209] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  543.718465][T30704] loop3: detected capacity change from 0 to 764
[  543.738005][T30704] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9415'.
[  543.812916][T30718] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9421'.
[  543.832284][T30716] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  543.845029][T30720] loop5: detected capacity change from 0 to 128
[  543.860532][T30720] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  543.875944][T30720] ext4 filesystem being mounted at /79/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  543.934999][T29566] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  543.952239][T30732] loop4: detected capacity change from 0 to 2048
[  543.966158][T30732] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  544.025622][T30746] FAULT_INJECTION: forcing a failure.
[  544.025622][T30746] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  544.038859][T30746] CPU: 0 UID: 0 PID: 30746 Comm: syz.2.9430 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  544.038891][T30746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  544.038916][T30746] Call Trace:
[  544.038984][T30746]  <TASK>
[  544.038993][T30746]  __dump_stack+0x1d/0x30
[  544.039020][T30746]  dump_stack_lvl+0xe8/0x140
[  544.039045][T30746]  dump_stack+0x15/0x1b
[  544.039066][T30746]  should_fail_ex+0x265/0x280
[  544.039107][T30746]  should_fail+0xb/0x20
[  544.039216][T30746]  should_fail_usercopy+0x1a/0x20
[  544.039240][T30746]  _copy_from_user+0x1c/0xb0
[  544.039273][T30746]  ___sys_sendmsg+0xc1/0x1d0
[  544.039316][T30746]  __x64_sys_sendmsg+0xd4/0x160
[  544.039340][T30746]  x64_sys_call+0x2999/0x2fb0
[  544.039366][T30746]  do_syscall_64+0xd0/0x1a0
[  544.039392][T30746]  ? clear_bhb_loop+0x25/0x80
[  544.039489][T30746]  ? clear_bhb_loop+0x25/0x80
[  544.039514][T30746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.039574][T30746] RIP: 0033:0x7f2797a1e969
[  544.039594][T30746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.039618][T30746] RSP: 002b:00007f2796087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  544.039641][T30746] RAX: ffffffffffffffda RBX: 00007f2797c45fa0 RCX: 00007f2797a1e969
[  544.039707][T30746] RDX: 000000000400c010 RSI: 0000200000003780 RDI: 0000000000000003
[  544.039786][T30746] RBP: 00007f2796087090 R08: 0000000000000000 R09: 0000000000000000
[  544.039800][T30746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  544.039872][T30746] R13: 0000000000000000 R14: 00007f2797c45fa0 R15: 00007ffcf6cc5ce8
[  544.039938][T30746]  </TASK>
[  544.055212][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  544.212140][T30758] FAULT_INJECTION: forcing a failure.
[  544.212140][T30758] name failslab, interval 1, probability 0, space 0, times 0
[  544.233858][T30758] CPU: 0 UID: 0 PID: 30758 Comm: syz.2.9437 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  544.233894][T30758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  544.233910][T30758] Call Trace:
[  544.233919][T30758]  <TASK>
[  544.233929][T30758]  __dump_stack+0x1d/0x30
[  544.233953][T30758]  dump_stack_lvl+0xe8/0x140
[  544.234004][T30758]  dump_stack+0x15/0x1b
[  544.234069][T30758]  should_fail_ex+0x265/0x280
[  544.234108][T30758]  should_failslab+0x8c/0xb0
[  544.234185][T30758]  kmem_cache_alloc_noprof+0x50/0x310
[  544.234243][T30758]  ? security_file_alloc+0x32/0x100
[  544.234280][T30758]  security_file_alloc+0x32/0x100
[  544.234311][T30758]  init_file+0x5c/0x1d0
[  544.234351][T30758]  alloc_empty_file+0x8b/0x200
[  544.234398][T30758]  alloc_file_pseudo+0xc6/0x160
[  544.234433][T30758]  __shmem_file_setup+0x1b9/0x1f0
[  544.234461][T30758]  shmem_file_setup+0x3b/0x50
[  544.234569][T30758]  __se_sys_memfd_create+0x2c3/0x590
[  544.234604][T30758]  __x64_sys_memfd_create+0x31/0x40
[  544.234633][T30758]  x64_sys_call+0x122f/0x2fb0
[  544.234660][T30758]  do_syscall_64+0xd0/0x1a0
[  544.234683][T30758]  ? clear_bhb_loop+0x25/0x80
[  544.234704][T30758]  ? clear_bhb_loop+0x25/0x80
[  544.234783][T30758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.234804][T30758] RIP: 0033:0x7f2797a1e969
[  544.234853][T30758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.234871][T30758] RSP: 002b:00007f2796065e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  544.234890][T30758] RAX: ffffffffffffffda RBX: 0000000000000582 RCX: 00007f2797a1e969
[  544.234903][T30758] RDX: 00007f2796065ef0 RSI: 0000000000000000 RDI: 00007f2797aa1444
[  544.234915][T30758] RBP: 0000200000009ec0 R08: 00007f2796065bb7 R09: 00007f2796065e40
[  544.234934][T30758] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000005c0
[  544.235005][T30758] R13: 00007f2796065ef0 R14: 00007f2796065eb0 R15: 0000200000000600
[  544.235025][T30758]  </TASK>
[  544.474962][T30763] loop5: detected capacity change from 0 to 2048
[  544.491296][T30762] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  544.518536][T30763] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  544.560290][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  544.580443][T30780] loop4: detected capacity change from 0 to 128
[  544.580443][T30779] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9446'.
[  544.608596][T30780] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  544.622403][T30780] ext4 filesystem being mounted at /140/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  544.656457][T30785] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9445'.
[  544.665517][T30785] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9445'.
[  544.689987][T28578] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  544.698568][T30785] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9445'.
[  544.725144][T30785] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9445'.
[  544.745995][T30795] FAULT_INJECTION: forcing a failure.
