last executing test programs:

1m34.708457107s ago: executing program 4 (id=3014):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x1}, 0x18)
socket(0x10, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0x45, 0x1488, 0xffffffffffffffff, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='net/unix\x00')
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x2, 0x80805, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
socket(0x10, 0x3, 0x9)
r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600}}, 0x20)
bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r5, 0x4)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
writev(r6, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

1m34.663583641s ago: executing program 4 (id=3016):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
setxattr$trusted_overlay_upper(0x0, &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x835, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0)

1m32.872804306s ago: executing program 4 (id=3021):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r2, 0x0, 0x8008000000010, &(0x7f0000001640)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

1m32.792523463s ago: executing program 4 (id=3023):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000340)={[{@errors_remount}, {@nodioread_nolock}]}, 0x1, 0x522, &(0x7f0000000c40)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc7i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4n8ggoJPPvki+AcIyz74B8jAgL6ID6KiiM7og6DOlSQ3TidN2s5M23SazwdOc8799T3nhpzce3N6bwBj64WIeCMiJiLi5Ygo5tPTPMVeN7WXu3vnnaV2SiLL3vpbEkk+rbet9jYmI+JqvtpURHz9KxHfSg7Gbe7sri/WatWtvFxp1TcrzZ3d62v1xdXqanVjfn7utYXXF15dmM1yj9XOUi/z0y9/4b3PfPv3N/5y7Tvtan3+I1GIvnacpG7TC5190dPeR1unEWwEeu95YdQVAQDgWNrH+B+MiE90jv+LMdE5muszMYqaAQAAACcl++J0/CeJyAAAAIALK42I6UjScj4WYDrS9FJ+beDDcSWtNZqtT680tjeW2/MiSlFIV9Zq1dl8rHApCkm7PJePse2VX+krz0fEMxHxg+LlTrm81Kgtj/jaBwAAAIyLq33n//8spp380Qb8nwAAAABwfpWGFgAAAICLwik/AAAAXHz95//vjageAAAAwKn46ptvtlPWe/718ts72+uNt68vV5vr5fr2UnmpsbVZXm00Vjv37Ksftb1ao7H52djYvllpVZutSnNn90a9sb3RurH2wCOwAQAAgDP0zMff/00SEXufu9xJkd8HEOABfxx1BYCTNDHqCgAj8yh38f7UKdQDOHuFUVcAGLnkiPkG7wAAwJNv5qMHf//vPf/ftQG42Iz1AYDx4yneML4KRgDCWEsj4gPd7FPDlhn6+/+vhq7SJ8sibhX3T3F9EQAAztZ0JyVpOT8PmI40LZcjno5IS1FIVtZq1dn8/ODXxcJT7fJcZ83kyDHDAAAAAAAAAAAAAAAAAAAAAAAAAEBXliWRAQAAABdaRPrnpHM3/4iZ4kvT/dcHLiX/Ksaf8sKP3/rhzcVWa2uuPf3vnWd5XYqI1o/y6a8c91lgAAAAwGNL9obO6p6n569zZ1orAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMbA3TvvLPXSWcb965ciojQo/mRMdV6nohARV/6RxOS+9ZKImDiB+HvvRsSzg+IncS/LslJei/74aURcPuX4pc6uGR7/6gnEh3H2frv/eWPQ5y+NFzqvgz9/k3l6XMP7vzSP/GynnxvU/z19YGv1gTGeu/3zytD470Y8Nzm4/+n1v8mQ+C8e2Nq/syw7GOOb39jdHRY/+0nEzMDvn+SBWJVWfbPS3Nm9vlZfXK2uVjfm5+deW3h94dWF2crKWq2a/x0Y4/sf+8W9w9p/ZUD83/222/8e1v6Xhm008g4699/bN+98qJstDIp/7cWB379TMSR+mn/3fTLPt+fP9PJ73fx+z//s1vOHtX95yP4/6v2/dlj793n5a9/7wzEXBQDOQHNnd32xVqtuHZKZOsYyT2Lml1PnohoPmcm+233nzkt9HjXTPlq9P6XXqnNQsX2Z7MxiTcQ5afL/MyPtlgAAgFNw/6B/1DUBAAAAAAAAAAAAAAAAAACA8fUQNwabeNTbifXH3BtNUwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADvW/AAAA//9Xlt/c")
syz_emit_ethernet(0x42, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaa2aa6330da86aaaaaaaa86dd60052000000c1100fe8000"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x8fd, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4003, &(0x7f0000000c00)=0xc, 0x6, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001180))
pselect6(0x32, &(0x7f0000000100)={0x0, 0x0, 0xffff, 0x2, 0x0, 0x0, 0x0, 0x400}, 0x0, &(0x7f0000000240)={0x1f, 0x3, 0x0, 0x10000000000, 0x1000000002, 0x0, 0x0, 0x6}, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x40000080, 0x0, 0x0, 0x0, 0x0, 0x0)

1m30.448445376s ago: executing program 4 (id=3033):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r2, 0x0, 0x8008000000010, &(0x7f0000001640)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[], 0x10}}, 0x0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

1m29.7095305s ago: executing program 4 (id=3038):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141142, 0x50)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
io_setup(0x20fe, &(0x7f0000000540)=<r6=>0x0)
io_submit(r6, 0x3, &(0x7f0000002680)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)='p', 0x8200, 0x600}])

1m29.666555094s ago: executing program 32 (id=3038):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141142, 0x50)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
io_setup(0x20fe, &(0x7f0000000540)=<r6=>0x0)
io_submit(r6, 0x3, &(0x7f0000002680)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)='p', 0x8200, 0x600}])

2.940968235s ago: executing program 0 (id=3726):
syz_pidfd_open(0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400080000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a310000000005000100ecffffff330007801800018014000240fe8000000000000080000000000000bb060004400e1f00000500070088000000060005404e"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x2}, 0x94)
r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r4, 0x0, 0x115}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x8008551d, &(0x7f0000000080)=ANY=[@ANYBLOB="c331000001"])

2.76896628s ago: executing program 0 (id=3728):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0xf)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x267, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffe}, 0x1c)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
sendto$inet6(r4, &(0x7f0000000680)="d9", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

2.747890131s ago: executing program 5 (id=3730):
r0 = syz_open_dev$usbfs(&(0x7f00000001c0), 0x800000001fe, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1818e58, &(0x7f00000003c0), 0x2a, 0x63f, &(0x7f0000000d80)="$eJzs3c9rXFsdAPDvvZPkJWl86RMRX1AMuHgP5KVJfVh1Y1sXdlGwYBciLhqapIZOf5CkYGvBBFwoKIi4LdKN/4B76d6dCOrOtVBFKha0dB73zp1mMplfaTIzSe7nA5M599wzOeebOyf33HvnzA2gtOazH2nE+xGvbyQRs03rZqK+cr4o9+Lfj29mjyRqte/+K4mkyGuUT4rnM8XCZET86XLEpyv76918+Oj2crVW95OIc1t37p/bfPjoo/U7y7dWb63eXTr/tY8vLH596eOlpoa+vTPF85Wr3/n8L3/6w6+u/bn6URIX4/r4j1eiJY6jMh/z8boIsTl/LCIuZIk2f5eT5hSEUGqV4v04HhGfjdmo5Et1s7H+i5E2DhioWiWi1l3SqwBwUuneUFaNcUDj2L6/4+DrAx6VDM/zS/UDoP3xjxWnHCbzY6PpF0nTkVH93MbZI6g/q+PV48knrx7PPYk95yFevtk6Y0dQTyfbOxHxuXbxJ3nbzuaRZvGne47104hYjIiJon3fOkQbkqb0IM7DdHOQ+Ju3Qxb/xeI5y7/8lvW3ntYadvwAlNOzS8WOfDtb2t3/ZWOPxvgn2ox/Zg5/SSY36v1f5/FfY38/mY970pZxWDZmudb+V463Zvz951d+3an++vhv7knjkdXfGAsOw/OdiLmW+H+WBVuMf7L4kzbbPyty42J/dXz7L/+80mndqOOvPY34oO3xz+6oNEt1uT55bm29urpY/9m2jj/88Qe/61R/+/jfGUCk7WXbf7pD/E3bP219XfY3ud/+V+60Zvz+2tM7neqf6bn9039MJPXjzYki50c7W1sbSxETydWiSJG/vLW1cb57vPUyL2v581I9/g+/1L7/73n/t0Q11fiX2Yf737v9otO6t3n/N11Mfl3rsw2dZPGv9N7++/p/lverPuv47/cffKHTum7xTx0mMAAAAAAAACihNL8Gm6QLb9JpurBQny/7mZhOq/c2t768du/B3ZWID/PPQ46nkSb5R0Zm68vJ2np1dan4PGxj+XzL8lci4r2I+E1lKl9euHmvujLq4AEAAAAAAAAAAAAAAAAAAOCYOFPM/2/cp/o/lfr8f6Aket9gbt/9H4BTYpA3mASOt7z/d9vFvzu8tgDDZf8P5aX/Q3np/1Be+j+Ul/4P5aX/Q3np/1Be+j8AAAAAnErvffHZ35KI2P7GVP7ITBTrTPqF0238QKUrA2sHMHx6NJTXm0v/BvtQOn2N//9XfDng4JsDjEDSLjMfHNS6d/5nbV+5a+fwbQMAAAAAAAAAAAAA6j54v/P8/4PNDQZOGtP+oLwOMf/fVwfACeer/6G8HOMDPWbxx2SnFb3m/wMAAAAAAAAAAAAAR2YmfyTpQjEXeCbSdGEh4lMRcTbGk7X16upiRLwbEX+tjL+TLS+NutEAAAAAAAAAAAAAAAAAAABwymw+fHR7uVpd3WhO/H9fzulONO6C2rtwrY8yXRPfjAO+KpLh/1mmImLkG2VgibGmnCRiO9vyx6JhG5txPJqRJ0b8jwkAAAAAAAAAAAAAAAAAAEqoae5xe3O/HXKLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD4du//3yOxMl1/QV+F9yZGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcDJ9EgAA//+YYDw3")
bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000240)=0x7)
r3 = dup(r0)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000280)={0x40, 0x3, 0x17, 0x1, 0x0, 0x1, 0x0})

2.720602984s ago: executing program 0 (id=3731):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
creat(0x0, 0xecf86c37d53049cc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZrk6Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtK03U227TabZn8/OJlzzszs/5wNMztnZpgJYGC9FxHXIuJxmqbnI2Isq89lKbZbqbHco4d35xopiTS98c8kkqxu57OSbHoqW+1kRHztyxHfTJ6PW9vcWp6tVMrrWblUX1kr1Ta3LiytzC6WF8ur09NTl2euzFyamexJP09HxNUv/vUH3/3Zl67+6jO3/3Tz7+e+1WjWaDZ/bz9eUH6/ma2uF5rfxd4V1l8y2FGUb/YwM9xuiaHnau695jYBANBe4xj/gxHxyYg4H2MxtP/hLAAAAPAGSj8/Gv9LItL2TnSoBwAAAN4gueY9sEmuGBEjzXwuVyy27uH9cIzkKtVa/dML1Y3V+da9suNRyC0sVcqT2b3C41FIGuWpZv5J+eIz5emIeDsivj823CwX56qV+X6f/AAAAIABcWrP+D8XEf8Za43/AQAAgGNmvN8NAAAAAF47438AAAA4/oz/AQAA4Fj7yvXrjZTuvP96/tbmxnL11oX5cm25uLIxV5yrrq8VF6vVxeYz+1YO+rxKtbr22VjduFOql2v1Um1z6+ZKdWO1fnPpqVdgAwAAAIfo7Y/f/0MSEdufG26mhhPdrdrlYsBRld/NJdm0zWb9x7da078cUqOAQzHU7wYAfZPvdwOAvin0uwFA3yUHzO94885vs+knetseAACg9yY+2vn6f27fNbf3nw0ceTZiGFyu/8Pgal7/7/ZOXgcLcKwUHAHAwHvl6/8HStMXahAAANBzo82U5IrZ6b3RyOWKxYjTzdcCFJKFpUp5MiLeiojfjxU+0ChPNddMDhwzAAAAAAAAAAAAAAAAAAAAAAAAAAAtaZpECgAAABxrEbm/Jb9uPct/Yuzs6LPnB04k/x2L7BWht39844d3Zuv19alG/b926+s/yuov9uMMBgAAAAyEF3qB/844fWccDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99Ojh3bmddJhx//GFiBhvFz8fJ5vTk1GIiJF/J5Hfs14SEUM9iD/c+PORdvGTRrN2Q7aLP9yD+Nv39o0f49m30C7+qR7Eh0F2v7H/udZu+8vFe81p++0vH/FU+WV13v/F7v5vqMP2f7rLGO88+EWpY/x7Ee/k2+9/duInHeKf6TL+N76+tdVpXvqTiIm2vz/JU7FK9ZW1Um1z68LSyuxiebG8Oj09dXnmysylmcnSwlKlnP1tG+N7H/vl4/36P9Ih/vgB/T/bZf///+DOww+1soV28c+daRP/Nz/Nlng+fi777ftUlm/Mn9jJb7fye73789+9u1//5zv0/6D//7ku+3/+q9/5c5eLAgCHoLa5tTxbqZTXj22mMUo/As2QOYKZb/f0A9M0TRvb1Ct8ThJH4WtpZvq9ZwIAAHrtyUF/v1sCAAAAAAAAAAAAAAAAAAAAg+swHif2bMzt3VzSi0doAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0xPsBAAD//wdy2V0=")

2.138761884s ago: executing program 5 (id=3734):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101842, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000000))
ioctl$PPPIOCSNPMODE(r3, 0x4008744b, &(0x7f0000000040)={0x2b, 0x1})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

1.810446443s ago: executing program 1 (id=3736):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000ac0000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000002000090002000000ffdbdf25020000000800080008"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_local\x00', r1, 0x0, 0x80000001}, 0x18)
socket$kcm(0x21, 0x2, 0x2)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000d, 0x3b071, 0xffffffffffffffff, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r7, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
sendmmsg$inet(r7, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r7, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r8 = socket(0x10, 0x2, 0x0)
flock(r8, 0x5)
close_range(r8, 0xffffffffffffffff, 0x0)

1.642945667s ago: executing program 1 (id=3737):
syz_pidfd_open(0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400080000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a310000000005000100ecffffff330007801800018014000240fe8000000000000080000000000000bb060004400e1f00000500070088000000060005404e"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x2}, 0x94)
r4 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r6, 0x0, 0x115}, 0x18)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kfree\x00', r7}, 0x18)
r8 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r8, 0xfffffffffffffffe, r8, 0x1)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x8008551d, &(0x7f0000000080)=ANY=[@ANYBLOB="c331000001"])
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000100)={'bond0\x00', @ifru_names='ip6tnl0\x00'})
syz_open_dev$usbfs(&(0x7f0000000380), 0x8000, 0x202100)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fremovexattr(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="757365722e3a00911b553673a47b0bf5c1249eeb81a596a6ab0b46fefd04297944ab98554724cdd533892efc06f837ef6771dadfe2"])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r9}, 0x18)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r10, 0x0, 0x32600)
openat$cgroup_ro(r10, &(0x7f00000003c0)='freezer.parent_freezing\x00', 0x0, 0x0)

1.342309473s ago: executing program 3 (id=3738):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x356f, 0x80, 0x3, 0x285}, &(0x7f0000000380)=<r4=>0x0, &(0x7f00000003c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
dup3(r3, r1, 0x80000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r7, 0x0, 0x0, 0x24040000, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, &(0x7f0000002900)={0xf, 0xc, 0x0, 0x0, 0x96, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
lsm_get_self_attr(0x66, &(0x7f0000001280)={0x0, 0x0, 0x3d, 0x1d, ""/29}, &(0x7f00000012c0)=0x3d, 0x0)

1.335217294s ago: executing program 1 (id=3739):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xf, '\x00', 0x0, @fallback=0xdee438a99ea7d42b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r0}, 0x18)
fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0xd7, 0x2)

1.304245957s ago: executing program 1 (id=3740):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000005c0), 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x1000000000000008}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="18015b000200000000003b8100009edb78fa00956cda907031bb20cce259"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
semtimedop(0x0, &(0x7f00000002c0)=[{0x3, 0x8, 0x1800}], 0x1, 0x0)
unshare(0x2c040000)
socket$unix(0x1, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5e1, &(0x7f0000000bc0)="$eJzs3c1vFVUbAPBnbj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sRr5nam9LZz+0V7pzK/X3LpzJw7nGd6+/Sce3rO3AAqazD9pxaxPyKmk4j+ZH6xrDOywsGF5z3486Oz6SOJev2135NIsmP585Psa192ck9E/PhDEvs6VtY7M3ft4vjU1OTVbH949tL08MzctcMXLo2fnzw/eXn0hdETx48dPzFyZFPXdb3g2Omb777f/8nYm9989Vcy8u0vY0mcjJezJy69jq0yGION70mysqjvxFZXVpKO7Odk6UucdJYYEBuSv35dEfFE9EdHPHzx+uPjV0oNDthW9SSiDlRUIv+hovJ+QP7efvn74FopvRKgHe6fWhgAWJn/nQtjg9HTGBvY/SCJpcM6SURsbmSu2Z6IuHtn7Oa5O2M3Y5vG4YBi8zci4smi/E8a+T8QPTHQyP9aU/6n/YIz2df0+KubrH/5ULH8h/ZZyP+eVfM/WuT/W0vy/+1N1j/4cPOd3qb8793sJQEAAAAAAEBl3T4VEc8X/f2/tjj/Jwrm//RFxMktqH9w2f7Kv//X7m1BNUCB+6ciXiqc/1vLZ/8OdGRb/2nMB+hKzl2YmjwSEf+NiEPRtSvdH1mljsOf7vuyVdlgNv8vf6T1383mAmZx3Ovc1XzOxPjs+KNeNxBx/0bEU4Xzf5PF9j8paP/T3wfT66xj37O3zrQqWzv/ge1S/zriYGH7//CuFcnq9+cYbvQHhvNewUpPf/jZd63q32z+u8UEPLq0/d+9ev4PJEvv1zOz8TqOznXWW5Vttv/fnbzeuOVMd3bsg/HZ2asjEd3J6Y70aNPx0Y3HDI+jPB/yfEnz/9Azq4//FfX/eyNiftn/nfzRvKY49/+/+35tFY/+P5Qnzf+JDbX/G98YvTXwfav619f+H2u09YeyI8b/YMEXeZp2Nx8vSMfOoqJ2xwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj4NaROyJpDa0uF2rDQ1F9EXE/2J3berKzOxz5668d3kiLWt8/n8t/6Tf/oX9JP/8/4El+6PL9o9GxN6I+Lyjt7E/dPbK1ETZFw8AAAAAAAAAAAAAAAAAAAA7RF+L9f+p3zrKjg7Ydp1lBwCUpiD/fyojDqD9tP9QXfIfqkv+Q3XJf6iudeb/ye2OA2g/7T9Ul/yH6pL/AAAAAADwWNl74PbPSUTMv9jbeKS6s7KuUiMDtlut7ACA0rjFD1SXqT9QXd7jA8ka5T0tT1rrzNVMn32EkwEAAAAAAAAAAACgcg7ut/4fqsr6f6gu6/+huvL1/wdKjgNoP+/xgVhjJX/h+v81zwIAAAAAAAAAAAAAttLM3LWL41NTk1dtvLEzwmjnRr1ev57+FOyUeP7lG/lU+J0Sz7KNfK3f+s4q73cSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ7J8AAAD//yTpJQU=")
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='mm_page_alloc\x00', r7}, 0x18)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYRES16=r0, @ANYRES64=r3, @ANYBLOB="000000006a00000000000d0000004fb2f8b53145", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8=r7, @ANYRESOCT=r4, @ANYRESDEC=r5], 0x48)
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000180)={0x2, 0x1, 0xc7, 0x1, 0x600, 0xc5, 0x4, 0x0, 0x9d})
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200000, 0x3, 0x9, 0x2, 0x8a56})
chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_TIMESTAMP(r8, 0x1, 0x23, &(0x7f0000000180)=0x7fff, 0x4)

