last executing test programs:

2.524972072s ago: executing program 0 (id=2376):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000400)="580000001400192340834b80040d8c560a067fbc45ff620500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000ffd9dd00000010000100030808004149004006040800", 0x58}], 0x1)
epoll_create1(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001200)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat(0xffffffffffffff9c, 0x0, 0xa6c3, 0x0)
fcntl$setlease(r2, 0x400, 0x225a6250805c3f43)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10)
quotactl_fd$Q_SYNC(0xffffffffffffffff, 0xffffffff80000101, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, 0x0, 0x1)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000340)={r2, &(0x7f0000000240)="399ff9954a59947aaf20d72896f0cd213b711036852c2ba3c976ccab1847437d86816fdeecab775e1f8cf5ed6dcee77eeb4e400c0e0c255e7c2a28676a503adef4fe0a999bf6f4a266c10eaad692706785da258bdfb8203a91f0565b54cd224d92fee121575aa03fc66a9bb45799bd6b", &(0x7f00000002c0)=""/86}, 0x20)
syz_open_procfs(0x0, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r5, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24, 0x0, @local, 0x4000000}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r7, 0x0, &(0x7f00000002c0)=""/56}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000f2c01bfd8d648d3200000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_usb_disconnect(r6)

2.340418155s ago: executing program 2 (id=2378):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})

1.771034183s ago: executing program 0 (id=2383):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000040000000900000001000000", @ANYRES32, @ANYBLOB="0000000400000000000000f90000000000000000", @ANYRES32=0x0, @ANYRES32], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
futex(&(0x7f000000cffc), 0x9, 0x0, 0x0, 0x0, 0xfffffffe)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/xfrm_stat\x00')
timerfd_gettime(r3, &(0x7f0000000200))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00'}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5)

1.548865937s ago: executing program 4 (id=2389):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00'}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f00000003c0)='./file0\x00', 0x3c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000002c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resuid}, {@nodiscard}, {@acl}, {@noinit_itable}]}, 0xfc, 0x572, &(0x7f0000000e40)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v2={0x2000000, [{0x14d, 0x5}, {0x10000, 0x1}]}, 0x14, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="81000000fd0001000200"/28, @ANYRES32, @ANYBLOB], 0x20}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000007, 0x31, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, &(0x7f0000001f00)=""/4090, 0x4}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

1.507315167s ago: executing program 4 (id=2390):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})

1.469345628s ago: executing program 2 (id=2391):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000180)="1a", 0x1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e21, 0xad44, @local, 0x7}}, 0x8, 0xcc7}, &(0x7f0000000040)=0x90)

1.465538918s ago: executing program 2 (id=2393):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000400)="580000001400192340834b80040d8c560a067fbc45ff620500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000ffd9dd00000010000100030808004149004006040800", 0x58}], 0x1)
epoll_create1(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001200)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat(0xffffffffffffff9c, 0x0, 0xa6c3, 0x0)
fcntl$setlease(r2, 0x400, 0x225a6250805c3f43)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10)
quotactl_fd$Q_SYNC(0xffffffffffffffff, 0xffffffff80000101, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, 0x0, 0x1)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000340)={r2, &(0x7f0000000240)="399ff9954a59947aaf20d72896f0cd213b711036852c2ba3c976ccab1847437d86816fdeecab775e1f8cf5ed6dcee77eeb4e400c0e0c255e7c2a28676a503adef4fe0a999bf6f4a266c10eaad692706785da258bdfb8203a91f0565b54cd224d92fee121575aa03fc66a9bb45799bd6b", &(0x7f00000002c0)=""/86}, 0x20)
syz_open_procfs(0x0, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r5, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24, 0x0, @local, 0x4000000}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r7, 0x0, &(0x7f00000002c0)=""/56}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000f2c01bfd8d648d3200000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_usb_disconnect(r6)

1.383303459s ago: executing program 4 (id=2394):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e21, 0xad44, @local, 0x7}}, 0x8, 0xcc7}, &(0x7f0000000040)=0x90)

893.894857ms ago: executing program 0 (id=2395):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
recvmsg$inet_nvme(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000240)=""/9, 0x9}, 0x20)

712.003059ms ago: executing program 3 (id=2399):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x800}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

707.66908ms ago: executing program 2 (id=2400):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1, 0x0, 0x8}, 0x18)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000007c0)=@security={'security\x00', 0xe, 0x4, 0x2d0, 0xffffffff, 0x0, 0xd0, 0x0, 0xffffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wlan0\x00', 'ip6tnl0\x00', {}, {0xff}, 0x7b, 0x2, 0x58}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x6e17, 0xb, [0xfff7, 0x29, 0x6, 0x3, 0x1e, 0x12, 0x3e, 0x6, 0x33, 0x19, 0x30, 0x1a, 0x34, 0x1b, 0x23, 0x35], 0x0, 0x5, 0x5}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0xffffffff, 0xff, 'dummy0\x00', '\x00', {0xff}, {0xff}, 0x29, 0x3, 0x8}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x7ff, 0x2, [0x1d, 0x12, 0x1a, 0x13, 0x29, 0x8, 0xa, 0x20, 0x1a, 0x1b, 0x35, 0x1a, 0x3, 0xd, 0x30, 0x40], 0x0, 0x6, 0x8}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x9, 0x6c, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x330)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c)
sendmmsg$unix(r0, &(0x7f0000007b80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2404c054}}], 0x1, 0x2000c080)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r6, 0x114, 0x7, &(0x7f00000002c0)={@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x4e23, @multicast2}, 0x4, 0x0, 0x3, 0x2}}, {&(0x7f0000000040)=""/49, 0x31}, &(0x7f0000000080), 0x35}, 0xa0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x2c, r4, 0x1, 0x70bd2b, 0x0, {0x1a}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x33, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x584}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

695.82597ms ago: executing program 3 (id=2401):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, <r2=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00'}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="20000000110001000000", @ANYRES32=r4], 0x20}], 0x1, 0x0, 0x0, 0x4000}, 0x40)

678.93605ms ago: executing program 2 (id=2402):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
r0 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000640)=[{0x0}], 0xa8)
io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1)

678.34081ms ago: executing program 3 (id=2403):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x2}, 0x18)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x26}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000f143f80238edd1852fdfd7d5e7f54dece1438437b6b3cadff63651f2406dad40a8e3df5d1052886a4a4d8fdc0b6e5a7f4f68a80e1cbefd98ce86d0e140e7252bfb19e311f0b0ca57db79012273d6c11e6b3fd0c440bd9f53a6cca8ae05db242dbf703c2136eb80784d8bd36cc1c79bbc99121ce76d644b1719b184e9d0520f758c7c8ca2b9671758b3ad4ca16fe72de80324b1885a775d4102e8c9c002838ad57219087ee6a4afdd6400"/207], &(0x7f0000000240)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x60, &(0x7f00000002c0), 0x10}, 0x94)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r4}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
close(r6)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafb", 0x240}], 0x1)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000feffffff000000000300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000d602000000000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0xe, 0x0, &(0x7f0000000200)="449d060721b9e6bb51f2f6f20504", 0x0, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

632.022971ms ago: executing program 2 (id=2404):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})

561.728812ms ago: executing program 3 (id=2405):
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$9p_unix(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x802ca2, 0x0)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r0, r1, 0x0, 0xc19)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)