[  544.745995][T30795] name failslab, interval 1, probability 0, space 0, times 0
[  544.758772][T30795] CPU: 0 UID: 0 PID: 30795 Comm: syz.4.9451 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  544.758800][T30795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  544.758815][T30795] Call Trace:
[  544.758823][T30795]  <TASK>
[  544.758893][T30795]  __dump_stack+0x1d/0x30
[  544.758917][T30795]  dump_stack_lvl+0xe8/0x140
[  544.758939][T30795]  dump_stack+0x15/0x1b
[  544.759030][T30795]  should_fail_ex+0x265/0x280
[  544.759062][T30795]  ? proc_self_get_link+0x97/0x110
[  544.759086][T30795]  should_failslab+0x8c/0xb0
[  544.759188][T30795]  __kmalloc_cache_noprof+0x4c/0x320
[  544.759209][T30795]  ? __pfx_proc_self_get_link+0x10/0x10
[  544.759234][T30795]  proc_self_get_link+0x97/0x110
[  544.759297][T30795]  pick_link+0x4d2/0x820
[  544.759328][T30795]  step_into+0x7b6/0x820
[  544.759361][T30795]  ? inode_permission+0xb5/0x300
[  544.759460][T30795]  link_path_walk+0x545/0x8b0
[  544.759493][T30795]  path_openat+0x1de/0x2170
[  544.759515][T30795]  ? _parse_integer_limit+0x170/0x190
[  544.759619][T30795]  do_filp_open+0x109/0x230
[  544.759712][T30795]  do_sys_openat2+0xa6/0x110
[  544.759733][T30795]  __x64_sys_openat+0xf2/0x120
[  544.759767][T30795]  x64_sys_call+0x1af/0x2fb0
[  544.759799][T30795]  do_syscall_64+0xd0/0x1a0
[  544.759877][T30795]  ? clear_bhb_loop+0x25/0x80
[  544.759898][T30795]  ? clear_bhb_loop+0x25/0x80
[  544.759958][T30795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  544.759979][T30795] RIP: 0033:0x7f107894e969
[  544.759994][T30795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  544.760012][T30795] RSP: 002b:00007f1076fb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  544.760052][T30795] RAX: ffffffffffffffda RBX: 00007f1078b75fa0 RCX: 00007f107894e969
[  544.760064][T30795] RDX: 0000000000004000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  544.760076][T30795] RBP: 00007f1076fb7090 R08: 0000000000000000 R09: 0000000000000000
[  544.760089][T30795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  544.760101][T30795] R13: 0000000000000001 R14: 00007f1078b75fa0 R15: 00007ffd925ba3b8
[  544.760119][T30795]  </TASK>
[  544.998265][T30800] syz.4.9453 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  545.018316][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881196b6a00: rx timeout, send abort
[  545.026654][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8881196b6a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  545.130111][T30812] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  545.184827][T30823] netlink: 'syz.2.9464': attribute type 4 has an invalid length.
[  546.341144][T30844] loop5: detected capacity change from 0 to 1024
[  546.389424][T30844] EXT4-fs: inline encryption not supported
[  546.395193][T30852] loop3: detected capacity change from 0 to 512
[  546.395403][T30844] EXT4-fs: Ignoring removed i_version option
[  546.409589][T30844] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  546.414861][T30852] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.9477: invalid indirect mapped block 256 (level 2)
[  546.457314][T30844] EXT4-fs error (device loop5): ext4_map_blocks:675: inode #3: block 2: comm syz.5.9474: lblock 2 mapped to illegal pblock 2 (length 1)
[  546.475706][T30861] vlan2: entered allmulticast mode
[  546.493283][T30844] EXT4-fs error (device loop5): ext4_map_blocks:675: inode #3: block 48: comm syz.5.9474: lblock 0 mapped to illegal pblock 48 (length 1)
[  546.513962][T30852] EXT4-fs (loop3): 2 truncates cleaned up
[  546.520162][T30852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  546.549441][T30844] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.9474: Failed to acquire dquot type 0
[  546.568392][T30867] __nla_validate_parse: 6 callbacks suppressed
[  546.568406][T30867] netlink: 52 bytes leftover after parsing attributes in process `syz.4.9481'.
[  546.583831][T30867] netlink: 52 bytes leftover after parsing attributes in process `syz.4.9481'.
[  546.592866][T30867] netlink: 52 bytes leftover after parsing attributes in process `syz.4.9481'.
[  546.606390][T30852] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.9477: bg 0: block 5: invalid block bitmap
[  546.620448][T30852] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  546.632944][T30852] EXT4-fs (loop3): This should not happen!! Data will be lost
[  546.632944][T30852] 
[  546.642645][T30852] EXT4-fs (loop3): Total free blocks count 0
[  546.648731][T30852] EXT4-fs (loop3): Free/Dirty block details
[  546.654693][T30852] EXT4-fs (loop3): free_blocks=0
[  546.659657][T30852] EXT4-fs (loop3): dirty_blocks=44
[  546.664796][T30852] EXT4-fs (loop3): Block reservation details
[  546.670861][T30852] EXT4-fs (loop3): i_reserved_data_blocks=44
[  546.741558][T30844] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5899: Corrupt filesystem
[  546.752748][T30844] EXT4-fs error (device loop5): ext4_evict_inode:259: inode #11: comm syz.5.9474: mark_inode_dirty error
[  546.765481][T30844] EXT4-fs warning (device loop5): ext4_evict_inode:262: couldn't mark inode dirty (err -117)
[  546.789681][T30871] loop4: detected capacity change from 0 to 2048
[  546.807544][T30844] EXT4-fs (loop5): 1 orphan inode deleted
[  546.821175][T30844] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  546.838778][T30844] EXT4-fs error (device loop5): ext4_map_blocks:675: inode #3: block 1: comm syz.5.9474: lblock 1 mapped to illegal pblock 1 (length 1)
[  546.854586][T30871]  loop4: p1 < > p4 < >
[  546.887171][T30844] __quota_error: 259 callbacks suppressed
[  546.887191][T30844] Quota error (device loop5): find_next_id: Can't read quota tree block 1
[  546.902024][ T1662] EXT4-fs error (device loop5): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  546.920868][ T1662] Quota error (device loop5): remove_tree: Can't read quota data block 1
[  546.929433][ T1662] EXT4-fs error (device loop5): ext4_release_dquot:6971: comm kworker/u8:6: Failed to release dquot type 0
[  546.942049][T30209] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  546.970987][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  546.988356][T29566] EXT4-fs error (device loop5): __ext4_get_inode_loc:4450: comm syz-executor: Invalid inode table block 1 in block_group 0
[  547.024834][T29566] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5899: Corrupt filesystem
[  547.042759][   T29] audit: type=1400 audit(1746921686.450:21779): avc:  denied  { create } for  pid=30888 comm="syz.4.9493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  547.043269][T29566] EXT4-fs error (device loop5): ext4_quota_off:7219: inode #3: comm syz-executor: mark_inode_dirty error
[  547.084991][T30884] FAULT_INJECTION: forcing a failure.