1.303691737s ago: executing program 0 (id=3741):
socket$nl_route(0x10, 0x3, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000040), 0x7ffc, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
keyctl$restrict_keyring(0xa, r0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e')
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3, <r5=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20)
r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
unshare(0x22020600)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0500000004ae39000400000009"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000021c0)={0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x10800ff, r8}, 0x38)
r9 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000200)={'fscrypt:', @desc2}, &(0x7f0000000300)={0x0, "1e4e1557a609bff6a596dea0fb0503f22231b15d27fce60137b6c6cbf512f89b435f5dd9b4ae337bbf37b108c1ec26276567359e079abe967f5d8aad34301a48", 0x13}, 0x48, 0xfffffffffffffffc)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000002c0)={&(0x7f0000000600)="f2a1037fbe1c59f5a0bf510c1a1464086cb03f263bd1034b19a11d341f3ff9a95e4d34052a4495de34e80b64b0851dd825607f31a3a6192982563ca5e474ceb884d33a4b60aaec2d617e087228f033c0b766f73c3b833197b8cebd88c91ce9f23a86c99f33761ff8bdb4189780a5a76d148dadb87b982cf7758b28af2e6ebf401df43f8ee400752a725d4ef3ec5d4caae8cbb1de5f55c46e95fc913e77e01f9d3e5a15db2c14ad2b113650ccbd5f1ae7f2fa5da640276485269ad18d8e68c19798a7eaa1d2457ecd734e50d85eb55fec2362a56bb038dd01943de5a6b642c681a99863d5fc67a8ce0119047b43fd650268d74186", &(0x7f0000000240)=""/33, &(0x7f0000000700)="64c68e49684becdc4bdc9ffd725476b1deafd9fd890a9ce3e0e93c5f38bb26aba66ba72e9162c7e71c3e6d5ebc11ebf897e2090b3256a545141918232a6b58930943bbada54b992900270b411254fc8f91472e153c7d6557a1ad1438b8fe1b6761d57538589b21f905d1d7229410d91746e94be25d6f3c1aeea6237de8766a1a64bec5a34e1e1c642faa47d389846f906b9313d32ae2ba3ab11332f512f277042db76f30afc358ad77a5969f8db425e915c5c0fbcd8020b3e614cfaeb92947abc2cb4a86a51edd9bf03500a3838170c3aa602d241df0f0a4066658f290117b63051061e529355f945577f94752016af848a37dbbe511b5482fe1215a3415ed", &(0x7f0000000800)="362720b05b2d4979420910c71ec0c8e337b33e6d133f3917bef00967b7c930d596235b57eecc3fcc8b4dbd9ce028997f415591f84d4cf898be18ca96402bebcbe3db21f28cb924d664cfd70de7484e090242165876f168bc44be702188cad39380ee0a2f1e68d65fc96d2e58bd6c747bead940c44c601f40a2db6eaeb2f74b6628448bbbbd702018ebb95c1d5e757f1543e37c737f9c95d25061fd0cdbab364f08e18bafb6f48512bd1f237471807756a8a2f0672950eab229c8374582e272dee2aaed0707e952198befa777de60434271f2f4baac8b536bcd2d9af80c9972d9ceed643be42f32ea66cd1d036ec957f26dad8f12001073b5cdbdb5e8fdfb36c0839c59236cca235cf6cf85454c3da60ffa500e13abb8d489a1a78f3761ef4d564cf84ad714fde00b5d3dbe7db507a18f8bf50f7fb99437f005684f52dac5ce50c207d73a90b121f4ff67e6ccaf45a72ec848de8ac9ce3f4d07856c6a0d4c0edd526a8e0235c2cd08bab612e6d36779ac9009f8a712ff5112bf0229550464d81ba97c3c08ac689f8d9f5fed5aa749d955715b9a3101d18a383c1524b4b167b93ac2e92e159c7fc3a11363b5f99b6cf36465455ff00657a2994a751d3edbd256ec8e003e12602f21c2d5bed8105cc9ccbdc13f1a2922f690769674651191431e08e6bf11111edb369b3f56b20a89782c86acf9d01e75964265e078c094089c81c6231c70e8c077b609555a72dbd112c1f7bb511d79d752dff30ab0f8cdf10e08f195a06fecaf9bedd42d242900fb0c4f7b7b69e93b7c1b6438feee4e39e0bb180275b42a6f140f0b31375769b94b22694b0ca7188d82c092434f347dd4a701dfde55e9f939b712478257184c8a2ad530459091d8a1416eda8cf8c31ec9b0043d10d0ec61e77451cbdd5f7c9f0a7d9ee419713b748a54a5005da66af52e869214bd31934d27ea25a7ee0813230cfc0070bc7dd842a506053c075f84853ec46eff735370747e58dcb76b0779cedbab4f4e40c6cec58a738070c39d446d8a08a82ff4014cfbd79a430f7b2ff291c387105862ec623290adb4ad86fc3c628db6bfc8356837a88613fba8ff8403ec31157ff2296814849a38aa2adfd28c9ff5be44f1a3a2a9582563296c6be2b227d72d355179e4895a1b770307ba02c81c36996de51e68dfa4cd6aaf06ca061bf1bc0337ad85b004c62b7f87c4d8eeed3f67b581e3ece865cb8557a61c8912d479c9114d10da2e64fda4f18b9ce82ae64fae79782c7c3edb69ec9f217a38c9b640d3d15194c806df6b1b7bac42d045aecf79cf4beea6204875043b759900c58d36a4732ec1dd050f1d17f62973af74747d30590bddc2270cda7767d40df6be726b59a63d1b907d4c18877daaef766e31ced33f836bf8bc03d772f2120d0f238a9e14d4e2fda04f9c7efca9247b4b9054a7432a414b1a4b1b77cf0f7155c1eab136fefaa9242e7ac727aedeb594f375a241c8046b6c802aa727e4c95a6dff9daa9dfcbe8a01b2e3bdd27b1bf4a002df47c3b81a4c3d3738f59b79f7ad9f4711b4d3a6afc6f4911738fe1a63ad14e643c6b0f95885fed0a220ed86a336911a3361c8117a77799f3e06dfa2d8379927390ba26bd71a3fa67a9e50ad40df60ca0c53e74abac9f3a7e62717e508035a782618f0218ee954097d314e7f2a86dd7928af681a9c3997fa4d39d5f7c5ceb9e9344261dda6530c16c7ff48d52a3dabcac7c1ffa8068a506e54ffad1be6426005b9dc3b1b5de44eeb7dde338cd948874ff30d3b4b71239cdc33308d2b17f370b37a18b825a6e89f2f349dc468215113845fb461a4439afdc8f38ec07ed44b79b5456ff0fa6cfa1d779fef45808b96219c6c447eed1852ac324ff0319a64391e0b430a35a5a5ed7e03ffde956dbe2a6fd0f5700a4bc872ae2a9a6b85482da5349b847342896577fb5cc8c0bf11150cad99ea30f8c6794aae66e526bb2631cd1563a6d25686566b1a1c48962b42cc44a27cd960e2d0a029942430d4bac8b1489a6293298a80b89fe85b878bf581940fce609418d5f3593c6f040d445cce07ef5fcc6768171e9c7f26806019bf2d9ee157cbbeae0c732bb72d3b7bc4a43a61c726d6b1176f792033068e49bdec4d3d607a2abcfab00d6df1ad54cbe8f9ae381b19cdfec3860b9760c9bd25a835c8a1b1f43640b0bd2c5367c5a43e51b5ba91940087f8dde4baaf205d24d4cd052852e2413727b0c89738888a9ac4b777c22b7a0c90cd3b18bd70834a6836266224ad72494196e21f0987a38ecea07dda3e913a7600249db3358c138cfa45123a95b983661f4dba713d3289a67624f06f9ec7aaff223c2cf8fc31e5cbd90d0c0b84819fcdb30e44cf1411581dfed91b1246366d4781c49d19fc1cde61cc19cb4db2765090ab1766d03946ad31009485a5592fa9f6112745122d78570d1125fbcb0004990a922d2f7a9195161e64863fbc9765370891d6601ae38d6b5da7d9cb72e41ac191332998622a4213daecb660a2f45097d9a142ac1b3ff7c1fa2a851a6824351595427d66de23442e5b17f6fa9ffa965a9a2979a28e637f5f7e8da48727dff83d5fc849f885eb44008eb12482e9ec6bb2e8fb1463cc267b86740878f844500bb3ca009d08878ae10d607d99c35179171e25c35a4f08c6f126d2c36c65e5fc8fa4bed5b48641f7cf89dc7f8806900fe03238ac8e3eb5de37500145666a71fb34e9466b67ba19104edd181ac93fa76fbe9faa11be43e975028f5c1cdc6e88d070a63d3cf2cfe8e26ecb09fb389f137b57aaeb141f5aef35b0420afac05397ba65dc43e042200b8b7827bef238e121fdce1afcb06583b6d0fcaf3267fbb18289dc07b4e2f1b830bb0d218f8e7c9494232db424245db3181bca2a6f6178abe237041ff86eba189f757b67c6086fe2e8701494e1fcaa94847ba26aafbb31b5283ddcee2558d88515b91bac9bfa5148c188a61e1310dfb971a61e4b8fd86f10cf264de5dda4f6c570391728db40f172a77c6c2580c8c424131eeaabca8525cf8cf22a0b556674177b5b2eb7cb101421207791902cb7b29941f1172daeb14d8e2fe3f1226a5f5d57d5ee67c2eac6fcdd2d9d76417914a77f78899498464e402b6355e108e141f4dd4c7118915efd9ab7ac1a0ae6a662daa60474f5fbc54e0e7234cdfebec939ce919722bf56b82eea30f15e6464ff7f0c3a1c3d714300cbfe4365a29c9bce0af43498c8291aae0b820df8b9f62389787f0bb54d996eeea859ca460a74bd603c8a2dec5fc8fb2a03e71d0411e0fa301fb4cc4618cc8979ec033ae2ed091e260f2c25251a91c1ce35faed4d8d75e57ffcb9f269a325785375c6c42ddc4a38513da942e3b4baf9384538110520bd26862051110468fb1253605a5a97dc920267fe2fa247584d45c3c17fc5c9224dc534ce08027bfabbad446f973b0118b5f15875af388486f1a5dfd233367a9a95d91e7fc2297d5074dcca63be412e38504041171d2e095996f416df1191a47a7307cb3b90fca43e98eb54ca627fb43cbec9bc5be81b9dd4fdd27b4e549e811500366a58778470ce72c09c1e985c2b2548abd06639254b6a1a895dc90ba6b3244247ad8c4edeaa9b5785378b790ade695f33607c4767ed2418a26a26486d459db560d17f967a629da1d2f5eb567ed86aee23db733fbf58be3f8b7bb1cd2537b00806cf8b92e3f522cac328c9e77d7629952ac771b5e9ad76c5b406d0095ae85a906f5daef1c25daddf295bb0f11b49093fb6954138f18780cfc21ac24243caab7174ff1292b41deac2fc01f477a803a611721d0c541ebc96a656a796b859c4a836c802382e20dea3d1817d4ee3035dc77f737e1444336394794f1cbbd665be9b5ed108053c304df40561793baf9d84cf86c96e40530b58d2f664fc69ec82f746cdeb806ef4290db401ac83c9dd838173386b96c7af4c72d8915c8699fcc6f9a166c2c077e5b2afe00361d79ef46efb952c2388a16a9a50c22db682d1422625e85006963a234bdbe320def178997c3b445b7f99a0112d9c22f45900e01b48dc3dceeda2e7ad5cfdc90240577af433c8d34bd611c4c02bab1e3c78cfabd7df366d4d1ea2467c6a3647e4b35d609a50645c18f1abe8dcde2125a90a2d42cef62d290470d6490d7e09540a48ae1efc2431d4ca97832c37b8ceaeab9032fce2c435798b906fd6ffbdc1e20ffacc6d5ae5360ee08806ab7a11d4999c09c6b65fe8231bee0693cf26499c5ea7cdb077156d42519dc6cf37a883899a39c822f90178c0d194ba987743ce06137f3ad493a5ed9aac3726602fa679b0ff5ae07eb700571e174c57ea58f12c9de7b45bc045da2aff49e1a8d9dda5ef0c46d41941e92f99e86f9cf85f189d0fd8e9ae8181e451f763e4b20c627e56c020d9b59c2c46171b923b7ac6d7112581fc0ee39078993d476d25e89e53dc0df9c7175260096221a8570a1bf9635fa36ac603a4730349b6b54895a0ad9beaae698e4fea4fdaa5cde0ed19bdea7042623f7cc2f89ef584c0a6601b4ddfe31509663d49df86fa7c4434d539da992316102dda9872d45a197959eecba3520124c0ad34869615cbd5c7433fc67d3e37f76dd8bfb3c2f8bab8d2a8f262d18447cbc0aeca6c20c28ff3bae019b3c59dd862ebc56d4b973bbd99a1041ed144b2c7ec950064ac6a26d18ced6995d175395e8f50851d8180d82e61ba5d1f9d8bcb6b2f8c54c11637d11796ab98c65d1be9ae150ef3e311a74d55f086b4696f380b39b224f6e1cf4eaaeb6d67483d31cf327a56a863752286396509ca988ecaa6108d875d975a8d6b6929745f36e8d4e7a816398fbdd9cb792afefed01c3d842ea39acef9f32df3ba2645466fdb9e999c37e7be36894daf2ddcc7742208244998568a8270ff61701cf97f11cc9de32e08efc691720630408a3601efaf0c08200feb5de341bc4c1610417f31f9afc63be946997d8ef7f5193af37665252b9f58b8282713d68efd68bef03a88aeffd2f6d2a7cd554aca02d4b4cfe08c18ebb4e34b49c9101ab97419dcca37a05ed77eaa61b389c7aa57e273a736942c712378765a7be5d9a1251eba8b478e8e4add790ea41e9a927828b268e3e7492d03ede96423ea215799978e1ddaca4756694785fd29d1827c802a09610a223e915a02f47557306221d05862d00304f06561e8b0db2291697fb3fb7e0fe92baf049f5f80ca7dc086bc289b03aee5ba132e98b98cda7d8dbc38ddd2dddb753b0b963dd3bf50a5feb63d7e5663024b5922de8fb4449e107068af046c0e44019592bc583ac2cccd5cccd48a391e83a09498229707172319724a004e07bff08a138a35e7424567e8843147e71d46e0681499434513455c42296b89525251f507b374fa2e0e1b1fd5b6bdd7bc8713e15aaf4b25c0ed248f7c6e5fd93df451e6ee36e3b1f94ca222fc63d74974dfdd7889720c5b6fb1eaf5b4917352b161d9e1b246ff60373c404a92ebea5b404394d32b73da040d1ca1af01fc4c0c1c07e225589864e95b8819cab0f1bd177ce5d77488dbae2bfbf0d36aafb6bfb2a6eddae2a83166aac381863ca68dc0f5d37512b5e100c15a9c65bc9bb42cd694af0cadabfc3aaa9ae20228c5e5b63fe12ebea12b8561a872de7b048e8220555fa1f478e93cb163ed771e7feaaf9ef7c5475efa79ae2a0af2f2410fa975e3955b92640497ad9f92693fd48b45c7b44044f47bfa7a16cf59fa1185dbe19ed04267d134cd74bc2f89bb4c695dddb3cdabdb89b4c26dee86c54098123c230f9c472fddecc79e185b9efb", 0xffff, r5, 0x4}, 0x38)
keyctl$KEYCTL_MOVE(0x1e, r9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1)
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000004c0), 0xc000, 0x0)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r10, r11, 0x0, 0x20000023896)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r11, 0xc08c5335, &(0x7f0000000380)={0x2, 0xc, 0x0, 'queue1\x00', 0xdba})

1.195532376s ago: executing program 0 (id=3743):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x18, 0x7ffc1fff}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8c5}, 0x0)
r0 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
r1 = socket(0x10, 0x3, 0x0)
sendmmsg(r1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0)
tgkill(0x0, 0x0, 0x8)