537.408702ms ago: executing program 4 (id=2406):
r0 = socket(0x10, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
open(&(0x7f00000003c0)='./file1\x00', 0x200000, 0x40)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(r1, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
close_range(r0, r1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10)
rt_sigsuspend(0x0, 0x0)
r3 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf64(r3, &(0x7f0000001480)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x9, 0x9, 0x7, 0x6b8, 0x2, 0x3, 0x0, 0x1f1, 0x40, 0x29c, 0x3230, 0x6, 0x38, 0x3, 0x7, 0x9, 0x5}, [{0x1, 0x7a, 0x100, 0x8, 0x6a2, 0x4, 0x9a00000000000000, 0xb}, {0x1, 0x140, 0x100000001, 0x7, 0xf, 0xffffffffffffff01, 0x4, 0x200}, {0x2, 0xcbc, 0x8, 0x3, 0x6fc0, 0x1ff, 0x3, 0x9}], "6db55d8e17c8cc497fa65157444aac86eaa99f823a0b209a896e25bcdf82ee7b0dca8578b971f582bdc851647b5b995a04b926b0d6e099f633a3735c0d738447252f825d16736293c34ae89776a61c1f794462b7af0b224f30f7940661b5206e016bcd267848a3cc74a25a1ab19910e72f72f099b47e95b016279f54d11f0448011b56d6feaf41545b861f9756ed019b30358e3002c23ec10d086c8011b9773c201e91c4ef51d65b8059f9a9482310abecae07fb3c0da76c72528b8f902dad825bf4652c9580894ac31c453ad37aa2847629e8eeff8e2a0d9859026e765453ba132a28c45c2be7d54a3b91", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x8d3)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001d80)={0x7ec, r4, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x7c4, 0x11d, 0x0, 0x1, [{0x2b0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x28c, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xb4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x37, 0x2, [{0x2, 0x6}, {0x2, 0x8}, {0x7}, {0x5, 0x7}, {0x6, 0x8}, {0x6}, {0x0, 0x7}, {0x2, 0x1}, {0x0, 0xa}, {0x6, 0x3}, {0x3, 0x4}, {0x0, 0x4}, {0x2, 0x6}, {0x1, 0x9}, {0x7, 0x7}, {0x1, 0x9}, {0x5, 0x2}, {0x2, 0x6}, {0x5, 0x4}, {0x6, 0x1}, {0x3, 0x4}, {0x7, 0x1}, {0x3, 0xa}, {0x1, 0x5}, {0x1, 0x2}, {0x4, 0x5}, {0x0, 0x8}, {0x3, 0x3}, {0x3, 0x3}, {0x1, 0x2}, {0x5, 0x6}, {0x3, 0x5}, {0x0, 0x4}, {0x0, 0x9}, {0x1, 0x8}, {0x1, 0x8}, {0x7}, {0x1, 0x4}, {0x3, 0x3}, {0x1, 0x6}, {0x5, 0x2}, {0x0, 0x1}, {0x4, 0x3}, {0x5, 0x6}, {0x1, 0x5}, {0x6, 0x1}, {0x7, 0x1}, {0x2, 0x6}, {0x0, 0x4}, {0x2, 0x8}, {0x5, 0x7}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1, 0x1, 0xb29d, 0x10, 0x2, 0x4]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x5, 0x8}, {0x6, 0x2}, {0x0, 0x8}, {0x3, 0x9}, {0x6, 0x1}, {0x6, 0xa}, {0x0, 0x9}, {0x3, 0x2}, {0x6, 0x5}, {0x6, 0x2}, {0x2, 0x5}, {0x0, 0x9}, {0x2, 0xa}, {0x6, 0x6}, {0x3, 0x9}, {0x0, 0x7}, {0x7, 0x4}, {0x4, 0x3}, {0x2, 0x8}, {0x3, 0x9}, {0x1, 0x4}, {0x4, 0xa}, {0x5, 0x7}, {0x4, 0x5}, {0x7, 0x5}, {0x6, 0x1}, {0x0, 0x6}, {0x0, 0x2}, {0x3, 0xa}, {0x3, 0x2}, {0x3, 0x9}, {0x3, 0x1}, {0x6, 0x7}, {0x0, 0x8}, {0x1, 0x3}, {0x0, 0x5}, {0x2, 0x4}, {0x4, 0x5}, {0x6, 0x9}, {0x3, 0x8}, {0x6, 0x5}, {0x4, 0x2}, {0x5, 0xa}, {0x0, 0x4}, {0x1, 0x1}, {0x4, 0x1}, {0x2, 0x2}, {0x1, 0x2}, {0x1, 0x9}, {0x2, 0x8}, {0x0, 0x6}, {0x6, 0x1}, {0x3, 0x6}, {0x5, 0x1}, {0x0, 0x6}, {0x6, 0x6}, {0x1, 0x4}, {0x0, 0x5}, {0x3, 0x2}, {0x0, 0x6}, {0x0, 0x5}, {0x2, 0x8}, {0x4, 0x3}, {0x1, 0x7}, {0x1, 0x5}, {0x7, 0x9}]}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0x60, 0x1, 0xc, 0x38, 0x1b, 0x3, 0xc, 0x6, 0x6, 0x24, 0x4, 0x36, 0x12, 0x1b, 0xc]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x13, 0x1, [0x6c, 0x9, 0x4, 0x6c, 0x24, 0x1, 0x16, 0x48, 0x48, 0x1b, 0x6, 0x30, 0x18, 0x12, 0x48]}]}, @NL80211_BAND_5GHZ={0xa0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x21, 0x2, [{0x1, 0x2}, {0x3, 0x8}, {0x2, 0x4}, {0x5, 0x5}, {0x2, 0x4}, {0x7, 0x4}, {0x6}, {0x0, 0x2}, {0x3, 0x5}, {0x2}, {}, {0x3, 0x4}, {0x6}, {0x1, 0x6}, {0x5, 0x2}, {0x1}, {0x0, 0x9}, {0x7, 0x7}, {}, {0x1, 0x5}, {0x0, 0x3}, {0x2, 0xa}, {0x6, 0x5}, {0x2, 0xa}, {0x4, 0x2}, {0x5, 0xa}, {0x4, 0x4}, {0x4, 0x1}, {0x3, 0x3}]}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x7, 0x4}, {0x5, 0x3}, {0x4}, {0x4, 0x4}, {0x4, 0x5}, {0x3, 0x4}, {0x0, 0xa}, {0x4, 0x9}, {0x1, 0x8}, {0x2, 0x4}, {0x1, 0x3}, {0x2, 0x9}, {0x3, 0x5}, {}, {0x2, 0xa}, {0x4, 0x2}, {0x1, 0x6}, {0x3}, {0x0, 0x8}, {0x7, 0x4}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8000, 0x0, 0x3, 0x9, 0x4, 0x9, 0x7718, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x61f, 0xffff, 0x1, 0x0, 0x3fb1, 0x377e]}}, @NL80211_TXRATE_HT={0x8, 0x2, [{0x1, 0x6}, {0x4}, {0x0, 0xa}, {0x1, 0x7}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7d, 0x9, 0xdfa, 0x80, 0x7, 0x1, 0xd, 0x3]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x400, 0x8, 0x6, 0x8001, 0x800, 0x4]}}]}, @NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xe6c, 0x200, 0x8, 0x3, 0xfff7, 0x721, 0x69, 0x15d]}}]}, @NL80211_BAND_6GHZ={0xc8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x6, 0x1ff, 0x3, 0x7, 0x7, 0x3a, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x100, 0xa, 0x3, 0xc, 0x2, 0x1, 0x4]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x26a, 0x4, 0x8, 0x473b, 0x0, 0x5, 0x8]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x8, 0x5, 0x81, 0x10, 0xff57, 0x6, 0x450b]}}, @NL80211_TXRATE_HT={0x4e, 0x2, [{0x7, 0x5}, {0x0, 0x8}, {0x1, 0x2}, {0x1, 0x9}, {0x6, 0x9}, {0x1}, {0x0, 0xa}, {0x7, 0x2}, {0x0, 0x4}, {0x2, 0x2}, {0x2, 0x4}, {0x4, 0x7}, {}, {0x3, 0x5}, {0x3, 0x8}, {0x0, 0xa}, {0x2, 0x1}, {0x5, 0x5}, {0x1, 0x3}, {0x3, 0x7}, {0x2, 0x9}, {0x2, 0x8}, {0x2, 0x2}, {0x4, 0x2}, {0x6, 0x3}, {0x0, 0x7}, {0x1, 0x7}, {0x2, 0xa}, {0x5, 0x4}, {0x5, 0xa}, {0x5, 0x5}, {0x3, 0x4}, {0x3, 0x3}, {0x7, 0xa}, {0x2, 0x2}, {0x3}, {0x2, 0x2}, {0x6, 0x7}, {0x0, 0x8}, {0x2, 0x7}, {0x5, 0x6}, {0x7, 0x3}, {0x2, 0xa}, {0x7, 0xa}, {0x3}, {0x2, 0x6}, {0x5, 0x5}, {0x1, 0xa}, {0x3, 0x4}, {0x6, 0x2}, {0x0, 0x1}, {0x7, 0x1}, {0x0, 0x5}, {0x6, 0x6}, {0x0, 0x5}, {0x3, 0x9}, {}, {0x2, 0x2}, {0x7, 0x8}, {0x3, 0x1}, {0x5, 0xa}, {0x0, 0x4}, {0x5, 0x9}, {0x1, 0x1}, {0x3, 0x3}, {0x5, 0x5}, {0x2, 0xa}, {0x3}, {0x5, 0x6}, {0x3, 0x6}, {0x0, 0x3}, {0x2}, {0x6, 0x2}, {0x0, 0x6}]}]}, @NL80211_BAND_60GHZ={0x24, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x60]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x7c}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x79}]}, {0x1a0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6115}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x1c}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7e34}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x16c, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xac, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x4d, 0x2, [{0x6, 0x7}, {0x5, 0x3}, {0x0, 0x1}, {0x0, 0x4}, {0x1, 0x2}, {0x4, 0x3}, {0x4, 0x1}, {0x3, 0x1}, {0x7, 0x1}, {0x0, 0x1}, {0x7, 0x6}, {0x0, 0x1}, {0x7, 0x8}, {0x2, 0x9}, {0x7, 0x6}, {0x5, 0x2}, {0x5, 0x7}, {0x0, 0x1}, {0x2, 0x7}, {0x0, 0x8}, {0x3, 0x1}, {0x3, 0x6}, {0x2, 0x1}, {0x0, 0xa}, {0x4, 0x6}, {0x5, 0x9}, {0x5, 0x7}, {0x4, 0x3}, {0x3, 0x7}, {0x5, 0x9}, {0x0, 0x3}, {0x2, 0x6}, {0x4, 0x5}, {0x0, 0x5}, {}, {0x0, 0xa}, {0x4, 0x9}, {0x1, 0x1}, {0x6, 0x8}, {0x3, 0x5}, {0x3, 0x3}, {0x2}, {0x3, 0x4}, {0x7}, {0x0, 0x7}, {0x2, 0x2}, {0x4, 0x7}, {0x6, 0x4}, {0x4, 0x3}, {0x4, 0x4}, {0x7, 0x2}, {0x1, 0x2}, {0x0, 0x8}, {0x3, 0xa}, {0x4, 0x7}, {0x5}, {0x4, 0x9}, {0x6, 0xa}, {0x3, 0x9}, {0x0, 0x6}, {0x7, 0x5}, {0x1, 0x7}, {0x5}, {0x1, 0x6}, {0x4, 0x3}, {0x6, 0x6}, {0x2, 0x2}, {0x0, 0x4}, {0x0, 0x6}, {0x0, 0x9}, {0x0, 0x9}, {0x6, 0x1}, {0x4, 0x4}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x5, 0xd8c, 0x7, 0x40, 0x7, 0x9, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x81, 0x2, 0x42d, 0x5, 0x3, 0x2, 0x5]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4, 0x5, 0x24, 0x2, 0x60, 0x24, 0x30, 0x36, 0x24, 0x24]}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x1, 0x0, 0x80, 0x8, 0x80, 0xa, 0x6]}}, @NL80211_TXRATE_HT={0x1a, 0x2, [{0x7, 0x7}, {0x3, 0x6}, {0x1, 0xa}, {0x3, 0x3}, {0x1, 0x1}, {0x3, 0x7}, {0x3}, {0x6, 0x8}, {0x7, 0x1}, {0x0, 0x8}, {0x4, 0xa}, {0x2}, {0x1, 0x4}, {0x0, 0x7}, {0x5, 0x2}, {0x2, 0x2}, {0x5, 0x1}, {0x6, 0x2}, {0x7, 0x9}, {0x2, 0x2}, {0x6, 0x4}, {0x1, 0x8}]}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x24, 0x5, 0x48]}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x4, 0x80, 0x1000, 0xfffb, 0xffe2, 0x4, 0x8]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x20, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x4, 0x4, 0x0, 0x9, 0x168, 0x2, 0x8]}}]}, @NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_2GHZ={0x2c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0x1b, 0x62, 0x12, 0x6, 0x6, 0x3, 0x12, 0x16, 0x36, 0x60, 0x1, 0x9, 0x1b, 0x18, 0x12]}]}]}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x2a0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x268, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x38, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8001, 0xb15e, 0x2, 0x0, 0x5, 0x8, 0xfff9]}}]}, @NL80211_BAND_5GHZ={0x64, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1000, 0xfffa, 0x9, 0x4, 0x6, 0x4, 0x4, 0x6]}}, @NL80211_TXRATE_HT={0x44, 0x2, [{0x0, 0x3}, {0x3, 0x3}, {0x7, 0x8}, {0x2, 0x3}, {0x4, 0x7}, {0x0, 0x7}, {0x1, 0x7}, {0x1, 0xa}, {0x0, 0x5}, {0x4, 0x4}, {0x3, 0x4}, {0x2, 0xa}, {0x1, 0x1}, {0x1, 0xa}, {0x6, 0x2}, {0x0, 0x3}, {0x6, 0x8}, {0x0, 0x5}, {0x2}, {0x3, 0x3}, {0x1, 0x4}, {0x7, 0xa}, {0x2, 0x3}, {0x2, 0x7}, {0x0, 0x8}, {0x7, 0x7}, {0x2, 0x7}, {0x1, 0x1}, {0x1, 0x8}, {0x2, 0x3}, {0x1, 0x6}, {}, {0x1, 0x2}, {0x4, 0x4}, {0x5, 0x4}, {0x1, 0x9}, {0x2, 0x6}, {0x5, 0x9}, {0x1, 0x6}, {0x3}, {0x2, 0x8}, {0x3, 0x2}, {0x0, 0xa}, {0x7, 0x7}, {0x1, 0x8}, {0x5, 0x2}, {0x5, 0x9}, {0x1}, {0x5, 0x4}, {0x1}, {0x7, 0x7}, {0x0, 0x8}, {0x0, 0x7}, {0x1, 0x9}, {0x7, 0x8}, {0x5}, {}, {0x3, 0x7}, {0x1, 0x9}, {0x1, 0xa}, {0x2, 0x2}, {0x7, 0x2}, {0x3, 0x8}, {0x1, 0x7}]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0xb, 0x6, 0x30]}]}, @NL80211_BAND_2GHZ={0x20, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x3, 0x18, 0x60, 0x3, 0x1, 0xc, 0x16, 0x36, 0x2, 0xc, 0x3, 0x4, 0x24, 0x60, 0x2, 0x0, 0xc, 0x1b, 0x58, 0x6c, 0xc, 0x21, 0x9]}]}, @NL80211_BAND_6GHZ={0x68, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7fff, 0x9, 0x8000, 0x8, 0x100, 0xb, 0x6, 0x4]}}, @NL80211_TXRATE_HT={0x17, 0x2, [{0x0, 0x8}, {0x4, 0x6}, {0x0, 0x4}, {0x1, 0x2}, {0x4, 0x1}, {0x2, 0x6}, {0x0, 0x7}, {0x6, 0x2}, {0x3, 0x3}, {0x0, 0x5}, {0x1, 0x7}, {0x1, 0x1}, {0x2}, {0x4, 0xa}, {0x1, 0x1}, {0x6, 0x1}, {0x3, 0x2}, {0x6, 0x7}, {0x0, 0x4}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x1, 0x4}, {0x3, 0x3}, {0x3, 0x9}, {0x1, 0x3}, {0x1}, {0x0, 0x7}, {0x1, 0x6}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x9}, {0x1, 0x4}, {0x5, 0x9}, {0x7, 0x3}, {0x0, 0x9}, {0x4, 0x3}, {0x6, 0x7}, {0x6, 0x6}, {0x3, 0x2}, {0x1}, {0x6, 0x9}, {0x0, 0x6}, {0x1, 0x9}, {0x1}, {0x0, 0x4}, {0x6, 0x5}, {0x1, 0x9}]}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_6GHZ={0x120, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x38, 0x2, [{0x0, 0x3}, {0x5, 0x4}, {0x2, 0x4}, {0x6, 0x9}, {0x0, 0x3}, {0x6, 0x7}, {0x5, 0x7}, {0x6, 0x5}, {0x4, 0x8}, {0x7, 0x4}, {0x2, 0x8}, {0x2, 0x5}, {0x7, 0x2}, {0x6, 0x9}, {0x2, 0x7}, {0x5, 0xa}, {0x5, 0x7}, {0x4, 0xa}, {0x7, 0x6}, {0x3, 0x1}, {0x3}, {0x5, 0x9}, {0x5, 0x6}, {0x5, 0x1}, {0x1, 0x8}, {0x4}, {0x5, 0x1}, {0x4, 0x4}, {0x5, 0x8}, {0x1, 0x1}, {0x4, 0x1}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0xa}, {0x2, 0x8}, {0x4, 0x1}, {0x7, 0x3}, {0x2, 0x3}, {0x4, 0x4}, {0x1, 0x5}, {0x1, 0x7}, {0x0, 0x5}, {0x6}, {0x3, 0x7}, {0x4}, {0x0, 0x6}, {0x4, 0x2}, {0x4, 0x5}, {0x5, 0x9}, {0x5, 0x2}, {0x0, 0x5}, {0x7, 0x9}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd62b, 0x5, 0x3, 0x437, 0x143, 0x8, 0x4]}}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x5, 0x5}, {0x5, 0x3}, {0x7, 0x4}, {0x0, 0x4}, {0x3, 0x6}, {0x5, 0x7}, {0x6, 0x4}, {0x1, 0x9}, {0x6, 0x6}, {0x1, 0x9}, {0x1}, {0x5, 0x4}, {0x2}, {0x4, 0x4}, {0x5, 0x5}, {0x5, 0x9}, {0x1, 0x8}, {0x5, 0x8}, {}, {0x5, 0x7}, {0x1, 0x7}, {0x5}, {0x3}, {0x4}, {0x4, 0x3}, {0x5, 0x7}, {0x2, 0x2}, {0x3}, {0x5, 0x3}, {0x4, 0x7}, {0x3, 0x5}, {0x1, 0x3}, {0x0, 0xa}, {0x3, 0x6}, {0x3, 0x6}, {0x4, 0x1}, {0x1, 0x6}, {0x1}, {0x2, 0x5}, {0x0, 0x2}, {0x3, 0x8}, {0x7, 0x3}, {0x3, 0x9}, {0x4, 0x9}, {0x7, 0x1}, {0x1}, {0x3, 0x8}, {0x1, 0x1}, {0x3, 0x3}, {0x5, 0x4}, {0x6, 0x3}, {0x7, 0x9}, {0x7, 0x2}, {0x2, 0x5}, {0x5, 0x6}, {0x1}, {0x0, 0xa}, {0x2, 0x7}, {0x5, 0x5}, {0x6, 0x6}, {0x1, 0xa}, {0x6}]}, @NL80211_TXRATE_HT={0x49, 0x2, [{0x5, 0x7}, {0x6, 0x5}, {0x4, 0x9}, {0x5, 0x9}, {0x1, 0x6}, {0x5, 0x3}, {0x5, 0x4}, {0x6, 0x9}, {0x7, 0x4}, {0x4, 0x1}, {}, {0x3, 0x5}, {0x4, 0xa}, {0x1, 0x3}, {0x7}, {0x1, 0x5}, {0x1, 0x1}, {0x5, 0x8}, {0x0, 0x5}, {0x7, 0x3}, {0x6, 0x6}, {0x1, 0x5}, {0x2}, {0x1, 0x9}, {0x7, 0x2}, {0x1, 0x6}, {0x6, 0x4}, {0x6, 0x7}, {0x4, 0x7}, {0x3, 0x2}, {0x0, 0x7}, {0x0, 0x2}, {0x0, 0xa}, {0x2, 0x3}, {0x6, 0x9}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x4}, {0x5, 0x7}, {0x2, 0x6}, {0x6, 0x8}, {0x4, 0x1}, {0x6, 0x6}, {0x6, 0x5}, {0x7, 0x9}, {0x3, 0x4}, {0x3, 0xa}, {0x7, 0x6}, {0x5, 0x7}, {0x3, 0x4}, {0x3, 0x2}, {0x7, 0x5}, {0x0, 0x9}, {0x7, 0x3}, {0x3, 0x1}, {0x0, 0x9}, {0x2, 0xa}, {0x6, 0xa}, {0x2, 0x1}, {0x2, 0x1}, {0x5, 0x6}, {0x6, 0x8}, {0x3, 0x3}, {0x7, 0xa}, {0x2, 0x6}, {0x4, 0x3}, {0x1, 0x9}, {0x3}, {0x0, 0x5}]}, @NL80211_TXRATE_HT={0x3e, 0x2, [{0x6, 0x9}, {0x2, 0x2}, {0x5, 0x7}, {0x1, 0x4}, {0x4, 0x2}, {0x5, 0x8}, {0x6, 0x3}, {0x4, 0x2}, {0x6, 0x3}, {0x5, 0xa}, {0x3, 0xa}, {0x6, 0x8}, {0x2, 0x9}, {0x6, 0x9}, {0x2, 0x4}, {0x0, 0x3}, {0x1, 0x5}, {0x2, 0x6}, {0x2, 0x1}, {0x2, 0xa}, {0x7}, {0x1}, {0x0, 0x4}, {0x5, 0x8}, {0x3, 0x7}, {0x2, 0x4}, {0x1, 0x7}, {0x3, 0x4}, {0x0, 0x6}, {0x1, 0x2}, {0x0, 0x2}, {}, {0x0, 0x7}, {0x1, 0x4}, {0x1, 0x1}, {0x4, 0x5}, {0x2, 0x1}, {0x6, 0x9}, {0x6, 0x1}, {0x6}, {0x5, 0x5}, {0x1, 0x3}, {0x7, 0xa}, {}, {0x0, 0xa}, {0x3, 0x3}, {0x3, 0x2}, {0x0, 0x8}, {0x4}, {0x6, 0x3}, {0x0, 0x2}, {0x0, 0x4}, {0x1, 0x6}, {0x6, 0x2}, {0x4, 0x4}, {0x6}, {0x2, 0x7}, {0x0, 0x7}]}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x9e}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x41}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x2a}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x8f}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xd60}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x6b}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x9b}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x2b}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}]}]}, 0x7ec}}, 0x0)
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01003c21587ed55d2bbc7000ffdbdf25870000000c00478c5464aba076f2293b808a9903"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x44050)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'wg2\x00'})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r9)
sendmsg$NL80211_CMD_GET_WIPHY(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="59bb22bd7000000020001100000008002b01"], 0x28}}, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r11=>0xffffffffffffffff})
getpeername$packet(r11, &(0x7f0000000000)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000486c61ff50b73da7ff0000001290000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000300000100c2800008000500feffff7f08000500", @ANYRES32=r12, @ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0)

519.171222ms ago: executing program 4 (id=2407):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

467.938153ms ago: executing program 4 (id=2408):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000400)="580000001400192340834b80040d8c560a067fbc45ff620500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe8090000", 0x41}], 0x1)
epoll_create1(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001200)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat(0xffffffffffffff9c, 0x0, 0xa6c3, 0x0)
fcntl$setlease(r2, 0x400, 0x225a6250805c3f43)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10)
quotactl_fd$Q_SYNC(0xffffffffffffffff, 0xffffffff80000101, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, 0x0, 0x1)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000340)={r2, &(0x7f0000000240)="399ff9954a59947aaf20d72896f0cd213b711036852c2ba3c976ccab1847437d86816fdeecab775e1f8cf5ed6dcee77eeb4e400c0e0c255e7c2a28676a503adef4fe0a999bf6f4a266c10eaad692706785da258bdfb8203a91f0565b54cd224d92fee121575aa03fc66a9bb45799bd6bc133889cb88cf9", &(0x7f00000002c0)=""/86}, 0x20)
sendto$inet6(0xffffffffffffffff, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24, 0x0, @local, 0x4000000}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_usb_disconnect(r5)