[  547.084991][T30884] name failslab, interval 1, probability 0, space 0, times 0
[  547.097844][T30884] CPU: 1 UID: 0 PID: 30884 Comm: syz.2.9491 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  547.097950][T30884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  547.097967][T30884] Call Trace:
[  547.097974][T30884]  <TASK>
[  547.097984][T30884]  __dump_stack+0x1d/0x30
[  547.098008][T30884]  dump_stack_lvl+0xe8/0x140
[  547.098029][T30884]  dump_stack+0x15/0x1b
[  547.098050][T30884]  should_fail_ex+0x265/0x280
[  547.098135][T30884]  should_failslab+0x8c/0xb0
[  547.098163][T30884]  kmem_cache_alloc_node_noprof+0x57/0x320
[  547.098268][T30884]  ? __alloc_skb+0x101/0x320
[  547.098303][T30884]  __alloc_skb+0x101/0x320
[  547.098332][T30884]  netlink_alloc_large_skb+0xba/0xf0
[  547.098463][T30884]  netlink_sendmsg+0x3cf/0x6b0
[  547.098496][T30884]  ? __pfx_netlink_sendmsg+0x10/0x10
[  547.098536][T30884]  __sock_sendmsg+0x142/0x180
[  547.098659][T30884]  ____sys_sendmsg+0x31e/0x4e0
[  547.098688][T30884]  ___sys_sendmsg+0x17b/0x1d0
[  547.098729][T30884]  __x64_sys_sendmsg+0xd4/0x160
[  547.098752][T30884]  x64_sys_call+0x2999/0x2fb0
[  547.098806][T30884]  do_syscall_64+0xd0/0x1a0
[  547.098834][T30884]  ? clear_bhb_loop+0x25/0x80
[  547.098855][T30884]  ? clear_bhb_loop+0x25/0x80
[  547.098992][T30884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.099013][T30884] RIP: 0033:0x7f2797a1e969
[  547.099032][T30884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.099119][T30884] RSP: 002b:00007f2796087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  547.099195][T30884] RAX: ffffffffffffffda RBX: 00007f2797c45fa0 RCX: 00007f2797a1e969
[  547.099212][T30884] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000005
[  547.099227][T30884] RBP: 00007f2796087090 R08: 0000000000000000 R09: 0000000000000000
[  547.099243][T30884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  547.099288][T30884] R13: 0000000000000000 R14: 00007f2797c45fa0 R15: 00007ffcf6cc5ce8
[  547.099309][T30884]  </TASK>
[  547.313317][T30886] IPv6: NLM_F_CREATE should be specified when creating new route
[  547.329743][T30886] IPv6: Can't replace route, no match found
[  547.338972][   T29] audit: type=1400 audit(1746921686.750:21780): avc:  denied  { bind } for  pid=30894 comm="syz.2.9495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  547.389103][T30895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9495'.
[  547.453100][T30903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  547.472920][T30903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  547.483837][   T29] audit: type=1400 audit(1746921686.850:21781): avc:  denied  { create } for  pid=30894 comm="syz.2.9495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  547.503870][   T29] audit: type=1400 audit(1746921686.850:21782): avc:  denied  { ioctl } for  pid=30894 comm="syz.2.9495" path="socket:[105771]" dev="sockfs" ino=105771 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  547.529080][   T29] audit: type=1326 audit(1746921686.850:21783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30894 comm="syz.2.9495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797a1e969 code=0x7ffc0000
[  547.553117][   T29] audit: type=1326 audit(1746921686.850:21784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30894 comm="syz.2.9495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f2797a1e969 code=0x7ffc0000
[  547.576870][   T29] audit: type=1326 audit(1746921686.850:21785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30894 comm="syz.2.9495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797a1e969 code=0x7ffc0000
[  547.600742][   T29] audit: type=1326 audit(1746921686.850:21786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30894 comm="syz.2.9495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2797a1e969 code=0x7ffc0000
[  547.626424][T30901] loop5: detected capacity change from 0 to 8192
[  547.669336][T30915] bond1: entered promiscuous mode
[  547.674604][T30915] bond1: entered allmulticast mode
[  547.675421][T30915] 8021q: adding VLAN 0 to HW filter on device bond1
[  547.701290][T30915] bond1 (unregistering): Released all slaves
[  547.729237][T30920] netlink: 52 bytes leftover after parsing attributes in process `syz.4.9504'.
[  547.729261][T30920] netlink: 52 bytes leftover after parsing attributes in process `syz.4.9504'.
[  547.729278][T30920] netlink: 52 bytes leftover after parsing attributes in process `syz.4.9504'.
[  547.795736][T30932] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9507'.
[  547.937733][T30941] loop5: detected capacity change from 0 to 4096
[  547.974213][T30943] FAULT_INJECTION: forcing a failure.