936.951819ms ago: executing program 1 (id=3744):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141142, 0x50)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001640), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
io_setup(0x20fe, &(0x7f0000000540))

936.473558ms ago: executing program 3 (id=3745):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x356f, 0x80, 0x3, 0x285}, &(0x7f0000000380)=<r4=>0x0, &(0x7f00000003c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
dup3(r3, r1, 0x80000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r7, 0x0, 0x0, 0x24040000, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r8, 0x0, 0x2}, 0x18)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, &(0x7f0000002900)={0xf, 0xc, 0x0, 0x0, 0x96, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lsm_get_self_attr(0x66, &(0x7f0000001280)={0x0, 0x0, 0x3d, 0x1d, ""/29}, &(0x7f00000012c0)=0x3d, 0x0)

731.492476ms ago: executing program 1 (id=3746):
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00'}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x500, 0x0, 0xffffffff, 0xffffffff, 0x190, 0xffffffff, 0x430, 0xffffffff, 0xffffffff, 0x430, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0xffffff00], [], 'veth0_macvtap\x00', 'bridge0\x00', {}, {0xff}}, 0x0, 0x148, 0x190, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 'bridge0\x00', {0x8}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x8, 0x6, 0x3}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local, 'pimreg\x00', {0xf2e3}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x560)
syz_emit_ethernet(0x3e, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000286dd60182325000888"], 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r0, &(0x7f0000002a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000013c0)=""/50, 0x32}], 0x1}, 0x5}], 0x1, 0x10000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000700000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

731.082937ms ago: executing program 3 (id=3747):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000ac0000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000002000090002000000ffdbdf25020000000800080008"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_local\x00', r1, 0x0, 0x80000001}, 0x18)
socket$kcm(0x21, 0x2, 0x2)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000d, 0x3b071, 0xffffffffffffffff, 0x0)
socket$rds(0x15, 0x5, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
sendmmsg$inet(r6, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r6, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)
r7 = socket(0x10, 0x2, 0x0)
flock(r7, 0x5)
close_range(r7, 0xffffffffffffffff, 0x0)

524.755534ms ago: executing program 5 (id=3751):
mkdir(&(0x7f0000000580)='./file0\x00', 0x92)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
inotify_init1(0x800)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32], 0x50)
r1 = socket(0x1, 0x80802, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0_to_batadv\x00', <r2=>0x0})
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000), 0x8)
r4 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r4, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000400), &(0x7f00000005c0)=r5}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtclass={0x44, 0x28, 0x200, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xffe0, 0xb}, {0xfff2, 0xb}, {0x9, 0xfff3}}, [@TCA_RATE={0x6, 0x5, {0xd8, 0x55}}, @tclass_kind_options=@c_netem={0xa}, @tclass_kind_options=@c_multiq={0xb}]}, 0x44}}, 0x48010)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x20, 0x0, 0x200, 0x10021, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r11 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r10, r10, 0x2f, 0x0, @void}, 0x10)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000220000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000000e00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000002580)={r11, r12, 0x4, r10}, 0x10)
r13 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="03000000040090c9040000000a00000000000000", @ANYRES32=r9, @ANYBLOB='\a\x00'/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="03000000050000000100"/28], 0x50)
bind$inet(r13, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10)
sendmmsg$inet(r13, &(0x7f0000001480)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r13, 0x0, 0x0, 0x12000000, 0x0, 0x0)

516.592415ms ago: executing program 0 (id=3752):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000c00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x9}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0xd06d000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x14, &(0x7f0000000300)=ANY=[@ANYBLOB="4a55005d24edf96c47783846ae8b90b6a9ef7820671cc2b91f0f", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x83, &(0x7f0000000140)={0x0, 0x2000000}, 0x8)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x6c, 0x30, 0x1, 0x70bd2c, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xffffffff, 0x10000, 0x10000000, 0xcb6, 0x2}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x22eb}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x208a022, 0x0, 0x1, 0x0, &(0x7f0000000000))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000780)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000fa", 0x10, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff}}}}}}, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f00000003c0))
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x670, 0x2, 0x328, 0x140, 0xa8, 0xfeffffff, 0x140, 0x1e8, 0x290, 0x290, 0xffffffff, 0x290, 0x290, 0x5, 0x0, {[{{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x6800, {0x0, @multicast2, @rand_addr, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xa8}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @local}}}}, {{@ip={@multicast2, @multicast1, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @initdev={0xac, 0x1e, 0xfd, 0x0}, @multicast2, @port, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388)

514.849565ms ago: executing program 2 (id=3753):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0xf)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x267, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffffe}, 0x1c)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r4, &(0x7f0000000680)="d9", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

484.021028ms ago: executing program 2 (id=3754):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x356f, 0x80, 0x3, 0x285}, &(0x7f0000000380)=<r4=>0x0, &(0x7f00000003c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
dup3(r3, r1, 0x80000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r7, 0x0, 0x0, 0x24040000, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r8, 0x0, 0x2}, 0x18)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, &(0x7f0000002900)={0xf, 0xc, 0x0, 0x0, 0x96, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
lsm_get_self_attr(0x66, &(0x7f0000001280)={0x0, 0x0, 0x3d, 0x1d, ""/29}, &(0x7f00000012c0)=0x3d, 0x0)

420.701384ms ago: executing program 5 (id=3755):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x356f, 0x80, 0x3, 0x285}, &(0x7f0000000380)=<r4=>0x0, &(0x7f00000003c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
dup3(r3, r1, 0x80000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r7, 0x0, 0x0, 0x24040000, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, &(0x7f0000002900)={0xf, 0xc, 0x0, 0x0, 0x96, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00'}, 0x10)
lsm_get_self_attr(0x66, &(0x7f0000001280)={0x0, 0x0, 0x3d, 0x1d, ""/29}, &(0x7f00000012c0)=0x3d, 0x0)

372.334287ms ago: executing program 3 (id=3756):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141142, 0x50)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001640), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10)
io_setup(0x20fe, &(0x7f0000000540))

229.81624ms ago: executing program 5 (id=3757):
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', 0xffffffffffffffff, &(0x7f0000000080)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x40, 0x52, 0x29}, 0x18)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

159.923636ms ago: executing program 3 (id=3758):
r0 = socket$kcm(0x25, 0x1, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x2004, 0x0, 0x10000, 0x0, 0x6, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x9, 0x12)
sendmsg$key(0xffffffffffffffff, 0x0, 0x840)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r3=>0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="5700ffff0000", 0x6, 0x0, 0x0, 0x2}])

116.725979ms ago: executing program 2 (id=3759):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0xf)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0xf5ff, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}}, 0x0)

97.961542ms ago: executing program 2 (id=3760):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r3, 0x3)
syz_emit_ethernet(0x38, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4}, {"c516"}}}}}}, 0x0)

97.239252ms ago: executing program 5 (id=3761):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
creat(0x0, 0xecf86c37d53049cc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZrk6Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtK03U227TabZn8/OJlzzszs/5wNMztnZpgJYGC9FxHXIuJxmqbnI2Isq89lKbZbqbHco4d35xopiTS98c8kkqxu57OSbHoqW+1kRHztyxHfTJ6PW9vcWp6tVMrrWblUX1kr1Ta3LiytzC6WF8ur09NTl2euzFyamexJP09HxNUv/vUH3/3Zl67+6jO3/3Tz7+e+1WjWaDZ/bz9eUH6/ma2uF5rfxd4V1l8y2FGUb/YwM9xuiaHnau695jYBANBe4xj/gxHxyYg4H2MxtP/hLAAAAPAGSj8/Gv9LItL2TnSoBwAAAN4gueY9sEmuGBEjzXwuVyy27uH9cIzkKtVa/dML1Y3V+da9suNRyC0sVcqT2b3C41FIGuWpZv5J+eIz5emIeDsivj823CwX56qV+X6f/AAAAIABcWrP+D8XEf8Za43/AQAAgGNmvN8NAAAAAF47438AAAA4/oz/AQAA4Fj7yvXrjZTuvP96/tbmxnL11oX5cm25uLIxV5yrrq8VF6vVxeYz+1YO+rxKtbr22VjduFOql2v1Um1z6+ZKdWO1fnPpqVdgAwAAAIfo7Y/f/0MSEdufG26mhhPdrdrlYsBRld/NJdm0zWb9x7da078cUqOAQzHU7wYAfZPvdwOAvin0uwFA3yUHzO94885vs+knetseAACg9yY+2vn6f27fNbf3nw0ceTZiGFyu/8Pgal7/7/ZOXgcLcKwUHAHAwHvl6/8HStMXahAAANBzo82U5IrZ6b3RyOWKxYjTzdcCFJKFpUp5MiLeiojfjxU+0ChPNddMDhwzAAAAAAAAAAAAAAAAAAAAAAAAAAAtaZpECgAAABxrEbm/Jb9uPct/Yuzs6LPnB04k/x2L7BWht39844d3Zuv19alG/b926+s/yuov9uMMBgAAAAyEF3qB/844fWccDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99Ojh3bmddJhx//GFiBhvFz8fJ5vTk1GIiJF/J5Hfs14SEUM9iD/c+PORdvGTRrN2Q7aLP9yD+Nv39o0f49m30C7+qR7Eh0F2v7H/udZu+8vFe81p++0vH/FU+WV13v/F7v5vqMP2f7rLGO88+EWpY/x7Ee/k2+9/duInHeKf6TL+N76+tdVpXvqTiIm2vz/JU7FK9ZW1Um1z68LSyuxiebG8Oj09dXnmysylmcnSwlKlnP1tG+N7H/vl4/36P9Ih/vgB/T/bZf///+DOww+1soV28c+daRP/Nz/Nlng+fi777ftUlm/Mn9jJb7fye73789+9u1//5zv0/6D//7ku+3/+q9/5c5eLAgCHoLa5tTxbqZTXj22mMUo/As2QOYKZb/f0A9M0TRvb1Ct8ThJH4WtpZvq9ZwIAAHrtyUF/v1sCAAAAAAAAAAAAAAAAAAAAg+swHif2bMzt3VzSi0doAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0xPsBAAD//wdy2V0=")

72.726684ms ago: executing program 2 (id=3762):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000a80)=ANY=[@ANYRES64=r0], 0x24}], 0x1, 0x0, 0x0, 0x4000000}, 0x4000041)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r1, r2, 0x0, 0x8003)

46.947496ms ago: executing program 2 (id=3763):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
creat(0x0, 0xecf86c37d53049cc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZrk6Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtK03U227TabZn8/OJlzzszs/5wNMztnZpgJYGC9FxHXIuJxmqbnI2Isq89lKbZbqbHco4d35xopiTS98c8kkqxu57OSbHoqW+1kRHztyxHfTJ6PW9vcWp6tVMrrWblUX1kr1Ta3LiytzC6WF8ur09NTl2euzFyamexJP09HxNUv/vUH3/3Zl67+6jO3/3Tz7+e+1WjWaDZ/bz9eUH6/ma2uF5rfxd4V1l8y2FGUb/YwM9xuiaHnau695jYBANBe4xj/gxHxyYg4H2MxtP/hLAAAAPAGSj8/Gv9LItL2TnSoBwAAAN4gueY9sEmuGBEjzXwuVyy27uH9cIzkKtVa/dML1Y3V+da9suNRyC0sVcqT2b3C41FIGuWpZv5J+eIz5emIeDsivj823CwX56qV+X6f/AAAAIABcWrP+D8XEf8Za43/AQAAgGNmvN8NAAAAAF47438AAAA4/oz/AQAA4Fj7yvXrjZTuvP96/tbmxnL11oX5cm25uLIxV5yrrq8VF6vVxeYz+1YO+rxKtbr22VjduFOql2v1Um1z6+ZKdWO1fnPpqVdgAwAAAIfo7Y/f/0MSEdufG26mhhPdrdrlYsBRld/NJdm0zWb9x7da078cUqOAQzHU7wYAfZPvdwOAvin0uwFA3yUHzO94885vs+knetseAACg9yY+2vn6f27fNbf3nw0ceTZiGFyu/8Pgal7/7/ZOXgcLcKwUHAHAwHvl6/8HStMXahAAANBzo82U5IrZ6b3RyOWKxYjTzdcCFJKFpUp5MiLeiojfjxU+0ChPNddMDhwzAAAAAAAAAAAAAAAAAAAAAAAAAAAtaZpECgAAABxrEbm/Jb9uPct/Yuzs6LPnB04k/x2L7BWht39844d3Zuv19alG/b926+s/yuov9uMMBgAAAAyEF3qB/844fWccDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99Ojh3bmddJhx//GFiBhvFz8fJ5vTk1GIiJF/J5Hfs14SEUM9iD/c+PORdvGTRrN2Q7aLP9yD+Nv39o0f49m30C7+qR7Eh0F2v7H/udZu+8vFe81p++0vH/FU+WV13v/F7v5vqMP2f7rLGO88+EWpY/x7Ee/k2+9/duInHeKf6TL+N76+tdVpXvqTiIm2vz/JU7FK9ZW1Um1z68LSyuxiebG8Oj09dXnmysylmcnSwlKlnP1tG+N7H/vl4/36P9Ih/vgB/T/bZf///+DOww+1soV28c+daRP/Nz/Nlng+fi777ftUlm/Mn9jJb7fye73789+9u1//5zv0/6D//7ku+3/+q9/5c5eLAgCHoLa5tTxbqZTXj22mMUo/As2QOYKZb/f0A9M0TRvb1Ct8ThJH4WtpZvq9ZwIAAHrtyUF/v1sCAAAAAAAAAAAAAAAAAAAAg+swHif2bMzt3VzSi0doAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0xPsBAAD//wdy2V0=")

0s ago: executing program 3 (id=3764):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000380)='./file1\x00', 0x2804450, &(0x7f0000003b80), 0x1, 0x51b, &(0x7f00000014c0)="$eJzs3c9vI1cdAPDvjO1tdjfFKXAolWgrWpQtsHayoW2ERFskBKdKQDkTQuJEUZw4ip2yiSpIxY0LEkKA1BMnLkj8AUioF+4IqRLcESAQgi0caQfZHtMmsWOz+eGu8/lIs35vfn3fG63f/HrxC+DKejIiXoqIQkQ8ExHlfH6aT0vtzGF3vbfvvbbSnpLIslf+kUSSz+vtq50vRsTN7iYxFRFf+3LEt5KTcZv7B5vL9XptN89XW1s71eb+we2NreX12npte2Fh/rnF5xefXZzLcmeq50xEvPDFv/z4Bz//0gu//sy3/7j0t1vfaRcrK3fLHRErZwowQHffpc6x6Gkfo92LCDYGhbw+pcK4SwIAwCja1/gfjohPdK7/y1HoXM0BAAAAkyR7cTr+k0RkAAAAwMRKI2I6krSS9wWYjjStVLp9eD8aN9J6o9n69Fpjb3u1vSze+Pz3v5GubdRrc3lf4ZkoJe38fN7Htpe/cyy/EBGPRMSPytc7+cpKo7467ocfAAAAcEXcfOLo/f+/y2knDQAAAEyYmYEZAAAAYFK45QcAAIDJ5/4fAAAAJtpXXn65PWW9cbxXX93f22y8enu11tysbO2tVFYauzuV9UZjvfObfVvD9ldvNHY+G9t7d6utWrNVbe4fLG019rZbSxtHhsAGAAAALtEjT7z5hyQiDj93vTNF/juAAEf8edwFAM5TYdwFAMamOOqKycWWA7h8paFrjNxCAA+oYaf3gZ13fnv+ZQEAAC7G7MdOvv+/li8b/mwAeJAd6evjL3QA4Erwdg+urtLQHoA6/sCk+1D346Fe/jfHlp/9/X+W3VfBAACAczPdmZK0kr8LnI40rVQiHu4MC1BK1jbqtbn8/uD35dJD722ZeDIAAAAAAAAAAAAAAAAAAAAAAAAAACPKsiQyAAAAYKJFpH9N8lH+ZstPT3efCryTj9V1bNSvN175yd3lVmt3PuJa8s9ye9a1iGj9tDt/705mSAAAAAD4AOjcv9/JP+fHXRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJs3b915b6U2XGffvX4iImX7xizHV+ZyKUkTc+FcSxfdtl0RE4RziH74eEY/2i5/Eu1mWzeSl6Bf/+gXHn+kcmv7x04i4eQ7x4Sp7s93+vNTv+5fGk53P/t+/Yj6d1eD2L/1f+1cY0P48fPqu017isbd+WR0Y//WIx4r9259e/KQbP4lj8Z8asY7f/PrBwaBl2c8iZvuef5IjsaqtrZ1qc//g9sbW8nptvba9sDD/3OLzi88uzlXXNuq1/N++MX748V+9e1r9bwyIP3O0/ieO/9Mj1v+dt+7e+0g3WeoX/9ZT/c+/jw6In+bnvk/m6fby2V76sJt+v8d/8bvHT6v/6oD6Tw2p/60R6//MV7/3pxFXBQAuQXP/YHO5Xq/tnpKYGmGdgYnCfW01LPHiee9QYryJ7Lvd/49n288ZNz+RyM6yeTGGrhNH53yqGMfmNK/9H9/T802Ms1UCAAAuwnsX/eMuCQAAAAAAAAAAAAAAAAAAAFxd9/kLYVMRMfLKx2MejqeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn+m8AAAD//+CA1xA=")
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000680)='sched_switch\x00', r4}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000000)='bridge0\x00')

kernel console output (not intermixed with test programs):