391.635464ms ago: executing program 3 (id=2409):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='mm_page_free\x00', r1, 0x0, 0x6}, 0x18)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x457)

369.727265ms ago: executing program 3 (id=2410):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000400)="580000001400192340834b80040d8c560a067fbc45ff620500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000ffd9dd00000010000100030808004149004006040800", 0x58}], 0x1)
epoll_create1(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001200)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18)
r2 = openat(0xffffffffffffff9c, 0x0, 0xa6c3, 0x0)
fcntl$setlease(r2, 0x400, 0x225a6250805c3f43)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10)
quotactl_fd$Q_SYNC(0xffffffffffffffff, 0xffffffff80000101, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, 0x0, 0x1)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000340)={r2, &(0x7f0000000240)="399ff9954a59947aaf20d72896f0cd213b711036852c2ba3c976ccab1847437d86816fdeecab775e1f8cf5ed6dcee77eeb4e400c0e0c255e7c2a28676a503adef4fe0a999bf6f4a266c10eaad692706785da258bdfb8203a91f0565b54cd224d92fee121575aa03fc66a9bb45799bd6b", &(0x7f00000002c0)=""/86}, 0x20)
syz_open_procfs(0x0, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r5, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24, 0x0, @local, 0x4000000}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r7, 0x0, &(0x7f00000002c0)=""/56}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000f2c01bfd8d648d3200000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_usb_disconnect(r6)

230.469027ms ago: executing program 1 (id=2411):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x800}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

230.004387ms ago: executing program 1 (id=2412):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}}, 0x0)

217.970697ms ago: executing program 1 (id=2413):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, <r2=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00'}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="20000000110001000000", @ANYRES32=r4], 0x20}], 0x1, 0x0, 0x0, 0x4000}, 0x40)

204.117277ms ago: executing program 1 (id=2414):
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240), 0x0, 0x0)
umount2(&(0x7f0000000380)='./file0/file0\x00', 0x0)

191.681377ms ago: executing program 1 (id=2415):
r0 = socket$inet(0x2, 0x2, 0xfff) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ffffffff850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00'}, 0x10) (async)
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0, 0x9}, 0x2000, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)='cpu<20\t&&')
r3 = socket$vsock_stream(0x28, 0x1, 0x0) (async)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) (async)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x40, r4, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x40}}, 0xc800) (async)
sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r4, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) (async)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, r4, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'macsec0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'rose0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'dvmrp0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x48081}, 0x10) (async)
shutdown(r3, 0x0) (async)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x20002, 0x0) (async)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

115.878878ms ago: executing program 1 (id=2416):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e21, 0xad44, @local, 0x7}}, 0x8, 0xcc7}, &(0x7f0000000040)=0x90)

46.86236ms ago: executing program 0 (id=2417):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x800}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
set_robust_list(0x0, 0x0)

35.12354ms ago: executing program 0 (id=2418):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000980)='mm_page_free\x00', r1, 0x0, 0x8}, 0x18)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r2, 0x2285, 0x0)
writev(r2, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x2)

0s ago: executing program 0 (id=2419):
syz_io_uring_setup(0x10d, &(0x7f00000004c0)={0x0, 0x2b7a, 0x400, 0x2, 0x4}, &(0x7f0000000240), &(0x7f0000000800))
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000200400000008000000e6ff010000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1b, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000e4b5da0d8b016e40d61dcabe728e0000bfa100000000000007010000f8ffffffbfa400000000000007040000d6ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb904}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
close(r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1, 0x0, 0x5}, 0x18)
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000018c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x41}, 0x94)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r4, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r5 = syz_open_pts(r4, 0x0)
dup3(r5, r4, 0x0)
ppoll(&(0x7f0000000140)=[{r4}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_RESIZE(r6, 0x5609, &(0x7f0000000180)={0x65f5, 0x1, 0xff})

kernel console output (not intermixed with test programs):