[  547.974213][T30943] name failslab, interval 1, probability 0, space 0, times 0
[  547.986921][T30943] CPU: 0 UID: 0 PID: 30943 Comm: syz.1.9514 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  547.987004][T30943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  547.987020][T30943] Call Trace:
[  547.987027][T30943]  <TASK>
[  547.987034][T30943]  __dump_stack+0x1d/0x30
[  547.987056][T30943]  dump_stack_lvl+0xe8/0x140
[  547.987074][T30943]  dump_stack+0x15/0x1b
[  547.987089][T30943]  should_fail_ex+0x265/0x280
[  547.987202][T30943]  should_failslab+0x8c/0xb0
[  547.987230][T30943]  __kmalloc_noprof+0xa5/0x3e0
[  547.987301][T30943]  ? bpf_test_init+0xa9/0x160
[  547.987341][T30943]  bpf_test_init+0xa9/0x160
[  547.987428][T30943]  bpf_prog_test_run_xdp+0x274/0x8f0
[  547.987520][T30943]  ? kstrtouint+0x76/0xc0
[  547.987558][T30943]  ? __rcu_read_unlock+0x4f/0x70
[  547.987582][T30943]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  547.987651][T30943]  bpf_prog_test_run+0x207/0x390
[  547.987691][T30943]  __sys_bpf+0x3dc/0x790
[  547.987788][T30943]  __x64_sys_bpf+0x41/0x50
[  547.987819][T30943]  x64_sys_call+0x2478/0x2fb0
[  547.987843][T30943]  do_syscall_64+0xd0/0x1a0
[  547.987926][T30943]  ? clear_bhb_loop+0x25/0x80
[  547.988001][T30943]  ? clear_bhb_loop+0x25/0x80
[  547.988028][T30943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.988170][T30943] RIP: 0033:0x7f2edee1e969
[  547.988184][T30943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.988275][T30943] RSP: 002b:00007f2edd487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  547.988297][T30943] RAX: ffffffffffffffda RBX: 00007f2edf045fa0 RCX: 00007f2edee1e969
[  547.988312][T30943] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  547.988327][T30943] RBP: 00007f2edd487090 R08: 0000000000000000 R09: 0000000000000000
[  547.988385][T30943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  547.988400][T30943] R13: 0000000000000000 R14: 00007f2edf045fa0 R15: 00007ffc108b3728
[  547.988423][T30943]  </TASK>
[  548.204934][T30941] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  548.386413][T30951] vlan2: entered allmulticast mode
[  548.391610][T30951] bond0: entered allmulticast mode
[  548.396780][T30951] bond_slave_0: entered allmulticast mode
[  548.402546][T30951] bond_slave_1: entered allmulticast mode
[  548.743382][T31009] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  548.763997][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  548.779912][T31009] loop4: detected capacity change from 0 to 1024
[  548.809633][T31009] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.9519: Failed to acquire dquot type 0
[  548.828609][T31009] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  548.844957][T31009] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #13: comm syz.4.9519: corrupted inode contents
[  548.865974][T31009] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #13: comm syz.4.9519: mark_inode_dirty error
[  548.920007][T31009] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #13: comm syz.4.9519: corrupted inode contents
[  548.947437][T31009] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #13: comm syz.4.9519: mark_inode_dirty error
[  548.972575][T31009] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #13: comm syz.4.9519: corrupted inode contents
[  548.999269][T31009] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  549.012523][T31009] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #13: comm syz.4.9519: corrupted inode contents
[  549.026390][T31009] EXT4-fs error (device loop4): ext4_truncate:4255: inode #13: comm syz.4.9519: mark_inode_dirty error
[  549.038155][T31009] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  549.048913][T31009] EXT4-fs (loop4): 1 truncate cleaned up
[  549.055237][T31009] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  549.077507][T31009] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000.
[  549.308512][T31078] pimreg: entered allmulticast mode
[  549.338355][T31078] pimreg: left allmulticast mode
[  549.436662][T31090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9529'.
[  549.445945][T31092] FAULT_INJECTION: forcing a failure.
[  549.445945][T31092] name failslab, interval 1, probability 0, space 0, times 0
[  549.458846][T31092] CPU: 0 UID: 0 PID: 31092 Comm: syz.2.9530 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  549.458881][T31092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  549.458961][T31092] Call Trace:
[  549.458969][T31092]  <TASK>
[  549.458979][T31092]  __dump_stack+0x1d/0x30
[  549.459006][T31092]  dump_stack_lvl+0xe8/0x140
[  549.459032][T31092]  dump_stack+0x15/0x1b
[  549.459134][T31092]  should_fail_ex+0x265/0x280
[  549.459176][T31092]  should_failslab+0x8c/0xb0
[  549.459274][T31092]  kmem_cache_alloc_noprof+0x50/0x310
[  549.459318][T31092]  ? skb_clone+0x151/0x1f0
[  549.459372][T31092]  skb_clone+0x151/0x1f0
[  549.459407][T31092]  __netlink_deliver_tap+0x2c9/0x500
[  549.459457][T31092]  netlink_unicast+0x64c/0x670
[  549.459487][T31092]  netlink_sendmsg+0x58b/0x6b0
[  549.459599][T31092]  ? __pfx_netlink_sendmsg+0x10/0x10
[  549.459641][T31092]  __sock_sendmsg+0x142/0x180
[  549.459675][T31092]  ____sys_sendmsg+0x31e/0x4e0
[  549.459724][T31092]  ___sys_sendmsg+0x17b/0x1d0
[  549.459766][T31092]  __x64_sys_sendmsg+0xd4/0x160
[  549.459797][T31092]  x64_sys_call+0x2999/0x2fb0
[  549.459824][T31092]  do_syscall_64+0xd0/0x1a0
[  549.459936][T31092]  ? clear_bhb_loop+0x25/0x80
[  549.459978][T31092]  ? clear_bhb_loop+0x25/0x80
[  549.460005][T31092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.460074][T31092] RIP: 0033:0x7f2797a1e969
[  549.460093][T31092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.460117][T31092] RSP: 002b:00007f2796087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  549.460141][T31092] RAX: ffffffffffffffda RBX: 00007f2797c45fa0 RCX: 00007f2797a1e969
[  549.460157][T31092] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000005
[  549.460215][T31092] RBP: 00007f2796087090 R08: 0000000000000000 R09: 0000000000000000
[  549.460304][T31092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.460318][T31092] R13: 0000000000000000 R14: 00007f2797c45fa0 R15: 00007ffcf6cc5ce8
[  549.460339][T31092]  </TASK>
[  549.864739][T31105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  549.894390][T31105] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  549.976667][T28578] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.007468][T31105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  550.015016][T31105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  550.024198][T31105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  550.031932][T31105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  550.107096][T31127] bond_slave_1: mtu less than device minimum
[  550.131324][T31128] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  550.168038][T31128] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.630631][T31152] loop3: detected capacity change from 0 to 2048
[  550.648087][T31152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  550.685616][T30209] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.743442][T31159] netlink: 52 bytes leftover after parsing attributes in process `syz.5.9548'.