[T21494] EXT4-fs error (device loop2): ext4_free_blocks:6728: comm syz.2.3170: Freeing blocks not in datazone - block = 0, count = 4096
[  230.526192][T21494] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.3170: Invalid inode bitmap blk 0 in block_group 0
[  230.539170][ T5020] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:19: Failed to release dquot type 0
[  230.549468][T21494] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  230.564679][T21494] EXT4-fs (loop2): 1 orphan inode deleted
[  230.570998][T21494] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.586809][T21494] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  230.672620][T21514] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  230.684302][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.917940][T21534] loop2: detected capacity change from 0 to 512
[  230.925199][T21534] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  230.935023][T21534] EXT4-fs (loop2): orphan cleanup on readonly fs
[  230.942205][T21534] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3174: bg 0: block 248: padding at end of block bitmap is not set
[  230.958617][T21534] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3174: Failed to acquire dquot type 1
[  230.970380][T21534] EXT4-fs (loop2): 1 truncate cleaned up
[  230.976568][T21534] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  231.084953][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.137745][   T90] Bluetooth: hci1: Frame reassembly failed (-84)
[  231.632763][T21574] loop5: detected capacity change from 0 to 2048
[  231.702278][T21574] EXT4-fs: Ignoring removed bh option
[  231.722686][T21574] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.259455][T13887] Bluetooth: hci0: command 0x1003 tx timeout
[  232.265683][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  232.496960][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.660813][T21597] loop5: detected capacity change from 0 to 1024
[  232.690165][T21597] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  232.710647][T21597] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.3184: Invalid block bitmap block 0 in block_group 0
[  232.729632][T21597] __quota_error: 106 callbacks suppressed
[  232.729643][T21597] Quota error (device loop5): write_blk: dquota write failed
[  232.743092][T21597] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  232.786878][T21597] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3184: Failed to acquire dquot type 0
[  232.806978][T21603] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  232.820058][T21597] EXT4-fs error (device loop5): ext4_free_blocks:6728: comm syz.5.3184: Freeing blocks not in datazone - block = 0, count = 4096
[  232.840117][T21597] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.3184: Invalid inode bitmap blk 0 in block_group 0
[  232.861766][   T90] Quota error (device loop5): do_check_range: Getting block 0 out of range 1-7
[  232.870977][   T90] EXT4-fs error (device loop5): ext4_release_dquot:7022: comm kworker/u8:5: Failed to release dquot type 0
[  232.909515][T21597] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  232.928211][T21597] EXT4-fs (loop5): 1 orphan inode deleted
[  232.939892][T21597] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.989759][T21597] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  233.050434][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.139528][ T3728] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  233.311652][T21625] loop3: detected capacity change from 0 to 2048
[  233.338802][T21625] EXT4-fs: Ignoring removed bh option
[  233.390243][T21625] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.420901][T21631] netlink: 'syz.0.3191': attribute type 12 has an invalid length.
[  233.496638][T21617] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3187'.
[  233.521512][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.533675][T21633] netlink: 'syz.0.3192': attribute type 12 has an invalid length.
[  233.614952][T21641] loop2: detected capacity change from 0 to 2048
[  233.665518][T21641] EXT4-fs: Ignoring removed bh option
[  233.713464][T21646] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  233.713929][T21641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.815608][T21646] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  233.827916][T21646] EXT4-fs (loop3): This should not happen!! Data will be lost
[  233.827916][T21646] 
[  233.837598][T21646] EXT4-fs (loop3): Total free blocks count 0
[  233.843591][T21646] EXT4-fs (loop3): Free/Dirty block details
[  233.849660][T21646] EXT4-fs (loop3): free_blocks=2415919104
[  233.855372][T21646] EXT4-fs (loop3): dirty_blocks=32
[  233.860551][T21646] EXT4-fs (loop3): Block reservation details
[  233.866528][T21646] EXT4-fs (loop3): i_reserved_data_blocks=2
[  234.589857][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.932331][T21674] loop2: detected capacity change from 0 to 1024
[  234.939372][T21674] EXT4-fs: Ignoring removed orlov option
[  234.971189][T21674] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  234.984163][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.067583][T21679] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3201'.
[  235.242743][T21674] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.307981][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.385431][T21703] loop3: detected capacity change from 0 to 512
[  235.394265][T21703] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  235.423833][T21703] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.438319][T21713] loop2: detected capacity change from 0 to 512
[  235.452199][T21703] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  235.472633][T21703] tipc: Started in network mode
[  235.477543][T21703] tipc: Node identity , cluster identity 4711
[  235.483649][T21703] tipc: Failed to obtain node identity
[  235.489095][T21703] tipc: Enabling of bearer <eth:ip6_vti0> rejected, failed to enable media
[  235.498197][T21713] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  235.506645][T21713] EXT4-fs (loop2): orphan cleanup on readonly fs
[  235.517553][T21713] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.3206: corrupted inode contents
[  235.537820][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.547231][T21713] EXT4-fs (loop2): Remounting filesystem read-only
[  235.555279][T21713] EXT4-fs (loop2): 1 truncate cleaned up
[  235.561072][ T2929] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  235.571639][ T2929] Quota error (device loop2): write_blk: dquota write failed
[  235.579136][ T2929] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries
[  235.589125][ T2929] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  235.599640][ T2929] Quota error (device loop2): write_blk: dquota write failed
[  235.606998][ T2929] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list
[  235.636344][T21721] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  235.653454][T21721] tipc: Enabling of bearer <eth:ip6_vti0> rejected, already enabled
[  235.695106][ T2929] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  235.705417][ T2929] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  235.739431][ T2929] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  235.749784][T21713] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  236.092092][T21722] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3207'.
[  236.594038][T21771] loop5: detected capacity change from 0 to 512
[  236.658371][T21732] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3211'.
[  236.690867][T21771] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  236.750869][T21771] EXT4-fs (loop5): orphan cleanup on readonly fs
[  236.770609][T21771] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3213: corrupted inode contents
[  236.869855][T21771] EXT4-fs (loop5): Remounting filesystem read-only
[  236.876558][T21771] EXT4-fs (loop5): 1 truncate cleaned up
[  236.882380][ T6538] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  236.892982][ T6538] Quota error (device loop5): write_blk: dquota write failed
[  236.900396][ T6538] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  236.919387][ T6538] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  236.939788][T21771] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  237.073212][T21800] loop3: detected capacity change from 0 to 1024
[  237.099977][T21800] EXT4-fs: Ignoring removed orlov option
[  237.108226][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.127626][T21800] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  237.162860][T21800] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.442120][T21824] loop2: detected capacity change from 0 to 512
[  237.449093][T21824] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  237.462038][T21824] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.498280][T21824] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  237.601385][T21824] tipc: Enabling of bearer <eth:ip6_vti0> rejected, already enabled
[  237.655791][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.761009][T21848] loop2: detected capacity change from 0 to 2048
[  237.801240][T21848] EXT4-fs: Ignoring removed bh option
[  237.840894][T21848] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.914817][T21848] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  237.969225][T21848] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  237.981624][T21848] EXT4-fs (loop2): This should not happen!! Data will be lost
[  237.981624][T21848] 
[  237.991315][T21848] EXT4-fs (loop2): Total free blocks count 0
[  237.997279][T21848] EXT4-fs (loop2): Free/Dirty block details
[  238.003204][T21848] EXT4-fs (loop2): free_blocks=2415919104
[  238.008941][T21848] EXT4-fs (loop2): dirty_blocks=32
[  238.014088][T21848] EXT4-fs (loop2): Block reservation details
[  238.020201][T21848] EXT4-fs (loop2): i_reserved_data_blocks=2
[  238.128318][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.147580][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.197170][T21877] loop3: detected capacity change from 0 to 2048
[  238.212015][T21878] loop2: detected capacity change from 0 to 2048
[  238.228805][T21878] EXT4-fs: Ignoring removed bh option
[  238.246687][T21877] EXT4-fs: Ignoring removed bh option
[  238.255649][T21878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.280381][T21877] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.312374][T21878] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  238.327950][T21890] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  238.361324][T21878] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  238.373606][T21878] EXT4-fs (loop2): This should not happen!! Data will be lost
[  238.373606][T21878] 
[  238.383315][T21878] EXT4-fs (loop2): Total free blocks count 0
[  238.389289][T21878] EXT4-fs (loop2): Free/Dirty block details
[  238.395248][T21878] EXT4-fs (loop2): free_blocks=2415919104
[  238.400975][T21878] EXT4-fs (loop2): dirty_blocks=32
[  238.406081][T21878] EXT4-fs (loop2): Block reservation details
[  238.412063][T21878] EXT4-fs (loop2): i_reserved_data_blocks=2
[  238.534608][T21904] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  238.549541][T21904] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  238.561824][T21904] EXT4-fs (loop3): This should not happen!! Data will be lost
[  238.561824][T21904] 
[  238.571474][T21904] EXT4-fs (loop3): Total free blocks count 0
[  238.577446][T21904] EXT4-fs (loop3): Free/Dirty block details
[  238.583341][T21904] EXT4-fs (loop3): free_blocks=2415919104
[  238.589059][T21904] EXT4-fs (loop3): dirty_blocks=32
[  238.594234][T21904] EXT4-fs (loop3): Block reservation details
[  238.600225][T21904] EXT4-fs (loop3): i_reserved_data_blocks=2
[  238.636357][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.152015][T21945] loop3: detected capacity change from 0 to 512
[  239.173994][T21945] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  239.187338][T21945] EXT4-fs (loop3): orphan cleanup on readonly fs
[  239.204750][T21945] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.3242: corrupted inode contents
[  239.207502][T21952] netlink: 'syz.1.3243': attribute type 12 has an invalid length.
[  239.235780][T21945] EXT4-fs (loop3): Remounting filesystem read-only
[  239.257631][T21945] EXT4-fs (loop3): 1 truncate cleaned up
[  239.263522][ T2014] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  239.274055][ T2014] __quota_error: 5 callbacks suppressed
[  239.274080][ T2014] Quota error (device loop3): write_blk: dquota write failed
[  239.286979][ T2014] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries
[  239.297032][ T2014] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  239.307662][ T2014] Quota error (device loop3): write_blk: dquota write failed
[  239.315151][ T2014] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list
[  239.348762][ T2014] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  239.358917][ T2014] Quota error (device loop3): v2_write_file_info: Can't write info structure
[  239.367839][ T2014] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  239.403961][T21953] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3240'.
[  239.795808][T22001] loop5: detected capacity change from 0 to 2048
[  239.805769][T22001] EXT4-fs: Ignoring removed bh option
[  240.246178][T22033] netlink: 'syz.2.3254': attribute type 12 has an invalid length.
[  241.282295][T22062] loop2: detected capacity change from 0 to 512
[  241.289338][T22062] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  241.298616][T22062] EXT4-fs (loop2): orphan cleanup on readonly fs
[  241.308139][T22062] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3259: bg 0: block 248: padding at end of block bitmap is not set
[  241.322752][T22062] Quota error (device loop2): write_blk: dquota write failed
[  241.330197][T22062] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  241.340102][T22062] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3259: Failed to acquire dquot type 1
[  241.352012][T22062] EXT4-fs (loop2): 1 truncate cleaned up
[  241.393611][T22070] loop3: detected capacity change from 0 to 512
[  241.436227][T22070] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent
[  241.705624][T22087] bridge0: port 3(hsr0) entered blocking state
[  241.711889][T22087] bridge0: port 3(hsr0) entered disabled state
[  241.718266][T22087] hsr0: entered allmulticast mode
[  241.723355][T22087] hsr_slave_0: entered allmulticast mode
[  241.728975][T22087] hsr_slave_1: entered allmulticast mode
[  241.735508][T22087] hsr0: entered promiscuous mode
[  241.740797][T22087] bridge0: port 3(hsr0) entered blocking state
[  241.746952][T22087] bridge0: port 3(hsr0) entered forwarding state
[  242.308542][T22098] loop3: detected capacity change from 0 to 2048
[  242.351395][T22101] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3266'.
[  242.355932][T22098] EXT4-fs: Ignoring removed bh option
[  242.388959][T22095] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3264'.
[  242.467569][   T29] audit: type=1326 audit(1768001813.981:20693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22100 comm="syz.2.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  242.491154][   T29] audit: type=1326 audit(1768001813.981:20694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22100 comm="syz.2.3266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  242.631422][T22113] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3268'.
[  242.779523][T22115] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  242.795447][T22115] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  242.807726][T22115] EXT4-fs (loop3): This should not happen!! Data will be lost
[  242.807726][T22115] 
[  242.817380][T22115] EXT4-fs (loop3): Total free blocks count 0
[  242.823928][T22115] EXT4-fs (loop3): Free/Dirty block details
[  242.829974][T22115] EXT4-fs (loop3): free_blocks=2415919104
[  242.835683][T22115] EXT4-fs (loop3): dirty_blocks=32
[  242.840814][T22115] EXT4-fs (loop3): Block reservation details
[  242.846896][T22115] EXT4-fs (loop3): i_reserved_data_blocks=2
[  243.033521][   T42] Bluetooth: hci0: Frame reassembly failed (-84)
[  243.160461][T22135] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  243.682573][T22139] loop2: detected capacity change from 0 to 512
[  243.690683][T22139] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  243.860106][T22139] EXT4-fs (loop2): orphan cleanup on readonly fs
[  243.867181][T22139] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3272: bg 0: block 248: padding at end of block bitmap is not set
[  243.881793][T22139] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3272: Failed to acquire dquot type 1
[  243.894028][T22139] EXT4-fs (loop2): 1 truncate cleaned up
[  244.159795][T22155] loop3: detected capacity change from 0 to 2048
[  244.168527][T22155] EXT4-fs: Ignoring removed bh option
[  244.821593][   T29] kauditd_printk_skb: 71 callbacks suppressed
[  244.821606][   T29] audit: type=1400 audit(1768001816.351:20764): avc:  denied  { create } for  pid=22183 comm="syz.0.3281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  244.847930][   T29] audit: type=1400 audit(1768001816.351:20765): avc:  denied  { read } for  pid=22183 comm="syz.0.3281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  245.059598][ T3728] Bluetooth: hci0: command 0x1003 tx timeout
[  245.059630][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  245.154476][T22204] loop5: detected capacity change from 0 to 2048
[  245.162654][T22204] EXT4-fs: Ignoring removed bh option
[  245.200844][   T29] audit: type=1326 audit(1768001816.731:20766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22196 comm="syz.0.3285" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f909292f749 code=0x0
[  245.381888][T22245] loop3: detected capacity change from 0 to 512
[  245.441381][T22250] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  245.456260][T22250] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  245.468580][T22250] EXT4-fs (loop5): This should not happen!! Data will be lost
[  245.468580][T22250] 
[  245.478230][T22250] EXT4-fs (loop5): Total free blocks count 0
[  245.484250][T22250] EXT4-fs (loop5): Free/Dirty block details
[  245.490160][T22250] EXT4-fs (loop5): free_blocks=2415919104
[  245.495878][T22250] EXT4-fs (loop5): dirty_blocks=32
[  245.500987][T22250] EXT4-fs (loop5): Block reservation details
[  245.506946][T22250] EXT4-fs (loop5): i_reserved_data_blocks=2
[  245.522379][T22245] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  245.581209][T22245] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  245.613143][T22245] tipc: Started in network mode
[  245.618029][T22245] tipc: Node identity , cluster identity 4711
[  245.624207][T22245] tipc: Failed to obtain node identity
[  245.629713][T22245] tipc: Enabling of bearer <eth:ip6_vti0> rejected, failed to enable media
[  245.986615][T22271] FAULT_INJECTION: forcing a failure.
[  245.986615][T22271] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  245.999893][T22271] CPU: 0 UID: 0 PID: 22271 Comm: syz.0.3297 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  245.999921][T22271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  245.999941][T22271] Call Trace:
[  246.000017][T22271]  <TASK>
[  246.000023][T22271]  __dump_stack+0x1d/0x30
[  246.000076][T22271]  dump_stack_lvl+0x95/0xd0
[  246.000095][T22271]  dump_stack+0x15/0x1b
[  246.000116][T22271]  should_fail_ex+0x265/0x280
[  246.000187][T22271]  should_fail_alloc_page+0xf2/0x100
[  246.000206][T22271]  __alloc_frozen_pages_noprof+0x109/0x360
[  246.000237][T22271]  alloc_pages_mpol+0xb3/0x260
[  246.000294][T22271]  ? css_rstat_updated+0xbb/0x280
[  246.000324][T22271]  vma_alloc_folio_noprof+0x1aa/0x300
[  246.000350][T22271]  handle_mm_fault+0xef5/0x2c60
[  246.000459][T22271]  do_user_addr_fault+0x630/0x1080
[  246.000487][T22271]  ? ksys_mmap_pgoff+0xc2/0x310
[  246.000592][T22271]  exc_page_fault+0x62/0xa0
[  246.000618][T22271]  asm_exc_page_fault+0x26/0x30
[  246.000691][T22271] RIP: 0033:0x7f90927f09f0
[  246.000704][T22271] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41
[  246.000719][T22271] RSP: 002b:00007f909138e4a0 EFLAGS: 00010286
[  246.000734][T22271] RAX: 0000000000001000 RBX: 00007f909138e540 RCX: 0000000000000001
[  246.000768][T22271] RDX: 0000000000000009 RSI: 0000000000000001 RDI: 00007f909138e5e0
[  246.000778][T22271] RBP: 00000000000000f7 R08: 00007f9088f6f000 R09: 00000000000000ff
[  246.000791][T22271] R10: 0000000000000000 R11: 00007f909138e550 R12: 0000000000000001
[  246.000804][T22271] R13: 00007f90929cfc40 R14: 0000000000000000 R15: 00007f909138e5e0
[  246.000890][T22271]  </TASK>
[  246.000898][T22271] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  247.130423][T22290] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3298'.
[  247.450886][T22287] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3301'.
[  247.571617][T22302] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3303'.
[  248.067189][T22316] netlink: 19 bytes leftover after parsing attributes in process `syz.2.3307'.
[  248.124132][T22316] loop2: detected capacity change from 0 to 2048
[  248.158864][T22316] EXT4-fs mount: 18 callbacks suppressed
[  248.158877][T22316] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.190459][T22316] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.238948][ T3662] printk: udevd: 71 output lines suppressed due to ratelimiting