0 48
[   91.563894][ T6582] RSP: 002b:00007f3a03ee7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   91.563910][ T6582] RAX: ffffffffffffffda RBX: 00007f3a05aa5fa0 RCX: 00007f3a0587d33c
[   91.563920][ T6582] RDX: 000000000000000f RSI: 00007f3a03ee70a0 RDI: 0000000000000004
[   91.563931][ T6582] RBP: 00007f3a03ee7090 R08: 0000000000000000 R09: 0000000000000000
[   91.563942][ T6582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.563957][ T6582] R13: 0000000000000000 R14: 00007f3a05aa5fa0 R15: 00007ffca76a07b8
[   91.563974][ T6582]  </TASK>
[   91.857950][ T6590] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   91.894418][ T6595] loop4: detected capacity change from 0 to 128
[   91.971382][ T6605] loop4: detected capacity change from 0 to 128
[   91.991941][ T6609] dummy0: left allmulticast mode
[   91.997399][ T6609] bridge0: port 3(dummy0) entered disabled state
[   92.008769][ T6609] bridge_slave_0: left allmulticast mode
[   92.014623][ T6609] bridge_slave_0: left promiscuous mode
[   92.020391][ T6609] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.029090][ T6609] bridge_slave_1: left allmulticast mode
[   92.034873][ T6609] bridge_slave_1: left promiscuous mode
[   92.040751][ T6609] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.065443][ T6614] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.141014][ T6623] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   92.242399][ T6647] bond_slave_1: entered promiscuous mode
[   92.248528][ T6650] netlink: 'syz.4.1118': attribute type 1 has an invalid length.
[   92.256810][ T6651] FAULT_INJECTION: forcing a failure.
[   92.256810][ T6651] name failslab, interval 1, probability 0, space 0, times 0
[   92.256833][ T6651] CPU: 1 UID: 0 PID: 6651 Comm: syz.2.1117 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[   92.256923][ T6651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   92.256936][ T6651] Call Trace:
[   92.256942][ T6651]  <TASK>
[   92.256950][ T6651]  __dump_stack+0x1d/0x30
[   92.257006][ T6651]  dump_stack_lvl+0xe8/0x140
[   92.257022][ T6651]  dump_stack+0x15/0x1b
[   92.257036][ T6651]  should_fail_ex+0x265/0x280
[   92.257124][ T6651]  ? audit_log_d_path+0x8d/0x150
[   92.257149][ T6651]  should_failslab+0x8c/0xb0
[   92.257168][ T6651]  __kmalloc_cache_noprof+0x4c/0x320
[   92.257257][ T6651]  audit_log_d_path+0x8d/0x150
[   92.257282][ T6651]  audit_log_d_path_exe+0x42/0x70
[   92.257313][ T6651]  audit_log_task+0x1e9/0x250
[   92.257412][ T6651]  audit_seccomp+0x61/0x100
[   92.257447][ T6651]  ? __seccomp_filter+0x68c/0x10d0
[   92.257469][ T6651]  __seccomp_filter+0x69d/0x10d0
[   92.257501][ T6651]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   92.257600][ T6651]  ? vfs_write+0x75e/0x8e0
[   92.257653][ T6651]  ? __rcu_read_unlock+0x4f/0x70
[   92.257674][ T6651]  ? __fget_files+0x184/0x1c0
[   92.257696][ T6651]  __secure_computing+0x82/0x150
[   92.257717][ T6651]  syscall_trace_enter+0xcf/0x1e0
[   92.257787][ T6651]  do_syscall_64+0xac/0x200
[   92.257874][ T6651]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   92.257972][ T6651]  ? clear_bhb_loop+0x40/0x90
[   92.257992][ T6651]  ? clear_bhb_loop+0x40/0x90
[   92.258013][ T6651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.258033][ T6651] RIP: 0033:0x7f6c7934e929
[   92.258048][ T6651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.258098][ T6651] RSP: 002b:00007f6c779b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[   92.258116][ T6651] RAX: ffffffffffffffda RBX: 00007f6c79575fa0 RCX: 00007f6c7934e929
[   92.258128][ T6651] RDX: 0000000000000000 RSI: 0000000000000018 RDI: ffffffffffffffff
[   92.258196][ T6651] RBP: 00007f6c779b7090 R08: 0000000000000000 R09: 0000000000000000
[   92.258208][ T6651] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[   92.258220][ T6651] R13: 0000000000000000 R14: 00007f6c79575fa0 R15: 00007ffc525112b8
[   92.258237][ T6651]  </TASK>
[   92.424841][ T6658] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   92.442221][ T6666] loop1: detected capacity change from 0 to 512
[   92.461660][ T6666] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   92.461678][ T6666] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[   92.461701][ T6666] System zones: 0-1, 15-15, 18-18, 34-34
[   92.461812][ T6666] EXT4-fs (loop1): orphan cleanup on readonly fs
[   92.461880][ T6666] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   92.461902][ T6666] EXT4-fs (loop1): Cannot turn on quotas: error -22
[   92.462128][ T6666] EXT4-fs (loop1): 1 truncate cleaned up
[   92.462548][ T6666] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   92.647872][ T6646] bond_slave_1: left promiscuous mode
[   92.701589][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.955443][ T6692] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.967591][ T6691] tipc: Resetting bearer <eth:syzkaller0>
[   92.986194][ T6691] tipc: Disabling bearer <eth:syzkaller0>
[   93.011053][ T6699] bond_slave_1: entered promiscuous mode
[   93.018688][ T6698] bond_slave_1: left promiscuous mode
[   93.150821][ T6712] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1142'.
[   93.178699][ T6712] hsr_slave_0: left promiscuous mode
[   93.196622][ T6712] hsr_slave_1: left promiscuous mode
[   93.206224][ T6713] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   93.206224][ T6713]    program +}[@ not setting count and/or reply_len properly
[   93.349818][ T6650] syz.4.1118 (6650) used greatest stack depth: 6952 bytes left
[   93.384762][ T6724] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1147'.
[   93.395397][ T6724] hsr_slave_0: left promiscuous mode
[   93.401315][ T6724] hsr_slave_1: left promiscuous mode
[   93.426306][ T6726] bond_slave_1: entered promiscuous mode
[   93.434404][ T6725] bond_slave_1: left promiscuous mode
[   93.503260][ T6734] loop1: detected capacity change from 0 to 1024
[   93.510448][ T6734] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   93.541204][ T6734] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.574337][ T6727] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.1145: missing EA_INODE flag
[   93.655081][ T6727] EXT4-fs (loop1): Remounting filesystem read-only
[   93.803994][ T6754] loop3: detected capacity change from 0 to 1024
[   93.810972][ T6754] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   93.871028][ T6754] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.909756][ T6748] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: inode #11: comm syz.3.1154: missing EA_INODE flag
[   93.950825][ T6748] EXT4-fs (loop3): Remounting filesystem read-only
[   94.182020][ T6760] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1157'.
[   94.182183][ T6761] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1157'.
[   94.238313][ T6759] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1157'.
[   94.250026][ T6759] lo: entered promiscuous mode
[   94.256553][ T6759] tunl0: entered promiscuous mode
[   94.262847][ T6759] gre0: entered promiscuous mode
[   94.271116][ T6759] gretap0: entered promiscuous mode
[   94.277882][ T6759] erspan0: entered promiscuous mode
[   94.285022][ T6759] ip_vti0: entered promiscuous mode
[   94.291457][ T6759] ip6_vti0: entered promiscuous mode
[   94.298080][ T6759] sit0: entered promiscuous mode
[   94.305440][ T6759] ip6tnl0: entered promiscuous mode
[   94.312447][ T6759] ip6gre0: entered promiscuous mode
[   94.319450][ T6759] syz_tun: entered promiscuous mode
[   94.326735][ T6759] ip6gretap0: entered promiscuous mode
[   94.333633][ T6759] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.341004][ T6759] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.348457][ T6759] bridge0: entered promiscuous mode
[   94.355143][ T6759] vcan0: entered promiscuous mode
[   94.360876][ T6759] dummy0: entered promiscuous mode
[   94.367180][ T6759] nlmon0: entered promiscuous mode
[   94.373356][ T6759] caif0: entered promiscuous mode
[   94.378504][ T6759] batadv0: entered promiscuous mode
[   94.385360][ T6759] vxcan0: entered promiscuous mode
[   94.391573][ T6759] vxcan1: entered promiscuous mode
[   94.397429][ T6759] veth0: entered promiscuous mode
[   94.403800][ T6759] veth1: entered promiscuous mode
[   94.412227][ T6759] wg0: entered promiscuous mode
[   94.418195][ T6759] wg1: entered promiscuous mode
[   94.424031][ T6759] wg2: entered promiscuous mode
[   94.429844][ T6759] veth0_to_bridge: entered promiscuous mode
[   94.439666][ T6759] veth1_to_bridge: entered promiscuous mode
[   94.448416][ T6759] veth0_to_bond: entered promiscuous mode
[   94.455341][ T6759] bond_slave_0: entered promiscuous mode
[   94.461461][ T6759] veth1_to_bond: entered promiscuous mode
[   94.468563][ T6759] bond_slave_1: entered promiscuous mode
[   94.474525][ T6759] veth0_to_team: entered promiscuous mode
[   94.481894][ T6759] team_slave_0: entered promiscuous mode
[   94.489044][ T6759] veth1_to_team: entered promiscuous mode
[   94.509996][ T6759] team_slave_1: entered promiscuous mode
[   94.516011][ T6759] veth0_to_batadv: entered promiscuous mode
[   94.523940][ T6759] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   94.533501][ T6759] batadv_slave_0: entered promiscuous mode
[   94.539845][ T6771] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1162'.
[   94.542064][ T6759] veth1_to_batadv: entered promiscuous mode
[   94.556163][ T6759] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   94.564192][ T6759] batadv_slave_1: entered promiscuous mode
[   94.571890][ T6759] xfrm0: entered promiscuous mode
[   94.577681][ T6759] veth0_to_hsr: entered promiscuous mode
[   94.585439][ T6759] veth1_to_hsr: entered promiscuous mode
[   94.594776][ T6759] hsr0: entered promiscuous mode
[   94.601529][ T6759] veth1_virt_wifi: entered promiscuous mode
[   94.607563][   T29] kauditd_printk_skb: 452 callbacks suppressed
[   94.607576][   T29] audit: type=1326 audit(1751534612.255:17970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.615722][ T6776] loop4: detected capacity change from 0 to 512
[   94.636812][   T29] audit: type=1326 audit(1751534612.255:17971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.666457][   T29] audit: type=1326 audit(1751534612.255:17972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.670957][ T6759] veth0_virt_wifi: entered promiscuous mode
[   94.689444][   T29] audit: type=1326 audit(1751534612.255:17973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.696716][ T6776] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   94.718259][   T29] audit: type=1326 audit(1751534612.255:17974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.749209][   T29] audit: type=1326 audit(1751534612.255:17975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.750420][ T6779] loop3: detected capacity change from 0 to 128
[   94.772234][   T29] audit: type=1326 audit(1751534612.255:17976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.772265][   T29] audit: type=1326 audit(1751534612.255:17977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.786670][ T6759] vlan0: entered promiscuous mode
[   94.801556][   T29] audit: type=1326 audit(1751534612.255:17978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.801580][   T29] audit: type=1326 audit(1751534612.255:17979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6769 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[   94.828173][ T6776] EXT4-fs (loop4): orphan cleanup on readonly fs
[   94.830049][ T6759] vlan1: entered promiscuous mode
[   94.855370][ T6779] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1161'.
[   94.881380][ T6776] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.1163: corrupted inode contents
[   94.898429][ T6759] macvlan0: entered promiscuous mode
[   94.915961][ T6759] macvlan1: entered promiscuous mode
[   94.916201][ T6776] EXT4-fs (loop4): Remounting filesystem read-only
[   94.923748][ T6759] ipvlan0: entered promiscuous mode
[   94.928526][ T6776] EXT4-fs (loop4): 1 truncate cleaned up
[   94.934433][ T6759] ipvlan1: entered promiscuous mode
[   94.945284][   T41] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   94.956262][   T41] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   94.967065][   T41] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   94.977415][ T6759] macvtap0: entered promiscuous mode
[   94.984353][ T6759] macsec0: entered promiscuous mode
[   94.991799][ T6759] geneve0: entered promiscuous mode
[   94.998917][ T6759] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   95.008002][ T6759] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   95.017009][ T6759] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   95.025950][ T6759] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   95.035934][ T6759] geneve1: entered promiscuous mode
[   95.042516][ T6759] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   95.052743][ T6759] netdevsim netdevsim1 netdevsim1: entered promiscuous mode
[   95.060344][ T6781] loop4: detected capacity change from 0 to 512
[   95.066665][ T6759] netdevsim netdevsim1 netdevsim2: entered promiscuous mode
[   95.076222][ T6759] netdevsim netdevsim1 netdevsim3: entered promiscuous mode
[   95.084659][ T6781] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   95.086673][ T6759] sit1: entered promiscuous mode
[   95.093908][ T6781] EXT4-fs (loop4): orphan cleanup on readonly fs
[   95.128376][ T6781] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #16: comm syz.4.1164: corrupted inode contents
[   95.140862][ T6781] EXT4-fs (loop4): Remounting filesystem read-only
[   95.147477][ T6781] EXT4-fs (loop4): 1 truncate cleaned up
[   95.153547][  T321] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   95.164119][  T321] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   95.175279][  T321] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started
[   95.186421][ T6781] EXT4-fs mount: 4 callbacks suppressed
[   95.186433][ T6781] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   95.239415][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.339519][ T6806] loop4: detected capacity change from 0 to 1024
[   95.346745][ T6806] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[   95.356406][ T6807] loop1: detected capacity change from 0 to 1024
[   95.380072][ T6807] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   95.421122][ T6807] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.458020][ T6813] bond_slave_1: entered promiscuous mode
[   95.466849][ T6797] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.1170: missing EA_INODE flag
[   95.490011][ T6812] bond_slave_1: left promiscuous mode
[   95.518535][ T6797] EXT4-fs (loop1): Remounting filesystem read-only
[   95.680537][ T6820] loop3: detected capacity change from 0 to 512
[   95.705225][ T6820] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   95.718802][ T6820] ext4 filesystem being mounted at /214/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   95.735186][ T6820] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #18: comm syz.3.1177: corrupted inode contents
[   95.747417][ T6820] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #18: comm syz.3.1177: mark_inode_dirty error
[   95.759788][ T6820] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #18: comm syz.3.1177: corrupted inode contents
[   95.772945][ T6820] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2991: inode #18: comm syz.3.1177: mark_inode_dirty error
[   95.785388][ T6820] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2994: inode #18: comm syz.3.1177: mark inode dirty (error -117)
[   95.798802][ T6820] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117)
[   95.818827][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.938174][ T6830] loop3: detected capacity change from 0 to 1024
[   95.945293][ T6830] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[   95.976752][ T6832] serio: Serial port pts0
[   96.070774][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.142374][ T6845] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1188'.
[   96.173400][ T6848] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1189'.
[   96.182551][ T6848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1189'.
[   96.281909][ T6854] xt_hashlimit: max too large, truncated to 1048576
[   96.292829][ T6854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1192'.
[   96.332391][ T6856] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.347884][ T6858] loop1: detected capacity change from 0 to 512
[   96.361473][ T6858] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.374211][ T6858] ext4 filesystem being mounted at /229/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.405472][ T6856] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.416733][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.475601][ T6856] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.548171][ T6856] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.604749][ T6873] loop4: detected capacity change from 0 to 1024
[   96.622635][ T6873] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   96.639481][ T6856] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.657485][ T6856] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.681002][ T6856] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.690528][ T6873] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   96.783151][ T6856] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.295549][ T6883] No such timeout policy "syz1"
[   97.296112][ T6885] loop1: detected capacity change from 0 to 512
[   97.306332][ T6883] netlink: 'syz.2.1200': attribute type 21 has an invalid length.
[   97.315319][ T6883] netlink: 'syz.2.1200': attribute type 1 has an invalid length.
[   97.316548][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.323141][ T6883] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1200'.
[   97.342752][ T6885] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   97.350697][ T6885] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[   97.358924][ T6885] System zones: 0-1, 15-15, 18-18, 34-34
[   97.365262][ T6885] EXT4-fs (loop1): orphan cleanup on readonly fs
[   97.372961][ T6885] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   97.387579][ T6885] EXT4-fs (loop1): Cannot turn on quotas: error -22
[   97.397431][ T6885] EXT4-fs (loop1): 1 truncate cleaned up
[   97.403981][ T6885] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   97.431231][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.477119][ T6900] loop1: detected capacity change from 0 to 1024
[   97.485008][ T6900] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[   97.760731][ T6928] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1217'.
[   97.801410][ T6929] loop1: detected capacity change from 0 to 1024
[   97.826149][ T6928] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   97.826149][ T6928]    program +}[@ not setting count and/or reply_len properly
[   97.865368][ T6929] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   97.931049][ T6940] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1222'.
[   97.940488][ T6927] loop4: detected capacity change from 0 to 128
[   97.954116][ T6940] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   97.954116][ T6940]    program +}[@ not setting count and/or reply_len properly
[   98.009256][ T6929] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.031917][ T6918] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.1210: missing EA_INODE flag
[   98.056335][ T6918] EXT4-fs (loop1): Remounting filesystem read-only
[   98.100986][ T6954] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1227'.
[   98.137461][ T6954] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   98.137461][ T6954]    program +}[@ not setting count and/or reply_len properly
[   98.176224][ T6960] loop4: detected capacity change from 0 to 512
[   98.195024][ T6960] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   98.203356][ T6960] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[   98.221797][ T6960] System zones: 0-1, 15-15, 18-18, 34-34
[   98.227716][ T6960] EXT4-fs (loop4): orphan cleanup on readonly fs
[   98.235622][ T6960] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   98.250254][ T6960] EXT4-fs (loop4): Cannot turn on quotas: error -22
[   98.262152][ T6960] EXT4-fs (loop4): 1 truncate cleaned up
[   98.270933][ T6960] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   98.301176][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.465235][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.530757][ T6978] loop4: detected capacity change from 0 to 1024
[   98.537952][ T6978] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   98.564314][ T6978] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   98.592434][ T6974] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.1235: missing EA_INODE flag
[   98.609776][ T6974] EXT4-fs (loop4): Remounting filesystem read-only
[   98.762173][ T6994] FAULT_INJECTION: forcing a failure.