[  550.800027][T31167] IPv6: Can't replace route, no match found
[  550.980773][T31194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  550.999548][T31194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  551.150170][T31211] IPv6: Can't replace route, no match found
[  551.581991][T31245] loop5: detected capacity change from 0 to 2048
[  551.628644][T31245] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  551.662048][T31247] __nla_validate_parse: 5 callbacks suppressed
[  551.662067][T31247] netlink: 52 bytes leftover after parsing attributes in process `syz.1.9585'.
[  551.677629][T31247] netlink: 52 bytes leftover after parsing attributes in process `syz.1.9585'.
[  551.686620][T31247] netlink: 52 bytes leftover after parsing attributes in process `syz.1.9585'.
[  551.706064][T31251] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  551.717283][T29566] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  551.727378][T31255] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9588'.
[  551.753988][T31262] FAULT_INJECTION: forcing a failure.
[  551.753988][T31262] name failslab, interval 1, probability 0, space 0, times 0
[  551.766674][T31262] CPU: 1 UID: 0 PID: 31262 Comm: syz.5.9589 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  551.766709][T31262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  551.766726][T31262] Call Trace:
[  551.766735][T31262]  <TASK>
[  551.766792][T31262]  __dump_stack+0x1d/0x30
[  551.766895][T31262]  dump_stack_lvl+0xe8/0x140
[  551.766919][T31262]  dump_stack+0x15/0x1b
[  551.766940][T31262]  should_fail_ex+0x265/0x280
[  551.766979][T31262]  ? nf_tables_newtable+0x375/0xea0
[  551.767081][T31262]  should_failslab+0x8c/0xb0
[  551.767115][T31262]  __kmalloc_cache_noprof+0x4c/0x320
[  551.767139][T31262]  ? __nla_validate_parse+0x1652/0x1d00
[  551.767166][T31262]  nf_tables_newtable+0x375/0xea0
[  551.767230][T31262]  nfnetlink_rcv+0xb96/0x1690
[  551.767357][T31262]  netlink_unicast+0x59e/0x670
[  551.767392][T31262]  netlink_sendmsg+0x58b/0x6b0
[  551.767432][T31262]  ? __pfx_netlink_sendmsg+0x10/0x10
[  551.767536][T31262]  __sock_sendmsg+0x142/0x180
[  551.767568][T31262]  ____sys_sendmsg+0x31e/0x4e0
[  551.767607][T31262]  ___sys_sendmsg+0x17b/0x1d0
[  551.767640][T31262]  __x64_sys_sendmsg+0xd4/0x160
[  551.767747][T31262]  x64_sys_call+0x2999/0x2fb0
[  551.767804][T31262]  do_syscall_64+0xd0/0x1a0
[  551.767833][T31262]  ? clear_bhb_loop+0x25/0x80
[  551.767859][T31262]  ? clear_bhb_loop+0x25/0x80
[  551.767888][T31262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.767953][T31262] RIP: 0033:0x7f97c896e969
[  551.767971][T31262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.767994][T31262] RSP: 002b:00007f97c6fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  551.768017][T31262] RAX: ffffffffffffffda RBX: 00007f97c8b95fa0 RCX: 00007f97c896e969
[  551.768031][T31262] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000006
[  551.768054][T31262] RBP: 00007f97c6fd7090 R08: 0000000000000000 R09: 0000000000000000
[  551.768069][T31262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  551.768084][T31262] R13: 0000000000000000 R14: 00007f97c8b95fa0 R15: 00007ffe110b9408
[  551.768107][T31262]  </TASK>
[  552.024084][T31255] bond1: entered promiscuous mode
[  552.029229][T31255] bond1: entered allmulticast mode
[  552.050330][T31274] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9594'.
[  552.051005][T31271] loop5: detected capacity change from 0 to 2048
[  552.059424][T31274] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9594'.
[  552.065908][T31255] 8021q: adding VLAN 0 to HW filter on device bond1
[  552.074977][T31274] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9594'.
[  552.207606][   T29] kauditd_printk_skb: 167 callbacks suppressed
[  552.207625][   T29] audit: type=1400 audit(1746921691.620:21948): avc:  denied  { mount } for  pid=31296 comm="syz.3.9602" name="/" dev="ramfs" ino=106160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  552.279412][T31307] loop3: detected capacity change from 0 to 256
[  552.332581][T31268] loop4: detected capacity change from 0 to 512
[  552.335024][   T29] audit: type=1400 audit(1746921691.710:21949): avc:  denied  { mount } for  pid=31306 comm="syz.3.9606" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  552.361095][   T29] audit: type=1326 audit(1746921691.710:21950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31306 comm="syz.3.9606" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbb618de969 code=0x0
[  552.393225][T31314] netlink: 'syz.2.9607': attribute type 1 has an invalid length.