[  248.293461][T22316] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.324606][T22325] loop3: detected capacity change from 0 to 1024
[  248.342160][T22325] EXT4-fs: Ignoring removed orlov option
[  248.352627][T22316] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.372724][T22325] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  248.401370][T22325] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.417768][T22316] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.588301][T22336] loop5: detected capacity change from 0 to 1024
[  248.614865][T22336] EXT4-fs: Ignoring removed orlov option
[  248.657116][T22336] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.675991][T12841] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  248.710390][T12841] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  248.749836][T12841] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  248.795237][T12841] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  248.810807][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.858124][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.893143][T22354] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3315'.
[  248.934735][T22354] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=22354 comm=syz.0.3315
[  249.194228][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.237554][ T2014] Bluetooth: hci0: Frame reassembly failed (-84)
[  249.251951][T22365] can0: slcan on ttyS3.
[  249.429476][T22365] can0 (unregistered): slcan off ttyS3.
[  249.971929][T22393] loop3: detected capacity change from 0 to 512
[  249.981392][T22394] loop2: detected capacity change from 0 to 512
[  250.529391][T22393] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  250.537901][T22394] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  250.860249][T22393] EXT4-fs (loop3): orphan cleanup on readonly fs
[  250.867537][T22393] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3319: bg 0: block 248: padding at end of block bitmap is not set
[  250.882082][T22393] Quota error (device loop3): write_blk: dquota write failed
[  250.889496][T22393] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  250.899431][T22393] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3319: Failed to acquire dquot type 1
[  250.899834][T22394] EXT4-fs (loop2): orphan cleanup on readonly fs
[  250.917558][T22394] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3314: bg 0: block 248: padding at end of block bitmap is not set
[  250.932032][T22394] Quota error (device loop2): write_blk: dquota write failed
[  250.939438][T22394] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  250.949403][T22394] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3314: Failed to acquire dquot type 1
[  250.962873][T22393] EXT4-fs (loop3): 1 truncate cleaned up
[  250.962888][T22394] EXT4-fs (loop2): 1 truncate cleaned up
[  250.974696][T22394] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  250.980026][T22393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  251.192546][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.233411][   T29] audit: type=1400 audit(1768001822.761:20767): avc:  denied  { read } for  pid=22427 comm="syz.3.3323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  251.253755][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.282508][   T29] audit: type=1400 audit(1768001822.791:20768): avc:  denied  { getopt } for  pid=22427 comm="syz.3.3323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  251.304640][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  251.306026][ T3728] Bluetooth: hci0: command 0x1003 tx timeout
[  251.533248][T22451] xt_CT: You must specify a L4 protocol and not use inversions on it
[  252.939144][T22465] netlink: 'syz.3.3332': attribute type 12 has an invalid length.
[  253.365968][   T29] audit: type=1400 audit(1768001824.891:20769): avc:  denied  { bind } for  pid=22472 comm="syz.3.3335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  253.385576][   T29] audit: type=1400 audit(1768001824.891:20770): avc:  denied  { name_bind } for  pid=22472 comm="syz.3.3335" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  253.406719][   T29] audit: type=1400 audit(1768001824.891:20771): avc:  denied  { node_bind } for  pid=22472 comm="syz.3.3335" saddr=100.1.1.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  253.534124][   T29] audit: type=1400 audit(1768001825.061:20772): avc:  denied  { write } for  pid=22480 comm="syz.2.3336" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  253.624235][T22484] netlink: 'syz.2.3338': attribute type 21 has an invalid length.
[  253.648036][ T2014] Bluetooth: hci0: Frame reassembly failed (-84)
[  253.658038][T22484] syz.2.3338 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  253.761529][T22494] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3340'.
[  253.789628][T22496] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3341'.
[  253.979891][T22504] loop5: detected capacity change from 0 to 2048
[  253.986580][T22504] EXT4-fs: Ignoring removed bh option
[  254.012639][T22504] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  254.723317][T22512] netlink: 'syz.2.3345': attribute type 12 has an invalid length.
[  255.021421][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.211258][T22522] loop5: detected capacity change from 0 to 256
[  255.313179][T22527] loop5: detected capacity change from 0 to 2048
[  255.330826][T22527] EXT4-fs: Ignoring removed bh option
[  255.351260][T22527] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  255.699402][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  255.699431][ T3728] Bluetooth: hci0: command 0x1003 tx timeout
[  255.742290][T22532] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  255.774712][T22532] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  255.786976][T22532] EXT4-fs (loop5): This should not happen!! Data will be lost
[  255.786976][T22532] 
[  255.796626][T22532] EXT4-fs (loop5): Total free blocks count 0
[  255.802647][T22532] EXT4-fs (loop5): Free/Dirty block details
[  255.808566][T22532] EXT4-fs (loop5): free_blocks=2415919104
[  255.814351][T22532] EXT4-fs (loop5): dirty_blocks=32
[  255.819468][T22532] EXT4-fs (loop5): Block reservation details
[  255.825427][T22532] EXT4-fs (loop5): i_reserved_data_blocks=2
[  256.161776][T22543] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3353'.
[  256.195626][T22545] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3354'.
[  256.281679][T22549] loop3: detected capacity change from 0 to 2048
[  256.289530][   T29] kauditd_printk_skb: 55 callbacks suppressed
[  256.289541][   T29] audit: type=1326 audit(1768001827.801:20828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.296958][T22549] EXT4-fs: Ignoring removed bh option
[  256.319194][   T29] audit: type=1326 audit(1768001827.801:20829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.348201][   T29] audit: type=1326 audit(1768001827.801:20830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.363995][T22549] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  256.371936][   T29] audit: type=1326 audit(1768001827.801:20831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.407540][   T29] audit: type=1326 audit(1768001827.801:20832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.431286][   T29] audit: type=1326 audit(1768001827.801:20833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.454882][   T29] audit: type=1326 audit(1768001827.801:20834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.478424][   T29] audit: type=1326 audit(1768001827.801:20835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.502075][   T29] audit: type=1326 audit(1768001827.801:20836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  256.525597][   T29] audit: type=1326 audit(1768001827.801:20837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22544 comm="syz.0.3354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  257.115452][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.358290][T22508] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  257.648133][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.701556][T22565] loop5: detected capacity change from 0 to 1024
[  257.740442][T22565] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  257.804935][T22565] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.3359: Invalid block bitmap block 0 in block_group 0
[  257.882372][T22565] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3359: Failed to acquire dquot type 0
[  257.918205][T22565] EXT4-fs error (device loop5): ext4_free_blocks:6728: comm syz.5.3359: Freeing blocks not in datazone - block = 0, count = 4096
[  257.971376][T22565] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.3359: Invalid inode bitmap blk 0 in block_group 0
[  257.989446][T12841] EXT4-fs error (device loop5): ext4_release_dquot:7022: comm kworker/u8:25: Failed to release dquot type 0
[  258.014017][T22565] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  258.064977][T22565] EXT4-fs (loop5): 1 orphan inode deleted
[  258.109917][T22565] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.145341][T22565] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  258.229519][T22589] loop3: detected capacity change from 0 to 512
[  258.237997][T22589] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  258.247143][T22589] EXT4-fs (loop3): orphan cleanup on readonly fs
[  258.254038][T22589] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3361: bg 0: block 248: padding at end of block bitmap is not set
[  258.271241][T22589] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3361: Failed to acquire dquot type 1
[  258.283053][T22589] EXT4-fs (loop3): 1 truncate cleaned up
[  258.289249][T22589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  258.328668][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.345648][T22595] loop2: detected capacity change from 0 to 512
[  258.364930][T22595] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.392128][T22595] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.422437][T22595] random: crng reseeded on system resumption
[  258.460896][T12841] Bluetooth: hci0: Frame reassembly failed (-84)
[  258.532822][T22610] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3365'.
[  258.675442][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.728104][T22618] loop2: detected capacity change from 0 to 512
[  258.764987][T22618] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  258.884068][T22618] EXT4-fs (loop2): orphan cleanup on readonly fs
[  258.900858][T22618] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.3368: corrupted inode contents
[  258.924308][T22618] EXT4-fs (loop2): Remounting filesystem read-only
[  258.931029][T22618] EXT4-fs (loop2): 1 truncate cleaned up
[  259.063468][T22626] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3369'.
[  259.308158][T12841] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  259.318788][T12841] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  259.367796][T12841] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  259.395908][T22618] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  260.499390][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  260.667286][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.681866][ T2014] Bluetooth: hci0: Frame reassembly failed (-84)
[  260.747067][T22701] loop2: detected capacity change from 0 to 2048
[  260.789674][T22701] EXT4-fs: Ignoring removed bh option
[  260.805520][T22701] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  261.125139][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.258686][T22718] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3381'.
[  261.605657][T22744] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3378'.
[  261.713118][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.850952][T12841] Bluetooth: hci1: Frame reassembly failed (-84)
[  261.860289][T22809] Falling back ldisc for ptm1.
[  261.879325][T22824] netlink: 'syz.2.3390': attribute type 142 has an invalid length.
[  261.887259][T22824] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3390'.
[  261.923742][T22824] loop2: detected capacity change from 0 to 8192
[  262.033611][   T29] kauditd_printk_skb: 108 callbacks suppressed
[  262.033624][   T29] audit: type=1400 audit(1768001833.561:20935): avc:  denied  { write } for  pid=22823 comm="syz.2.3390" name="file0" dev="tmpfs" ino=570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  262.064670][   T29] audit: type=1400 audit(1768001833.561:20936): avc:  denied  { open } for  pid=22823 comm="syz.2.3390" path="/101/file0" dev="tmpfs" ino=570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  262.141547][   T29] audit: type=1400 audit(1768001833.671:20937): avc:  denied  { ioctl } for  pid=22823 comm="syz.2.3390" path="/101/file0" dev="tmpfs" ino=570 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  262.194088][T22828] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3391'.
[  262.253198][T22835] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3393'.
[  262.739554][ T3728] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  262.739631][T13887] Bluetooth: hci0: command 0x1003 tx timeout
[  262.766496][T22839] netlink: 'syz.5.3394': attribute type 12 has an invalid length.
[  262.788962][T22841] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3395'.
[  262.830614][T22843] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3396'.
[  262.859311][T22843] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=22843 comm=syz.0.3396
[  262.905580][   T29] audit: type=1326 audit(1768001834.431:20938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22840 comm="syz.5.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  262.929282][   T29] audit: type=1326 audit(1768001834.431:20939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22840 comm="syz.5.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  262.952848][   T29] audit: type=1326 audit(1768001834.431:20940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22840 comm="syz.5.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  262.976406][   T29] audit: type=1326 audit(1768001834.431:20941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22840 comm="syz.5.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  263.000051][   T29] audit: type=1326 audit(1768001834.431:20942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22840 comm="syz.5.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  263.023614][   T29] audit: type=1326 audit(1768001834.431:20943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22840 comm="syz.5.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  263.047187][   T29] audit: type=1326 audit(1768001834.431:20944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22840 comm="syz.5.3395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  263.165672][T22867] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  263.375611][T22876] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3403'.
[  263.392254][T22877] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3404'.
[  263.572414][T22882] netlink: 'syz.2.3406': attribute type 12 has an invalid length.
[  263.628310][T22886] loop2: detected capacity change from 0 to 512
[  263.649616][T22886] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  263.657594][T22886] EXT4-fs (loop2): orphan cleanup on readonly fs
[  263.672270][T22886] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.3408: corrupted inode contents
[  263.684440][T22886] EXT4-fs (loop2): Remounting filesystem read-only
[  263.691671][T22886] EXT4-fs (loop2): 1 truncate cleaned up
[  263.697535][ T4100] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  263.708111][ T4100] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  263.725930][ T4100] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  263.736869][T22886] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  263.774583][T22899] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  263.787301][T22901] netlink: 'syz.5.3414': attribute type 12 has an invalid length.
[  263.806654][T22903] loop3: detected capacity change from 0 to 2048
[  263.813875][T22903] EXT4-fs: Ignoring removed bh option
[  263.831337][T22903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  263.879433][ T3566] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  263.947056][T22903] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  263.961819][T22903] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  263.974144][T22903] EXT4-fs (loop3): This should not happen!! Data will be lost
[  263.974144][T22903] 
[  263.983817][T22903] EXT4-fs (loop3): Total free blocks count 0
[  263.989816][T22903] EXT4-fs (loop3): Free/Dirty block details
[  263.995706][T22903] EXT4-fs (loop3): free_blocks=2415919104
[  264.001449][T22903] EXT4-fs (loop3): dirty_blocks=32
[  264.006552][T22903] EXT4-fs (loop3): Block reservation details
[  264.012544][T22903] EXT4-fs (loop3): i_reserved_data_blocks=2
[  264.025869][T22916] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=22916 comm=syz.5.3417
[  264.136498][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.183399][T22948] __nla_validate_parse: 1 callbacks suppressed
[  264.183412][T22948] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3420'.
[  264.241470][T22954] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3421'.
[  264.457463][T22960] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  264.513609][T22965] lo speed is unknown, defaulting to 1000
[  264.519699][T22965] lo speed is unknown, defaulting to 1000
[  264.525652][T22965] lo speed is unknown, defaulting to 1000
[  264.532621][T22965] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  264.540206][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.550378][T22965] lo speed is unknown, defaulting to 1000
[  264.556592][T22965] lo speed is unknown, defaulting to 1000
[  264.562656][T22965] lo speed is unknown, defaulting to 1000
[  264.568772][T22965] lo speed is unknown, defaulting to 1000
[  264.575427][T22965] lo speed is unknown, defaulting to 1000
[  264.584388][T22965] lo speed is unknown, defaulting to 1000
[  264.584673][T22971] netlink: 'syz.2.3426': attribute type 12 has an invalid length.
[  264.598210][T22965] lo speed is unknown, defaulting to 1000
[  264.605522][T22965] lo speed is unknown, defaulting to 1000
[  264.880393][T22988] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3432'.
[  265.543569][T22988] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=22988 comm=syz.2.3432
[  265.829643][ T6538] Bluetooth: hci1: Frame reassembly failed (-84)
[  265.850960][T23004] loop2: detected capacity change from 0 to 2048
[  265.940545][T23014] ªªªªªª: renamed from vlan0 (while UP)
[  265.957965][T23000] FAULT_INJECTION: forcing a failure.
[  265.957965][T23000] name failslab, interval 1, probability 0, space 0, times 0
[  265.970622][T23000] CPU: 1 UID: 0 PID: 23000 Comm: syz.0.3435 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  265.970650][T23000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  265.970663][T23000] Call Trace:
[  265.970670][T23000]  <TASK>
[  265.970725][T23000]  __dump_stack+0x1d/0x30
[  265.970751][T23000]  dump_stack_lvl+0x95/0xd0
[  265.970773][T23000]  dump_stack+0x15/0x1b
[  265.970799][T23000]  should_fail_ex+0x265/0x280
[  265.970845][T23000]  should_failslab+0x8c/0xb0
[  265.970868][T23000]  kmem_cache_alloc_noprof+0x69/0x4b0
[  265.970908][T23000]  ? security_file_alloc+0x32/0x100
[  265.970971][T23000]  security_file_alloc+0x32/0x100
[  265.970995][T23000]  init_file+0x5c/0x1c0
[  265.971022][T23000]  alloc_empty_file+0x8b/0x200
[  265.971048][T23000]  path_openat+0x63/0x23b0
[  265.971154][T23000]  ? _parse_integer_limit+0x170/0x190
[  265.971174][T23000]  ? _parse_integer+0x27/0x40
[  265.971194][T23000]  ? kstrtoull+0x111/0x140
[  265.971209][T23000]  ? kstrtouint+0x76/0xc0
[  265.971225][T23000]  do_filp_open+0x109/0x230
[  265.971287][T23000]  do_sys_openat2+0xa6/0x150
[  265.971309][T23000]  __x64_sys_openat+0xf2/0x120
[  265.971412][T23000]  x64_sys_call+0x2b07/0x3000
[  265.971437][T23000]  do_syscall_64+0xca/0x2b0
[  265.971525][T23000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.971558][T23000] RIP: 0033:0x7f909292f749
[  265.971573][T23000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.971593][T23000] RSP: 002b:00007f909138f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  265.971613][T23000] RAX: ffffffffffffffda RBX: 00007f9092b85fa0 RCX: 00007f909292f749
[  265.971627][T23000] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  265.971640][T23000] RBP: 00007f909138f090 R08: 0000000000000000 R09: 0000000000000000
[  265.971655][T23000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.971667][T23000] R13: 00007f9092b86038 R14: 00007f9092b85fa0 R15: 00007ffda54d1778
[  265.971688][T23000]  </TASK>
[  266.189498][T13887] Bluetooth: hci0: command 0x1003 tx timeout
[  266.195484][ T3728] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  266.234834][T23004] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  266.259213][T23004] atomic_op ffff8881231b7528 conn xmit_atomic 0000000000000000
[  266.267121][T23005] atomic_op ffff8881231b4128 conn xmit_atomic 0000000000000000
[  266.276592][T23004] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #12: comm syz.2.3437: corrupted in-inode xattr: e_value size too large
[  266.297327][T23020] netlink: 'syz.5.3438': attribute type 12 has an invalid length.