[   98.762173][ T6994] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.775374][ T6994] CPU: 1 UID: 0 PID: 6994 Comm: syz.0.1241 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[   98.775479][ T6994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   98.775489][ T6994] Call Trace:
[   98.775497][ T6994]  <TASK>
[   98.775505][ T6994]  __dump_stack+0x1d/0x30
[   98.775527][ T6994]  dump_stack_lvl+0xe8/0x140
[   98.775547][ T6994]  dump_stack+0x15/0x1b
[   98.775566][ T6994]  should_fail_ex+0x265/0x280
[   98.775591][ T6994]  should_fail+0xb/0x20
[   98.775614][ T6994]  should_fail_usercopy+0x1a/0x20
[   98.775654][ T6994]  _copy_from_user+0x1c/0xb0
[   98.775676][ T6994]  ___sys_sendmsg+0xc1/0x1d0
[   98.775749][ T6994]  __x64_sys_sendmsg+0xd4/0x160
[   98.775785][ T6994]  x64_sys_call+0x2999/0x2fb0
[   98.775806][ T6994]  do_syscall_64+0xd2/0x200
[   98.775827][ T6994]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   98.775848][ T6994]  ? clear_bhb_loop+0x40/0x90
[   98.775865][ T6994]  ? clear_bhb_loop+0x40/0x90
[   98.775946][ T6994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.775968][ T6994] RIP: 0033:0x7ff6c75be929
[   98.775989][ T6994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.776003][ T6994] RSP: 002b:00007ff6c5c27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.776070][ T6994] RAX: ffffffffffffffda RBX: 00007ff6c77e5fa0 RCX: 00007ff6c75be929
[   98.776083][ T6994] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[   98.776096][ T6994] RBP: 00007ff6c5c27090 R08: 0000000000000000 R09: 0000000000000000
[   98.776109][ T6994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.776120][ T6994] R13: 0000000000000000 R14: 00007ff6c77e5fa0 R15: 00007fff5aba72d8
[   98.776175][ T6994]  </TASK>
[   99.120584][ T7019] tipc: Started in network mode
[   99.125584][ T7019] tipc: Node identity b64c2f62f339, cluster identity 4711
[   99.132807][ T7019] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   99.140894][ T7018] tipc: Resetting bearer <eth:syzkaller0>
[   99.161509][ T7018] tipc: Disabling bearer <eth:syzkaller0>
[   99.174289][ T7032] FAULT_INJECTION: forcing a failure.
[   99.174289][ T7032] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   99.187579][ T7032] CPU: 0 UID: 0 PID: 7032 Comm: syz.2.1257 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[   99.187612][ T7032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   99.187622][ T7032] Call Trace:
[   99.187627][ T7032]  <TASK>
[   99.187635][ T7032]  __dump_stack+0x1d/0x30
[   99.187657][ T7032]  dump_stack_lvl+0xe8/0x140
[   99.187676][ T7032]  dump_stack+0x15/0x1b
[   99.187760][ T7032]  should_fail_ex+0x265/0x280
[   99.187784][ T7032]  should_fail+0xb/0x20
[   99.187807][ T7032]  should_fail_usercopy+0x1a/0x20
[   99.187832][ T7032]  _copy_from_user+0x1c/0xb0
[   99.187851][ T7032]  __copy_msghdr+0x244/0x300
[   99.187882][ T7032]  ___sys_sendmsg+0x109/0x1d0
[   99.187924][ T7032]  __x64_sys_sendmsg+0xd4/0x160
[   99.188039][ T7032]  x64_sys_call+0x2999/0x2fb0
[   99.188060][ T7032]  do_syscall_64+0xd2/0x200
[   99.188078][ T7032]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   99.188105][ T7032]  ? clear_bhb_loop+0x40/0x90
[   99.188125][ T7032]  ? clear_bhb_loop+0x40/0x90
[   99.188205][ T7032]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.188223][ T7032] RIP: 0033:0x7f6c7934e929
[   99.188236][ T7032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.188252][ T7032] RSP: 002b:00007f6c779b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.188300][ T7032] RAX: ffffffffffffffda RBX: 00007f6c79575fa0 RCX: 00007f6c7934e929
[   99.188314][ T7032] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[   99.188326][ T7032] RBP: 00007f6c779b7090 R08: 0000000000000000 R09: 0000000000000000
[   99.188338][ T7032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.188349][ T7032] R13: 0000000000000000 R14: 00007f6c79575fa0 R15: 00007ffc525112b8
[   99.188368][ T7032]  </TASK>
[   99.428028][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.523774][ T7040] loop4: detected capacity change from 0 to 128
[   99.587378][ T7036] loop1: detected capacity change from 0 to 128
[   99.621904][ T7055] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1267'.
[   99.635036][ T7055] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   99.635036][ T7055]    program +}[@ not setting count and/or reply_len properly
[   99.690070][ T7061] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   99.697889][ T7060] tipc: Resetting bearer <eth:syzkaller0>
[   99.713502][ T7060] tipc: Disabling bearer <eth:syzkaller0>
[   99.804704][ T7066] loop4: detected capacity change from 0 to 1024
[   99.814377][ T7066] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   99.826144][ T7068] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1272'.
[   99.846727][ T7066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.862371][ T7062] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.1269: missing EA_INODE flag
[   99.874489][ T7062] EXT4-fs (loop4): Remounting filesystem read-only
[   99.984110][   T29] kauditd_printk_skb: 738 callbacks suppressed
[   99.984133][   T29] audit: type=1400 audit(1751534617.635:18704): avc:  denied  { read write } for  pid=7072 comm="syz.2.1273" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  100.014139][   T29] audit: type=1400 audit(1751534617.635:18705): avc:  denied  { open } for  pid=7072 comm="syz.2.1273" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  100.039112][ T7074] netlink: 'syz.2.1273': attribute type 1 has an invalid length.
[  100.047906][ T7074] netlink: 'syz.2.1273': attribute type 1 has an invalid length.
[  100.445873][ T7097] bond_slave_1: entered promiscuous mode
[  100.453931][ T7096] bond_slave_1: left promiscuous mode
[  100.505555][ T7099] loop1: detected capacity change from 0 to 128
[  100.529181][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.550690][   T29] audit: type=1400 audit(1751534618.205:18706): avc:  denied  { write } for  pid=7105 comm="syz.4.1284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  100.587910][   T29] audit: type=1326 audit(1751534618.235:18707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  100.612214][   T29] audit: type=1326 audit(1751534618.235:18708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  100.635702][   T29] audit: type=1326 audit(1751534618.235:18709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  100.659458][   T29] audit: type=1326 audit(1751534618.235:18710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  100.663306][ T7113] loop4: detected capacity change from 0 to 512
[  100.683128][   T29] audit: type=1326 audit(1751534618.235:18711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  100.713225][   T29] audit: type=1326 audit(1751534618.235:18712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  100.736757][   T29] audit: type=1326 audit(1751534618.235:18713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.0.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  100.741600][ T7113] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  100.768268][ T7113] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  100.776353][ T7113] System zones: 0-1, 15-15, 18-18, 34-34
[  100.782231][ T7113] EXT4-fs (loop4): orphan cleanup on readonly fs
[  100.788717][ T7113] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  100.803255][ T7113] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  100.810137][ T7113] EXT4-fs (loop4): 1 truncate cleaned up
[  100.816194][ T7113] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  100.848973][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.895756][ T7126] loop4: detected capacity change from 0 to 1024
[  100.903503][ T7126] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  101.007721][ T7135] bond_slave_1: entered promiscuous mode
[  101.015213][ T7134] bond_slave_1: left promiscuous mode
[  101.054176][ T7140] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  101.054176][ T7140]    program syz.4.1299 not setting count and/or reply_len properly
[  101.234967][ T7147] loop4: detected capacity change from 0 to 512
[  101.269959][ T7147] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  101.278087][ T7147] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  101.334192][ T7147] System zones: 0-1, 15-15, 18-18, 34-34
[  101.359987][ T7147] EXT4-fs (loop4): orphan cleanup on readonly fs
[  101.366464][ T7147] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  101.381173][ T7147] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  101.420099][ T7147] EXT4-fs (loop4): 1 truncate cleaned up
[  101.434795][ T7147] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  101.481857][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.519739][ T7166] __nla_validate_parse: 6 callbacks suppressed
[  101.519755][ T7166] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1309'.
[  101.548295][ T7168] loop1: detected capacity change from 0 to 128
[  101.565382][ T7166] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  101.565382][ T7166]    program +}[@ not setting count and/or reply_len properly
[  101.646149][ T7178] loop1: detected capacity change from 0 to 128
[  101.673847][ T7182] loop1: detected capacity change from 0 to 512
[  101.697246][ T7182] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  101.705232][ T7182] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  101.731204][ T7182] System zones: 0-1, 15-15, 18-18, 34-34
[  101.741673][ T7182] EXT4-fs (loop1): orphan cleanup on readonly fs
[  101.783706][ T7182] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  101.798663][ T7182] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  101.851693][ T7182] EXT4-fs (loop1): 1 truncate cleaned up
[  101.869868][ T7182] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  101.924943][ T7197] loop3: detected capacity change from 0 to 1024
[  101.932179][ T7197] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  101.964921][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.994532][ T7202] loop1: detected capacity change from 0 to 512
[  102.015464][ T7202] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  102.027610][ T7202] EXT4-fs (loop1): orphan cleanup on readonly fs
[  102.053569][ T7211] loop3: detected capacity change from 0 to 128
[  102.071569][ T7213] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1330'.
[  102.088197][ T7202] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.1327: corrupted inode contents
[  102.106221][ T7213] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  102.106221][ T7213]    program syz.0.1330 not setting count and/or reply_len properly
[  102.123089][ T7202] EXT4-fs (loop1): Remounting filesystem read-only
[  102.130061][ T7202] EXT4-fs (loop1): 1 truncate cleaned up
[  102.140155][ T2033] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.150745][ T2033] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  102.177361][ T2033] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  102.197989][ T7202] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  102.223335][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.254117][ T7229] loop1: detected capacity change from 0 to 1024
[  102.267135][ T7229] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  102.981419][ T7252] FAULT_INJECTION: forcing a failure.
[  102.981419][ T7252] name failslab, interval 1, probability 0, space 0, times 0
[  102.994129][ T7252] CPU: 1 UID: 0 PID: 7252 Comm: syz.1.1345 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  102.994156][ T7252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  102.994166][ T7252] Call Trace:
[  102.994172][ T7252]  <TASK>
[  102.994179][ T7252]  __dump_stack+0x1d/0x30
[  102.994229][ T7252]  dump_stack_lvl+0xe8/0x140
[  102.994326][ T7252]  dump_stack+0x15/0x1b
[  102.994344][ T7252]  should_fail_ex+0x265/0x280
[  102.994374][ T7252]  ? call_usermodehelper_setup+0x72/0x190
[  102.994405][ T7252]  should_failslab+0x8c/0xb0
[  102.994482][ T7252]  ? __pfx_free_modprobe_argv+0x10/0x10
[  102.994506][ T7252]  __kmalloc_cache_noprof+0x4c/0x320
[  102.994604][ T7252]  ? __kmalloc_node_track_caller_noprof+0x1e5/0x410
[  102.994633][ T7252]  ? __pfx_free_modprobe_argv+0x10/0x10
[  102.994663][ T7252]  call_usermodehelper_setup+0x72/0x190
[  102.994729][ T7252]  __request_module+0x264/0x3e0
[  102.994747][ T7252]  ? capable+0x7c/0xb0
[  102.994763][ T7252]  ? security_capable+0x83/0x90
[  102.994838][ T7252]  dev_load+0x61/0xc0
[  102.994856][ T7252]  devinet_ioctl+0x91/0xe40
[  102.994884][ T7252]  ? _copy_from_user+0x89/0xb0
[  102.994907][ T7252]  inet_ioctl+0x27c/0x3a0
[  102.994929][ T7252]  sock_do_ioctl+0x73/0x220
[  102.995021][ T7252]  sock_ioctl+0x41b/0x610
[  102.995039][ T7252]  ? __pfx_sock_ioctl+0x10/0x10
[  102.995056][ T7252]  __se_sys_ioctl+0xce/0x140
[  102.995080][ T7252]  __x64_sys_ioctl+0x43/0x50
[  102.995201][ T7252]  x64_sys_call+0x19a8/0x2fb0
[  102.995355][ T7252]  do_syscall_64+0xd2/0x200
[  102.995372][ T7252]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  102.995397][ T7252]  ? clear_bhb_loop+0x40/0x90
[  102.995472][ T7252]  ? clear_bhb_loop+0x40/0x90
[  102.995493][ T7252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.995515][ T7252] RIP: 0033:0x7f159cbce929
[  102.995531][ T7252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.995545][ T7252] RSP: 002b:00007f159b237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  102.995603][ T7252] RAX: ffffffffffffffda RBX: 00007f159cdf5fa0 RCX: 00007f159cbce929
[  102.995616][ T7252] RDX: 0000200000000080 RSI: 000000000000891b RDI: 0000000000000003
[  102.995630][ T7252] RBP: 00007f159b237090 R08: 0000000000000000 R09: 0000000000000000
[  102.995644][ T7252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.995661][ T7252] R13: 0000000000000000 R14: 00007f159cdf5fa0 R15: 00007ffecd9bec08
[  102.995679][ T7252]  </TASK>
[  103.337650][ T7256] loop3: detected capacity change from 0 to 512
[  103.361325][ T7256] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  103.371899][ T7259] loop1: detected capacity change from 0 to 1024
[  103.378871][ T7256] EXT4-fs (loop3): orphan cleanup on readonly fs
[  103.386360][ T7259] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  103.396916][ T7256] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #16: comm syz.3.1347: corrupted inode contents
[  103.420503][ T7256] EXT4-fs (loop3): Remounting filesystem read-only
[  103.433218][ T7256] EXT4-fs (loop3): 1 truncate cleaned up
[  103.511690][  T321] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  103.522331][  T321] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  103.536651][  T321] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  103.547651][ T7256] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  103.576074][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.641754][ T7268] bond_slave_1: entered promiscuous mode
[  103.650921][ T7267] bond_slave_1: left promiscuous mode
[  103.657956][ T7266] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  103.671562][ T7265] tipc: Resetting bearer <eth:syzkaller0>
[  103.702971][ T7265] tipc: Disabling bearer <eth:syzkaller0>
[  103.824886][ T7282] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7282 comm=syz.1.1358
[  103.918611][ T7287] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1359'.
[  103.990435][ T7298] sctp: [Deprecated]: syz.3.1364 (pid 7298) Use of struct sctp_assoc_value in delayed_ack socket option.
[  103.990435][ T7298] Use struct sctp_sack_info instead
[  104.015510][ T7298] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1364'.
[  104.034919][ T7298] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  104.046134][ T7298] 0ªî{X¹¦: entered allmulticast mode
[  104.054730][ T7298] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  104.115872][ T7305] loop3: detected capacity change from 0 to 1024
[  104.124545][ T7305] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  104.193395][ T7309] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7309 comm=syz.1.1369
[  104.210667][ T7313] loop3: detected capacity change from 0 to 512
[  104.240671][ T7313] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  104.248630][ T7313] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  104.268635][ T7313] System zones: 0-1, 15-15, 18-18, 34-34
[  104.289210][ T7313] EXT4-fs (loop3): orphan cleanup on readonly fs
[  104.306381][ T7313] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  104.321176][ T7313] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  104.380116][ T7313] EXT4-fs (loop3): 1 truncate cleaned up
[  104.390979][ T7313] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  104.406771][ T7326] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1376'.
[  104.447245][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.459813][ T7326] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  104.459813][ T7326]    program syz.1.1376 not setting count and/or reply_len properly
[  104.492820][ T7332] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (1728)
[  104.502508][ T7332] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023
[  104.609339][ T7342] loop3: detected capacity change from 0 to 128
[  104.622876][ T7341] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7341 comm=syz.2.1382
[  104.636462][ T7342] EXT4-fs: Ignoring removed nobh option
[  104.676646][ T7346] loop1: detected capacity change from 0 to 1024
[  104.686156][ T7342] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  104.706433][ T7346] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  104.719433][ T7342] ext4 filesystem being mounted at /252/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  104.787580][ T3306] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  104.826031][ T7351] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  104.846747][ T7349] tipc: Resetting bearer <eth:syzkaller0>
[  104.879725][ T7349] tipc: Disabling bearer <eth:syzkaller0>
[  104.959228][ T7364] FAULT_INJECTION: forcing a failure.
[  104.959228][ T7364] name failslab, interval 1, probability 0, space 0, times 0
[  104.972025][ T7364] CPU: 0 UID: 0 PID: 7364 Comm: syz.2.1392 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  104.972120][ T7364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.972208][ T7364] Call Trace:
[  104.972216][ T7364]  <TASK>
[  104.972225][ T7364]  __dump_stack+0x1d/0x30
[  104.972247][ T7364]  dump_stack_lvl+0xe8/0x140
[  104.972280][ T7364]  dump_stack+0x15/0x1b
[  104.972293][ T7364]  should_fail_ex+0x265/0x280
[  104.972395][ T7364]  should_failslab+0x8c/0xb0
[  104.972479][ T7364]  __kmalloc_noprof+0xa5/0x3e0
[  104.972501][ T7364]  ? sel_write_member+0x177/0x370
[  104.972581][ T7364]  sel_write_member+0x177/0x370
[  104.972681][ T7364]  selinux_transaction_write+0xc3/0x110
[  104.972708][ T7364]  ? __pfx_selinux_transaction_write+0x10/0x10
[  104.972791][ T7364]  vfs_write+0x266/0x8e0
[  104.972821][ T7364]  ? __rcu_read_unlock+0x4f/0x70
[  104.972843][ T7364]  ? __fget_files+0x184/0x1c0
[  104.972862][ T7364]  ksys_write+0xda/0x1a0
[  104.972957][ T7364]  __x64_sys_write+0x40/0x50
[  104.973014][ T7364]  x64_sys_call+0x2cdd/0x2fb0
[  104.973031][ T7364]  do_syscall_64+0xd2/0x200
[  104.973047][ T7364]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  104.973120][ T7364]  ? clear_bhb_loop+0x40/0x90
[  104.973141][ T7364]  ? clear_bhb_loop+0x40/0x90
[  104.973163][ T7364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.973239][ T7364] RIP: 0033:0x7f6c7934e929
[  104.973252][ T7364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.973268][ T7364] RSP: 002b:00007f6c779b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  104.973288][ T7364] RAX: ffffffffffffffda RBX: 00007f6c79575fa0 RCX: 00007f6c7934e929
[  104.973301][ T7364] RDX: 0000000000000047 RSI: 0000200000000580 RDI: 0000000000000003
[  104.973312][ T7364] RBP: 00007f6c779b7090 R08: 0000000000000000 R09: 0000000000000000
[  104.973369][ T7364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.973381][ T7364] R13: 0000000000000000 R14: 00007f6c79575fa0 R15: 00007ffc525112b8
[  104.973400][ T7364]  </TASK>
[  105.218188][   T29] kauditd_printk_skb: 635 callbacks suppressed
[  105.218202][   T29] audit: type=1326 audit(1751534622.865:19333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.247978][   T29] audit: type=1326 audit(1751534622.865:19334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.271773][   T29] audit: type=1326 audit(1751534622.865:19335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.295828][   T29] audit: type=1326 audit(1751534622.865:19336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.319675][   T29] audit: type=1326 audit(1751534622.865:19337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.343394][   T29] audit: type=1326 audit(1751534622.865:19338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.367026][   T29] audit: type=1326 audit(1751534622.865:19339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.390768][   T29] audit: type=1326 audit(1751534622.865:19340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7365 comm="syz.1.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  105.485628][ T7384] loop3: detected capacity change from 0 to 1024