[  552.437681][   T29] audit: type=1326 audit(1746921691.850:21951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31303 comm="syz.5.9605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  552.461398][   T29] audit: type=1326 audit(1746921691.850:21952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31303 comm="syz.5.9605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  552.554780][T31268] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6).
[  552.567840][T31268] EXT4-fs warning (device loop4): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  552.613982][   T29] audit: type=1326 audit(1746921691.850:21953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31303 comm="syz.5.9605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  552.633123][T31268] EXT4-fs (loop4): mount failed
[  552.637615][   T29] audit: type=1326 audit(1746921691.850:21954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31303 comm="syz.5.9605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  552.666802][   T29] audit: type=1326 audit(1746921691.850:21955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31303 comm="syz.5.9605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  552.690664][   T29] audit: type=1326 audit(1746921691.850:21956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31303 comm="syz.5.9605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  552.839428][T31325] netlink: 52 bytes leftover after parsing attributes in process `syz.5.9611'.
[  552.849770][T31325] netlink: 52 bytes leftover after parsing attributes in process `syz.5.9611'.
[  552.858761][T31325] netlink: 52 bytes leftover after parsing attributes in process `syz.5.9611'.
[  552.925294][T31327] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  552.925682][T31276] loop4: detected capacity change from 0 to 512
[  552.957042][T31276] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  553.110270][T31337] vlan2: entered allmulticast mode
[  553.190478][T31354] loop4: detected capacity change from 0 to 512
[  553.210105][T31354] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.9623: invalid indirect mapped block 256 (level 2)
[  553.233862][T31354] EXT4-fs (loop4): 2 truncates cleaned up
[  553.254066][T31354] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.9623: bg 0: block 5: invalid block bitmap
[  553.279573][T31354] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  553.292114][T31354] EXT4-fs (loop4): This should not happen!! Data will be lost
[  553.292114][T31354] 
[  553.302058][T31354] EXT4-fs (loop4): Total free blocks count 0
[  553.308286][T31354] EXT4-fs (loop4): Free/Dirty block details
[  553.314465][T31354] EXT4-fs (loop4): free_blocks=0
[  553.319429][T31354] EXT4-fs (loop4): dirty_blocks=44
[  553.324986][T31354] EXT4-fs (loop4): Block reservation details
[  553.331069][T31354] EXT4-fs (loop4): i_reserved_data_blocks=44
[  553.456612][T31381] loop5: detected capacity change from 0 to 512
[  553.469288][T31381] loop5: detected capacity change from 0 to 512
[  553.484986][T31381] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  553.493929][T31385] loop3: detected capacity change from 0 to 512
[  553.514910][T31381] EXT4-fs (loop5): 1 truncate cleaned up
[  553.520514][T31388] 9pnet: Could not find request transport: fTd
[  553.536038][T31385] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  553.548637][T31388] loop4: detected capacity change from 0 to 1024
[  553.610590][T31385] EXT4-fs (loop3): 1 truncate cleaned up
[  553.641482][T31399] loop4: detected capacity change from 0 to 512
[  553.689144][T31399] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.9641: invalid indirect mapped block 256 (level 2)
[  553.723799][T31399] EXT4-fs (loop4): 2 truncates cleaned up
[  553.744892][T31399] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.9641: bg 0: block 5: invalid block bitmap
[  553.758542][T31399] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  553.771112][T31399] EXT4-fs (loop4): This should not happen!! Data will be lost
[  553.771112][T31399] 
[  553.780909][T31399] EXT4-fs (loop4): Total free blocks count 0
[  553.787023][T31399] EXT4-fs (loop4): Free/Dirty block details
[  553.793026][T31399] EXT4-fs (loop4): free_blocks=0
[  553.798382][T31399] EXT4-fs (loop4): dirty_blocks=44
[  553.803590][T31399] EXT4-fs (loop4): Block reservation details
[  553.809622][T31399] EXT4-fs (loop4): i_reserved_data_blocks=44
[  553.976602][T31440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  553.985069][T31440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  555.056345][T31474] program syz.2.9668 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  555.221684][T31486] loop3: detected capacity change from 0 to 512
[  555.232975][T31486] loop3: detected capacity change from 0 to 512
[  555.242231][T31486] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  555.251636][T31488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  555.260406][T31488] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  555.489980][T31486] EXT4-fs (loop3): 1 truncate cleaned up
[  555.596377][T31493] loop5: detected capacity change from 0 to 512
[  555.658150][T31493] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.9674: invalid indirect mapped block 256 (level 2)
[  555.707876][T31493] EXT4-fs (loop5): 2 truncates cleaned up
[  555.717414][T31493] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.9674: bg 0: block 5: invalid block bitmap
[  555.731399][T31493] EXT4-fs (loop5): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  555.743915][T31493] EXT4-fs (loop5): This should not happen!! Data will be lost
[  555.743915][T31493] 
[  555.753649][T31493] EXT4-fs (loop5): Total free blocks count 0
[  555.759663][T31493] EXT4-fs (loop5): Free/Dirty block details
[  555.765717][T31493] EXT4-fs (loop5): free_blocks=0
[  555.770702][T31493] EXT4-fs (loop5): dirty_blocks=44
[  555.775919][T31493] EXT4-fs (loop5): Block reservation details
[  555.781924][T31493] EXT4-fs (loop5): i_reserved_data_blocks=44
[  555.916630][T31516] dccp_xmit_packet: Payload too large (65475) for featneg.