[  266.307080][T23005] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #12: comm syz.2.3437: corrupted in-inode xattr: e_value size too large
[  266.336957][T23004] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #12: comm syz.2.3437: corrupted in-inode xattr: e_value size too large
[  266.406955][T23030] netlink: 'syz.0.3442': attribute type 12 has an invalid length.
[  266.532509][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  266.571981][T23033] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3444'.
[  266.651503][T23034] sd 0:0:1:0: device reset
[  266.673190][T23038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3443'.
[  266.683156][T23040] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3445'.
[  266.709419][T23038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23038 comm=syz.2.3443
[  267.039436][   T29] kauditd_printk_skb: 1107 callbacks suppressed
[  267.039446][   T29] audit: type=1326 audit(1768001838.571:22046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.069247][   T29] audit: type=1326 audit(1768001838.571:22047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.093460][   T29] audit: type=1326 audit(1768001838.571:22048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.117123][   T29] audit: type=1326 audit(1768001838.571:22049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.140768][   T29] audit: type=1326 audit(1768001838.571:22050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.164798][   T29] audit: type=1326 audit(1768001838.571:22051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.188378][   T29] audit: type=1326 audit(1768001838.571:22052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.211897][   T29] audit: type=1326 audit(1768001838.571:22053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.235485][   T29] audit: type=1326 audit(1768001838.571:22054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.259224][   T29] audit: type=1326 audit(1768001838.581:22055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23039 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7efd30492005 code=0x7ffc0000
[  267.429854][T23056] netlink: 'syz.2.3450': attribute type 12 has an invalid length.
[  267.457166][T23058] loop2: detected capacity change from 0 to 512
[  267.466646][T23058] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  267.481424][T23058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.494132][T23058] ext4 filesystem being mounted at /121/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  267.516630][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.545074][T23066] FAULT_INJECTION: forcing a failure.
[  267.545074][T23066] name failslab, interval 1, probability 0, space 0, times 0
[  267.557843][T23066] CPU: 1 UID: 0 PID: 23066 Comm: syz.2.3452 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  267.557918][T23066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  267.557931][T23066] Call Trace:
[  267.557937][T23066]  <TASK>
[  267.557944][T23066]  __dump_stack+0x1d/0x30
[  267.557969][T23066]  dump_stack_lvl+0x95/0xd0
[  267.557988][T23066]  dump_stack+0x15/0x1b
[  267.558018][T23066]  should_fail_ex+0x265/0x280
[  267.558040][T23066]  should_failslab+0x8c/0xb0
[  267.558063][T23066]  kmem_cache_alloc_noprof+0x69/0x4b0
[  267.558085][T23066]  ? getname_flags+0x80/0x3b0
[  267.558132][T23066]  getname_flags+0x80/0x3b0
[  267.558156][T23066]  __x64_sys_unlink+0x21/0x40
[  267.558176][T23066]  x64_sys_call+0x2f48/0x3000
[  267.558257][T23066]  do_syscall_64+0xca/0x2b0
[  267.558290][T23066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.558311][T23066] RIP: 0033:0x7f1306d3f749
[  267.558365][T23066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.558382][T23066] RSP: 002b:00007f13057a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
[  267.558453][T23066] RAX: ffffffffffffffda RBX: 00007f1306f95fa0 RCX: 00007f1306d3f749
[  267.558467][T23066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  267.558480][T23066] RBP: 00007f13057a7090 R08: 0000000000000000 R09: 0000000000000000
[  267.558492][T23066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.558505][T23066] R13: 00007f1306f96038 R14: 00007f1306f95fa0 R15: 00007ffcf1702d98
[  267.558524][T23066]  </TASK>
[  267.847588][T23075] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3456'.
[  267.860178][ T3728] Bluetooth: hci1: command 0x1003 tx timeout
[  267.866656][ T3566] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  267.904032][T23075] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23075 comm=syz.1.3456
[  268.075872][T23089] netlink: 108 bytes leftover after parsing attributes in process `syz.5.3460'.
[  268.097199][T23089] lo speed is unknown, defaulting to 1000
[  268.143902][T23103] raw_sendmsg: syz.3.3459 forgot to set AF_INET. Fix it!
[  268.155258][T23108] loop2: detected capacity change from 0 to 512
[  268.162534][T23108] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  268.171986][T23108] EXT4-fs (loop2): orphan cleanup on readonly fs
[  268.178858][T23108] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3455: bg 0: block 248: padding at end of block bitmap is not set
[  268.193607][T23108] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3455: Failed to acquire dquot type 1
[  268.205767][T23108] EXT4-fs (loop2): 1 truncate cleaned up
[  268.374104][T23121] xt_connbytes: Forcing CT accounting to be enabled
[  268.551917][T23129] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3464'.
[  268.714965][ T2014] Bluetooth: hci0: Frame reassembly failed (-84)
[  269.102939][T23108] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  269.183270][T23145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3468'.
[  269.320128][T23147] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23147 comm=syz.3.3468
[  269.477612][T12841] Bluetooth: hci1: Frame reassembly failed (-84)
[  269.801781][T23171] process 'syz.1.3474' launched './file0' with NULL argv: empty string added
[  269.868280][T23177] netlink: 'syz.1.3476': attribute type 12 has an invalid length.
[  269.896512][T23179] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=23179 comm=syz.1.3477
[  270.739381][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  270.745507][T13887] Bluetooth: hci0: command 0x1003 tx timeout
[  270.790902][T23190] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3479'.
[  270.810062][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.841092][T23190] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23190 comm=syz.5.3479
[  270.896990][T23199] FAULT_INJECTION: forcing a failure.
[  270.896990][T23199] name failslab, interval 1, probability 0, space 0, times 0
[  270.909813][T23199] CPU: 0 UID: 0 PID: 23199 Comm: syz.1.3482 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  270.909887][T23199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  270.909900][T23199] Call Trace:
[  270.909907][T23199]  <TASK>
[  270.909914][T23199]  __dump_stack+0x1d/0x30
[  270.909939][T23199]  dump_stack_lvl+0x95/0xd0
[  270.909961][T23199]  dump_stack+0x15/0x1b
[  270.910050][T23199]  should_fail_ex+0x265/0x280
[  270.910070][T23199]  should_failslab+0x8c/0xb0
[  270.910093][T23199]  kmem_cache_alloc_noprof+0x69/0x4b0
[  270.910116][T23199]  ? skb_clone+0x151/0x1f0
[  270.910154][T23199]  skb_clone+0x151/0x1f0
[  270.910176][T23199]  __netlink_deliver_tap+0x2c9/0x500
[  270.910230][T23199]  netlink_unicast+0x66b/0x690
[  270.910283][T23199]  netlink_sendmsg+0x58b/0x6b0
[  270.910383][T23199]  ? __pfx_netlink_sendmsg+0x10/0x10
[  270.910422][T23199]  __sock_sendmsg+0x145/0x180
[  270.910442][T23199]  ____sys_sendmsg+0x31e/0x4a0
[  270.910486][T23199]  ___sys_sendmsg+0x17b/0x1d0
[  270.910553][T23199]  __x64_sys_sendmsg+0xd4/0x160
[  270.910607][T23199]  x64_sys_call+0x17ba/0x3000
[  270.910626][T23199]  do_syscall_64+0xca/0x2b0
[  270.910654][T23199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.910701][T23199] RIP: 0033:0x7efd3045f749
[  270.910713][T23199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.910727][T23199] RSP: 002b:00007efd2eebf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  270.910745][T23199] RAX: ffffffffffffffda RBX: 00007efd306b5fa0 RCX: 00007efd3045f749
[  270.910759][T23199] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  270.910769][T23199] RBP: 00007efd2eebf090 R08: 0000000000000000 R09: 0000000000000000
[  270.910780][T23199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.910790][T23199] R13: 00007efd306b6038 R14: 00007efd306b5fa0 R15: 00007ffeb75b1298
[  270.910809][T23199]  </TASK>
[  270.917330][T23200] xt_CT: You must specify a L4 protocol and not use inversions on it
[  271.137642][T23199] bond1: option resend_igmp: invalid value (1024)
[  271.144200][T23199] bond1: option resend_igmp: allowed values 0 - 255
[  271.169211][T23199] bond1 (unregistering): Released all slaves
[  271.477146][T23282] loop2: detected capacity change from 0 to 512
[  271.511907][T23282] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  271.539436][ T3566] Bluetooth: hci1: command 0x1003 tx timeout
[  271.545534][ T3728] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  271.546480][T23282] EXT4-fs (loop2): orphan cleanup on readonly fs
[  271.561555][T23282] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3486: bg 0: block 248: padding at end of block bitmap is not set
[  271.598887][T23288] SELinux: failed to load policy
[  271.641916][ T2929] Bluetooth: hci0: Frame reassembly failed (-84)
[  271.648771][T23282] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3486: Failed to acquire dquot type 1
[  271.751021][T23297] xt_CT: You must specify a L4 protocol and not use inversions on it
[  271.759679][T23282] EXT4-fs (loop2): 1 truncate cleaned up
[  271.769397][T23282] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  271.798749][T23301] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3492'.
[  271.843886][T23301] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23301 comm=syz.5.3492
[  271.962346][T23309] netlink: 'syz.0.3493': attribute type 12 has an invalid length.
[  273.003831][ T2929] Bluetooth: hci1: Frame reassembly failed (-84)
[  273.234441][T23341] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3505'.
[  273.247925][T23339] loop5: detected capacity change from 0 to 1024
[  273.270231][T23339] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  273.304387][T23341] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23341 comm=syz.3.3505
[  273.329808][T23339] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.3504: Invalid block bitmap block 0 in block_group 0
[  273.419566][T23339] __quota_error: 344 callbacks suppressed
[  273.419612][T23339] Quota error (device loop5): write_blk: dquota write failed
[  273.432735][T23339] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  273.493250][T23339] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3504: Failed to acquire dquot type 0
[  273.525062][T23339] EXT4-fs error (device loop5): ext4_free_blocks:6728: comm syz.5.3504: Freeing blocks not in datazone - block = 0, count = 4096
[  273.578955][T23339] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.3504: Invalid inode bitmap blk 0 in block_group 0
[  273.592579][ T2929] Quota error (device loop5): do_check_range: Getting block 0 out of range 1-7
[  273.601536][ T2929] EXT4-fs error (device loop5): ext4_release_dquot:7022: comm kworker/u8:15: Failed to release dquot type 0
[  273.629082][T23339] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  273.648070][T23339] EXT4-fs (loop5): 1 orphan inode deleted
[  273.654209][T23339] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.686645][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.699409][T13887] Bluetooth: hci0: command 0x1003 tx timeout
[  273.705448][ T3728] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  273.774226][T23362] loop5: detected capacity change from 0 to 512
[  273.822001][T23362] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  273.843235][T23362] EXT4-fs (loop5): orphan cleanup on readonly fs
[  273.851527][T23362] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3509: corrupted inode contents
[  273.863718][T23362] EXT4-fs (loop5): Remounting filesystem read-only
[  273.870359][T23362] EXT4-fs (loop5): 1 truncate cleaned up
[  273.876194][ T5020] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  273.886842][ T5020] Quota error (device loop5): write_blk: dquota write failed
[  273.894209][ T5020] Quota error (device loop5): remove_free_dqentry: Can't write block (5) with free entries
[  273.904184][ T5020] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  273.914748][ T5020] Quota error (device loop5): write_blk: dquota write failed
[  273.922143][ T5020] Quota error (device loop5): free_dqentry: Can't move quota data block (5) to free list
[  273.931957][ T5020] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  273.942035][ T5020] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  273.950829][ T5020] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  273.960987][T23362] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  274.293544][ T5034] Bluetooth: hci0: Frame reassembly failed (-84)
[  274.492704][T23379] lo speed is unknown, defaulting to 1000
[  274.889965][   T29] audit: type=1326 audit(1768001846.421:22396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23405 comm="syz.0.3513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  274.950063][T23406] 9p: Bad value for 'wfdno'
[  275.056292][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.065423][T13887] Bluetooth: hci1: command 0x1003 tx timeout
[  275.071514][ T3566] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  275.134713][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.158360][T23423] FAULT_INJECTION: forcing a failure.
[  275.158360][T23423] name failslab, interval 1, probability 0, space 0, times 0
[  275.171122][T23423] CPU: 1 UID: 0 PID: 23423 Comm: syz.1.3517 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  275.171146][T23423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  275.171156][T23423] Call Trace:
[  275.171162][T23423]  <TASK>
[  275.171169][T23423]  __dump_stack+0x1d/0x30
[  275.171192][T23423]  dump_stack_lvl+0x95/0xd0
[  275.171233][T23423]  dump_stack+0x15/0x1b
[  275.171254][T23423]  should_fail_ex+0x265/0x280
[  275.171275][T23423]  should_failslab+0x8c/0xb0
[  275.171293][T23423]  kmem_cache_alloc_noprof+0x69/0x4b0
[  275.171384][T23423]  ? alloc_vfsmnt+0x2d/0x300
[  275.171412][T23423]  alloc_vfsmnt+0x2d/0x300
[  275.171470][T23423]  vfs_create_mount+0x3b/0x1d0
[  275.171500][T23423]  __se_sys_fsmount+0x31c/0x690
[  275.171522][T23423]  __x64_sys_fsmount+0x43/0x50
[  275.171540][T23423]  x64_sys_call+0x1d56/0x3000
[  275.171617][T23423]  do_syscall_64+0xca/0x2b0
[  275.171652][T23423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.171673][T23423] RIP: 0033:0x7efd3045f749
[  275.171686][T23423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.171713][T23423] RSP: 002b:00007efd2eebf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b0
[  275.171733][T23423] RAX: ffffffffffffffda RBX: 00007efd306b5fa0 RCX: 00007efd3045f749
[  275.171746][T23423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  275.171759][T23423] RBP: 00007efd2eebf090 R08: 0000000000000000 R09: 0000000000000000
[  275.171772][T23423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.171784][T23423] R13: 00007efd306b6038 R14: 00007efd306b5fa0 R15: 00007ffeb75b1298
[  275.171804][T23423]  </TASK>
[  275.350976][T23428] loop5: detected capacity change from 0 to 512
[  275.353158][T23429] loop2: detected capacity change from 0 to 1024
[  275.358089][T23428] EXT4-fs: Ignoring removed oldalloc option
[  275.364941][T23429] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  275.379516][T23428] EXT4-fs: Ignoring removed i_version option
[  275.385714][T23428] EXT4-fs: Ignoring removed nomblk_io_submit option
[  275.393025][T23428] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  275.408627][T23428] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2857: Unable to expand inode 11. Delete some EAs or run e2fsck.
[  275.408640][T23429] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.3518: Invalid block bitmap block 0 in block_group 0
[  275.408749][T23429] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3518: Failed to acquire dquot type 0
[  275.422076][T23428] EXT4-fs (loop5): 1 truncate cleaned up
[  275.435547][T23429] EXT4-fs error (device loop2): ext4_free_blocks:6728: comm syz.2.3518: Freeing blocks not in datazone - block = 0, count = 4096
[  275.446701][T23428] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  275.454423][T23429] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.3518: Invalid inode bitmap blk 0 in block_group 0
[  275.490148][   T42] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:2: Failed to release dquot type 0
[  275.521706][T23429] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  275.531112][T23429] EXT4-fs (loop2): 1 orphan inode deleted
[  275.537340][T23429] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.567166][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.339381][ T3566] Bluetooth: hci0: command 0x1003 tx timeout
[  276.345467][ T3728] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  276.754059][T23468] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3526'.
[  276.769259][T23468] FAULT_INJECTION: forcing a failure.
[  276.769259][T23468] name failslab, interval 1, probability 0, space 0, times 0
[  276.781950][T23468] CPU: 0 UID: 0 PID: 23468 Comm: syz.2.3526 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  276.781977][T23468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  276.782021][T23468] Call Trace:
[  276.782028][T23468]  <TASK>
[  276.782035][T23468]  __dump_stack+0x1d/0x30
[  276.782061][T23468]  dump_stack_lvl+0x95/0xd0
[  276.782082][T23468]  dump_stack+0x15/0x1b
[  276.782168][T23468]  should_fail_ex+0x265/0x280
[  276.782193][T23468]  should_failslab+0x8c/0xb0
[  276.782211][T23468]  __kmalloc_cache_noprof+0x65/0x4c0
[  276.782230][T23468]  ? tc_ctl_chain+0x584/0xca0
[  276.782273][T23468]  tc_ctl_chain+0x584/0xca0
[  276.782314][T23468]  ? ns_capable+0x7d/0xb0
[  276.782411][T23468]  ? __pfx_tc_ctl_chain+0x10/0x10
[  276.782475][T23468]  rtnetlink_rcv_msg+0x65a/0x6d0
[  276.782495][T23468]  netlink_rcv_skb+0x123/0x220
[  276.782543][T23468]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  276.782569][T23468]  rtnetlink_rcv+0x1c/0x30
[  276.782667][T23468]  netlink_unicast+0x5c0/0x690
[  276.782695][T23468]  netlink_sendmsg+0x58b/0x6b0
[  276.782757][T23468]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.782790][T23468]  __sock_sendmsg+0x145/0x180
[  276.782812][T23468]  ____sys_sendmsg+0x31e/0x4a0
[  276.782907][T23468]  ___sys_sendmsg+0x17b/0x1d0
[  276.782950][T23468]  __x64_sys_sendmsg+0xd4/0x160
[  276.782978][T23468]  x64_sys_call+0x17ba/0x3000
[  276.783030][T23468]  do_syscall_64+0xca/0x2b0
[  276.783058][T23468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.783075][T23468] RIP: 0033:0x7f1306d3f749
[  276.783090][T23468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.783108][T23468] RSP: 002b:00007f13057a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.783173][T23468] RAX: ffffffffffffffda RBX: 00007f1306f95fa0 RCX: 00007f1306d3f749
[  276.783183][T23468] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  276.783196][T23468] RBP: 00007f13057a7090 R08: 0000000000000000 R09: 0000000000000000
[  276.783209][T23468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.783222][T23468] R13: 00007f1306f96038 R14: 00007f1306f95fa0 R15: 00007ffcf1702d98
[  276.783243][T23468]  </TASK>
[  277.079774][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.134525][T23488] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3527'.
[  277.147323][T23490] loop2: detected capacity change from 0 to 2048
[  277.183700][T23488] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23488 comm=syz.5.3527
[  277.219687][T23490] EXT4-fs: Ignoring removed bh option
[  277.253633][T23490] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  277.370796][T23490] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  277.386025][T23490] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  277.398284][T23490] EXT4-fs (loop2): This should not happen!! Data will be lost
[  277.398284][T23490] 
[  277.402315][T23497] syzkaller0: entered promiscuous mode
[  277.407921][T23490] EXT4-fs (loop2): Total free blocks count 0
[  277.413379][T23497] syzkaller0: entered allmulticast mode
[  277.419323][T23490] EXT4-fs (loop2): Free/Dirty block details
[  277.419337][T23490] EXT4-fs (loop2): free_blocks=2415919104
[  277.436551][T23490] EXT4-fs (loop2): dirty_blocks=32
[  277.441674][T23490] EXT4-fs (loop2): Block reservation details
[  277.447639][T23490] EXT4-fs (loop2): i_reserved_data_blocks=2
[  277.549066][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.642070][T23514] xt_hashlimit: max too large, truncated to 1048576
[  277.675488][   T90] Bluetooth: hci0: Frame reassembly failed (-84)
[  277.789527][T23514] xt_CT: You must specify a L4 protocol and not use inversions on it
[  277.813406][T23514] can0: slcan on ptm1.
[  277.889784][T23514] can0 (unregistered): slcan off ptm1.
[  277.905261][T23514] Falling back ldisc for ptm1.
[  279.108284][T23543] loop2: detected capacity change from 0 to 512
[  279.131306][T23543] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  279.141914][T23543] EXT4-fs (loop2): orphan cleanup on readonly fs
[  279.165459][T23543] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.3538: corrupted inode contents