[  105.494210][ T7384] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  105.564085][   T29] audit: type=1326 audit(1751534623.215:19341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7396 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  105.587626][   T29] audit: type=1326 audit(1751534623.215:19342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7396 comm="syz.3.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  105.726319][ T7410] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1404'.
[  105.745460][ T7411] loop4: detected capacity change from 0 to 1024
[  105.806778][ T7411] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  105.866506][ T7411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.887587][ T7402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.1405: missing EA_INODE flag
[  105.918134][ T7402] EXT4-fs (loop4): Remounting filesystem read-only
[  105.931596][ T7418] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1410'.
[  105.942518][ T7418] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  105.942518][ T7418]    program syz.3.1410 not setting count and/or reply_len properly
[  105.978247][ T7420] loop3: detected capacity change from 0 to 128
[  106.115631][ T7427] loop1: detected capacity change from 0 to 1024
[  106.122746][ T7427] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  106.428832][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.447832][ T7450] process 'syz.1.1425' launched '/dev/fd/3' with NULL argv: empty string added
[  106.543333][ T7459] loop4: detected capacity change from 0 to 1024
[  106.570224][ T7455] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  106.608153][ T7459] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  106.617816][ T7455] Driver unsupported XDP return value 0 on prog  (id 1178) dev N/A, expect packet loss!
[  106.636860][ T7463] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1430'.
[  106.662928][ T7463] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  106.662928][ T7463]    program syz.0.1430 not setting count and/or reply_len properly
[  106.730515][ T7454] tipc: Resetting bearer <eth:syzkaller0>
[  106.749129][ T7454] tipc: Disabling bearer <eth:syzkaller0>
[  106.956944][ T7478] loop4: detected capacity change from 0 to 128
[  106.964321][ T7478] EXT4-fs: Ignoring removed nobh option
[  106.973494][ T7478] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  106.986839][ T7478] ext4 filesystem being mounted at /255/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  107.022577][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  107.056980][ T7484] loop1: detected capacity change from 0 to 1024
[  107.064301][ T7484] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  107.166912][ T7492] loop1: detected capacity change from 0 to 1024
[  107.179198][ T7492] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  107.189736][ T7494] loop4: detected capacity change from 0 to 256
[  107.198457][ T7494] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  107.361695][ T7515] loop1: detected capacity change from 0 to 1024
[  107.368858][ T7515] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  107.437536][ T7522] loop1: detected capacity change from 0 to 1024
[  107.444634][ T7522] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  107.464413][ T7525] loop3: detected capacity change from 0 to 128
[  107.474966][ T7525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1448'.
[  107.521460][ T7536] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1462'.
[  107.543700][ T7538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1459'.
[  107.560921][ T7541] loop4: detected capacity change from 0 to 1024
[  107.567994][ T7541] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  107.685381][ T7550] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  107.716529][ T7554] loop1: detected capacity change from 0 to 1024
[  107.723191][ T7549] tipc: Resetting bearer <eth:syzkaller0>
[  107.729340][ T7554] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  107.752012][ T7549] tipc: Disabling bearer <eth:syzkaller0>
[  107.809206][ T7561] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1473'.
[  107.847837][ T7567] loop4: detected capacity change from 0 to 1024
[  107.855589][ T7567] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  107.876576][ T7571] loop1: detected capacity change from 0 to 128
[  107.883832][ T7571] EXT4-fs: Ignoring removed nobh option
[  107.892376][ T7571] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  107.905039][ T7571] ext4 filesystem being mounted at /308/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  107.929061][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  107.957524][ T7580] loop1: detected capacity change from 0 to 1024
[  107.964936][ T7580] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  108.165420][ T7592] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1484'.
[  108.236617][ T7600] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1488'.
[  108.250850][ T7600] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  108.250850][ T7600]    program syz.1.1488 not setting count and/or reply_len properly
[  108.295389][ T7602] loop4: detected capacity change from 0 to 1024
[  108.302688][ T7602] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  108.393609][ T7606] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  108.400253][ T7614] FAULT_INJECTION: forcing a failure.
[  108.400253][ T7614] name failslab, interval 1, probability 0, space 0, times 0
[  108.400279][ T7614] CPU: 1 UID: 0 PID: 7614 Comm: syz.3.1495 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  108.400303][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  108.400314][ T7614] Call Trace:
[  108.400319][ T7614]  <TASK>
[  108.400325][ T7614]  __dump_stack+0x1d/0x30
[  108.400342][ T7614]  dump_stack_lvl+0xe8/0x140
[  108.400377][ T7614]  dump_stack+0x15/0x1b
[  108.400393][ T7614]  should_fail_ex+0x265/0x280
[  108.400453][ T7614]  should_failslab+0x8c/0xb0
[  108.400476][ T7614]  kmem_cache_alloc_noprof+0x50/0x310
[  108.400499][ T7614]  ? getname_flags+0x80/0x3b0
[  108.400595][ T7614]  ? bpf_trace_run2+0x124/0x1c0
[  108.400620][ T7614]  getname_flags+0x80/0x3b0
[  108.400641][ T7614]  user_path_at+0x28/0x130
[  108.400665][ T7614]  __se_sys_chdir+0x45/0x1b0
[  108.400686][ T7614]  __x64_sys_chdir+0x1f/0x30
[  108.400715][ T7614]  x64_sys_call+0x2ad8/0x2fb0
[  108.400735][ T7614]  do_syscall_64+0xd2/0x200
[  108.400752][ T7614]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  108.400817][ T7614]  ? clear_bhb_loop+0x40/0x90
[  108.400837][ T7614]  ? clear_bhb_loop+0x40/0x90
[  108.400928][ T7614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.400948][ T7614] RIP: 0033:0x7fd077e4e929
[  108.400962][ T7614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.401113][ T7614] RSP: 002b:00007fd0764b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000050
[  108.401133][ T7614] RAX: ffffffffffffffda RBX: 00007fd078075fa0 RCX: 00007fd077e4e929
[  108.401144][ T7614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080
[  108.401157][ T7614] RBP: 00007fd0764b7090 R08: 0000000000000000 R09: 0000000000000000
[  108.401169][ T7614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.401180][ T7614] R13: 0000000000000000 R14: 00007fd078075fa0 R15: 00007ffd98a21408
[  108.401198][ T7614]  </TASK>
[  108.610871][ T7605] tipc: Resetting bearer <eth:syzkaller0>
[  108.636537][ T7624] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1498'.
[  108.636667][ T7605] tipc: Disabling bearer <eth:syzkaller0>
[  108.709579][ T7632] 9pnet_fd: Insufficient options for proto=fd
[  108.743280][ T7637] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  108.743280][ T7637]    program syz.0.1505 not setting count and/or reply_len properly
[  108.766309][ T7639] loop4: detected capacity change from 0 to 512
[  108.773158][ T7639] ext4: Unknown parameter 'euid>00000000000000060928'
[  108.797747][ T7648] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1509'.
[  108.895575][ T7664] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1516'.
[  109.187753][ T7712] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  109.561103][ T7743] loop4: detected capacity change from 0 to 1024
[  109.569462][ T7743] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  109.587657][ T7744] loop3: detected capacity change from 0 to 128
[  109.616922][ T7744] EXT4-fs: Ignoring removed nobh option
[  109.730437][ T7744] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  109.750710][ T7744] ext4 filesystem being mounted at /294/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  109.796736][ T3306] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  110.011752][ T7759] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  110.011752][ T7759]    program syz.3.1560 not setting count and/or reply_len properly
[  110.094641][ T7764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.103206][ T7764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.180582][ T7769] loop3: detected capacity change from 0 to 128
[  110.234493][ T7775] loop1: detected capacity change from 0 to 1024
[  110.241498][ T7775] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  110.274827][   T29] kauditd_printk_skb: 377 callbacks suppressed
[  110.274842][   T29] audit: type=1326 audit(1751534627.925:19720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.306592][   T29] audit: type=1326 audit(1751534627.955:19721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.330159][   T29] audit: type=1326 audit(1751534627.955:19722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.354081][   T29] audit: type=1326 audit(1751534627.955:19723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.377670][   T29] audit: type=1326 audit(1751534627.955:19724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.401155][   T29] audit: type=1326 audit(1751534627.955:19725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.424687][   T29] audit: type=1326 audit(1751534627.955:19726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.448241][   T29] audit: type=1326 audit(1751534627.955:19727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7776 comm="syz.1.1566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  110.472796][   T29] audit: type=1326 audit(1751534627.955:19728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7781 comm="syz.0.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  110.496628][   T29] audit: type=1326 audit(1751534627.955:19729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7781 comm="syz.0.1568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6c75be929 code=0x7ffc0000
[  110.537624][ T7792] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  110.537624][ T7792]    program syz.2.1572 not setting count and/or reply_len properly
[  110.555881][ T7794] capability: warning: `syz.0.1573' uses 32-bit capabilities (legacy support in use)
[  110.634495][ T7805] sch_tbf: burst 2 is lower than device ip6tnl0 mtu (1452) !
[  111.143024][ T7822] loop1: detected capacity change from 0 to 512
[  111.160593][ T7822] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  111.168745][ T7822] EXT4-fs (loop1): orphan cleanup on readonly fs
[  111.177666][ T7822] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.1585: corrupted inode contents
[  111.191736][ T7822] EXT4-fs (loop1): Remounting filesystem read-only
[  111.198471][ T7822] EXT4-fs (loop1): 1 truncate cleaned up
[  111.204753][ T2033] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  111.215340][ T2033] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  111.226186][ T2033] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  111.236740][ T7822] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  111.262348][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.426048][ T7848] loop1: detected capacity change from 0 to 128
[  112.320645][ T7885] __nla_validate_parse: 9 callbacks suppressed
[  112.320659][ T7885] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1609'.
[  112.338069][ T7885] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  112.338069][ T7885]    program syz.3.1609 not setting count and/or reply_len properly
[  112.423008][ T7895] loop3: detected capacity change from 0 to 128
[  112.431421][ T7895] EXT4-fs: Ignoring removed nobh option
[  112.438508][ T7895] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  112.451562][ T7895] ext4 filesystem being mounted at /310/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  112.481594][ T3306] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  112.515015][ T7913] bond_slave_1: entered promiscuous mode
[  112.523593][ T7911] bond_slave_1: left promiscuous mode
[  112.560276][ T7920] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1625'.
[  112.572051][ T7920] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  112.572051][ T7920]    program syz.3.1625 not setting count and/or reply_len properly
[  112.582061][ T7916] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  112.604802][ T7915] tipc: Resetting bearer <eth:syzkaller0>
[  112.647883][ T7915] tipc: Disabling bearer <eth:syzkaller0>
[  112.655231][ T7927] loop3: detected capacity change from 0 to 512
[  112.664223][ T7928] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1622'.
[  112.674349][ T7927] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  112.682453][ T7927] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  112.690626][ T7927] System zones: 0-1, 15-15, 18-18, 34-34
[  112.696694][ T7927] EXT4-fs (loop3): orphan cleanup on readonly fs
[  112.703238][ T7927] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  112.717806][ T7927] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  112.724693][ T7927] EXT4-fs (loop3): 1 truncate cleaned up
[  112.731019][ T7927] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  112.762519][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.787797][ T7939] loop3: detected capacity change from 0 to 1024
[  112.794827][ T7939] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  112.986704][ T7961] loop3: detected capacity change from 0 to 512
[  113.001102][ T7961] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  113.009103][ T7961] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  113.020374][ T7961] System zones: 0-1, 15-15, 18-18, 34-34
[  113.026339][ T7961] EXT4-fs (loop3): orphan cleanup on readonly fs
[  113.032814][ T7961] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  113.047437][ T7961] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  113.054327][ T7965] loop4: detected capacity change from 0 to 128
[  113.060950][ T7965] EXT4-fs: Ignoring removed nobh option
[  113.067130][ T7961] EXT4-fs (loop3): 1 truncate cleaned up
[  113.073166][ T7961] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  113.105455][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.115546][ T7965] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  113.128519][ T7965] ext4 filesystem being mounted at /292/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  113.161198][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  113.243643][ T7974] loop3: detected capacity change from 0 to 512
[  113.251635][ T7974] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  113.267635][ T7974] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  113.283910][ T7974] EXT4-fs (loop3): 1 truncate cleaned up
[  113.290094][ T7974] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.320360][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.382604][ T7990] loop4: detected capacity change from 0 to 1024
[  113.400630][ T7990] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  113.441099][ T7990] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.444091][ T8000] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1655'.
[  113.474104][ T7975] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.1644: missing EA_INODE flag
[  113.500136][ T7975] EXT4-fs (loop4): Remounting filesystem read-only
[  113.538163][ T8000] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  113.538163][ T8000]    program syz.0.1655 not setting count and/or reply_len properly
[  113.783840][ T8023] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1665'.
[  113.793009][ T8023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1665'.
[  113.833269][ T8029] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1667'.
[  113.843911][ T8029] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  113.843911][ T8029]    program syz.3.1667 not setting count and/or reply_len properly
[  113.873931][ T8030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1663'.
[  114.065079][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.084591][ T8037] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1669'.
[  114.095773][ T8037] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  114.095773][ T8037]    program syz.4.1669 not setting count and/or reply_len properly
[  114.354822][ T8050] loop4: detected capacity change from 0 to 128
[  114.456847][ T8059] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1677'.
[  114.761079][ T8078] loop3: detected capacity change from 0 to 128
[  115.312113][ T8097] loop1: detected capacity change from 0 to 128
[  115.492874][ T8103] loop4: detected capacity change from 0 to 1024
[  115.508076][ T8105] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  115.508076][ T8105]    program syz.0.1695 not setting count and/or reply_len properly
[  115.526439][ T8103] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  115.552088][ T8103] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.573661][ T8102] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.1694: missing EA_INODE flag
[  115.586910][ T8102] EXT4-fs (loop4): Remounting filesystem read-only
[  116.136808][ T8122] loop3: detected capacity change from 0 to 128
[  116.144712][ T8122] EXT4-fs: Ignoring removed nobh option
[  116.151565][ T8122] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  116.164384][ T8122] ext4 filesystem being mounted at /351/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  116.191375][ T3306] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  116.236570][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.272997][ T8133] bond_slave_1: entered promiscuous mode
[  116.281701][   T29] kauditd_printk_skb: 549 callbacks suppressed
[  116.281714][   T29] audit: type=1326 audit(1751534633.935:20271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.312386][   T29] audit: type=1326 audit(1751534633.935:20272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.338062][   T29] audit: type=1326 audit(1751534633.935:20273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.362736][   T29] audit: type=1326 audit(1751534633.935:20274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.399704][   T29] audit: type=1326 audit(1751534634.035:20275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.423335][   T29] audit: type=1326 audit(1751534634.035:20276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.446863][   T29] audit: type=1326 audit(1751534634.035:20277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.470247][   T29] audit: type=1326 audit(1751534634.035:20278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.495616][   T29] audit: type=1326 audit(1751534634.035:20279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.519287][   T29] audit: type=1326 audit(1751534634.035:20280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8131 comm="syz.1.1705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f159cbce929 code=0x7ffc0000
[  116.543531][ T8130] bond_slave_1: left promiscuous mode
[  116.576579][ T8146] loop1: detected capacity change from 0 to 512
[  116.585007][ T8148] loop4: detected capacity change from 0 to 128
[  116.602103][ T8146] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  116.607503][ T8148] EXT4-fs: Ignoring removed nobh option
[  116.610122][ T8146] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  116.624361][ T8146] System zones: 0-1, 15-15, 18-18, 34-34
[  116.630405][ T8146] EXT4-fs (loop1): orphan cleanup on readonly fs
[  116.636802][ T8146] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  116.651403][ T8146] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  116.658851][ T8146] EXT4-fs (loop1): 1 truncate cleaned up
[  116.665856][ T8146] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  116.679233][ T8159] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  116.679233][ T8159]    program syz.2.1716 not setting count and/or reply_len properly
[  116.696918][ T8148] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  116.709841][ T8148] ext4 filesystem being mounted at /306/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  116.729606][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.745675][ T8161] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  116.745675][ T8161]    program syz.0.1717 not setting count and/or reply_len properly