[  556.018283][T31516] 9pnet: Could not find request transport: qd
[  556.062996][T31528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  556.071779][T31528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  556.182349][T31537] loop3: detected capacity change from 0 to 512
[  556.195285][T31537] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.9688: invalid indirect mapped block 256 (level 2)
[  556.213792][T31537] EXT4-fs (loop3): 2 truncates cleaned up
[  556.229373][T31537] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.9688: bg 0: block 5: invalid block bitmap
[  556.265490][T31537] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 21 with max blocks 44 with error 28
[  556.278008][T31537] EXT4-fs (loop3): This should not happen!! Data will be lost
[  556.278008][T31537] 
[  556.287689][T31537] EXT4-fs (loop3): Total free blocks count 0
[  556.293721][T31537] EXT4-fs (loop3): Free/Dirty block details
[  556.299643][T31537] EXT4-fs (loop3): free_blocks=0
[  556.304668][T31537] EXT4-fs (loop3): dirty_blocks=44
[  556.309833][T31537] EXT4-fs (loop3): Block reservation details
[  556.315866][T31537] EXT4-fs (loop3): i_reserved_data_blocks=44
[  556.575499][T31557] pimreg: entered allmulticast mode
[  556.583195][T31557] pimreg: left allmulticast mode
[  556.676787][T31564] __nla_validate_parse: 10 callbacks suppressed
[  556.676802][T31564] netlink: 52 bytes leftover after parsing attributes in process `syz.3.9701'.
[  556.692327][T31564] netlink: 52 bytes leftover after parsing attributes in process `syz.3.9701'.
[  556.770387][T31568] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  557.119615][T31616] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=31616 comm=syz.3.9723
[  557.154545][T31604] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9718'.
[  557.378587][T31622] vlan2: entered allmulticast mode
[  558.435683][T31638] FAULT_INJECTION: forcing a failure.
[  558.435683][T31638] name failslab, interval 1, probability 0, space 0, times 0
[  558.448347][T31638] CPU: 1 UID: 0 PID: 31638 Comm: syz.4.9730 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  558.448382][T31638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  558.448399][T31638] Call Trace:
[  558.448407][T31638]  <TASK>
[  558.448417][T31638]  __dump_stack+0x1d/0x30
[  558.448444][T31638]  dump_stack_lvl+0xe8/0x140
[  558.448485][T31638]  dump_stack+0x15/0x1b
[  558.448502][T31638]  should_fail_ex+0x265/0x280
[  558.448535][T31638]  should_failslab+0x8c/0xb0
[  558.448653][T31638]  __kvmalloc_node_noprof+0x126/0x4d0
[  558.448680][T31638]  ? io_alloc_cache_init+0x31/0xa0
[  558.448739][T31638]  io_alloc_cache_init+0x31/0xa0
[  558.448779][T31638]  io_ring_ctx_alloc+0x2b7/0x650
[  558.448811][T31638]  io_uring_create+0x10f/0x610
[  558.448836][T31638]  __se_sys_io_uring_setup+0x1f7/0x210
[  558.448882][T31638]  __x64_sys_io_uring_setup+0x31/0x40
[  558.448976][T31638]  x64_sys_call+0x184b/0x2fb0
[  558.449000][T31638]  do_syscall_64+0xd0/0x1a0
[  558.449029][T31638]  ? clear_bhb_loop+0x25/0x80
[  558.449056][T31638]  ? clear_bhb_loop+0x25/0x80
[  558.449084][T31638]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.449129][T31638] RIP: 0033:0x7f107894e969
[  558.449143][T31638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.449160][T31638] RSP: 002b:00007f1076f74fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[  558.449181][T31638] RAX: ffffffffffffffda RBX: 00007f1078b76160 RCX: 00007f107894e969
[  558.449263][T31638] RDX: 00002000000000c0 RSI: 0000200000000180 RDI: 0000000000003380
[  558.449275][T31638] RBP: 0000200000000180 R08: 0000000000000000 R09: 00002000000000c0
[  558.449287][T31638] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  558.449298][T31638] R13: 0000200000000380 R14: 0000000000003380 R15: 00002000000000c0
[  558.449315][T31638]  </TASK>
[  559.000275][T31667] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9740'.
[  559.045035][T31670] FAULT_INJECTION: forcing a failure.
[  559.045035][T31670] name failslab, interval 1, probability 0, space 0, times 0
[  559.058014][T31670] CPU: 0 UID: 0 PID: 31670 Comm: syz.3.9743 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  559.058051][T31670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  559.058074][T31670] Call Trace:
[  559.058082][T31670]  <TASK>
[  559.058090][T31670]  __dump_stack+0x1d/0x30
[  559.058118][T31670]  dump_stack_lvl+0xe8/0x140
[  559.058142][T31670]  dump_stack+0x15/0x1b
[  559.058183][T31670]  should_fail_ex+0x265/0x280
[  559.058225][T31670]  should_failslab+0x8c/0xb0
[  559.058257][T31670]  __kmalloc_noprof+0xa5/0x3e0
[  559.058280][T31670]  ? bpf_test_init+0xa9/0x160
[  559.058320][T31670]  bpf_test_init+0xa9/0x160
[  559.058418][T31670]  bpf_prog_test_run_xdp+0x274/0x8f0
[  559.058456][T31670]  ? kstrtouint+0x76/0xc0
[  559.058508][T31670]  ? __rcu_read_unlock+0x4f/0x70
[  559.058540][T31670]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  559.058580][T31670]  bpf_prog_test_run+0x207/0x390
[  559.058652][T31670]  __sys_bpf+0x3dc/0x790
[  559.058695][T31670]  __x64_sys_bpf+0x41/0x50
[  559.058723][T31670]  x64_sys_call+0x2478/0x2fb0
[  559.058750][T31670]  do_syscall_64+0xd0/0x1a0
[  559.058792][T31670]  ? clear_bhb_loop+0x25/0x80
[  559.058819][T31670]  ? clear_bhb_loop+0x25/0x80
[  559.058844][T31670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.058868][T31670] RIP: 0033:0x7fbb618de969
[  559.058945][T31670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  559.059006][T31670] RSP: 002b:00007fbb5ff47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  559.059030][T31670] RAX: ffffffffffffffda RBX: 00007fbb61b05fa0 RCX: 00007fbb618de969
[  559.059045][T31670] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  559.059061][T31670] RBP: 00007fbb5ff47090 R08: 0000000000000000 R09: 0000000000000000
[  559.059076][T31670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.059096][T31670] R13: 0000000000000000 R14: 00007fbb61b05fa0 R15: 00007ffec9b4e5b8
[  559.059119][T31670]  </TASK>
[  559.337462][T31676] loop4: detected capacity change from 0 to 512
[  559.345254][T31676] EXT4-fs: Ignoring removed orlov option
[  559.350999][T31676] EXT4-fs: Ignoring removed oldalloc option
[  559.375231][T31676] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 220 vs 1023 free clusters
[  559.410657][T31676] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.9745: Parent and EA inode have the same ino 15
[  559.423678][T31676] EXT4-fs (loop4): 1 orphan inode deleted
[  559.450409][T31678] vlan2: entered allmulticast mode
[  559.455632][T31678] bond0: entered allmulticast mode
[  559.460771][T31678] bond_slave_0: entered allmulticast mode
[  559.466584][T31678] bond_slave_1: entered allmulticast mode
[  559.504618][T31689] loop4: detected capacity change from 0 to 512
[  559.511466][T31689] ext4: Unknown parameter 'hash'
[  559.585084][T31695] Falling back ldisc for ttyS3.