[  279.196027][T23543] EXT4-fs (loop2): Remounting filesystem read-only
[  279.219294][T23543] EXT4-fs (loop2): 1 truncate cleaned up
[  279.226324][ T2014] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  279.236921][ T2014] __quota_error: 22 callbacks suppressed
[  279.236933][ T2014] Quota error (device loop2): write_blk: dquota write failed
[  279.250017][ T2014] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries
[  279.260055][ T2014] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  279.270587][ T2014] Quota error (device loop2): write_blk: dquota write failed
[  279.277974][ T2014] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list
[  279.293734][T23553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3541'.
[  279.323797][T23552] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23552 comm=syz.0.3541
[  279.337597][ T2014] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started
[  279.347716][ T2014] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  279.400924][ T2014] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  279.415283][T23543] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  279.500935][T23563] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3545'.
[  279.699526][T13887] Bluetooth: hci0: command 0x1003 tx timeout
[  279.705562][ T3728] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  279.809078][T23590] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3553'.
[  279.834118][T23587] lo speed is unknown, defaulting to 1000
[  279.883270][T23602] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23602 comm=syz.5.3553
[  279.996323][T23594] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3549'.
[  280.179684][T23623] loop5: detected capacity change from 0 to 512
[  280.186713][T23623] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  280.204373][T23623] EXT4-fs (loop5): orphan cleanup on readonly fs
[  280.211205][T23623] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3555: bg 0: block 248: padding at end of block bitmap is not set
[  280.225695][T23623] Quota error (device loop5): write_blk: dquota write failed
[  280.233081][T23623] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  280.242988][T23623] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3555: Failed to acquire dquot type 1
[  280.255093][T23623] EXT4-fs (loop5): 1 truncate cleaned up
[  280.261282][T23623] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  280.536206][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.848753][   T29] audit: type=1400 audit(1768001852.371:22416): avc:  denied  { write } for  pid=23632 comm="syz.2.3557" name="tcp6" dev="proc" ino=4026532728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  281.002513][T23641] loop2: detected capacity change from 0 to 2048
[  281.013421][T23641] EXT4-fs: Ignoring removed bh option
[  281.042198][T23641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  281.120032][T23649] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  281.246332][T23640] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3558'.
[  281.481882][T23653] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  281.492059][T23650] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3561'.
[  281.494237][T23653] EXT4-fs (loop2): This should not happen!! Data will be lost
[  281.494237][T23653] 
[  281.513026][T23653] EXT4-fs (loop2): Total free blocks count 0
[  281.519062][T23653] EXT4-fs (loop2): Free/Dirty block details
[  281.525039][T23653] EXT4-fs (loop2): free_blocks=2415919104
[  281.530861][T23653] EXT4-fs (loop2): dirty_blocks=32
[  281.536029][T23653] EXT4-fs (loop2): Block reservation details
[  281.542042][T23653] EXT4-fs (loop2): i_reserved_data_blocks=2
[  281.619677][ T3728] Bluetooth: hci1: command 0x1003 tx timeout
[  281.669398][ T3566] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  281.949506][T23663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3564'.
[  281.999979][T23663] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23663 comm=syz.1.3564
[  282.248551][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.312833][T23671] xt_CT: You must specify a L4 protocol and not use inversions on it
[  282.326209][T23677] loop2: detected capacity change from 0 to 512
[  282.333910][T23677] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent
[  283.520780][T23694] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3572'.
[  283.544992][T23697] loop3: detected capacity change from 0 to 1024
[  283.582255][T23697] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  283.674805][T23697] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3573: Invalid block bitmap block 0 in block_group 0
[  283.710851][T23697] Quota error (device loop3): write_blk: dquota write failed
[  283.718248][T23697] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3573: Failed to acquire dquot type 0
[  283.791850][T23697] EXT4-fs error (device loop3): ext4_free_blocks:6728: comm syz.3.3573: Freeing blocks not in datazone - block = 0, count = 4096
[  283.839546][T23697] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.3573: Invalid inode bitmap blk 0 in block_group 0
[  283.903155][T23697] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  283.933469][T23697] EXT4-fs (loop3): 1 orphan inode deleted
[  283.959609][T23697] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.019756][T23697] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  284.156815][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.254778][T12840] __quota_error: 1 callbacks suppressed
[  284.254794][T12840] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-7
[  284.269341][T12840] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:24: Failed to release dquot type 0
[  284.327877][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.335045][T23716] loop5: detected capacity change from 0 to 1024
[  284.346438][T23717] loop2: detected capacity change from 0 to 512
[  284.353565][T23717] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  284.359854][T23716] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  284.372733][T23717] EXT4-fs (loop2): orphan cleanup on readonly fs
[  284.379761][T23717] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3577: bg 0: block 248: padding at end of block bitmap is not set
[  284.392643][T23716] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  284.402418][T23717] Quota error (device loop2): write_blk: dquota write failed
[  284.402577][T23716] EXT4-fs (loop5): orphan cleanup on readonly fs
[  284.409804][T23717] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  284.409838][T23717] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3577: Failed to acquire dquot type 1
[  284.416355][T23716] Quota error (device loop5): v2_read_file_info: Can't read info structure
[  284.427594][T23717] EXT4-fs (loop2): 1 truncate cleaned up
[  284.437614][T23716] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix.
[  284.466192][T23716] EXT4-fs (loop5): Cannot turn on quotas: error -5
[  284.473566][T23716] EXT4-fs (loop5): 1 truncate cleaned up
[  284.473618][T23717] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  284.479826][T23716] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  284.530769][   T29] audit: type=1400 audit(1768001856.061:22417): avc:  denied  { watch } for  pid=23715 comm="syz.5.3579" path="/84/file0" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  284.569227][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.589808][   T29] audit: type=1326 audit(1768001856.121:22418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23729 comm="syz.5.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  284.630887][   T29] audit: type=1326 audit(1768001856.161:22419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23729 comm="syz.5.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  284.654498][   T29] audit: type=1326 audit(1768001856.161:22420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23729 comm="syz.5.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  284.678193][   T29] audit: type=1326 audit(1768001856.161:22421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23729 comm="syz.5.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148877f749 code=0x7ffc0000
[  284.702577][T23730] FAULT_INJECTION: forcing a failure.
[  284.702577][T23730] name failslab, interval 1, probability 0, space 0, times 0
[  284.715272][T23730] CPU: 1 UID: 0 PID: 23730 Comm: syz.5.3580 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  284.715296][T23730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  284.715367][T23730] Call Trace:
[  284.715409][T23730]  <TASK>
[  284.715417][T23730]  __dump_stack+0x1d/0x30
[  284.715441][T23730]  dump_stack_lvl+0x95/0xd0
[  284.715463][T23730]  dump_stack+0x15/0x1b
[  284.715483][T23730]  should_fail_ex+0x265/0x280
[  284.715601][T23730]  should_failslab+0x8c/0xb0
[  284.715682][T23730]  __kmalloc_node_track_caller_noprof+0xb9/0x5b0
[  284.715705][T23730]  ? sidtab_sid2str_get+0xa0/0x130
[  284.715762][T23730]  kmemdup_noprof+0x2b/0x70
[  284.715795][T23730]  sidtab_sid2str_get+0xa0/0x130
[  284.715819][T23730]  security_sid_to_context_core+0x1eb/0x2e0
[  284.715920][T23730]  security_sid_to_context+0x27/0x40
[  284.715946][T23730]  selinux_lsmprop_to_secctx+0x67/0xf0
[  284.715975][T23730]  security_lsmprop_to_secctx+0x1a3/0x1c0
[  284.716119][T23730]  audit_log_subj_ctx+0xa4/0x3e0
[  284.716188][T23730]  ? skb_put+0xa9/0xf0
[  284.716276][T23730]  audit_log_task_context+0x48/0x70
[  284.716376][T23730]  audit_log_task+0xf4/0x250
[  284.716403][T23730]  audit_seccomp+0x61/0x100
[  284.716473][T23730]  ? __seccomp_filter+0x832/0x1260
[  284.716527][T23730]  __seccomp_filter+0x843/0x1260
[  284.716554][T23730]  ? radix_tree_lookup+0xfa/0x140
[  284.716579][T23730]  ? _raw_spin_lock+0x52/0xa0
[  284.716599][T23730]  ? __rcu_read_unlock+0x4f/0x70
[  284.716644][T23730]  __secure_computing+0x82/0x150
[  284.716723][T23730]  syscall_trace_enter+0xcf/0x1e0
[  284.716737][T23730]  do_syscall_64+0xa4/0x2b0
[  284.716824][T23730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.716835][T23730] RIP: 0033:0x7f148877e15c
[  284.716845][T23730] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  284.716855][T23730] RSP: 002b:00007f14871df030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  284.716866][T23730] RAX: ffffffffffffffda RBX: 00007f14889d5fa0 RCX: 00007f148877e15c
[  284.716892][T23730] RDX: 000000000000000f RSI: 00007f14871df0a0 RDI: 0000000000000003
[  284.716899][T23730] RBP: 00007f14871df090 R08: 0000000000000000 R09: 0000000000000000
[  284.716905][T23730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  284.716944][T23730] R13: 00007f14889d6038 R14: 00007f14889d5fa0 R15: 00007ffe0e1e6078
[  284.716954][T23730]  </TASK>
[  284.716959][T23730] audit: error in audit_log_subj_ctx
[  284.974982][T23742] netlink: 14 bytes leftover after parsing attributes in process `syz.5.3584'.
[  284.988255][T23742] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  284.998501][T23742] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  285.008329][T23742] bond0 (unregistering): Released all slaves
[  285.079540][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.144278][T23739] loop3: detected capacity change from 0 to 512
[  285.157992][T23781] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3586'.
[  285.175392][T23739] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  285.232121][T23739] EXT4-fs (loop3): orphan cleanup on readonly fs
[  285.251589][T23739] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.3583: bg 0: block 248: padding at end of block bitmap is not set
[  285.266415][T23739] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3583: Failed to acquire dquot type 1
[  285.278811][T23739] EXT4-fs (loop3): 1 truncate cleaned up
[  285.288156][T23739] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  285.393416][T23794] loop5: detected capacity change from 0 to 512
[  285.400423][T23794] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  285.411502][T23794] EXT4-fs (loop5): orphan cleanup on readonly fs
[  285.418328][T23794] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3587: bg 0: block 248: padding at end of block bitmap is not set
[  285.432726][T23794] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3587: Failed to acquire dquot type 1
[  285.444411][T23794] EXT4-fs (loop5): 1 truncate cleaned up
[  285.454651][T23794] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  285.643849][T23785] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3585'.
[  285.686780][T23801] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3590'.
[  285.772663][T23801] lo speed is unknown, defaulting to 1000
[  286.894552][T23843] bridge0: port 3(hsr0) entered blocking state
[  286.900866][T23843] bridge0: port 3(hsr0) entered disabled state
[  286.929909][T23843] hsr0: entered allmulticast mode
[  286.935020][T23843] hsr_slave_0: entered allmulticast mode
[  286.941115][T23843] hsr_slave_1: entered allmulticast mode
[  286.967624][T23843] hsr0: entered promiscuous mode
[  286.987293][T23843] bridge0: port 3(hsr0) entered blocking state
[  286.993563][T23843] bridge0: port 3(hsr0) entered forwarding state
[  287.421304][T23853] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3598'.
[  287.480384][T23853] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=23853 comm=syz.2.3598
[  287.917714][ T4100] Bluetooth: hci0: Frame reassembly failed (-84)
[  287.957387][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.979798][T23871] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3602'.
[  288.001323][T23871] lo speed is unknown, defaulting to 1000
[  288.256854][T23896] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3603'.
[  288.267028][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.474419][T23910] 8021q: adding VLAN 0 to HW filter on device bond0
[  288.481620][T23910] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  288.496335][T23910] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  288.674988][T23930] xt_CT: You must specify a L4 protocol and not use inversions on it
[  288.764775][T23944] xt_CT: You must specify a L4 protocol and not use inversions on it
[  288.972439][T23968] loop5: detected capacity change from 0 to 512
[  288.981490][T23968] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  288.990734][T23968] EXT4-fs (loop5): orphan cleanup on readonly fs
[  288.991949][T23970] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3615'.
[  288.998297][T23972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3614'.
[  289.015027][T23972] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3614'.
[  289.021130][T23970] lo speed is unknown, defaulting to 1000
[  289.023987][T23972] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3614'.
[  289.039083][T23968] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3613: bg 0: block 248: padding at end of block bitmap is not set
[  289.053596][T23968] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3613: Failed to acquire dquot type 1
[  289.065485][T23968] EXT4-fs (loop5): 1 truncate cleaned up
[  289.071914][T23968] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  289.243414][T24003] loop2: detected capacity change from 0 to 512
[  289.250372][T24003] EXT4-fs (loop2): blocks per group (95) and clusters per group (32768) inconsistent
[  289.398187][T24016] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3619'.
[  289.463595][   T29] kauditd_printk_skb: 79 callbacks suppressed
[  289.463610][   T29] audit: type=1326 audit(1768001860.991:22495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.494582][   T29] audit: type=1326 audit(1768001861.021:22496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.518209][   T29] audit: type=1326 audit(1768001861.021:22497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.542294][   T29] audit: type=1326 audit(1768001861.021:22498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.566057][   T29] audit: type=1326 audit(1768001861.021:22499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.589591][   T29] audit: type=1326 audit(1768001861.021:22500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.613174][   T29] audit: type=1326 audit(1768001861.021:22501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.636826][   T29] audit: type=1326 audit(1768001861.021:22502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.660391][   T29] audit: type=1326 audit(1768001861.021:22503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.684108][   T29] audit: type=1326 audit(1768001861.021:22504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24015 comm="syz.2.3619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1306d3f749 code=0x7ffc0000
[  289.749618][T24022] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3621'.
[  289.749614][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.802877][T24026] xt_CT: You must specify a L4 protocol and not use inversions on it
[  289.939620][ T3728] Bluetooth: hci0: command 0x1003 tx timeout
[  289.939795][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  289.979111][T12840] Bluetooth: hci0: Frame reassembly failed (-84)
[  290.213596][T24059] syzkaller0: entered promiscuous mode
[  290.219087][T24059] syzkaller0: entered allmulticast mode
[  290.232488][T24057] loop3: detected capacity change from 0 to 1024
[  290.239675][T24057] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  290.256628][T24057] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3632: Invalid block bitmap block 0 in block_group 0
[  290.270366][T24057] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3632: Failed to acquire dquot type 0
[  290.281955][T24057] EXT4-fs error (device loop3): ext4_free_blocks:6728: comm syz.3.3632: Freeing blocks not in datazone - block = 0, count = 4096
[  290.295516][T24057] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.3632: Invalid inode bitmap blk 0 in block_group 0
[  290.308710][   T90] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:5: Failed to release dquot type 0
[  290.313901][T24067] lo speed is unknown, defaulting to 1000
[  290.321356][T24057] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  290.337815][T24057] EXT4-fs (loop3): 1 orphan inode deleted
[  290.344726][T24057] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.360558][T24057] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  290.388775][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.458498][T24098] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3635'.
[  290.500792][T24096] loop3: detected capacity change from 0 to 1024
[  290.507981][T24096] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  290.520643][T24096] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3634: Invalid block bitmap block 0 in block_group 0
[  290.587653][T24096] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3634: Failed to acquire dquot type 0
[  290.599213][T24096] EXT4-fs error (device loop3): ext4_free_blocks:6728: comm syz.3.3634: Freeing blocks not in datazone - block = 0, count = 4096
[  290.612757][T24096] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.3634: Invalid inode bitmap blk 0 in block_group 0
[  290.625528][T24096] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  290.634210][   T42] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:2: Failed to release dquot type 0
[  290.634226][T24096] EXT4-fs (loop3): 1 orphan inode deleted
[  290.634716][T24096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.678104][T12840] Bluetooth: hci1: Frame reassembly failed (-84)
[  290.680709][T24096] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  290.706437][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.744571][T12840] Bluetooth: hci2: Frame reassembly failed (-84)
[  291.659715][T24140] loop2: detected capacity change from 0 to 2048
[  291.666351][T24140] EXT4-fs: Ignoring removed bh option
[  291.680776][T24140] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  291.776282][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.019400][ T3566] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  292.025571][ T3656] Bluetooth: hci0: command 0x1003 tx timeout
[  292.029722][T24152] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=24152 comm=syz.1.3645
[  292.295368][T22326] IPVS: starting estimator thread 0...
[  292.389472][T24166] IPVS: using max 4128 ests per chain, 206400 per kthread
[  292.739564][ T3728] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  292.739633][ T3566] Bluetooth: hci1: command 0x1003 tx timeout
[  292.819564][T13887] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  292.921582][T24186] loop3: detected capacity change from 0 to 512
[  292.932419][T24186] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  292.948907][T24191] netlink: 'syz.1.3657': attribute type 12 has an invalid length.
[  292.960815][T24186] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  292.973400][T24186] ext4 filesystem being mounted at /78/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  292.987475][T24186] tipc: Started in network mode
[  292.992364][T24186] tipc: Node identity , cluster identity 4711
[  292.998423][T24186] tipc: Failed to obtain node identity
[  293.003884][T24186] tipc: Enabling of bearer <eth:ip6_vti0> rejected, failed to enable media
[  293.020909][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.159830][   T90] Bluetooth: hci0: Frame reassembly failed (-84)