[  116.771915][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  116.897147][ T8184] loop1: detected capacity change from 0 to 1024
[  116.926795][ T8184] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  116.961425][ T8193] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  116.970424][ T8198] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  116.970424][ T8198]    program syz.1.1735 not setting count and/or reply_len properly
[  116.988070][ T8191] tipc: Resetting bearer <eth:syzkaller0>
[  117.012334][ T8191] tipc: Disabling bearer <eth:syzkaller0>
[  117.058917][ T8206] loop1: detected capacity change from 0 to 128
[  117.068428][ T8208] bond_slave_1: entered promiscuous mode
[  117.076355][ T8207] bond_slave_1: left promiscuous mode
[  117.158775][ T8226] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  117.158775][ T8226]    program syz.0.1748 not setting count and/or reply_len properly
[  117.201443][ T8229] loop3: detected capacity change from 0 to 128
[  117.229674][ T8236] loop3: detected capacity change from 0 to 512
[  117.238465][ T8236] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  117.249810][ T8236] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  117.265484][ T8236] EXT4-fs (loop3): 1 truncate cleaned up
[  117.356007][ T8257] loop3: detected capacity change from 0 to 128
[  117.379264][ T8260] bond_slave_1: entered promiscuous mode
[  117.387260][ T8259] bond_slave_1: left promiscuous mode
[  117.408584][ T8264] __nla_validate_parse: 6 callbacks suppressed
[  117.408600][ T8264] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1764'.
[  117.425101][ T8264] sg_write: 2 callbacks suppressed
[  117.425192][ T8264] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  117.425192][ T8264]    program syz.3.1764 not setting count and/or reply_len properly
[  117.485536][ T8273] bond_slave_1: entered promiscuous mode
[  117.494682][ T8272] bond_slave_1: left promiscuous mode
[  117.577200][ T8289] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  117.577200][ T8289]    program syz.0.1775 not setting count and/or reply_len properly
[  117.731960][ T8308] loop3: detected capacity change from 0 to 128
[  117.791663][ T8317] loop3: detected capacity change from 0 to 1024
[  117.798751][ T8317] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  117.809507][ T8319] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  117.809507][ T8319]    program syz.0.1788 not setting count and/or reply_len properly
[  117.829665][ T8316] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  117.848217][ T8315] tipc: Resetting bearer <eth:syzkaller0>
[  117.871305][ T8315] tipc: Disabling bearer <eth:syzkaller0>
[  118.074926][ T8352] loop1: detected capacity change from 0 to 128
[  118.081376][ T8355] bond_slave_1: entered promiscuous mode
[  118.087696][ T8352] EXT4-fs: Ignoring removed nobh option
[  118.095798][ T8354] bond_slave_1: left promiscuous mode
[  118.101518][ T8352] ext4 filesystem being mounted at /355/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  118.318692][ T8385] loop1: detected capacity change from 0 to 128
[  118.325272][ T8385] EXT4-fs: Ignoring removed nobh option
[  118.332549][ T8385] ext4 filesystem being mounted at /359/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  118.373892][ T8390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1812'.
[  118.408153][ T8394] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  118.408153][ T8394]    program syz.1.1817 not setting count and/or reply_len properly
[  118.617044][ T8402] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1820'.
[  118.627761][ T8402] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  118.627761][ T8402]    program syz.4.1820 not setting count and/or reply_len properly
[  118.678888][ T8412] bond_slave_1: entered promiscuous mode
[  118.686152][ T8411] bond_slave_1: left promiscuous mode
[  118.711186][ T8414] loop4: detected capacity change from 0 to 128
[  118.717671][ T8414] EXT4-fs: Ignoring removed nobh option
[  118.724939][ T8414] ext4 filesystem being mounted at /317/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  118.816705][ T8420] loop1: detected capacity change from 0 to 1024
[  118.831013][ T8420] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  118.848255][ T8428] loop4: detected capacity change from 0 to 1024
[  118.855665][ T8428] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  118.882668][ T8433] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1832'.
[  118.892930][ T8433] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  118.892930][ T8433]    program syz.1.1832 not setting count and/or reply_len properly
[  118.992650][ T8440] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  119.003253][ T8439] tipc: Resetting bearer <eth:syzkaller0>
[  119.023960][ T8439] tipc: Disabling bearer <eth:syzkaller0>
[  119.048164][ T8450] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1840'.
[  119.109689][ T8463] bond_slave_1: entered promiscuous mode
[  119.116411][ T8461] loop4: detected capacity change from 0 to 1024
[  119.123540][ T8461] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  119.132598][ T8462] bond_slave_1: left promiscuous mode
[  119.238665][ T8477] loop4: detected capacity change from 0 to 128
[  119.245418][ T8477] EXT4-fs: Ignoring removed nobh option
[  119.260014][ T8477] ext4 filesystem being mounted at /326/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  119.296870][ T8486] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1855'.
[  119.307634][ T8486] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  119.307634][ T8486]    program syz.4.1855 not setting count and/or reply_len properly
[  119.326577][ T8490] bond_slave_1: entered promiscuous mode
[  119.350467][ T8489] bond_slave_1: left promiscuous mode
[  119.395048][ T8503] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1863'.
[  119.407935][ T8503] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  119.407935][ T8503]    program syz.3.1863 not setting count and/or reply_len properly
[  119.448430][ T8510] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1866'.
[  119.458651][ T8510] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  119.458651][ T8510]    program syz.4.1866 not setting count and/or reply_len properly
[  119.493496][ T8517] FAULT_INJECTION: forcing a failure.
[  119.493496][ T8517] name failslab, interval 1, probability 0, space 0, times 0
[  119.506249][ T8517] CPU: 1 UID: 0 PID: 8517 Comm: syz.4.1869 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  119.506273][ T8517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.506283][ T8517] Call Trace:
[  119.506289][ T8517]  <TASK>
[  119.506296][ T8517]  __dump_stack+0x1d/0x30
[  119.506338][ T8517]  dump_stack_lvl+0xe8/0x140
[  119.506356][ T8517]  dump_stack+0x15/0x1b
[  119.506371][ T8517]  should_fail_ex+0x265/0x280
[  119.506396][ T8517]  should_failslab+0x8c/0xb0
[  119.506417][ T8517]  kmem_cache_alloc_noprof+0x50/0x310
[  119.506517][ T8517]  ? audit_log_start+0x365/0x6c0
[  119.506543][ T8517]  audit_log_start+0x365/0x6c0
[  119.506571][ T8517]  audit_seccomp+0x48/0x100
[  119.506598][ T8517]  ? __seccomp_filter+0x68c/0x10d0
[  119.506627][ T8517]  __seccomp_filter+0x69d/0x10d0
[  119.506649][ T8517]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  119.506818][ T8517]  ? vfs_write+0x75e/0x8e0
[  119.506954][ T8517]  __secure_computing+0x82/0x150
[  119.506985][ T8517]  syscall_trace_enter+0xcf/0x1e0
[  119.507072][ T8517]  do_syscall_64+0xac/0x200
[  119.507088][ T8517]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  119.507116][ T8517]  ? clear_bhb_loop+0x40/0x90
[  119.507175][ T8517]  ? clear_bhb_loop+0x40/0x90
[  119.507243][ T8517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.507264][ T8517] RIP: 0033:0x7f3a0587e929
[  119.507279][ T8517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.507332][ T8517] RSP: 002b:00007f3a03ee7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000138
[  119.507351][ T8517] RAX: ffffffffffffffda RBX: 00007f3a05aa5fa0 RCX: 00007f3a0587e929
[  119.507405][ T8517] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  119.507418][ T8517] RBP: 00007f3a03ee7090 R08: ffffffffffffffff R09: 0000000000000000
[  119.507430][ T8517] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  119.507443][ T8517] R13: 0000000000000000 R14: 00007f3a05aa5fa0 R15: 00007ffca76a07b8
[  119.507462][ T8517]  </TASK>
[  119.727079][ T8523] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  119.727079][ T8523]    program syz.4.1871 not setting count and/or reply_len properly
[  119.729622][ T8525] bond_slave_1: entered promiscuous mode
[  119.756816][ T8524] bond_slave_1: left promiscuous mode
[  119.808065][ T8535] loop3: detected capacity change from 0 to 512
[  119.836675][ T8546] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1880'.
[  119.847291][ T8535] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  119.875928][ T8535] loop3: detected capacity change from 0 to 164
[  119.887204][ T8535] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  119.913726][ T8535] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  119.922155][ T8535] Symlink component flag not implemented
[  119.927823][ T8535] Symlink component flag not implemented
[  119.934633][ T8535] Symlink component flag not implemented (7)
[  119.940918][ T8535] Symlink component flag not implemented (116)
[  119.956565][ T8561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1887'.
[  120.037267][ T8568] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  120.045055][ T8567] tipc: Resetting bearer <eth:syzkaller0>
[  120.062679][ T8567] tipc: Disabling bearer <eth:syzkaller0>
[  120.075785][ T8573] loop4: detected capacity change from 0 to 1024
[  120.086226][ T8573] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  120.123020][ T8562] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.1886: missing EA_INODE flag
[  120.135744][ T8562] EXT4-fs (loop4): Remounting filesystem read-only
[  120.182052][ T8581] loop1: detected capacity change from 0 to 1024
[  120.214450][ T8581] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  120.314841][ T8572] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.1891: missing EA_INODE flag
[  120.450825][ T8572] EXT4-fs (loop1): Remounting filesystem read-only
[  120.975648][ T8642] loop1: detected capacity change from 0 to 1024
[  120.982801][ T8642] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  121.121620][ T8665] loop3: detected capacity change from 0 to 1024
[  121.129279][ T8665] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  121.153015][ T8656] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: inode #11: comm syz.3.1925: missing EA_INODE flag
[  121.165480][ T8656] EXT4-fs (loop3): Remounting filesystem read-only
[  121.476617][   T29] kauditd_printk_skb: 547 callbacks suppressed
[  121.476632][   T29] audit: type=1400 audit(1751534639.125:20825): avc:  denied  { ioctl } for  pid=8673 comm="syz.2.1932" path="socket:[21769]" dev="sockfs" ino=21769 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  121.527598][   T29] audit: type=1326 audit(1751534639.175:20826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.2.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  121.551902][   T29] audit: type=1326 audit(1751534639.175:20827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.2.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  121.576135][   T29] audit: type=1326 audit(1751534639.175:20828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.2.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  121.599760][   T29] audit: type=1326 audit(1751534639.175:20829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.2.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  121.623293][   T29] audit: type=1326 audit(1751534639.175:20830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.2.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  121.646942][   T29] audit: type=1326 audit(1751534639.175:20831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8677 comm="syz.2.1934" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  121.679308][   T29] audit: type=1400 audit(1751534639.325:20832): avc:  denied  { watch watch_reads } for  pid=8679 comm="syz.2.1935" path="/390" dev="tmpfs" ino=2147 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  121.745405][ T8682] loop4: detected capacity change from 0 to 1024
[  121.752544][ T8682] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  121.788088][ T8688] TCP: TCP_TX_DELAY enabled
[  121.797012][ T8688] syz.4.1940 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  121.906345][ T8710] loop3: detected capacity change from 0 to 128
[  121.942871][ T8721] SET target dimension over the limit!
[  121.988805][ T8728] loop1: detected capacity change from 0 to 1024
[  121.996584][ T8728] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  122.014244][   T29] audit: type=1400 audit(1751534639.665:20833): avc:  denied  { read } for  pid=8719 comm="syz.0.1954" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  122.038601][   T29] audit: type=1400 audit(1751534639.665:20834): avc:  denied  { open } for  pid=8719 comm="syz.0.1954" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  122.078858][ T8721] xt_CT: You must specify a L4 protocol and not use inversions on it
[  122.126799][ T8724] loop4: detected capacity change from 0 to 1024
[  122.159351][ T8724] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  122.195836][ T8724] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.1949: missing EA_INODE flag
[  122.217883][ T8748] loop1: detected capacity change from 0 to 128
[  122.322614][ T8724] EXT4-fs (loop4): Remounting filesystem read-only
[  122.472000][ T8769] __nla_validate_parse: 3 callbacks suppressed
[  122.472026][ T8769] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1975'.
[  122.481332][ T8771] sg_write: 10 callbacks suppressed
[  122.481348][ T8771] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  122.481348][ T8771]    program syz.0.1976 not setting count and/or reply_len properly
[  122.488085][ T8769] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  122.488085][ T8769]    program syz.1.1975 not setting count and/or reply_len properly
[  122.544983][ T8777] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  122.544983][ T8777]    program syz.0.1979 not setting count and/or reply_len properly
[  122.602406][ T8783] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  122.602406][ T8783]    program syz.0.1983 not setting count and/or reply_len properly
[  122.621621][ T8785] loop1: detected capacity change from 0 to 128
[  122.631320][ T8785] ext4 filesystem being mounted at /402/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  122.764711][ T8799] loop4: detected capacity change from 0 to 128
[  122.774326][ T8799] ext4 filesystem being mounted at /350/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  125.013947][ T8818] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  125.013947][ T8818]    program syz.4.1994 not setting count and/or reply_len properly
[  125.217854][ T8849] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  125.217854][ T8849]    program syz.1.2007 not setting count and/or reply_len properly
[  125.300147][ T8855] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  125.300147][ T8855]    program syz.3.2009 not setting count and/or reply_len properly
[  125.420508][ T8865] loop3: detected capacity change from 0 to 128
[  125.489159][ T8871] loop3: detected capacity change from 0 to 1024
[  125.497112][ T8871] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  125.599069][ T8879] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  125.607139][ T8878] tipc: Resetting bearer <eth:syzkaller0>
[  125.619110][ T8878] tipc: Disabling bearer <eth:syzkaller0>
[  125.755403][ T8884] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  125.755403][ T8884]    program syz.3.2023 not setting count and/or reply_len properly
[  125.866427][ T8894] loop3: detected capacity change from 0 to 1024
[  125.873806][ T8894] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  125.963514][ T8908] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  125.963514][ T8908]    program syz.3.2034 not setting count and/or reply_len properly
[  126.006695][ T8917] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  126.006695][ T8917]    program syz.0.2038 not setting count and/or reply_len properly
[  126.168447][ T8939] loop3: detected capacity change from 0 to 1024
[  126.184501][ T8939] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  126.218024][ T8939] EXT4-fs mount: 22 callbacks suppressed
[  126.218040][ T8939] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.324171][ T8929] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: inode #11: comm syz.3.2040: missing EA_INODE flag
[  126.388574][ T8929] EXT4-fs (loop3): Remounting filesystem read-only
[  126.858532][ T8938] syz.1.2048 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  126.872839][ T8938] CPU: 1 UID: 0 PID: 8938 Comm: syz.1.2048 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  126.872879][ T8938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  126.872892][ T8938] Call Trace:
[  126.872899][ T8938]  <TASK>
[  126.872923][ T8938]  __dump_stack+0x1d/0x30
[  126.872997][ T8938]  dump_stack_lvl+0xe8/0x140
[  126.873017][ T8938]  dump_stack+0x15/0x1b
[  126.873061][ T8938]  dump_header+0x81/0x220
[  126.873090][ T8938]  oom_kill_process+0x334/0x3f0
[  126.873120][ T8938]  out_of_memory+0x979/0xb80
[  126.873149][ T8938]  try_charge_memcg+0x5e6/0x9e0
[  126.873193][ T8938]  obj_cgroup_charge_pages+0xa6/0x150
[  126.873223][ T8938]  __memcg_kmem_charge_page+0x9f/0x170
[  126.873253][ T8938]  __alloc_frozen_pages_noprof+0x188/0x360
[  126.873360][ T8938]  alloc_pages_mpol+0xb3/0x250
[  126.873405][ T8938]  alloc_pages_noprof+0x90/0x130
[  126.873438][ T8938]  __vmalloc_node_range_noprof+0x6f2/0xe00
[  126.873554][ T8938]  __kvmalloc_node_noprof+0x30f/0x4e0
[  126.873606][ T8938]  ? ip_set_alloc+0x1f/0x30
[  126.873698][ T8938]  ? ip_set_alloc+0x1f/0x30
[  126.873728][ T8938]  ? __kmalloc_cache_noprof+0x189/0x320
[  126.873780][ T8938]  ip_set_alloc+0x1f/0x30
[  126.873802][ T8938]  hash_netiface_create+0x282/0x740
[  126.873828][ T8938]  ? __pfx_hash_netiface_create+0x10/0x10
[  126.873950][ T8938]  ip_set_create+0x3cc/0x960
[  126.874040][ T8938]  ? __nla_parse+0x40/0x60
[  126.874056][ T8938]  nfnetlink_rcv_msg+0x4c3/0x590
[  126.874098][ T8938]  ? selinux_capable+0x1f9/0x270
[  126.874131][ T8938]  netlink_rcv_skb+0x123/0x220
[  126.874219][ T8938]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  126.874245][ T8938]  nfnetlink_rcv+0x16b/0x1690
[  126.874294][ T8938]  ? __list_del_entry_valid_or_report+0x65/0x130
[  126.874315][ T8938]  ? __rmqueue_pcplist+0x9d2/0xbd0
[  126.874352][ T8938]  ? should_fail_ex+0x30/0x280
[  126.874380][ T8938]  ? selinux_nlmsg_lookup+0x99/0x890
[  126.874409][ T8938]  ? selinux_netlink_send+0x59f/0x5f0
[  126.874549][ T8938]  ? __rcu_read_unlock+0x34/0x70
[  126.874568][ T8938]  ? __netlink_lookup+0x266/0x2a0
[  126.874587][ T8938]  netlink_unicast+0x59e/0x670
[  126.874613][ T8938]  netlink_sendmsg+0x58b/0x6b0
[  126.874642][ T8938]  ? __pfx_netlink_sendmsg+0x10/0x10
[  126.874659][ T8938]  __sock_sendmsg+0x145/0x180
[  126.874681][ T8938]  ____sys_sendmsg+0x31e/0x4e0
[  126.874728][ T8938]  ___sys_sendmsg+0x17b/0x1d0
[  126.874807][ T8938]  __x64_sys_sendmsg+0xd4/0x160
[  126.874841][ T8938]  x64_sys_call+0x2999/0x2fb0
[  126.874920][ T8938]  do_syscall_64+0xd2/0x200
[  126.874936][ T8938]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  126.875031][ T8938]  ? clear_bhb_loop+0x40/0x90
[  126.875048][ T8938]  ? clear_bhb_loop+0x40/0x90
[  126.875065][ T8938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.875081][ T8938] RIP: 0033:0x7f159cbce929
[  126.875094][ T8938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.875178][ T8938] RSP: 002b:00007f159b237038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  126.875214][ T8938] RAX: ffffffffffffffda RBX: 00007f159cdf5fa0 RCX: 00007f159cbce929
[  126.875224][ T8938] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005
[  126.875235][ T8938] RBP: 00007f159cc50b39 R08: 0000000000000000 R09: 0000000000000000
[  126.875244][ T8938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  126.875254][ T8938] R13: 0000000000000000 R14: 00007f159cdf5fa0 R15: 00007ffecd9bec08
[  126.875269][ T8938]  </TASK>
[  126.875289][ T8938] memory: usage 307200kB, limit 307200kB, failcnt 1503
[  126.875750][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.887817][ T8938] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0
[  126.887832][ T8938] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  126.887844][ T8938] Memory cgroup stats for /syz1:
[  126.934018][ T8960] loop4: detected capacity change from 0 to 1024
[  126.949389][ T8938] cache 0