[  559.593862][   T29] kauditd_printk_skb: 275 callbacks suppressed
[  559.593876][   T29] audit: type=1400 audit(1746921699.010:22232): avc:  denied  { bind } for  pid=31696 comm="syz.2.9752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  559.620495][T31699] rdma_op ffff888109ff0180 conn xmit_rdma 0000000000000000
[  559.628235][   T29] audit: type=1400 audit(1746921699.030:22233): avc:  denied  { write } for  pid=31696 comm="syz.2.9752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  559.658636][   T29] audit: type=1326 audit(1746921699.070:22234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.672332][T31705] netlink: 20 bytes leftover after parsing attributes in process `syz.5.9756'.
[  559.682333][   T29] audit: type=1326 audit(1746921699.070:22235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.715247][   T29] audit: type=1326 audit(1746921699.070:22236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.739154][   T29] audit: type=1326 audit(1746921699.070:22237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.762898][   T29] audit: type=1326 audit(1746921699.070:22238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.786859][   T29] audit: type=1326 audit(1746921699.070:22239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.810504][   T29] audit: type=1326 audit(1746921699.070:22240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.834377][   T29] audit: type=1326 audit(1746921699.070:22241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31700 comm="syz.5.9754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f97c896e969 code=0x7ffc0000
[  559.880089][T31716] loop3: detected capacity change from 0 to 1024
[  559.911593][T31716] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9760'.
[  560.004116][T31716] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt.
[  560.135617][T31724] vlan2: entered allmulticast mode
[  560.236655][T31760] loop3: detected capacity change from 0 to 2048
[  560.502857][T31784] unsupported nla_type 52263
[  560.555147][T31792] 9pnet_fd: Insufficient options for proto=fd
[  560.568116][T31792] futex_wake_op: syz.1.9789 tries to shift op by -1; fix this program
[  560.597527][T31794] loop4: detected capacity change from 0 to 2048
[  560.607941][T31798] loop3: detected capacity change from 0 to 512
[  560.618423][T31798] loop3: detected capacity change from 0 to 512
[  560.627003][T31798] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  560.635832][T31798] EXT4-fs (loop3): 1 truncate cleaned up
[  560.663854][T31797] Falling back ldisc for ttyS3.
[  560.689623][T31798] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9792'.
[  560.701627][T28578] ==================================================================
[  560.709765][T28578] BUG: KCSAN: data-race in copy_mm / try_to_unmap_one
[  560.716564][T28578] 
[  560.718892][T28578] write to 0xffff88810aaface8 of 8 bytes by task 31798 on cpu 0:
[  560.726624][T28578]  try_to_unmap_one+0x134f/0x2140
[  560.731677][T28578]  rmap_walk_anon+0x27d/0x430
[  560.736376][T28578]  try_to_unmap+0x13d/0x1e0
[  560.740908][T28578]  shrink_folio_list+0x121a/0x2670
[  560.746040][T28578]  reclaim_folio_list+0x80/0x2b0
[  560.750996][T28578]  reclaim_pages+0x215/0x270
[  560.755603][T28578]  madvise_cold_or_pageout_pte_range+0xd61/0xdd0
[  560.761953][T28578]  walk_pgd_range+0x86b/0x11b0
[  560.766728][T28578]  __walk_page_range+0xdd/0x340
[  560.771589][T28578]  walk_page_range_mm+0x352/0x4a0
[  560.776636][T28578]  walk_page_range+0x56/0x70
[  560.781249][T28578]  madvise_do_behavior+0x1bea/0x24a0
[  560.786561][T28578]  __x64_sys_madvise+0xc9/0x100
[  560.791439][T28578]  x64_sys_call+0x2455/0x2fb0
[  560.796128][T28578]  do_syscall_64+0xd0/0x1a0
[  560.800648][T28578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.806549][T28578] 
[  560.808874][T28578] read to 0xffff88810aafac00 of 1344 bytes by task 28578 on cpu 1:
[  560.816855][T28578]  copy_mm+0xfb/0x1310
[  560.820939][T28578]  copy_process+0xcf1/0x1f90
[  560.825544][T28578]  kernel_clone+0x16c/0x5b0
[  560.830063][T28578]  __x64_sys_clone+0xe6/0x120
[  560.834761][T28578]  x64_sys_call+0x2c59/0x2fb0
[  560.839459][T28578]  do_syscall_64+0xd0/0x1a0
[  560.843988][T28578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.849906][T28578] 
[  560.852326][T28578] Reported by Kernel Concurrency Sanitizer on:
[  560.858488][T28578] CPU: 1 UID: 0 PID: 28578 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(voluntary) 
[  560.871430][T28578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  560.881523][T28578] ==================================================================
[  560.907076][T31808] rdma_rxe: rxe_newlink: failed to add team_slave_0