[  293.583505][T24199] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.708336][T24199] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.784580][T24199] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.866781][T24199] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.927399][T12840] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  293.939283][T12840] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  293.957647][T12840] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  293.983184][T12840] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  294.004927][   T90] Bluetooth: hci2: Frame reassembly failed (-84)
[  294.577067][T24218] syz.5.3662 (24218) used greatest stack depth: 7448 bytes left
[  294.644613][T24247] loop5: detected capacity change from 0 to 2048
[  294.651433][T24247] EXT4-fs: Ignoring removed bh option
[  294.661854][T24247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.832376][T24247] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  294.852330][T24247] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  294.864605][T24247] EXT4-fs (loop5): This should not happen!! Data will be lost
[  294.864605][T24247] 
[  294.874227][T24247] EXT4-fs (loop5): Total free blocks count 0
[  294.880215][T24247] EXT4-fs (loop5): Free/Dirty block details
[  294.886089][T24247] EXT4-fs (loop5): free_blocks=2415919104
[  294.891820][T24247] EXT4-fs (loop5): dirty_blocks=32
[  294.896915][T24247] EXT4-fs (loop5): Block reservation details
[  294.902901][T24247] EXT4-fs (loop5): i_reserved_data_blocks=2
[  294.947479][T24257] netlink: 'syz.1.3668': attribute type 12 has an invalid length.
[  294.972507][T24259] tipc: Started in network mode
[  294.977346][T24259] tipc: Node identity , cluster identity 4711
[  294.983510][T24259] tipc: Failed to obtain node identity
[  294.989021][T24259] tipc: Enabling of bearer <eth:ip6_vti0> rejected, failed to enable media
[  295.044725][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.064038][   T29] kauditd_printk_skb: 147 callbacks suppressed
[  295.064051][   T29] audit: type=1400 audit(1768001866.591:22646): avc:  denied  { bind } for  pid=24266 comm="syz.5.3672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  295.090049][T24267] loop5: detected capacity change from 0 to 512
[  295.096859][T24267] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  295.107029][T24267] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002]
[  295.115116][T24267] EXT4-fs (loop5): orphan cleanup on readonly fs
[  295.121556][T24267] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.3672: bad orphan inode 267
[  295.132475][T24267] EXT4-fs (loop5): Remounting filesystem read-only
[  295.139319][T24267] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  295.149148][ T3728] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  295.172681][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  295.239447][T13887] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  295.432413][T24289] loop5: detected capacity change from 0 to 512
[  295.441357][T24289] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  295.450808][T24288] __nla_validate_parse: 3 callbacks suppressed
[  295.450819][T24288] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3676'.
[  295.474762][T24289] EXT4-fs (loop5): orphan cleanup on readonly fs
[  295.488453][T24289] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3674: bg 0: block 248: padding at end of block bitmap is not set
[  295.528528][T24293] loop2: detected capacity change from 0 to 512
[  295.535457][T24293] EXT4-fs: Ignoring removed nomblk_io_submit option
[  295.544894][T24289] Quota error (device loop5): write_blk: dquota write failed
[  295.552370][T24289] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  295.562299][T24289] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3674: Failed to acquire dquot type 1
[  295.575861][T24293] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  295.590286][T24293] ext4 filesystem being mounted at /173/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  295.601258][T24289] EXT4-fs (loop5): 1 truncate cleaned up
[  295.607552][T24289] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  295.623733][T24293] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  295.648800][   T29] audit: type=1400 audit(1768001867.151:22647): avc:  denied  { mounton } for  pid=24292 comm="syz.2.3677" path="/173/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  295.673382][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.019599][T13887] Bluetooth: hci2: command 0x1003 tx timeout
[  296.089383][ T3566] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  296.122546][T24304] netlink: 'syz.3.3680': attribute type 12 has an invalid length.
[  296.152963][T24306] loop3: detected capacity change from 0 to 512
[  296.171814][T24306] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  296.191808][T24306] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  296.217817][T24306] ext4 filesystem being mounted at /82/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  296.242655][T24306] tipc: Started in network mode
[  296.247599][T24306] tipc: Node identity , cluster identity 4711
[  296.253749][T24306] tipc: Failed to obtain node identity
[  296.259188][T24306] tipc: Enabling of bearer <eth:ip6_vti0> rejected, failed to enable media
[  296.314978][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.335429][T24314] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  296.371225][T24314] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  296.392021][T24318] loop3: detected capacity change from 0 to 2048
[  296.427340][T24318] EXT4-fs: Ignoring removed bh option
[  296.452441][T24318] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  296.574161][   T90] Bluetooth: hci1: Frame reassembly failed (-84)
[  296.789040][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.900747][T24337] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  296.919495][T24337] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  296.931843][T24337] EXT4-fs (loop3): This should not happen!! Data will be lost
[  296.931843][T24337] 
[  296.941556][T24337] EXT4-fs (loop3): Total free blocks count 0
[  296.947597][T24337] EXT4-fs (loop3): Free/Dirty block details
[  296.953513][T24337] EXT4-fs (loop3): free_blocks=2415919104
[  296.959268][T24337] EXT4-fs (loop3): dirty_blocks=32
[  296.964444][T24337] EXT4-fs (loop3): Block reservation details
[  296.970421][T24337] EXT4-fs (loop3): i_reserved_data_blocks=2
[  297.102468][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.165694][T24346] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3689'.
[  297.190593][T24346] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=24346 comm=syz.0.3689
[  297.219503][T13887] Bluetooth: hci0: command 0x1003 tx timeout
[  297.225532][ T3728] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  297.240639][T24354] tipc: Enabling of bearer <eth:ip6_vti0> rejected, already enabled
[  297.344717][T24359] xt_CT: You must specify a L4 protocol and not use inversions on it
[  297.372321][T24366] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3696'.
[  297.394627][T24368] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3697'.
[  297.427441][T24370] loop3: detected capacity change from 0 to 2048
[  297.434516][T24370] EXT4-fs: Ignoring removed bh option
[  297.445038][   T29] audit: type=1326 audit(1768001868.971:22648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24365 comm="syz.0.3696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  297.480913][T24370] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.489402][   T29] audit: type=1326 audit(1768001868.971:22649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24365 comm="syz.0.3696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  297.516598][   T29] audit: type=1326 audit(1768001868.971:22650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24365 comm="syz.0.3696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  297.540253][   T29] audit: type=1326 audit(1768001868.971:22651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24365 comm="syz.0.3696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  297.563972][   T29] audit: type=1326 audit(1768001868.971:22652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24365 comm="syz.0.3696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  297.587650][   T29] audit: type=1326 audit(1768001868.971:22653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24365 comm="syz.0.3696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f909292f749 code=0x7ffc0000
[  297.622832][T24381] FAULT_INJECTION: forcing a failure.
[  297.622832][T24381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.635968][T24381] CPU: 0 UID: 0 PID: 24381 Comm: syz.0.3701 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  297.636060][T24381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  297.636071][T24381] Call Trace:
[  297.636076][T24381]  <TASK>
[  297.636083][T24381]  __dump_stack+0x1d/0x30
[  297.636135][T24381]  dump_stack_lvl+0x95/0xd0
[  297.636157][T24381]  dump_stack+0x15/0x1b
[  297.636175][T24381]  should_fail_ex+0x265/0x280
[  297.636193][T24381]  should_fail+0xb/0x20
[  297.636210][T24381]  should_fail_usercopy+0x1a/0x20
[  297.636252][T24381]  strncpy_from_user+0x27/0x260
[  297.636285][T24381]  getname_flags+0xae/0x3b0
[  297.636309][T24381]  user_path_at+0x28/0x130
[  297.636338][T24381]  do_utimes+0xd9/0x210
[  297.636384][T24381]  __x64_sys_utimensat+0xc4/0x170
[  297.636471][T24381]  ? __secure_computing+0x82/0x150
[  297.636502][T24381]  ? syscall_trace_enter+0x102/0x1e0
[  297.636531][T24381]  x64_sys_call+0x278c/0x3000
[  297.636613][T24381]  do_syscall_64+0xca/0x2b0
[  297.636647][T24381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.636754][T24381] RIP: 0033:0x7f909292f749
[  297.636770][T24381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.636789][T24381] RSP: 002b:00007f909138f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000118
[  297.636808][T24381] RAX: ffffffffffffffda RBX: 00007f9092b85fa0 RCX: 00007f909292f749
[  297.636818][T24381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  297.636890][T24381] RBP: 00007f909138f090 R08: 0000000000000000 R09: 0000000000000000
[  297.636901][T24381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.636912][T24381] R13: 00007f9092b86038 R14: 00007f9092b85fa0 R15: 00007ffda54d1778
[  297.636962][T24381]  </TASK>
[  297.881268][T24370] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  297.889311][T24385] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3703'.
[  297.896918][T24370] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  297.917157][T24370] EXT4-fs (loop3): This should not happen!! Data will be lost
[  297.917157][T24370] 
[  297.921149][T24385] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1640 sclass=netlink_route_socket pid=24385 comm=syz.5.3703
[  297.926835][T24370] EXT4-fs (loop3): Total free blocks count 0
[  297.945463][T24370] EXT4-fs (loop3): Free/Dirty block details
[  297.951366][T24370] EXT4-fs (loop3): free_blocks=2415919104
[  297.957085][T24370] EXT4-fs (loop3): dirty_blocks=32
[  297.962298][T24370] EXT4-fs (loop3): Block reservation details
[  297.968276][T24370] EXT4-fs (loop3): i_reserved_data_blocks=2
[  297.989638][T24393] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  297.993804][T24389] tipc: Started in network mode
[  298.002535][T24389] tipc: Node identity , cluster identity 4711
[  298.008586][T24389] tipc: Failed to obtain node identity
[  298.014077][T24389] tipc: Enabling of bearer <eth:ip6_vti0> rejected, failed to enable media
[  298.086226][T24402] xt_CT: You must specify a L4 protocol and not use inversions on it
[  298.176194][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.502669][T24432] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  298.513097][T24432] tipc: Enabling of bearer <eth:ip6_vti0> rejected, already enabled
[  298.665944][T24440] bridge0: entered promiscuous mode
[  298.671486][ T3728] Bluetooth: hci1: command 0x1003 tx timeout
[  298.677956][ T3566] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  298.690458][T24440] bridge0: port 4(macsec1) entered blocking state
[  298.696898][T24440] bridge0: port 4(macsec1) entered disabled state
[  298.709559][T24440] macsec1: entered allmulticast mode
[  298.714844][T24440] bridge0: entered allmulticast mode
[  298.730078][T24440] macsec1: left allmulticast mode
[  298.735177][T24440] bridge0: left allmulticast mode
[  298.750944][T24447] loop2: detected capacity change from 0 to 2048
[  298.757987][T24447] EXT4-fs: Ignoring removed bh option
[  298.763821][T24440] bridge0: left promiscuous mode
[  298.791957][T24447] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  298.983041][T24455] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3723'.
[  298.992040][T24455] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3723'.
[  299.036392][T24465] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3725'.
[  299.057082][T24466] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  299.074514][T24465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.093776][T24466] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 17 with error 28
[  299.106137][T24466] EXT4-fs (loop2): This should not happen!! Data will be lost
[  299.106137][T24466] 
[  299.115839][T24466] EXT4-fs (loop2): Total free blocks count 0
[  299.121841][T24466] EXT4-fs (loop2): Free/Dirty block details
[  299.127855][T24466] EXT4-fs (loop2): free_blocks=2415919104
[  299.133628][T24466] EXT4-fs (loop2): dirty_blocks=32
[  299.138726][T24466] EXT4-fs (loop2): Block reservation details
[  299.144767][T24466] EXT4-fs (loop2): i_reserved_data_blocks=2
[  299.158114][T24465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  299.172111][T24465] bond0 (unregistering): Released all slaves
[  299.277647][T24509] loop3: detected capacity change from 0 to 512
[  299.295310][T24509] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  299.351978][T24509] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.412925][T24509] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  299.427890][T24509] tipc: Started in network mode
[  299.432888][T24509] tipc: Node identity ac1414aa, cluster identity 4711
[  299.445725][T24519] loop5: detected capacity change from 0 to 1024
[  299.458533][T24509] tipc: Enabled bearer <udp:syz2>, priority 10
[  299.530272][T24519] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  299.542785][T24509] tipc: Enabled bearer <eth:ip6_vti0>, priority 10
[  299.560636][T20908] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.578988][T24519] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.3730: Invalid block bitmap block 0 in block_group 0
[  299.681351][T24519] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3730: Failed to acquire dquot type 0
[  299.713130][T24519] EXT4-fs error (device loop5): ext4_free_blocks:6728: comm syz.5.3730: Freeing blocks not in datazone - block = 0, count = 4096
[  299.738034][T24519] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.3730: Invalid inode bitmap blk 0 in block_group 0
[  299.750874][   T90] EXT4-fs error (device loop5): ext4_release_dquot:7022: comm kworker/u8:5: Failed to release dquot type 0
[  299.774341][T24519] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  299.792421][T24519] EXT4-fs (loop5): 1 orphan inode deleted
[  299.803891][T24519] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  299.850578][T24508] vhci_hcd vhci_hcd.3: default hub control req: 4003 v0017 i0001 l0
[  299.875869][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.450409][T24542] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  300.465569][T24542] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  300.555848][T22326] tipc: Node number set to 2886997162
[  300.679541][T24545] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3738'.
[  300.734702][   T29] kauditd_printk_skb: 344 callbacks suppressed
[  300.734716][   T29] audit: type=1326 audit(1768001872.261:22995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24550 comm="syz.1.3740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3045f749 code=0x7ffc0000
[  300.797213][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.806761][   T29] audit: type=1326 audit(1768001872.291:22996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24550 comm="syz.1.3740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd3045f749 code=0x7ffc0000
[  300.830397][   T29] audit: type=1326 audit(1768001872.291:22997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24550 comm="syz.1.3740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3045f749 code=0x7ffc0000
[  300.854043][   T29] audit: type=1326 audit(1768001872.291:22998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24544 comm="syz.3.3738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9af1caf749 code=0x7ffc0000
[  300.877639][   T29] audit: type=1326 audit(1768001872.291:22999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24544 comm="syz.3.3738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9af1caf749 code=0x7ffc0000
[  300.901179][   T29] audit: type=1326 audit(1768001872.291:23000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24544 comm="syz.3.3738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9af1caf749 code=0x7ffc0000
[  300.924720][   T29] audit: type=1326 audit(1768001872.291:23001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24544 comm="syz.3.3738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9af1caf749 code=0x7ffc0000
[  300.948283][   T29] audit: type=1326 audit(1768001872.291:23002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24544 comm="syz.3.3738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9af1caf749 code=0x7ffc0000
[  300.971904][   T29] audit: type=1326 audit(1768001872.291:23003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24544 comm="syz.3.3738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9af1caf749 code=0x7ffc0000
[  300.995487][   T29] audit: type=1326 audit(1768001872.291:23004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24544 comm="syz.3.3738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9af1caf749 code=0x7ffc0000
[  301.085210][T24568] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3745'.
[  301.161509][T24555] wireguard0: entered promiscuous mode
[  301.167065][T24555] wireguard0: entered allmulticast mode
[  301.541843][T24598] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3754'.
[  301.560531][T24601] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3755'.
[  301.714841][T24602] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3752'.
[  302.021257][T24626] loop3: detected capacity change from 0 to 512
[  302.028416][T24626] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent
[  302.064020][T24624] loop5: detected capacity change from 0 to 512
[  302.072200][T24624] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  302.081124][    T2] ==================================================================
[  302.089211][    T2] BUG: KCSAN: data-race in memcpy_and_pad / release_task
[  302.096247][    T2] 
[  302.098566][    T2] write to 0xffff8881001d9638 of 8 bytes by task 24628 on cpu 0:
[  302.106279][    T2]  release_task+0x76f/0xb60
[  302.110784][    T2]  do_exit+0xd4d/0x1590
[  302.114948][    T2]  call_usermodehelper_exec_async+0x247/0x250
[  302.121023][    T2]  ret_from_fork+0x149/0x290
[  302.125607][    T2]  ret_from_fork_asm+0x1a/0x30
[  302.130359][    T2] 
[  302.132663][    T2] read to 0xffff8881001d9080 of 3264 bytes by task 2 on cpu 1:
[  302.140188][    T2]  memcpy_and_pad+0x48/0x80
[  302.144688][    T2]  arch_dup_task_struct+0x2c/0x40
[  302.149700][    T2]  dup_task_struct+0x6e/0x950
[  302.154360][    T2]  copy_process+0x37d/0x1ef0
[  302.158935][    T2]  kernel_clone+0x16c/0x5c0
[  302.163421][    T2]  kernel_thread+0xad/0xe0
[  302.167820][    T2]  kthreadd+0x26c/0x340
[  302.171966][    T2]  ret_from_fork+0x149/0x290
[  302.176542][    T2]  ret_from_fork_asm+0x1a/0x30
[  302.181292][    T2] 
[  302.183599][    T2] Reported by Kernel Concurrency Sanitizer on:
[  302.189734][    T2] CPU: 1 UID: 0 PID: 2 Comm: kthreadd Not tainted syzkaller #0 PREEMPT(voluntary) 
[  302.199001][    T2] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  302.209036][    T2] ==================================================================
[  302.219031][T24624] EXT4-fs (loop5): orphan cleanup on readonly fs
[  302.226449][T24624] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3761: bg 0: block 248: padding at end of block bitmap is not set
[  302.240999][T24624] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3761: Failed to acquire dquot type 1
[  302.252869][T24624] EXT4-fs (loop5): 1 truncate cleaned up
[  302.259037][T24624] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  302.331586][T24633] loop2: detected capacity change from 0 to 512
[  302.338630][T24633] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  302.351553][T24633] EXT4-fs (loop2): orphan cleanup on readonly fs
[  302.362769][T19549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.372279][T24633] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3763: bg 0: block 248: padding at end of block bitmap is not set
[  302.386811][T24633] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.3763: Failed to acquire dquot type 1
[  302.399482][T24633] EXT4-fs (loop2): 1 truncate cleaned up
[  302.405777][T24633] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  303.520363][T18420] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.