[  126.999987][ T8960] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  127.003645][ T8938] rss 0
[  127.029035][   T29] kauditd_printk_skb: 225 callbacks suppressed
[  127.029077][   T29] audit: type=1326 audit(1751534644.645:21060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.032792][ T8938] shmem 0
[  127.032800][ T8938] mapped_file 0
[  127.032807][ T8938] dirty 0
[  127.032814][ T8938] writeback 0
[  127.037472][   T29] audit: type=1326 audit(1751534644.645:21061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.037507][   T29] audit: type=1326 audit(1751534644.645:21062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.043858][ T8938] workingset_refault_anon 116
[  127.048910][   T29] audit: type=1326 audit(1751534644.645:21063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.053784][ T8938] workingset_refault_file 257
[  127.058974][   T29] audit: type=1326 audit(1751534644.645:21064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.064338][ T8938] swap 217088
[  127.064348][ T8938] swapcached 0
[  127.064355][ T8938] pgpgin 113521
[  127.064361][ T8938] pgpgout 113521
[  127.069275][   T29] audit: type=1326 audit(1751534644.645:21065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.074289][ T8938] pgfault 174322
[  127.074297][ T8938] pgmajfault 85
[  127.074303][ T8938] inactive_anon 0
[  127.074309][ T8938] active_anon 0
[  127.074315][ T8938] inactive_file 0
[  127.079113][   T29] audit: type=1326 audit(1751534644.645:21066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.083874][ T8938] active_file 0
[  127.089102][   T29] audit: type=1326 audit(1751534644.645:21067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.089126][   T29] audit: type=1326 audit(1751534644.645:21068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.089146][   T29] audit: type=1326 audit(1751534644.645:21069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8961 comm="syz.2.2058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7934e929 code=0x7ffc0000
[  127.093998][ T8938] unevictable 0
[  127.094010][ T8938] hierarchical_memory_limit 314572800
[  127.094018][ T8938] hierarchical_memsw_limit 9223372036854771712
[  127.094026][ T8938] total_cache 0
[  127.094091][ T8938] total_rss 0
[  127.100243][ T8967] bond_slave_1: entered promiscuous mode
[  127.103552][ T8938] total_shmem 0
[  127.600223][ T8938] total_mapped_file 0
[  127.600234][ T8938] total_dirty 0
[  127.600241][ T8938] total_writeback 0
[  127.600249][ T8938] total_workingset_refault_anon 116
[  127.600325][ T8938] total_workingset_refault_file 257
[  127.600334][ T8938] total_swap 217088
[  127.600341][ T8938] total_swapcached 0
[  127.600349][ T8938] total_pgpgin 113521
[  127.600366][ T8938] total_pgpgout 113521
[  127.600374][ T8938] total_pgfault 174322
[  127.600382][ T8938] total_pgmajfault 85
[  127.600404][ T8938] total_inactive_anon 0
[  127.600411][ T8938] total_active_anon 0
[  127.600417][ T8938] total_inactive_file 0
[  127.600423][ T8938] total_active_file 0
[  127.600430][ T8938] total_unevictable 0
[  127.600436][ T8938] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2048,pid=8937,uid=0
[  127.600530][ T8938] Memory cgroup out of memory: Killed process 8937 (syz.1.2048) total-vm:93752kB, anon-rss:936kB, file-rss:22312kB, shmem-rss:128kB, UID:0 pgtables:144kB oom_score_adj:1000
[  127.602600][ T8983] sg_write: 2 callbacks suppressed
[  127.602610][ T8983] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  127.602610][ T8983]    program syz.4.2067 not setting count and/or reply_len properly
[  127.718715][ T8996] bond_slave_1: entered promiscuous mode
[  127.777131][ T8964] bond_slave_1: left promiscuous mode
[  127.810753][ T8995] bond_slave_1: left promiscuous mode
[  127.837969][ T9005] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  127.837969][ T9005]    program syz.2.2075 not setting count and/or reply_len properly
[  127.895144][ T9014] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  127.895144][ T9014]    program syz.2.2080 not setting count and/or reply_len properly
[  127.936273][ T9018] loop1: detected capacity change from 0 to 1024
[  127.943845][ T9018] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  127.962980][ T9018] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  127.985772][ T9025] loop4: detected capacity change from 0 to 1024
[  127.994526][ T9018] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.2077: missing EA_INODE flag
[  128.006388][ T9018] EXT4-fs (loop1): Remounting filesystem read-only
[  128.021320][ T9025] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  128.092023][ T9025] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.168529][ T9008] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.2072: missing EA_INODE flag
[  128.218223][ T9008] EXT4-fs (loop4): Remounting filesystem read-only
[  128.225683][ T9040] loop3: detected capacity change from 0 to 1024
[  128.238925][ T9040] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  128.270305][ T9040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.296902][ T9040] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: inode #11: comm syz.3.2085: missing EA_INODE flag
[  128.309815][ T9040] EXT4-fs (loop3): Remounting filesystem read-only
[  128.325729][ T9048] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  128.325729][ T9048]    program syz.0.2091 not setting count and/or reply_len properly
[  128.376125][ T9052] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  128.376125][ T9052]    program syz.0.2092 not setting count and/or reply_len properly
[  128.646265][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.664206][ T9075] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  128.664206][ T9075]    program syz.4.2102 not setting count and/or reply_len properly
[  128.720692][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.007062][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.179496][ T9104] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  129.179496][ T9104]    program syz.3.2113 not setting count and/or reply_len properly
[  129.372982][ T9121] loop3: detected capacity change from 0 to 1024
[  129.387328][ T9121] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  129.401928][ T9121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.416322][ T9107] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: inode #11: comm syz.3.2114: missing EA_INODE flag
[  129.430038][ T9107] EXT4-fs (loop3): Remounting filesystem read-only
[  129.501501][ T9134] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  129.501501][ T9134]    program syz.2.2124 not setting count and/or reply_len properly
[  129.830052][ T9164] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  129.830052][ T9164]    program syz.4.2136 not setting count and/or reply_len properly
[  129.929514][ T9179] netlink: 'syz.4.2145': attribute type 13 has an invalid length.
[  129.972029][ T9179] gretap0: refused to change device tx_queue_len
[  129.978421][ T9179] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  130.059474][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.111652][ T9191] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  130.111652][ T9191]    program syz.3.2150 not setting count and/or reply_len properly
[  130.481789][ T9211] syz.0.2157 uses obsolete (PF_INET,SOCK_PACKET)
[  130.738843][ T9224] loop1: detected capacity change from 0 to 1024
[  130.762035][ T9224] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  131.046286][ T9259] batman_adv: batadv0: Adding interface: dummy0
[  131.052712][ T9259] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.078127][ T9259] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  131.235600][ T9279] loop1: detected capacity change from 0 to 1024
[  131.242905][ T9279] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  131.982751][ T9346] hub 2-0:1.0: USB hub found
[  131.987476][ T9346] hub 2-0:1.0: 8 ports detected
[  131.997350][ T9346] netlink: 'syz.2.2216': attribute type 1 has an invalid length.
[  132.098603][   T29] kauditd_printk_skb: 377 callbacks suppressed
[  132.098620][   T29] audit: type=1326 audit(1751534649.745:21447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.135244][   T29] audit: type=1326 audit(1751534649.745:21448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.158899][   T29] audit: type=1326 audit(1751534649.755:21449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.182305][   T29] audit: type=1326 audit(1751534649.755:21450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.206043][   T29] audit: type=1326 audit(1751534649.755:21451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.229586][   T29] audit: type=1326 audit(1751534649.775:21452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.253187][   T29] audit: type=1326 audit(1751534649.785:21453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.276678][   T29] audit: type=1326 audit(1751534649.785:21454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.300349][   T29] audit: type=1326 audit(1751534649.785:21455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.325420][   T29] audit: type=1326 audit(1751534649.785:21456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.3.2218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  132.633677][ T9389] loop4: detected capacity change from 0 to 512
[  132.650810][ T9389] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  132.658731][ T9389] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  132.666867][ T9389] System zones: 0-1, 15-15, 18-18, 34-34
[  132.672743][ T9389] EXT4-fs (loop4): orphan cleanup on readonly fs
[  132.679241][ T9389] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  132.693816][ T9389] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  132.700925][ T9389] EXT4-fs (loop4): 1 truncate cleaned up
[  132.706761][ T9389] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  132.734444][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.773850][ T9397] loop4: detected capacity change from 0 to 128
[  132.781915][ T9397] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  132.794232][ T9397] ext4 filesystem being mounted at /385/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  133.811217][ T9427] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  133.831282][ T9426] tipc: Resetting bearer <eth:syzkaller0>
[  133.845771][ T9426] tipc: Disabling bearer <eth:syzkaller0>
[  134.277955][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  134.602403][ T9457] loop3: detected capacity change from 0 to 512
[  134.610563][ T9457] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  134.618471][ T9457] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  134.626484][ T9457] System zones: 0-1, 15-15, 18-18, 34-34
[  134.632434][ T9457] EXT4-fs (loop3): orphan cleanup on readonly fs
[  134.638797][ T9457] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  134.653378][ T9457] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  134.660419][ T9457] EXT4-fs (loop3): 1 truncate cleaned up
[  134.666485][ T9457] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  134.693422][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.935677][ T9468] sg_write: 5 callbacks suppressed
[  134.935789][ T9468] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  134.935789][ T9468]    program syz.1.2260 not setting count and/or reply_len properly
[  135.321485][ T9487] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  135.321485][ T9487]    program syz.0.2268 not setting count and/or reply_len properly
[  135.368334][ T9493] bond_slave_1: entered promiscuous mode
[  135.375820][ T9492] bond_slave_1: left promiscuous mode
[  135.792392][ T9517] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  135.792392][ T9517]    program syz.2.2279 not setting count and/or reply_len properly
[  135.821400][ T9519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2280'.
[  135.832807][ T9519] loop1: detected capacity change from 0 to 128
[  135.855974][ T9523] bond_slave_1: entered promiscuous mode
[  135.862451][ T9522] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  135.862451][ T9522]    program syz.1.2281 not setting count and/or reply_len properly
[  135.881059][ T9520] bond_slave_1: left promiscuous mode
[  135.910690][ T9527] loop1: detected capacity change from 0 to 1024
[  135.918388][ T9527] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[  135.925351][ T9529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2285'.
[  136.366806][ T9547] bond_slave_1: entered promiscuous mode
[  136.374674][ T9546] bond_slave_1: left promiscuous mode
[  136.465784][ T9554] loop3: detected capacity change from 0 to 1024
[  136.473749][ T9554] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  136.525302][ T9560] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  136.525302][ T9560]    program syz.4.2300 not setting count and/or reply_len properly
[  136.584680][ T9570] bond_slave_1: entered promiscuous mode
[  136.592290][ T9569] bond_slave_1: left promiscuous mode
[  136.592998][ T9572] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  136.592998][ T9572]    program syz.3.2306 not setting count and/or reply_len properly
[  136.756296][ T9590] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  136.811065][ T9580] tipc: Resetting bearer <eth:syzkaller0>
[  136.835163][ T9580] tipc: Disabling bearer <eth:syzkaller0>
[  136.925603][ T9608] bond_slave_1: entered promiscuous mode
[  136.951289][ T9613] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  136.951289][ T9613]    program syz.1.2319 not setting count and/or reply_len properly
[  136.975119][ T9607] bond_slave_1: left promiscuous mode
[  137.087207][ T9619] loop4: detected capacity change from 0 to 1024
[  137.192819][ T9619] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  137.356338][   T29] kauditd_printk_skb: 702 callbacks suppressed
[  137.356354][   T29] audit: type=1326 audit(1751534655.005:22157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9624 comm="syz.4.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a0587e929 code=0x7ffc0000
[  137.386192][   T29] audit: type=1326 audit(1751534655.005:22158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9624 comm="syz.4.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a0587e929 code=0x7ffc0000
[  137.409684][   T29] audit: type=1326 audit(1751534655.005:22159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9624 comm="syz.4.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f3a0587e929 code=0x7ffc0000
[  137.433338][   T29] audit: type=1326 audit(1751534655.005:22160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9624 comm="syz.4.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a0587e929 code=0x7ffc0000
[  137.897666][ T9648] loop1: detected capacity change from 0 to 2048
[  137.904753][ T9648] EXT4-fs: Ignoring removed mblk_io_submit option
[  137.921253][ T9648] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  137.936675][   T29] audit: type=1400 audit(1751534655.585:22161): avc:  denied  { append } for  pid=9646 comm="syz.1.2333" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  137.960821][    T9] Process accounting resumed
[  137.970043][ T2138] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm kworker/u8:7: bg 0: block 234: padding at end of block bitmap is not set
[  137.985172][ T2138] EXT4-fs (loop1): Remounting filesystem read-only
[  137.999164][ T9653] bond_slave_1: entered promiscuous mode
[  138.005813][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.019626][ T9652] bond_slave_1: left promiscuous mode
[  138.072500][ T9659] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  138.072500][ T9659]    program syz.1.2335 not setting count and/or reply_len properly
[  138.105273][   T29] audit: type=1326 audit(1751534655.755:22162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9660 comm="syz.3.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  138.128993][   T29] audit: type=1326 audit(1751534655.755:22163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9660 comm="syz.3.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  138.152875][   T29] audit: type=1326 audit(1751534655.755:22164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9660 comm="syz.3.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  138.176453][   T29] audit: type=1326 audit(1751534655.755:22165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9660 comm="syz.3.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  138.200366][   T29] audit: type=1326 audit(1751534655.755:22166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9660 comm="syz.3.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd077e4e929 code=0x7ffc0000
[  138.337016][ T9678] bond_slave_1: entered promiscuous mode
[  138.344786][ T9677] bond_slave_1: left promiscuous mode
[  138.494430][ T9690] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  138.494430][ T9690]    program syz.4.2350 not setting count and/or reply_len properly
[  138.534064][ T9699] loop4: detected capacity change from 0 to 1024
[  138.541104][ T9699] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  138.658534][ T9703] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.666992][ T9702] tipc: Resetting bearer <eth:syzkaller0>
[  138.680045][ T9702] tipc: Disabling bearer <eth:syzkaller0>
[  138.770775][ T9707] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  138.770775][ T9707]    program syz.4.2358 not setting count and/or reply_len properly
[  138.990483][ T9725] loop3: detected capacity change from 0 to 1024
[  138.997647][ T9725] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  139.065254][ T9728] loop4: detected capacity change from 0 to 1024
[  139.081531][ T9728] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  139.114811][ T9728] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.154577][ T9737] loop1: detected capacity change from 0 to 128
[  139.201012][ T9721] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.2363: missing EA_INODE flag
[  139.246683][ T9721] EXT4-fs (loop4): Remounting filesystem read-only
[  139.260019][ T9740] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  139.278137][ T9739] tipc: Resetting bearer <eth:syzkaller0>
[  139.293587][ T9739] tipc: Disabling bearer <eth:syzkaller0>
[  139.739720][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.331338][ T9781] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.338952][ T9780] tipc: Resetting bearer <eth:syzkaller0>
[  140.356212][ T9780] tipc: Disabling bearer <eth:syzkaller0>
[  140.363260][ T9791] loop4: detected capacity change from 0 to 1024
[  140.370621][ T9791] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  141.072463][ T9810] loop1: detected capacity change from 0 to 128
[  141.271560][ T9827] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  141.279002][ T9826] tipc: Resetting bearer <eth:syzkaller0>
[  141.292441][ T9826] tipc: Disabling bearer <eth:syzkaller0>
[  141.869447][ T9865] sg_write: 1 callbacks suppressed
[  141.869459][ T9865] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  141.869459][ T9865]    program syz.0.2418 not setting count and/or reply_len properly
[  142.009513][ T2033] ==================================================================
[  142.017635][ T2033] BUG: KCSAN: data-race in ppp_asynctty_receive / tty_set_termios
[  142.025458][ T2033] 
[  142.025466][ T2033] write to 0xffff88811944c108 of 44 bytes by task 9869 on cpu 0:
[  142.025481][ T2033]  tty_set_termios+0xc0/0x8c0
[  142.025504][ T2033]  set_termios+0x496/0x4e0
[  142.025523][ T2033]  tty_mode_ioctl+0x379/0x5c0
[  142.025542][ T2033]  ppp_asynctty_ioctl+0x13f/0x2d0
[  142.054370][ T2033]  tty_ioctl+0x845/0xb80
[  142.058605][ T2033]  __se_sys_ioctl+0xce/0x140
[  142.063189][ T2033]  __x64_sys_ioctl+0x43/0x50
[  142.068423][ T2033]  x64_sys_call+0x19a8/0x2fb0
[  142.073090][ T2033]  do_syscall_64+0xd2/0x200
[  142.077582][ T2033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.083478][ T2033] 
[  142.085876][ T2033] read to 0xffff88811944c108 of 4 bytes by task 2033 on cpu 1:
[  142.093451][ T2033]  ppp_asynctty_receive+0x75c/0xd40
[  142.098647][ T2033]  tty_ldisc_receive_buf+0xbf/0xf0
[  142.103841][ T2033]  tty_port_default_receive_buf+0x59/0x90
[  142.109571][ T2033]  flush_to_ldisc+0x141/0x360
[  142.114254][ T2033]  process_scheduled_works+0x4cb/0x9d0
[  142.119738][ T2033]  worker_thread+0x582/0x770
[  142.124676][ T2033]  kthread+0x489/0x510
[  142.128733][ T2033]  ret_from_fork+0xda/0x150
[  142.133223][ T2033]  ret_from_fork_asm+0x1a/0x30
[  142.137980][ T2033] 
[  142.140293][ T2033] value changed: 0x00000500 -> 0x00038000
[  142.145998][ T2033] 
[  142.148310][ T2033] Reported by Kernel Concurrency Sanitizer on:
[  142.154449][ T2033] CPU: 1 UID: 0 PID: 2033 Comm: kworker/u8:6 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(voluntary) 
[  142.167024][ T2033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.177071][ T2033] Workqueue: events_unbound flush_to_ldisc
[  142.182892][ T2033] ==================================================================